Efficient and secure data forwarding for erasure-code-based cloud storage

摘要

Cloud computing is a promising computing paradigm which has drawn extensive attention from both academia and industry. Since that the cloud is very likely to be outside of the trust domain of the users, serious concerns over the confidentiality of the outsourced data are arising. Traditional encryption methods guarantee data confidentiality, but also limit the functionality of the cloud storage as few operations are supported over encrypted data. The main technique contribution of this paper is that we present an efficient data forwarding scheme for the erasure-coded and encrypted cloud, which enforces the cloud not only provide data reliability and confidentiality, but also support the functionality that the encrypted data can be forwarded to another user without being retrieved back. Specifically, we design an all-or-nothing transform based encryption and a variant of ElGamal-based proxy re-encryption algorithms, blending them with the Reed-Solomon erasure code, our scheme is quite more efficient compared with previous studies and only needs to update partial data blocks instead of the whole file for data forwarding. In addition, our scheme also satisfies another practical property that the original data owner can no longer decrypt or forward the re-encrypted data again to other users after a complete data forwarding, which is termed to be “original inaccessibility” in our study. Analysis shows that our scheme is secure and satisfactory. Finally we theoretically and experimentally evaluate the performance of our scheme and the results indicate that our scheme is efficient in the procedure of file dispersal, forward and retrieval.