@phdthesis{oai:sucra.repo.nii.ac.jp:00018515,
 author = {EI, MON CHO},
 month = {},
 note = {xvii, 112 p., With the tremendous growth of available digital data, the use of Cloud Service Providers are gaining much popularity, since these types of services promise to provide convenient and efficient storage services to end-users by taking advantage of a new set of benefits and savings offered by cloud technologies in terms of computational, storage, bandwidth, and transmission costs. In order to achieve savings in storage, cloud storage providers often employ data deduplication techniques to eliminate duplicated data. However, benefits gained through these techniques have to balanced against users’ privacy concerns, as these techniques typically require full access to data.

In this thesis, we propose solutions for two secure multiple group setting data deduplication in cloud environments. Firstly, we propose a new framework DDUP-MUG (deduplication for the multiplegroup signature scheme) that allows one or more groups to access a file such that the cloud storage server can avoid duplicates according to the ownership of the file. The main goal of the primitive red is allowing individual management to multiple groups. We propose the group managers mainly manage the new entities and produce revocation lists for clients and the server respectively. We use Message-Locked Encryption (MLE) as an ingredient for deduplication and we provide new three protocols, namely UPL-Dup (for uploading a new message), EDT-Dup (for editing the existing message) and DEL-Dup(for eliminating the existing message) in the DDUP-MUG framework.

Furthermore, we propose a new primitive group signcryption for deduplication called verifiable hash convergent group signcryption (VHCGS) by adding the properties of group signcryption and the verification facilities for the storage server(third party). An interesting technique called signcryption has been proposed, in which both the properties of signature (ownership) and encryption are simultaneously implemented, with better performance than the traditional signature-then-encryption approach. According to the deduplication, we propose a new method for a group of users that can eliminate redundant encrypted data owned by different users., Abstract i
Acknowledgments iii
List of figures v
List of tables vi
Publications vii
Abbreviations x
Notations xii
1 Introduction 1
1.1 Related Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Motivating applications . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.3 Problem Formulation . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4 Main Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.5 Structure of this Thesis . . . . . . . . . . . . . . . . . . . . . . . . . 13
2 Cryptographic Mechanism 14
2.1 Public Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.2 Hash Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.3 Digital Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.4 Group Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.5 Signcryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.6 Computational Primitives . . . . . . . . . . . . . . . . . . . . . . . 19
2.6.1 Integer Factorization . . . . . . . . . . . . . . . . . . . . . . 19
2.6.2 Discrete-Logarithm . . . . . . . . . . . . . . . . . . . . . . . 20
2.7 Security Notions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.7.1 Steps to Achieving Provable Security . . . . . . . . . . . . . 22
2.7.2 Confidentiality Notion . . . . . . . . . . . . . . . . . . . . . 22
2.7.3 Unforgeability Notion . . . . . . . . . . . . . . . . . . . . . . 26
2.7.4 Random Oracle Model . . . . . . . . . . . . . . . . . . . . . 28
3 Cloud Computing 30
3.1 Cryptographic Mechanisms of the Cloud . . . . . . . . . . . . . . . 32
3.1.1 Searchable Encryption . . . . . . . . . . . . . . . . . . . . . 33
3.1.2 Homomorphic Encryption . . . . . . . . . . . . . . . . . . . 33
3.1.3 Computing Aggregates over Encrypted Data . . . . . . . . . 34
3.2 Functional Encryption . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.2.1 Order Preserving Encryption . . . . . . . . . . . . . . . . . . 35
3.2.2 Identity-based encryption . . . . . . . . . . . . . . . . . . . 35
3.2.3 Attributed-based Encryption . . . . . . . . . . . . . . . . . . 36
3.2.4 Predicate Encryption . . . . . . . . . . . . . . . . . . . . . . 36
3.3 Verifiable Computing . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.3.1 Verifiable Outsourced Computation . . . . . . . . . . . . . . 37
3.3.2 Verifiable Storage . . . . . . . . . . . . . . . . . . . . . . . . 37
3.4 Other Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.4.1 Format Preserving Encryption . . . . . . . . . . . . . . . . . 38
3.4.2 Proxy Re-encryption . . . . . . . . . . . . . . . . . . . . . . 39
3.4.3 Secure Deduplication . . . . . . . . . . . . . . . . . . . . . . 39
4 Cloud Data Deduplication 41
4.1 Cloud Storage and Issues . . . . . . . . . . . . . . . . . . . . . . . . 41
4.2 Deduplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4.2.1 Client-Side Deduplication . . . . . . . . . . . . . . . . . . . 43
4.2.2 Server-Side Deduplication . . . . . . . . . . . . . . . . . . . 43
4.2.3 Level of Data Deduplication . . . . . . . . . . . . . . . . . . 43
4.3 Data Deduplication Techinical Design Issues . . . . . . . . . . . . . 44
4.3.1 Types of Data Deduplication . . . . . . . . . . . . . . . . . . 45
4.3.2 Client vs Server Side Deduplication . . . . . . . . . . . . . . 46
4.3.3 Single User vs Cross User Deduplication . . . . . . . . . . . 46
4.4 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
4.4.1 Convergent or Message-locked Encryption . . . . . . . . . . 47
4.4.2 Proofs of Ownership . . . . . . . . . . . . . . . . . . . . . . 50
5 Multiple Group Signature Setting 52
5.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
5.1.1 Group Signature . . . . . . . . . . . . . . . . . . . . . . . . 53
5.1.2 Group Signature from Unlikable Randomizable Signature . . 55
5.2 Management Policy of Proposed Scheme . . . . . . . . . . . . . . . 55
5.3 Proposed Scheme Architecture . . . . . . . . . . . . . . . . . . . . . 56
5.3.1 System Setup Protocol . . . . . . . . . . . . . . . . . . . . . 58
5.3.2 Upload Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 59
5.3.3 Edit Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 60
5.3.4 Delete Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 62
5.3.5 Restore Protocol . . . . . . . . . . . . . . . . . . . . . . . . 63
5.4 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
5.5 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
6 Multiple Group Signcryption 71
6.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
6.1.1 Signcryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
6.1.2 Original Signcryption Scheme . . . . . . . . . . . . . . . . . 72
6.1.3 Public Verifiable Signcryption Scheme . . . . . . . . . . . . 73
6.1.4 Group Signcryption Scheme . . . . . . . . . . . . . . . . . . 74
6.2 Proposed Scheme Architecture . . . . . . . . . . . . . . . . . . . . . 75
6.2.1 KeyGen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
6.2.2 Join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
6.2.3 Signcryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
6.2.4 Partial Unsigncryption . . . . . . . . . . . . . . . . . . . . . 77
6.2.5 Unsigncryption . . . . . . . . . . . . . . . . . . . . . . . . . 77
6.3 Application in Cloud Computing . . . . . . . . . . . . . . . . . . . 78
6.3.1 System Setup Protocol . . . . . . . . . . . . . . . . . . . . . 79
6.3.2 Upload Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 80
6.3.3 Download Protocol . . . . . . . . . . . . . . . . . . . . . . . 81
6.4 Application in Mobile Data Transmission . . . . . . . . . . . . . . . 81
6.4.1 System Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 82
6.4.2 Signcryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
6.4.3 Partial-Unsigncryption . . . . . . . . . . . . . . . . . . . . . 83
6.4.4 Unsigncryption . . . . . . . . . . . . . . . . . . . . . . . . . 83
6.5 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
6.6 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
7 Related Research and Future Improvements 90
7.1 Proxy Re-encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 90
7.1.1 Motivation of Proxy Re-encryption . . . . . . . . . . . . . . 93
7.1.2 Syntax of our PRE scheme . . . . . . . . . . . . . . . . . . . 94
7.2 Future Improvements . . . . . . . . . . . . . . . . . . . . . . . . . . 96
8 Conclusion 97
8.1 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
References 100, 指導教員 : 重原孝臣, text, application/pdf},
 school = {埼玉大学},
 title = {Secure Multiple Group Data Deduplication in Cloud Data Storage},
 year = {2018},
 yomi = {イ, モン チョ}
}