Privacy Protection of Cloud Computing Based on Strong Forward Security

Cloud computing is a new information technology. It is the product of the scientific and technological development of the times and plays an important role in the development of this country. In order to effectively solve the security problem of cloud computing data access, an identity-based privacy protection algorithm for cloud computing is proposed. The user information is stored in the cloud server at the registration stage, and the user identity is verified by signature when the information is obtained. The strong forward secure signature scheme can ensure that the signature is both forward secure and backward secure. At present, most signature schemes based on lattice focus on forward security. Therefore, this article constructs a strong forward secure signature scheme based on lattice and applies this signature scheme to cloud user authentication to ensure security.


INTRodUCTIoN: PRIVACy PRoTeCTIoN oF CLoUd CoMPUTING BASed oN STRoNG FoRwARd SeCURITy
Due to the advantages of cloud computing, users gradually outsource some data analysis businesses to professional cloud service providers.Compared with other information technologies, it has incomparable storage advantages, but there is also a certain disadvantage, that is, the security of personal information cannot be effectively guaranteed in the cloud computing environment (Yudong, 2019).User data security and privacy protection is one of the most important issues in cloud computing environment.Cryptography technology is usually used to protect data security and privacy (Xiaodong, 2022).
In recent years, a new generation of services based on the concept of "cloud computing" has been continuously improved, aiming to provide access to information and data anytime and anywhere by limiting or eliminating the demand for hardware equipment (Stergiou, 2018).With the widespread use of cloud computing, the gap between the development speed of cloud computing technology itself and the development speed of the corresponding security technology is gradually increasing, and the cloud security problem is increasingly prominent (Zhang, 2022).
Although cloud computing has many advantages, it also has some problems, such as the load on the cloud is too large to effectively allocate resources between computers and servers.This problem can be solved by using two-stage load balancing algorithm (Kumar, 2021).If it is too limited by delay and bandwidth, the virtual machine migration method based on optimization algorithm can be used to solve the problem (Ashok, 2022).Detecting the abnormal power consumption behavior of users is also a major concern in the field of intelligent energy.The abnormal energy consumption of users can be detected by a new method based on hourly energy consumption readings and peak energy consumption (Lehsaini, 2021).
In the age of big data, data security is the most concerned issue of ordinary people.Cloud computing is a new technology that is undergoing great development.People who use it cannot avoid the reasonable and unreasonable disputes caused by the security requirements in the cloud.It is absurd to say that cloud computing will not create new security problems (Tsochev, 2022).The cloud server is not completely reliable, and the user's security data may be leaked.A data sharing method based on SKC provides high efficiency and high security.It effectively meets various security characteristics, such as tamper resistance, openness and decentralization (Naveen, 2021).Cloud computing can be applied to the Internet of things.However, since the Internet of things is based on the Internet and all the data collected by the devices are on the Internet, the devices that collect information also face threats to security and privacy.The most commonly used technology in the physical or sensor layer of IOT devices is RFID.Therefore, protecting RFID tags through password mechanism can protect our data security in the process of equipment and communication (Gupta, 2020).
Protecting data privacy while maintaining cloud computing efficiency is considered to be an attractive research topic for computer scientists in academia and industry (Christiana, 2022).In order to make the process of accessing data more secure and provide secure communication on the network, not only the cryptographic mechanism can protect the security of data, but also the signature algorithm plays an equally important role.Signature is a valuable tool to protect data.The signature algorithm changes information into unique data with its own attributes by using the key, and only the user has the signature key.However, if the signature key is lost, the whole signature system will no longer be secure.In order to avoid revoking the current key system every time a key leak is detected, a forward secure or backward secure signature scheme can be constructed.Forward security is to ensure that the leakage of the current key will not harm the previous signature message, and backward security is to ensure that the leakage of the current key will not affect the use of signatures in the authentication phase in the future signature process (Guangbao, 2013).
In view of the fact that the general signature scheme cannot solve the user trust problem well after the key is leaked, Anderson put forward the idea of forward security at the ACM CSS conference in 1997, the core of which is the update of the key (Cheng Yage, 2020).Two types of security are mentioned in Anderson's summary of forward security schemes in 2000 (Wang Mingwei, 2014):Forward security is to ensure that the disclosure of the current key will not cause harm to the previously signed message; Backward security is to ensure that the disclosure of the current key will not affect the future signing process.
A signature scheme with strong forward security can ensure both forward security and backward security, which not only improves the efficiency of signature but also improves the security of the signature system.Therefore, it is of great significance to study on the signature scheme with strong forward security.In the coming quantum computer era, the security of strong forward-secure signature schemes based on RSA, Guillou-Quisquater and Rabin will be threatened.Lattice is resistant to quantum attacks, while most existing lattice-based signature schemes focus on the research of forward security.Therefore, this paper proposes a new key update algorithm, which can guarantee the strong forward security of the signature scheme.

PRePARATIoNS Lattice
Definition 1 (Xinyin, 2014).A lattice is a set of linear combinations of all integer coefficients of n linearly independent vector groups x x x n 1 2 , , ,which is: Definition 2 (Xinyin, 2014).Given an integer q, a matrix A Z q n m ∈ × and a real number β.The SIS question is that to find a nonzero vector e,make Ae=0 modq and e £ b .Theorem 1 (Jia, 2021).Trapdoor Generation Algorithm.Given a prime number q ³ 3 ,a positive integer m³6nlogq,a safety parameter n,run the algorithm TrapGen(q,n)→(A,T),it outputs a matrix A Z q n m ∈ × and a base T Z m m ∈ × on the lattice ∧ ⊥ (A),makes the distribution of A statistically indistinguishable from the uniform distribution on Z q n m ´,and satisfy the condition T O nlbq ≤ ( ) ´,T is base on the lattice ∧ ( ) ⊥ A ,Gauss parameter s meets the condition Gauss parameter s R meets the condition σ ω

The General Form of a Strong Forward Security Scheme
The user determines a period T, the key generation center PKG generates T+1 pairs of public and private keys at one time.Forward security is achieved by updating a small private key backwards from time 0 using a hash function, at the same time backward security is achieved by updating another small private key forwards from time T using the hash function.The two small private keys sk and sk' of each period are concatenated together to form the complete private key SK of the current period.According to the irreversible nature of the hash function, it is difficult to obtain the previous small private key from the latter small private key in the forward update, for the same reason, the backward update is difficult as well to obtain the second small private key from the previous small private key.When two small private keys are connected to form the complete private key SK of the current period, it is difficult to use the private key of the current period to obtain the private keys of other periods.The process is as shown in Figure 1.

Cloud Computing
Cloud computing is a kind of distributed computing, as shown in Figure 2,which provides computing, storage, services, and applications through the Internet.The concept of cloud computing is based on the application of cloud technology.It not only includes the calculation of data, but also includes the application of intelligent logical analysis of data and various related algorithms.Based on this concept, cloud computing can be used to optimize data resources as a computing tool (Hua, 2022).

The Formal definition of Scheme
A strongly forward-secure signature scheme consists of the following four polynomial-time algorithms.
Parameter establishment: To input a security parameter n, then output a public parameter PP and the master key msk.
Key extraction and update: When the user has the demand to sign, then he send the identity ID to PKG and initiate a key request.PKG inputs public the parameter PP, master key msk and user ID, and executes the algorithm to extract the initial small private keys sk ID||0 and sk' ID T || .When the small private key is updated forward, input a user ID and the current small private key sk ID i || at the current period i, then output the small private key sk ID i || +1 for the next period i+1.When the small private key is updated backwards, input a user ID and the current small private key sk' ID i || at the current period i, and output the small private key sk ID i || -1 of the previous period i-1.The private key at period i is the result of the connection of two small private keys + .Signature generation: Input a user's identity ID, the current period i, the private key SK ID i || of the current period and the message m to be signed, after that output the signature e i at the current period.
Signature verification: Input a user's identity ID, the current period i, the private key PK ID i || of the current period, the signed message m and the signature e i .The verifier verifies the signature, and if the signature is valid, then outputs 1, otherwise outputs 0.

The Security Model of Scheme
The identity-based strong forward security signature scheme has existential unforgeability under adaptive chosen message attack, and we define the security of the model with a game in which challenger C and adversary A interact.
Parameter establishment: The challenger runs the parameter generation algorithm, the generated public parameter PP is sent to the adversary and the master key msk is kept by himself.
Adversary A adaptively issues many different following queries to the challenger: Secret key query: A can query the key of any identity ID at any period i (i£T), and C generates the key SK ID i || with the ID at period i and sends it to A; Signature query: A can query the signature of any identity ID at any period i (i£T), and C generates the signature e i of the ID at time i and sends it to A.
Forgery: A outputs an identity ID * , period i * , a message m * and it's signature e i * .If ID * has not been challenged for key and signature and the signature can be verified, A will win the game.

CLoUd USeR AUTHeNTICATIoN BASed oN STRoNG FoRwARd SeCURe SIGNATURe SCHeMe oN LATTICe
As shown in Figure 3,the general process of remote user authentication is described as the followed (Tian Yangguang, 2021):Users register their identity, send their own identity and public key to the cloud server, and the cloud server stores the user information in its own database after receiving it;The user sends an authentication request and shows himself to the cloud server;The cloud server finds the user's registration information from the database and asks the user to sign a message for authentication;The user sends the signed message and the signed original message to the cloud server, and the cloud server verifies the message signature pair using the public key registered by the user.
If the verification is successful, the user's authentication is passed.
In the whole process, the user only wants the cloud server to authenticate him, but other third parties cannot.Therefore, when indicating the identity to the cloud server, a secure public key encryption algorithm is used to encrypt the message, so that the third party cannot obtain the user's identity information when eavesdropping on the channel.If the lattice-based strong forward security signature scheme is not used, there is only one pair of public and private keys when a user registers, and a malicious third party will obtain many message signature pairs by eavesdropping on the channel, so the third party may guess the user's identity.However, if the signature scheme constructed in this paper is used, the public and private keys will change with the period update, and the signatures will be different in different periods, so that it is difficult for a third party to use the eavesdropping information to guess the user's identity and cause harm to the user.

Key Generation
User u first determines a period T, sends an identity ID to PKG and initiates a key request.PKG uses the lattice-based strong forward security signature scheme to generate all public-private key pairs ( SK PK ID ID u u , ) within T periods and send them to the user.The cloud server uses the public key encryption algorithm to generate a public-private key pair (ssk, spk), and the public key is sent to the user to encrypt the transmitted identity information.

Registration Phase
After the user completes the key generation, he needs to send all his own information which can prove his identity in the later process to the cloud server.The user ID u sends his identity information and all public keys PK ID u within T periods to the cloud server, and the cloud server stores ID u and PK ID u in the cloud server's database.

Verification Phase
As shown in Figure 4, the validation phase consists of the following steps: Firstly,the user confirms the current period t £ T, encrypts the user identity and the current period t with the cloud server's public key spk, and sends it to the cloud server; Secondly,after receiving the ciphertext sent by the user, the cloud server decrypts it with the cloud server's private key ssk to obtain the user's ID u and current period t, and then the cloud server randomly selects a challenge message which will help to guarantee randomness and uniqueness and then sends the challenge message to the user; Thirdly,the user replies to the challenge information, then takes the challenge information and the reply information as the message to be signed.User uses the private key of the current period SK ID t u || to sign the message, after that sends the original message and the signature message to the cloud server; Finally, after the cloud server receives the message signature pair, it searches the database for the public key set ID u registered by the current user, and uses the public key of the period t PK ID t u || to verify.If the signature is verified, the user authentication is passed, otherwise the authentication fails.

Theorem 2 (.
Longbo, 2021).Let V be a subset of Z m ,and the norm of the elements of V does not exceed T,there exists r R Makes h:V→R is a probability distribution,there exists a constant M=Ο(1) that makes the probability of the distribution satisfying the following two algorithms statistically asymptotic:v ¬ h,z ¬ D v r m , ,output the signature (v,z) with the probability of min(1, signature (v,z) with the probability of 1 M .Theorem 3(Xiangsong, 2017).Lattice based delegation algorithm.Let A Z q n m ∈ × be a full rank matrix, and the matrix RÎ D m m is invertible while mod q.Then there exists a PPT algorithm BasisDel(A,R,T, s ) able to output a base T B on the lattice ∧ ⊥ − (AR 1 ),so that T B < σ ω / lbm ( ) meets the condition.

Figure 1 .
Figure 1.The general form of a strong forward security scheme Note.sk and sk' indicates the user's small private key, and the corner mark indicates the period

Figure 3 .
Figure 3.The general process of cloud user authentication

Figure 4 .
Figure 4.The process of cloud user authentication using lattice-based strong forward security signature scheme Note.ID u is the user's identity.