Research on Big data Security privacy Protection based on cloud Computing

Cloud computing is a new way of computing and storage. Users do not need to master professional skills, but can enjoy convenient network services as long as they pay according to their own needs. When we use cloud services, we need to upload data to cloud servers. As the cloud is an open environment, it is easy for attackers to use cloud computing to conduct excessive computational analysis on big data, which is bound to infringe on others’ privacy. In this process, we inevitably face the challenge of data security. How to ensure data privacy security in the cloud environment has become an urgent problem to be solved. This paper studies the big data security privacy protection based on cloud computing platform. This paper starts from two aspects: implicit security mechanism and display security mechanism (encryption mechanism), so as to protect the security privacy of cloud big data platform in data storage and data computing processing.


Cloud computing security and privacy issues
Cloud computing is a new computing method based on the Internet, which is different from the traditional computing mode. In this way, the software and hardware resources and information shared on the cloud platform can be provided to many computers and other network devices on demand. There are three service modes of cloud computing, namely SaaS, PaaS and IaaS.
The security issues of cloud computing mainly include whether the data stored on the cloud platform is secure; Whether users' operations on the cloud platform can be monitored, replayed, or tampered with; Whether the cloud platform itself is reliable, whether the services provided by the cloud platform are correct, whether the cloud platform, and whether the cloud service provider charges arbitrarily. These security problems mainly come from two aspects: on the one hand, cloud service providers are dishonest and unreliable; on the other hand, cloud platforms may be attacked or invaded from outside.

Big data security and privacy issues
Thanks to the technology of big data, users can buy more suitable products at a lower price, but at the same time, a large amount of data about individuals' shopping habits, financial situation and even health status will be collected by the platform. A large number of server data leaks in recent years show that if the security and privacy issues of big data are not properly solved, it is likely to bring incalculable losses to individuals, enterprises and even the country. According to the different privacy contents to be protected, privacy protection can be further divided into connection relation anonymous protection, identifier anonymous protection and location information privacy protection. On the whole, the current big data mainly has four security issues: infrastructure security, storage security, network security and privacy security.

System function design
The main functional modules of the system include user login module, file upload module, file download module, computing module, file retrieval module and data management module, etc. The system structure is shown in the figure below:

Detailed design and implementation of privacy protection system
2.2.1. Design and implementation of user login function. Before entering the system, users need to choose to log in, register or log out. Flow chart of the user login validation choose login, users need to enter your user ID and password to log in, if verification is successful, directly into the system, if validation fails need user registration account, according to the symmetric Key generated password Key user registration, at the same time to cloud the server application, cloud service generates an asymmetric Key pair, Send the public Key to the client. The client encrypts the Key with the public Key and sends ciphertext CKey to the cloud server. The cloud server writes Key Ckey, private Key Pravite Key, user ID, and password Hash value PWD to the user information table in the system database. If true is returned, registration is successful; otherwise, registration fails.

Privacy data upload module function design and implementation.
User input to the path of the uploaded file, choose whether to encrypt, if encryption is not directly stored in the cloud, if encryption system will also have a file hash value of data privacy, the privacy data and the hash value split, system will be based on user input password for symmetric Key Key, to encrypt the data after the split. Ciphertext transmission brought cloud services, cloud server call private Key private Key decryption Key get symmetric Key cipher Key, using the Key decrypted plaintext message, to isolate the hash value is calculated after private data Z ', and decrypt the hash value Z contrast, its purpose is to validate data integrity, test cipher text in the process of transmission have been illegally tampered with. If Z '=Z, the ciphertext is stored in the cloud storage module and the storage address is returned. The cloud server writes the storage address, file name, and file secret level into the database and returns true to the client, indicating that the upload is successful. If Z '≠Z, the data is rejected and false is returned to the client, indicating that the upload fails.

Function design and implementation of private data download module.
After the user enters the file name, the cloud server obtains the file information storage path from the database according to the file name and obtains the file from the corresponding location. Then the cloud server sends the file and the file secret information to the client. The client checks the security level of the file. If security is 0, the file is output directly. If security is 1, the client uses the symmetric Key to decrypt the ciphertext, extract the private data, and calculate the summary value Z. If Z '=Z, output private data, otherwise download fails.

Design and implementation of computing functions.
This feature uses cloud computing to perform a simple addition operation. The client input a set of data, calculates the summary Z, assembles the data, encrypts it and transmits it to the cloud server. After decryption, the cloud server verifies data integrity and computes sum after the verification passes. Calculate the summary value of sum Z ', combine it with the calculation result, encrypt it and transmit it to the client, the client verifies the data integrity, and output the sum result after passing it.

Database design.
The system database uses My SQL database, which describes the field names and data types of entities. The main description content is shown in the following table.

Security analysis
Analysis is made from the perspective of encryption technology and cloud computing platform.

Encryption technology Angle.
The further optimized AES algorithm uses double symmetric key to improve the security of symmetric key. SM2 asymmetric encryption algorithm is used to encrypt symmetric keys, which can ensure the security of key distribution. Each transfer checks the integrity of the data to see if it has been tampered with. The cloud server saves private data in the form of ciphertext in the cloud, which ensures the storage security of private data to a certain extent.

Cloud computing platform perspective.
Ali Cloud ECS provides DDOS protection capabilities, cloud monitoring capabilities and a variety of real-time alarm capabilities. Therefore, the cloud platform chosen is relatively safe. To sum up, the privacy protection system is designed based on the hybrid encryption scheme of improved AES algorithm and SM2 algorithm, which can ensure the security of private data transmission in the cloud environment. The experimental results show that the system can not only improve the decryption difficulty of symmetric key, but also ensure the security of symmetric key distribution, and the decryption speed of the system has been rapidly improved. Compared with other hybrid encryption schemes, the scheme in this paper has been improved in security and encryption and decryption speed, and has better practicability.