DSDM-TCSE: Deterministic storage and deletion mechanism for trusted cloud service environments

The separation of data ownership and management rights in cloud storage architectures results in losing control over outsourced data, making it challenging to achieve deterministic deletion and verify-deletion results. This predicament precipitates security vulnerabilities that impede the advancement of cloud services. This study proposes a deterministic storage and deletion mechanism for trusted cloud service environments (DSDM-TCSEs). This mechanism establishes a three-layer cloud data interaction framework, adopting blockchain as the communication intermediary layer, and employs techniques such as overwrite key negotiation strategy and CP-ABE encryption to achieve fine-grained storage, deletion control, and deletion result verification of cloud data, effectively isolating the cloud service provider and protecting data privacy. It also proposes an efficient evidence strategy based on a cuckoo filter and data noise vectors for rapid construction and verification. Experimental results show that this method improves the speed of evidence construction and verification by 83% compared to related schemes and saves 5% storage overhead when the number of attributes is large, demonstrating good time and space performance and providing a solid guarantee for achieving deterministic storage and deletion in trusted cloud services. •Propose a three-layer framework for deterministic storage and deletion.•Design access control method based on CP-ABE and random data blocks.•Build strategies for data operation-proof generation and verification.•Prove that the mechanism has good time and space performance.•Verify the operability of the mechanism in real cloud storage services.