發(fā)布時間：2018-02-27 12:16

  本文關鍵詞： 云存儲 云安全 數據完整性 并行審計 Hadoop MapReduce 數據持有性證明　出處：《湖南大學》2013年碩士論文　論文類型：學位論文

【摘要】：云存儲是云計算理論和技術的衍生和發(fā)展，因具有使用便捷、按需付費(pay-as-you-go)和不受時間空間局限等特性而成為最有吸引力的分布式存儲方式之一。然而，相較傳統(tǒng)存儲方式，在存儲服務提供商缺失信任約束前提下，云存儲用戶無法直接有效管理自身數據，由此帶來的云數據安全性問題制約了云存儲技術的廣泛應用和發(fā)展。數據完整性保證技術是保證云中數據安全性的關鍵技術，現有的完整性檢測研究主要集中在驗證算法的改進、數據動態(tài)更新的支持和損壞數據的恢復等方面，且大多處于理論研究階段，無法適用以集群為主要構建方式的云存儲環(huán)境。 本文以構建適用于集群環(huán)境的云中數據完整性檢測模型和技術為主要應用目標，詳細研究和分析了目前數據持有性審計的研究現狀，以數據持有性證明(Provable Data Possession,PDP)方案和數據持有性審計方案(Data PossessionAudit,DPA)為基礎，結合集群式云存儲環(huán)境的具體特點，提出了一種云數據完整性檢測模型—數據持有性并行審計模型(Parallel Audit for DataPossession,PADP)。PADP綜合利用PDP方案和DPA方案的優(yōu)勢，將用戶與存儲服務提供商完全分離，以信任的第三方審計器為中心，加入審計日志機制，在充分保證審計過程安全性的基礎上可以顯著減少用戶進行數據完整性檢測的存儲和計算開銷。針對傳統(tǒng)數據持有性審計方案中原有算法無法適用集群式云存儲環(huán)境問題，對PDP模型中基于RSA的同態(tài)標簽驗證算法進行了改進，提出和設計了一種基于MapReduce的挑戰(zhàn)證明并行生成算法(MapReduce-based Parallel Generation Challenge ProofAlgorithm,MR_PGCPA)，并通過理論分析證明了該算法具有良好的安全性能。最后，基于以上模型和算法，設計和實現了一個基于Hadoop集群環(huán)境的PADP原型系統(tǒng)，，給出了詳細的用例、模塊和算法流程設計和實現細節(jié)。測試結果表明：PADP方案可以顯著減少用戶的通信量和存儲開銷；當存儲文件較大、計算節(jié)點較多時，隨MR_PGCPA算法的引入，可以顯著的減少相應的計算開銷，提高檢測效率。
[Abstract]:Cloud storage is a derivation and development of cloud computing theory and technology. It is one of the most attractive distributed storage methods because of its advantages such as convenient use, pay-as-you-goon on demand and no limitation of time and space. However, compared with traditional storage methods, cloud storage has become one of the most attractive distributed storage methods. In the absence of trust constraints, cloud storage users can not manage their own data directly and effectively. The problem of cloud data security has restricted the wide application and development of cloud storage technology. Data integrity assurance technology is the key technology to ensure data security in the cloud. The existing researches on integrity detection mainly focus on the improvement of verification algorithm, the support of data dynamic update and the recovery of damaged data, and most of them are in the stage of theoretical research, so they can not be applied to the cloud storage environment which is built mainly by cluster. In order to construct the cloud data integrity detection model and technology suitable for cluster environment, this paper studies and analyzes the current research status of data holding audit in detail. On the basis of Provable Data possession-PDP) scheme and data possessionAuditor-DPA scheme, the paper combines the specific characteristics of cluster cloud storage environment. This paper presents a cloud data integrity checking model-parallel Audit for data possibilities PADP.PADP, which combines the advantages of PDP scheme and DPA scheme, separates users from storage service providers completely, and centers on trusted third-party auditors. Join the audit log mechanism, On the basis of fully guaranteeing the security of audit process, the storage and computing overhead of data integrity checking by users can be significantly reduced. In the traditional data holding audit scheme, the original algorithm can not be applied to the cluster cloud storage environment. The homomorphic tag verification algorithm based on RSA in PDP model is improved, and a challenge proof parallel generation algorithm based on MapReduce is proposed and designed. The algorithm is proved to have good security performance by theoretical analysis. Based on the above models and algorithms, a PADP prototype system based on Hadoop cluster environment is designed and implemented, and a detailed use case is given. The test results show that the proposed scheme can significantly reduce the amount of communication and storage overhead of the user, and when the storage file is large and there are more computing nodes, with the introduction of the MR_PGCPA algorithm, It can significantly reduce the computation cost and improve the detection efficiency.
【學位授予單位】：湖南大學
【學位級別】：碩士
【學位授予年份】：2013
【分類號】：TP309.2;TP333

【參考文獻】

相關期刊論文 前6條

1 陳蘭香;;一種基于同態(tài)Hash的數據持有性證明方法[J];電子與信息學報;2011年09期

2 肖達;舒繼武;陳康;鄭緯民;;一個網絡歸檔存儲中實用的數據持有性檢查方案[J];計算機研究與發(fā)展;2009年10期

3 曹夕;許力;陳蘭香;;云存儲系統(tǒng)中數據完整性驗證協(xié)議[J];計算機應用;2012年01期

4 劉帆;楊明;;一種用于云存儲的密文策略屬性基加密方案[J];計算機應用研究;2012年04期

5 陳康;鄭緯民;;云計算:系統(tǒng)實例與研究現狀[J];軟件學報;2009年05期

6 高建秀;吳振新;孫碩;;云存儲在數字資源長期保存中的應用探討[J];現代圖書情報技術;2010年06期

本文編號：1542633