本文關(guān)鍵詞： 云存儲(chǔ) 云安全 數(shù)據(jù)完整性 并行審計(jì) Hadoop MapReduce 數(shù)據(jù)持有性證明　出處：《湖南大學(xué)》2013年碩士論文　論文類型：學(xué)位論文

【摘要】：云存儲(chǔ)是云計(jì)算理論和技術(shù)的衍生和發(fā)展，因具有使用便捷、按需付費(fèi)(pay-as-you-go)和不受時(shí)間空間局限等特性而成為最有吸引力的分布式存儲(chǔ)方式之一。然而，相較傳統(tǒng)存儲(chǔ)方式，在存儲(chǔ)服務(wù)提供商缺失信任約束前提下，云存儲(chǔ)用戶無(wú)法直接有效管理自身數(shù)據(jù)，由此帶來(lái)的云數(shù)據(jù)安全性問題制約了云存儲(chǔ)技術(shù)的廣泛應(yīng)用和發(fā)展。數(shù)據(jù)完整性保證技術(shù)是保證云中數(shù)據(jù)安全性的關(guān)鍵技術(shù)，現(xiàn)有的完整性檢測(cè)研究主要集中在驗(yàn)證算法的改進(jìn)、數(shù)據(jù)動(dòng)態(tài)更新的支持和損壞數(shù)據(jù)的恢復(fù)等方面，且大多處于理論研究階段，無(wú)法適用以集群為主要構(gòu)建方式的云存儲(chǔ)環(huán)境。 本文以構(gòu)建適用于集群環(huán)境的云中數(shù)據(jù)完整性檢測(cè)模型和技術(shù)為主要應(yīng)用目標(biāo)，詳細(xì)研究和分析了目前數(shù)據(jù)持有性審計(jì)的研究現(xiàn)狀，以數(shù)據(jù)持有性證明(Provable Data Possession,PDP)方案和數(shù)據(jù)持有性審計(jì)方案(Data PossessionAudit,DPA)為基礎(chǔ)，結(jié)合集群式云存儲(chǔ)環(huán)境的具體特點(diǎn)，提出了一種云數(shù)據(jù)完整性檢測(cè)模型—數(shù)據(jù)持有性并行審計(jì)模型(Parallel Audit for DataPossession,PADP)。PADP綜合利用PDP方案和DPA方案的優(yōu)勢(shì)，將用戶與存儲(chǔ)服務(wù)提供商完全分離，以信任的第三方審計(jì)器為中心，加入審計(jì)日志機(jī)制，在充分保證審計(jì)過程安全性的基礎(chǔ)上可以顯著減少用戶進(jìn)行數(shù)據(jù)完整性檢測(cè)的存儲(chǔ)和計(jì)算開銷。針對(duì)傳統(tǒng)數(shù)據(jù)持有性審計(jì)方案中原有算法無(wú)法適用集群式云存儲(chǔ)環(huán)境問題，對(duì)PDP模型中基于RSA的同態(tài)標(biāo)簽驗(yàn)證算法進(jìn)行了改進(jìn)，提出和設(shè)計(jì)了一種基于MapReduce的挑戰(zhàn)證明并行生成算法(MapReduce-based Parallel Generation Challenge ProofAlgorithm,MR_PGCPA)，并通過理論分析證明了該算法具有良好的安全性能。最后，基于以上模型和算法，設(shè)計(jì)和實(shí)現(xiàn)了一個(gè)基于Hadoop集群環(huán)境的PADP原型系統(tǒng)，，給出了詳細(xì)的用例、模塊和算法流程設(shè)計(jì)和實(shí)現(xiàn)細(xì)節(jié)。測(cè)試結(jié)果表明：PADP方案可以顯著減少用戶的通信量和存儲(chǔ)開銷；當(dāng)存儲(chǔ)文件較大、計(jì)算節(jié)點(diǎn)較多時(shí)，隨MR_PGCPA算法的引入，可以顯著的減少相應(yīng)的計(jì)算開銷，提高檢測(cè)效率。
[Abstract]:Cloud storage is a derivation and development of cloud computing theory and technology. It is one of the most attractive distributed storage methods because of its advantages such as convenient use, pay-as-you-goon on demand and no limitation of time and space. However, compared with traditional storage methods, cloud storage has become one of the most attractive distributed storage methods. In the absence of trust constraints, cloud storage users can not manage their own data directly and effectively. The problem of cloud data security has restricted the wide application and development of cloud storage technology. Data integrity assurance technology is the key technology to ensure data security in the cloud. The existing researches on integrity detection mainly focus on the improvement of verification algorithm, the support of data dynamic update and the recovery of damaged data, and most of them are in the stage of theoretical research, so they can not be applied to the cloud storage environment which is built mainly by cluster. In order to construct the cloud data integrity detection model and technology suitable for cluster environment, this paper studies and analyzes the current research status of data holding audit in detail. On the basis of Provable Data possession-PDP) scheme and data possessionAuditor-DPA scheme, the paper combines the specific characteristics of cluster cloud storage environment. This paper presents a cloud data integrity checking model-parallel Audit for data possibilities PADP.PADP, which combines the advantages of PDP scheme and DPA scheme, separates users from storage service providers completely, and centers on trusted third-party auditors. Join the audit log mechanism, On the basis of fully guaranteeing the security of audit process, the storage and computing overhead of data integrity checking by users can be significantly reduced. In the traditional data holding audit scheme, the original algorithm can not be applied to the cluster cloud storage environment. The homomorphic tag verification algorithm based on RSA in PDP model is improved, and a challenge proof parallel generation algorithm based on MapReduce is proposed and designed. The algorithm is proved to have good security performance by theoretical analysis. Based on the above models and algorithms, a PADP prototype system based on Hadoop cluster environment is designed and implemented, and a detailed use case is given. The test results show that the proposed scheme can significantly reduce the amount of communication and storage overhead of the user, and when the storage file is large and there are more computing nodes, with the introduction of the MR_PGCPA algorithm, It can significantly reduce the computation cost and improve the detection efficiency.
【學(xué)位授予單位】：湖南大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2013
【分類號(hào)】：TP309.2;TP333

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 陳蘭香;;一種基于同態(tài)Hash的數(shù)據(jù)持有性證明方法[J];電子與信息學(xué)報(bào);2011年09期

2 肖達(dá);舒繼武;陳康;鄭緯民;;一個(gè)網(wǎng)絡(luò)歸檔存儲(chǔ)中實(shí)用的數(shù)據(jù)持有性檢查方案[J];計(jì)算機(jī)研究與發(fā)展;2009年10期

3 曹夕;許力;陳蘭香;;云存儲(chǔ)系統(tǒng)中數(shù)據(jù)完整性驗(yàn)證協(xié)議[J];計(jì)算機(jī)應(yīng)用;2012年01期

4 劉帆;楊明;;一種用于云存儲(chǔ)的密文策略屬性基加密方案[J];計(jì)算機(jī)應(yīng)用研究;2012年04期

5 陳康;鄭緯民;;云計(jì)算:系統(tǒng)實(shí)例與研究現(xiàn)狀[J];軟件學(xué)報(bào);2009年05期

6 高建秀;吳振新;孫碩;;云存儲(chǔ)在數(shù)字資源長(zhǎng)期保存中的應(yīng)用探討[J];現(xiàn)代圖書情報(bào)技術(shù);2010年06期

本文編號(hào)：1542633