面向云存儲(chǔ)的用戶數(shù)據(jù)安全機(jī)制研究
發(fā)布時(shí)間:2019-06-14 14:21
【摘要】:云計(jì)算環(huán)境依賴云存儲(chǔ)系統(tǒng)為用戶提供數(shù)據(jù)快速存儲(chǔ)、檢索等服務(wù),用戶的海量數(shù)據(jù)存儲(chǔ)于云存儲(chǔ)系統(tǒng)中,其數(shù)據(jù)的安全至關(guān)重要。近年來,云存儲(chǔ)系統(tǒng)中大量泄密事件的發(fā)生表明,針對云存儲(chǔ)的攻擊越來越多,直接威脅到用戶的數(shù)據(jù)安全。數(shù)據(jù)安全問題成為目前云存儲(chǔ)發(fā)展所面臨的重要問題之一。為了滿足用戶在使用云存儲(chǔ)服務(wù)時(shí)對其重要數(shù)據(jù)的安全保護(hù),必須增強(qiáng)云存儲(chǔ)系統(tǒng)中面向用戶數(shù)據(jù)安全的保護(hù)機(jī)制。通過設(shè)計(jì)數(shù)據(jù)的安全保護(hù)機(jī)制,研究機(jī)制中的關(guān)鍵技術(shù),保證了用戶的數(shù)據(jù)安全,滿足了用戶的服務(wù)需求,從而提升了整個(gè)云存儲(chǔ)的服務(wù)質(zhì)量。 本文通過研究和分析云存儲(chǔ)環(huán)境下用戶數(shù)據(jù)所面臨的安全問題,建立了面向云存儲(chǔ)用戶的數(shù)據(jù)安全機(jī)制,研究了數(shù)據(jù)安全機(jī)制中的兩項(xiàng)關(guān)鍵技術(shù),,保證了用戶數(shù)據(jù)的機(jī)密性和完整性。并通過對CloudSim云仿真平臺(tái)的擴(kuò)展構(gòu)建,對數(shù)據(jù)安全機(jī)制進(jìn)行了實(shí)驗(yàn)測試。本文主要貢獻(xiàn)如下: 1.針對云存儲(chǔ)環(huán)境下用戶數(shù)據(jù)的安全問題,設(shè)計(jì)了一種面向用戶的數(shù)據(jù)安全機(jī)制,提出了數(shù)據(jù)安全保護(hù)的機(jī)密性和完整性兩項(xiàng)關(guān)鍵技術(shù)。針對云環(huán)境服務(wù)的特征,給出了數(shù)據(jù)安全服務(wù)訪問流程,具體詮釋了對用戶數(shù)據(jù)安全的保護(hù)過程; 2.提出一種基于MDS矩陣的云數(shù)據(jù)機(jī)密性保護(hù)方法。對云存儲(chǔ)服務(wù)中用戶數(shù)據(jù)的機(jī)密性進(jìn)行了研究,采用MDS矩陣的“半可恢復(fù)”這一特性,設(shè)計(jì)了一種秘密分散存儲(chǔ)方案,并從理論上證明了方案的安全性;提出了一個(gè)高效的MDS矩陣構(gòu)造算法,提高了方案的效率,保證了整個(gè)方案的實(shí)用性; 3.提出一種基于雙線性對的云數(shù)據(jù)完整性驗(yàn)證方法。設(shè)計(jì)了一種基于雙線性對的云數(shù)據(jù)完整性驗(yàn)證算法,該方案既不需要在本地保存數(shù)據(jù)的備份,也不需要對整個(gè)外包的文件進(jìn)行計(jì)算,便可以在不泄漏用戶隱私信息為前提下,對用戶訪問提供無限次的完整性驗(yàn)證; 4.采用CloudSim云計(jì)算仿真工具對數(shù)據(jù)安全機(jī)制進(jìn)行實(shí)驗(yàn)驗(yàn)證。對CloudSim進(jìn)行擴(kuò)展,以實(shí)現(xiàn)面向云存儲(chǔ)用戶的數(shù)據(jù)安全機(jī)制,并在擴(kuò)展的CloudSim平臺(tái)上對安全機(jī)制進(jìn)行實(shí)驗(yàn)?zāi)M和比較分析。仿真實(shí)驗(yàn)表明,本文提出的數(shù)據(jù)安全機(jī)制對云用戶數(shù)據(jù)存取效率影響小,可用性好。
[Abstract]:Cloud computing environment relies on cloud storage system to provide users with fast data storage, retrieval and other services. The massive data of users is stored in cloud storage system, and the security of its data is very important. In recent years, the occurrence of a large number of leak events in cloud storage systems shows that there are more and more attacks on cloud storage, which directly threaten the data security of users. Data security has become one of the important problems in the development of cloud storage. In order to meet the security protection of important data when users use cloud storage service, it is necessary to enhance the protection mechanism of user-oriented data security in cloud storage system. By designing the security protection mechanism of data, the key technologies in the mechanism are studied to ensure the data security of users and meet the service needs of users, thus improving the quality of service of the whole cloud storage. In this paper, by studying and analyzing the security problems of user data in cloud storage environment, a data security mechanism for cloud storage users is established, and two key technologies in data security mechanism are studied to ensure the confidentiality and integrity of user data. Through the extended construction of CloudSim cloud simulation platform, the data security mechanism is tested. The main contributions of this paper are as follows: 1. In order to solve the problem of user data security in cloud storage environment, a user-oriented data security mechanism is designed, and two key technologies of data security protection, confidentiality and integrity, are proposed. According to the characteristics of cloud environment service, the access flow of data security service is given, and the protection process of user data security is explained concretely. 2. A method of cloud data confidentiality protection based on MDS matrix is proposed. The confidentiality of user data in cloud storage service is studied. Based on the "semi-recoverable" characteristic of MDS matrix, a secret decentralized storage scheme is designed, and the security of the scheme is proved theoretically. An efficient MDS matrix construction algorithm is proposed, which improves the efficiency of the scheme and ensures the practicability of the whole scheme. A cloud data integrity verification method based on bilinear pairs is proposed. In this paper, a bilinear pair based cloud data integrity verification algorithm is designed. The scheme does not need to save the backup of the data locally, nor does it need to calculate the whole outsourced file, so it can provide unlimited integrity verification for user access without leaking user privacy information. CloudSim cloud computing simulation tool is used to verify the data security mechanism. The CloudSim is extended to realize the data security mechanism for cloud storage users, and the security mechanism is simulated and compared on the extended CloudSim platform. The simulation results show that the data security mechanism proposed in this paper has little effect on the data access efficiency of cloud users and has good availability.
【學(xué)位授予單位】:解放軍信息工程大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2013
【分類號】:TP309.2;TP333
本文編號:2499454
[Abstract]:Cloud computing environment relies on cloud storage system to provide users with fast data storage, retrieval and other services. The massive data of users is stored in cloud storage system, and the security of its data is very important. In recent years, the occurrence of a large number of leak events in cloud storage systems shows that there are more and more attacks on cloud storage, which directly threaten the data security of users. Data security has become one of the important problems in the development of cloud storage. In order to meet the security protection of important data when users use cloud storage service, it is necessary to enhance the protection mechanism of user-oriented data security in cloud storage system. By designing the security protection mechanism of data, the key technologies in the mechanism are studied to ensure the data security of users and meet the service needs of users, thus improving the quality of service of the whole cloud storage. In this paper, by studying and analyzing the security problems of user data in cloud storage environment, a data security mechanism for cloud storage users is established, and two key technologies in data security mechanism are studied to ensure the confidentiality and integrity of user data. Through the extended construction of CloudSim cloud simulation platform, the data security mechanism is tested. The main contributions of this paper are as follows: 1. In order to solve the problem of user data security in cloud storage environment, a user-oriented data security mechanism is designed, and two key technologies of data security protection, confidentiality and integrity, are proposed. According to the characteristics of cloud environment service, the access flow of data security service is given, and the protection process of user data security is explained concretely. 2. A method of cloud data confidentiality protection based on MDS matrix is proposed. The confidentiality of user data in cloud storage service is studied. Based on the "semi-recoverable" characteristic of MDS matrix, a secret decentralized storage scheme is designed, and the security of the scheme is proved theoretically. An efficient MDS matrix construction algorithm is proposed, which improves the efficiency of the scheme and ensures the practicability of the whole scheme. A cloud data integrity verification method based on bilinear pairs is proposed. In this paper, a bilinear pair based cloud data integrity verification algorithm is designed. The scheme does not need to save the backup of the data locally, nor does it need to calculate the whole outsourced file, so it can provide unlimited integrity verification for user access without leaking user privacy information. CloudSim cloud computing simulation tool is used to verify the data security mechanism. The CloudSim is extended to realize the data security mechanism for cloud storage users, and the security mechanism is simulated and compared on the extended CloudSim platform. The simulation results show that the data security mechanism proposed in this paper has little effect on the data access efficiency of cloud users and has good availability.
【學(xué)位授予單位】:解放軍信息工程大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2013
【分類號】:TP309.2;TP333
【參考文獻(xiàn)】
相關(guān)期刊論文 前1條
1 郝斐;王雷;荊繼武;常建國;;云存儲(chǔ)安全增強(qiáng)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[J];信息網(wǎng)絡(luò)安全;2012年03期
本文編號:2499454
本文鏈接:http://sikaile.net/kejilunwen/jisuanjikexuelunwen/2499454.html
最近更新
教材專著
