【摘要】：具有高擴(kuò)展、高可靠、價(jià)格低廉等特性的云存儲(chǔ),作為新型存儲(chǔ)服務(wù)獲得大眾垂青。用戶(hù)將數(shù)據(jù)托管給服務(wù)商,享受服務(wù)商提供的“按需付費(fèi)”服務(wù),但是不能像監(jiān)控本地存儲(chǔ)一樣的監(jiān)管云端數(shù)據(jù)。用戶(hù)最為擔(dān)心的是云端數(shù)據(jù)的安全性、完整性和可用性,因此,如何保證服務(wù)商所托管數(shù)據(jù)的安全性、完整性和可用性成為研究熱點(diǎn)。一般的數(shù)據(jù)校驗(yàn)方法需要將云端數(shù)據(jù)下載到本地再進(jìn)行驗(yàn)證,這無(wú)疑會(huì)給網(wǎng)絡(luò)帶來(lái)極大負(fù)擔(dān),因而這種校驗(yàn)方法并不能得到業(yè)界認(rèn)可。隨后,以RSA等公鑰技術(shù)為基礎(chǔ)的完整性驗(yàn)證算法,因其可以保證校驗(yàn)過(guò)程的保密性、通信開(kāi)銷(xiāo)低而得到應(yīng)用。然而RSA公鑰技術(shù)涉及大量指數(shù)運(yùn)算導(dǎo)致計(jì)算量太大。云端數(shù)據(jù)具有動(dòng)態(tài)性,用戶(hù)可以進(jìn)行增加、刪除、更新等操作,這無(wú)形中對(duì)云端數(shù)據(jù)完整性驗(yàn)證提出了挑戰(zhàn)。順應(yīng)這種需求,市面上出現(xiàn)了多種動(dòng)態(tài)完整性驗(yàn)證方案,大部分基于MHT。伴隨未來(lái)量子計(jì)算機(jī)的發(fā)展,基于傳統(tǒng)數(shù)學(xué)困難問(wèn)題的密碼方案不再安全,比如基于大整數(shù)分解困難問(wèn)題的RSA密碼技術(shù)。因而,對(duì)云端數(shù)據(jù)完整性驗(yàn)證方案提出了如下更高的要求:(1)密碼方案可以抵抗量子攻擊;(2)支持公有審計(jì);(3)保證驗(yàn)證過(guò)程中數(shù)據(jù)的隱私保護(hù);(4)支持動(dòng)態(tài)性驗(yàn)證;(5)運(yùn)算效率高。本文以云存儲(chǔ)完整性驗(yàn)證為研究對(duì)象,完成了以下兩個(gè)方面的工作:1.本文利用基于格的線性同態(tài)簽名方案(LHS)、默克爾哈希樹(shù)(MHT)構(gòu)造了可信第三方云存儲(chǔ)完整性動(dòng)態(tài)驗(yàn)證方案,此方案滿足上述五個(gè)高級(jí)要求。方案引入可信第三方審計(jì)來(lái)支持公有審計(jì),通過(guò)MHT的定義獲得根節(jié)點(diǎn)的值,進(jìn)而由根節(jié)點(diǎn)的值來(lái)判斷云端數(shù)據(jù)塊的完整性。并使用Python編程語(yǔ)言實(shí)現(xiàn)基本算法。2.本文描述并分析了當(dāng)前HDFS文件操作機(jī)制及完整性驗(yàn)證方法,提出了完整性驗(yàn)證的不足——不能抵抗量子攻擊。由于本文所提方案要求用戶(hù)有較高的計(jì)算能力,為了減輕用戶(hù)的計(jì)算負(fù)擔(dān),在用戶(hù)與HDFS集群之間引入了應(yīng)用服務(wù)器,并詳細(xì)介紹文件管理、完整性驗(yàn)證預(yù)處理功能的實(shí)現(xiàn)。
[Abstract]:Cloud storage, which has the characteristics of high expansion, high reliability and low price, has been popular as a new storage service. Users host the data to the service provider and enjoy the "pay-as-you-go" service provided by the service provider, but they cannot monitor cloud data like monitoring local storage. Users are most worried about the security, integrity and availability of cloud data, so how to ensure the security, integrity and availability of data hosted by service providers has become a research focus. The general data verification method needs to download the cloud data to the local for verification, which will undoubtedly bring a great burden to the network, so this verification method can not be recognized by the industry. Then, the integrity verification algorithm based on RSA and other public key technologies is applied because it can ensure the confidentiality of the verification process and the communication overhead is low. However, RSA public key technology involves a large number of exponential operations, resulting in too much computation. Cloud data is dynamic, and users can increase, delete, update and so on, which challenges the integrity verification of cloud data. In response to this demand, there are a variety of dynamic integrity verification schemes on the market, most of which are based on MHT.. With the development of quantum computer in the future, the cryptography scheme based on traditional mathematical difficulty problem is no longer secure, such as RSA cryptography technology based on large integer decomposition difficulty problem. Therefore, the following higher requirements are put forward for the cloud data integrity verification scheme: (1) the cryptography scheme can resist quantum attacks; (2) support public audit; (3) ensure the privacy protection of the data in the verification process; (4) support dynamic verification; (5) the operation efficiency is high. In this paper, cloud storage integrity verification is taken as the research object, and the following two aspects are completed: 1. In this paper, a trusted third-party cloud storage integrity dynamic verification scheme is constructed by using the lattice-based linear homomorphism signature scheme (LHS), Merkell hash tree (MHT), which meets the above five advanced requirements. The scheme introduces trusted third party audit to support public audit, obtains the value of root node through the definition of MHT, and then judges the integrity of cloud data block by the value of root node. The basic algorithm is realized by using Python programming language. 2. In this paper, the current HDFS file operation mechanism and integrity verification methods are described and analyzed, and the deficiency of integrity verification is proposed, which can not resist quantum attacks. Because the scheme proposed in this paper requires users to have high computing power, in order to reduce the computing burden of users, an application server is introduced between users and HDFS clusters, and the implementation of file management and integrity verification preprocessing is introduced in detail.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP333;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 陳龍;李俊中;;支持不同粒度運(yùn)算的遠(yuǎn)程數(shù)據(jù)完整性驗(yàn)證[J];吉林大學(xué)學(xué)報(bào)(工學(xué)版);2012年S1期

2 劉婷婷;趙勇;;一種隱私保護(hù)的多副本完整性驗(yàn)證方案[J];計(jì)算機(jī)工程;2013年07期

3 鄭軍;楊顯;;西門(mén)子PLC與頗爾FFS02/FFSXC完整性驗(yàn)證儀之間的通訊[J];機(jī)電信息;2011年20期

4 楊平平;杜小勇;王潔萍;;DAS模式下基于密文分組索引的完整性驗(yàn)證[J];計(jì)算機(jī)科學(xué)與探索;2010年05期

5 韓卓;冉曉e，

本文編號(hào)：2505766