發(fā)布時(shí)間：2018-02-13 16:58

  本文關(guān)鍵詞： 存儲(chǔ)安全 身份認(rèn)證 訪問控制　出處：《華中科技大學(xué)》2016年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著物聯(lián)網(wǎng)的發(fā)展和移動(dòng)終端的普及,越來越多的數(shù)字資源被產(chǎn)生,數(shù)據(jù)安全的挑戰(zhàn)也越來越大。尤其是隨著云存儲(chǔ)技術(shù)的普及,人們開始更多將自己的私有數(shù)據(jù)上傳到云端備份,卻對(duì)數(shù)據(jù)安全的擔(dān)憂絲毫沒有減少,反而更大。現(xiàn)有的數(shù)據(jù)安全存儲(chǔ)方案大多采用集中式的安全管理,安全邊界明顯,且很難避免內(nèi)部攻擊,大多都留有后門。提出一種基于身份的分布式存儲(chǔ)安全方案,無論是處于某個(gè)云存儲(chǔ)平臺(tái)還是開放的環(huán)境下,都可以很好的保證數(shù)據(jù)的安全。通過基于身份的認(rèn)證方式,便于系統(tǒng)用戶驗(yàn)證,同時(shí),將安全相關(guān)信息跟數(shù)據(jù)綁定在一起,將安全操作下放到用戶訪問數(shù)據(jù)的終端進(jìn)行,存儲(chǔ)服務(wù)端只需保證用戶的數(shù)據(jù)不丟失。在設(shè)計(jì)中,用戶訪問控制相關(guān)的信息用被共享用戶的公鑰加密,此外,數(shù)據(jù)所有者可以定制靈活的訪問策略進(jìn)一步保證數(shù)據(jù)的安全,不管數(shù)據(jù)流向何方。與傳統(tǒng)的存儲(chǔ)安全系統(tǒng)不同,該方案實(shí)現(xiàn)了完全分布式數(shù)據(jù)安全管理。在對(duì)象文件系統(tǒng)上對(duì)所提的方案進(jìn)行了原型實(shí)現(xiàn)。測(cè)試分析表明,基于身份的加密算法可以很好的滿足網(wǎng)絡(luò)環(huán)境下用戶的分布式身份驗(yàn)證需求,該方案權(quán)限和策略檢查的時(shí)間開銷和帶來的額外空間開銷是可以接受的。4K Byte大小的文件額外空間開銷占比4.3%,且文件越大,額外空間占比越小。
[Abstract]:With the development of the Internet of things and the popularity of mobile terminals, more and more digital resources have been generated, and the challenges of data security have become greater and greater, especially with the popularization of cloud storage technology. People start uploading their private data to the cloud more, but not less worried about data security, but bigger. Most of the existing data security storage schemes use centralized security management, the security boundaries are clear. And it is difficult to avoid internal attacks, most of them have a backdoor. This paper proposes an identity-based distributed storage security scheme, whether in a cloud storage platform or an open environment. Through the authentication method based on identity, it is convenient for the system user to verify. At the same time, the security related information is bound together with the data, and the security operation is devolved to the terminal where the user accesses the data. The storage server only needs to ensure that the user's data is not lost. In the design, the information related to user access control is encrypted with the public key of the shared user. In addition, the data owner can customize the flexible access policy to further ensure the security of the data. Different from the traditional storage security system, this scheme realizes the security management of completely distributed data. The prototype of the proposed scheme is implemented on the object file system. The test results show that, The ID-based encryption algorithm can meet the distributed authentication requirements of users in the network environment. The time cost and extra space overhead of permission and policy checking in this scheme are 4. 3% of the acceptable. 4K Byte file. The larger the file is, the smaller the extra space is.
【學(xué)位授予單位】：華中科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP333;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 薛矛;薛巍;舒繼武;劉洋;;一種云存儲(chǔ)環(huán)境下的安全存儲(chǔ)系統(tǒng)[J];計(jì)算機(jī)學(xué)報(bào);2015年05期

2 張涵;張建標(biāo);張濤;;一種可對(duì)抗女巫攻擊的激勵(lì)模型研究[J];計(jì)算機(jī)技術(shù)與發(fā)展;2012年12期

3 項(xiàng)國(guó)富;金海;鄒德清;陳學(xué)廣;;基于虛擬化的安全監(jiān)控[J];軟件學(xué)報(bào);2012年08期

4 陳傳波;徐西寧;;Web Services環(huán)境下一種高效抵御重傳攻擊的方法[J];計(jì)算機(jī)工程與科學(xué);2007年08期

5 張雁,林英,郝林;橢圓曲線公鑰密碼體制的研究熱點(diǎn)綜述[J];計(jì)算機(jī)工程;2004年03期

相關(guān)博士學(xué)位論文 前2條

1 牛中盈;并行文件系統(tǒng)安全性研究[D];華中科技大學(xué);2010年

2 陳蘭香;網(wǎng)絡(luò)存儲(chǔ)中保障數(shù)據(jù)安全的高效方法研究[D];華中科技大學(xué);2009年

，

本文編號(hào)：1508647