【摘要】：云存儲作為一種新興的存儲方式,憑借其存儲空間大,靈活性高,且存儲成本低等優(yōu)勢,備受用戶的喜愛。在云存儲快速發(fā)展的過程中,其安全性也顯得尤為重要,尤其是在數(shù)據(jù)完整性驗證方面。用戶使用云存儲時,將數(shù)據(jù)存儲到云端,用戶本地將不再擁有該數(shù)據(jù)的任何備份,一旦云端發(fā)生設(shè)備故障,或遭到入侵者攻擊,都會造成用戶數(shù)據(jù)的損壞甚至丟失。而提供云存儲服務(wù)的商家往往會為了避免糾紛、減少賠償、維持聲譽等原因向用戶隱瞞這些事件的發(fā)生以及造成的后果。本文就上述問題,對云存儲的數(shù)據(jù)完整性驗證展開了深入研究。重點分析當(dāng)前已有的完整性驗證方案在性能上、安全上的不足,分別對于單一云和混合云的兩種云存儲環(huán)境提出優(yōu)化的完整性驗證方案,并對提出的方案進(jìn)行理論分析和仿真驗證,證明方案的正確性和在性能上的優(yōu)勢。本論文的主要工作有:(1)分析了當(dāng)前云存儲中存在的各種安全性問題,主要是數(shù)據(jù)完整性驗證問題。然后分別在單一云和混合云的環(huán)境下,對當(dāng)前已有的完整性驗證方案,在性能上(如通信開銷、計算開銷等)以及安全性上(如支持第三方驗證等)分析其中存在的問題或需要改進(jìn)的地方。最后總結(jié)了當(dāng)前需要研究的重點和方向。(2)在單一云的環(huán)境下,針對已有的數(shù)據(jù)的完整性驗證方案,總結(jié)它們的共性和不足,提出一種通信開銷更小、驗證方式更簡便、效率更高的驗證方案。本方案在Merkel Tree模型的基礎(chǔ)上,利用了Diffie-Hellman算法的特性,在用戶最小化本地存儲開銷(僅O(1))和通信過程開銷O(logn)的前提下,實現(xiàn)了可以對云端數(shù)據(jù)進(jìn)行無限次、且選擇性地驗證。(3)在混合云的環(huán)境下,本文采用了基于雙線性映射的BLS簽名算法,提出了在用戶的數(shù)據(jù)存于多個云端的情況下,可以一次性驗證數(shù)據(jù)完整性的方案。該方案引入“中繼者”的角色,使用同態(tài)聚合的方式,實現(xiàn)了混合云環(huán)境下的數(shù)據(jù)完整性高效驗證。
[Abstract]:Cloud storage as a new storage method, with its large storage space, high flexibility, and low storage costs and other advantages, is popular with users. In the process of rapid development of cloud storage, its security is especially important, especially in data integrity verification. When a user uses cloud storage, he stores the data to the cloud, and the user will no longer have any backup of the data. Once the cloud fails or is attacked by an intruder, the data of the user will be damaged or even lost. In order to avoid disputes, reduce compensation and maintain reputation, merchants providing cloud storage services often conceal the occurrence and consequences of these events from users. In this paper, the data integrity verification of cloud storage is studied. This paper focuses on the analysis of the performance and security shortcomings of the existing integrity verification schemes, and proposes an optimized integrity verification scheme for the two cloud storage environments, single cloud and mixed cloud, respectively. The theoretical analysis and simulation results show that the scheme is correct and has advantages in performance. The main work of this thesis is as follows: (1) the security problems in cloud storage are analyzed, mainly data integrity verification. Then, in the case of a single cloud and a mixed cloud, the current integrity verification scheme is validated in terms of performance, such as communication overhead, Computing overhead, etc.) and security (such as support for third-party verification) to analyze the problems or areas that need to be improved. Finally, the emphasis and direction of current research are summarized. (2) in a single cloud environment, for the existing data integrity verification scheme, sum up their commonalities and shortcomings, propose a communication cost is smaller, verification method is more simple, A more efficient verification scheme. On the basis of Merkel Tree model, this scheme makes use of the characteristic of Diffie-Hellman algorithm. Under the premise of minimizing local storage cost (O (1) only) and communication process overhead (O (logn), the scheme realizes infinite times for cloud data. And selective verification. (3) in the mixed cloud environment, the BLS signature algorithm based on bilinear mapping is adopted, and a scheme is proposed to verify the data integrity once the user's data is stored in more than one cloud. This scheme introduces the role of "relay" and uses homomorphic aggregation to verify the data integrity efficiently in the mixed cloud environment.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2016
【分類號】：TP333;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前9條

1 陳龍;李俊中;;支持不同粒度運算的遠(yuǎn)程數(shù)據(jù)完整性驗證[J];吉林大學(xué)學(xué)報(工學(xué)版);2012年S1期

2 劉婷婷;趙勇;;一種隱私保護(hù)的多副本完整性驗證方案[J];計算機工程;2013年07期

3 鄭軍;楊顯;;西門子PLC與頗爾FFS02/FFSXC完整性驗證儀之間的通訊[J];機電信息;2011年20期

4 楊平平;杜小勇;王潔萍;;DAS模式下基于密文分組索引的完整性驗證[J];計算機科學(xué)與探索;2010年05期

5 韓卓;冉曉e，

本文編號：2173157