【摘要】：云計算是從并行計算、網(wǎng)格計算、分布式計算等傳統(tǒng)模式發(fā)展而成的一種新型數(shù)據(jù)計算與共享模式,其特點是計算高效、性價比高、使用便捷等。因為云計算的這些優(yōu)點,越來越多的用戶將自己本地主機的數(shù)據(jù)上傳到云端,以享受資源的快捷共享和高效計算。但是云計算帶給用戶高效、便利的服務(wù)的同時,也將數(shù)據(jù)安全性問題一并帶給了用戶,如何保障數(shù)據(jù)安全成為了云計算發(fā)展的瓶頸。隱私保護技術(shù)是保障數(shù)據(jù)安全的核心技術(shù)之一,通過對上傳數(shù)據(jù)加密、對云端過期數(shù)據(jù)確定性刪除以及在加密狀態(tài)下對數(shù)據(jù)檢索等方法來保障數(shù)據(jù)的安全。傳統(tǒng)的隱私保護技術(shù)存在著各式各樣問題。如:條件代理重加密方案中存在對條件的保護不完善的問題;云數(shù)據(jù)密文檢索方案中存在較低的檢索準(zhǔn)確率和檢索容錯率不高的問題;過期數(shù)據(jù)確定性刪除方案中,存在缺乏對存儲密鑰的節(jié)點進行信任值評估的問題。本文針對傳統(tǒng)隱私保護技術(shù)存在的上述問題,從條件代理加密方案、密文檢索方案和過期數(shù)據(jù)確定性刪除方案三方面進行了深入研究并提出相應(yīng)的創(chuàng)新方案,主要內(nèi)容概括如下。1.云計算中傳統(tǒng)的條件代理重加密方案存在對設(shè)定的條件保護不足,容易被攻擊者獲得條件的內(nèi)容從而猜測數(shù)據(jù)擁有者身份信息,繼而猜測出密鑰的具體信息造成隱私數(shù)據(jù)泄露的問題。本文針對上述問題在基于身份的代理重加密方案基礎(chǔ)上,利用DNA編碼對條件進行加密,隱匿條件信息,使得攻擊者無法通過條件獲知數(shù)據(jù)擁有者身份信息。本文通過不可區(qū)分選擇明文攻擊隨機預(yù)言機模型證明提出的方案在DBDH復(fù)雜性問題下是安全的。2.云計算中傳統(tǒng)密文檢索方案存在檢索效率不高,容錯率低等問題。本文針對上述問題提出一種基于雙陷門的密文檢索方案,首先構(gòu)造雙索引結(jié)構(gòu)來支持多關(guān)鍵詞檢索和模糊檢索的并行操作,然后引入Huffman編碼樹和DFSC改良索引結(jié)構(gòu),提高檢索容錯率和減小索引存儲空間,最后使用TF-IDF規(guī)則隱藏關(guān)鍵詞詞頻。本文從索引、陷門和檢索過程三個方面對提出方案進行安全分析,證明了其具有安全性,并通過實驗證明了提出方案能夠有效地提高檢索容錯率和減小索引存儲空間。3.云計算中傳統(tǒng)過期數(shù)據(jù)確定性刪除方案存在缺乏對分布式哈希散列表(Distributed Hash Table,DHT)節(jié)點進行信任值評估的問題,若密鑰分量存儲在不可信或不誠實的DHT節(jié)點上,則極易導(dǎo)致密鑰分量被竊取,從而導(dǎo)致密鑰被惡意恢復(fù),繼而導(dǎo)致隱私數(shù)據(jù)泄露。本文針對上述問題提出一種基于信任值評估的數(shù)據(jù)確定性刪除方案,通過對用于存儲密鑰分量的DHT節(jié)點的細(xì)粒度信任值評估,使用戶能夠選擇信任值較高的節(jié)點存儲密鑰分量。本方案經(jīng)實驗證明能夠有效的提高獲取密鑰分量的成功率。
[Abstract]:Cloud computing is a new data computing and sharing model which is developed from traditional models such as parallel computing grid computing and distributed computing. It is characterized by high computing efficiency high cost performance and convenient use. Because of these advantages of cloud computing, more and more users upload their local host data to the cloud to enjoy the rapid sharing of resources and efficient computing. However, cloud computing brings users efficient and convenient services, but also brings data security issues to users. How to ensure data security has become the bottleneck of cloud computing development. Privacy protection technology is one of the core technologies to ensure data security. The security of data is ensured by encrypting the uploaded data, deleting the cloud expired data determinedly, and retrieving the data in the encrypted state. There are various problems in traditional privacy protection technology. For example, the condition protection is not perfect in the conditional agent reencryption scheme, the retrieval accuracy is low and the fault tolerance is not high in the cloud data ciphertext retrieval scheme. In the scheme of deterministic deletion of expired data, there is a lack of evaluating the trust value of the node that stores the key. Aiming at the above problems existing in the traditional privacy protection technology, this paper makes a thorough study on the conditional agent encryption scheme, the ciphertext retrieval scheme and the deterministic deletion scheme of expired data, and puts forward corresponding innovative schemes. The main contents are summarized as follows. 1. In cloud computing, the traditional conditional agent reencryption scheme has insufficient protection of the set conditions, so it is easy for an attacker to obtain the content of the condition and guess the identity of the data owner. Then guess the key of the specific information caused by the problem of privacy data disclosure. Based on the identity-based proxy reencryption scheme, this paper uses DNA encoding to encrypt the condition and conceal the information of the condition, which makes the attacker unable to know the identity information of the data owner through the condition. In this paper, it is proved that the proposed scheme is secure under the DBDH complexity problem by using the indistinguishable plaintext attack random oracle model. 2. Traditional ciphertext retrieval schemes in cloud computing have some problems, such as low retrieval efficiency and low fault tolerance. In this paper, a ciphertext retrieval scheme based on double trapdoor is proposed. Firstly, a double-index structure is constructed to support the parallel operations of multi-keyword retrieval and fuzzy retrieval, then Huffman coding tree and DFSC improved index structure are introduced. Finally, TF-IDF rules are used to hide keyword frequency. This paper analyzes the security of the proposed scheme from three aspects: index, trapdoor and retrieval process, and proves that the proposed scheme is secure. The experiments show that the proposed scheme can effectively improve the fault-tolerant rate of retrieval and reduce the storage space of the index. In the traditional deterministic deletion scheme of expired data in cloud computing, there is a lack of trust evaluation for distributed hash (Distributed Hash Table,DHT) nodes, if the key components are stored on dishonest or untrusted DHT nodes. It is easy to cause the key component to be stolen, which leads to the malicious recovery of the key and the disclosure of privacy data. In this paper, a data deterministic deletion scheme based on the evaluation of trust value is proposed. By evaluating the fine grained trust value of the DHT node used to store the key component, the user can select the node with higher trust value to store the key component. Experiments show that this scheme can effectively improve the success rate of obtaining key components.
【學(xué)位授予單位】：山東師范大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP309

【參考文獻】

相關(guān)期刊論文 前10條

1 王棟;熊金波;張曉穎;;面向云數(shù)據(jù)安全自毀的分布式哈希表網(wǎng)絡(luò)節(jié)點信任評估機制[J];計算機應(yīng)用;2016年10期

2 熊金波;李鳳華;王彥超;馬建峰;姚志強;;基于密碼學(xué)的云數(shù)據(jù)確定性刪除研究進展[J];通信學(xué)報;2016年08期

3 張坤;楊超;馬建峰;張俊偉;;基于密文采樣分片的云端數(shù)據(jù)確定性刪除方法[J];通信學(xué)報;2015年11期

4 李晉國;田秀霞;周傲英;;面向DaaS保護隱私的模糊關(guān)鍵字查詢[J];計算機學(xué)報;2016年02期

5 譚鎮(zhèn)林;張薇;;適用于多方云計算的同態(tài)代理重加密方案[J];小型微型計算機系統(tǒng);2015年08期

6 譚霜;賈焰;韓偉紅;;云存儲中的數(shù)據(jù)完整性證明研究及進展[J];計算機學(xué)報;2015年01期

7 馮貴蘭;譚良;;基于信任值的云存儲數(shù)據(jù)確定性刪除方案[J];計算機科學(xué);2014年06期

8 潘峰;葛運龍;張倩;申軍偉;;基于身份的條件型廣播代理重加密方案[J];計算機應(yīng)用;2014年04期

9 翟學(xué)偉;;信任的本質(zhì)及其文化[J];社會;2014年01期

10 熊金波;姚志強;馬建峰;李鳳華;劉西蒙;;面向網(wǎng)絡(luò)內(nèi)容隱私的基于身份加密的安全自毀方案[J];計算機學(xué)報;2014年01期

相關(guān)博士學(xué)位論文 前1條

1 周德華;代理重加密體制的研究[D];上海交通大學(xué);2013年

相關(guān)碩士學(xué)位論文 前1條

1 蘇弘逸;云計算數(shù)據(jù)隱私保護方法的研究[D];南京郵電大學(xué);2012年

，

本文編號：2398802