【摘要】：隨著近年來云存儲的發(fā)展,越來越多的企業(yè)與個人開始認識并使用云存儲。由于云存儲服務提供商不完全可信,云存儲的安全性一直是各界關(guān)注的焦點,也成為云存儲能否大力發(fā)展的關(guān)鍵因素。云存儲安全主要包括機密性、完整性、可用性三個方面[1]。其中機密性指用戶在云中的數(shù)據(jù)以密文的形式存儲,非授權(quán)用戶包括云存儲服務提供商不得非法獲取其明文;完整性指用戶在云中的數(shù)據(jù)與其原始數(shù)據(jù)一致,未被非法篡改或刪除,亦稱云端完整持有用戶數(shù)據(jù);可用性指授權(quán)用戶可以隨時訪問或取回自己存儲在云中的數(shù)據(jù)。本論文對云存儲中完整性檢測算法——數(shù)據(jù)持有性證明(Provable of Data Possession,PDP)進行深入研究,圍繞數(shù)據(jù)動態(tài)更新、引入隱式可信第三方代替用戶進行持有性審計、減少客戶端存文件開銷這三大方面進行研究,目的在于最大限度減少用戶在數(shù)據(jù)完整性檢測過程的開銷,增加PDP方案的實用性。論文分別從數(shù)據(jù)更新模型,完整性審計架構(gòu)及存文件流程方面對現(xiàn)有PDP方案進行改進,提出了兩種更加實用的方案——MF-PDP與UF-PDP,在保證系統(tǒng)安全性的前提下顯著減少了客戶端開銷。最終,在分布式云存儲系統(tǒng)中進行了方案實現(xiàn),并測試方案性能。在支持云端數(shù)據(jù)動態(tài)更新方面,與現(xiàn)有研究關(guān)注數(shù)據(jù)的全動態(tài)更新不同,本論文從另一個角度出發(fā),通過分析云存儲中典型的數(shù)據(jù)更新模式,提出了以文件組為單位進行持有性審計的思想,并與基于RSA算法的同態(tài)認證元結(jié)合,形成多文件數(shù)據(jù)持有性證明(Multiple-File PDP,MF-PDP)方案。通過在一次挑戰(zhàn)中挑戰(zhàn)一組文件的持有性,MF-PDP可以大幅度減少審計過程的開銷,解決了現(xiàn)有方案中由于引入復雜數(shù)據(jù)結(jié)構(gòu)維護更新數(shù)據(jù)造成的審計開銷大的缺陷。在引入可信第三方方面,針對現(xiàn)有方案中企業(yè)或機構(gòu)作為第三方存在的難于部署、潛在用戶隱私數(shù)據(jù)泄露的問題,本論文采用基于隱式可信第三方的審計架構(gòu),將可信硬件作為隱式持有性審計者,代替用戶進行持有性審計,并引入顯篡改日志,將審計結(jié)果以可信的方式呈現(xiàn)給用戶,最大限度減少用戶在線時間。針對客戶端存文件開銷大的問題,本論文基于經(jīng)濟理性云服務器端的假設,重新定義了 PDP方案的存文件流程,令云端生成文件的認證元,并通過完整的交互協(xié)議保證了方案的安全性。通過與基于RSA和PRF的同態(tài)認證元結(jié)合,形成近零用戶開銷的數(shù)據(jù)持有性證明(User-Free PDP,UF-PDP)方案。為了驗證上述方案的可行性并測試方案性能,本文基于分布式云存儲系統(tǒng)實現(xiàn)了 MF-PDP與UF-PDP。理論分析顯示,MF-PDP與UF-PDP將審計過程開銷由O(n)降至O(1),在此之上,UF-PDP將客戶端的存文件計算開銷由O(n)降至O(1)。實驗結(jié)果表明,在保證安全性的前提下,MF-PDP將審計開銷降至2秒以下,且不隨文件個數(shù)增加而顯著增長;當待存文件大小為1G時,UF-PDP將客戶端的時間開銷由原始PDP方案[2]的25479秒降至1秒。
[Abstract]:With the development of cloud storage in recent years, more and more enterprises and individuals have started to recognize and use cloud storage. Because the cloud storage service provider is not completely trusted, the security of cloud storage has been the focus of attention in all circles, and it is also the key factor in the development of cloud storage. Cloud storage security includes three aspects of confidentiality, integrity, availability[1]. in which the confidentiality means that the data of the user in the cloud is stored in the form of a cipher text, the non-authorized user including the cloud storage service provider must not illegally obtain its plain text; the integrity means that the data of the user in the cloud is consistent with its original data and is not tampered with or deleted illegally, It is also known that the cloud fully holds user data; availability means that the authorized user can access or retrieve data stored in the cloud at any time. In this paper, the integrity detection algorithm _ data holding proof (PDP) in the cloud storage is deeply researched, the data dynamic update is carried out, an implicit trusted third party is introduced to replace the user for holding the auditing, and the three aspects of the cost of the client-side storage file are reduced. The purpose of the invention is to minimize the cost of the user in the data integrity detection process and to increase the practicability of the PDP scheme. In this paper, two more practical solutions _ MF-PDP and UF-PDP are proposed to improve the security of the system. Finally, the scheme is implemented in the distributed cloud storage system, and the performance of the scheme is tested. in that aspect of support the dynamic update of the cloud data, in contrast to the full dynamic update of the existing research interest data, And combining with the homomorphic authentication element based on the RSA algorithm to form a Multiple-File PDP (MF-PDP) scheme. By challenging the holding of a set of files in one challenge, the MF-PDP can greatly reduce the overhead of the audit process, and solve the defect that the audit cost caused by the introduction of the complex data structure maintenance update data in the prior scheme is large. in that aspect of introducing a trusted third party, aiming at the problem that an enterprise or a mechanism exist in an existing scheme as a third-party and is difficult to deploy and the private data of a potential user is leaked, the thesis adopts an implicit trusted third-party-based audit framework, and the trusted hardware is used as an implicit hold-in auditor, Instead of holding an audit with a user and introducing a tamper-evident log, the audit results are presented to the user in a trusted manner, minimizing the user's online time. Aiming at the problem of the large file overhead of the client, the paper redefines the file-keeping process of the PDP scheme based on the assumption of the server-side of the economic reason, so that the authentication element of the file is generated in the cloud, and the security of the scheme is ensured through the complete interaction protocol. A user-free pdp (uf-pdp) scheme is formed by combining a homomorphic authentication element based on rsa and prf to form a near-zero user overhead. In order to verify the feasibility of the above scheme and to test the performance of the scheme, this paper realizes the MF-PDP and UF-PDP based on the distributed cloud storage system. The theoretical analysis shows that MF-PDP and UF-PDP reduce the audit process overhead from O (n) to O (1), on which, the UF-PDP reduces the cost of the client's storage file from O (n) to O (1). The experimental results show that, on the premise of ensuring the security, the MF-PDP reduces the audit overhead to less than 2 seconds, and does not increase significantly with the increase of the number of files; when the file size to be stored is 1G, the time overhead of the UF-PDP to the client is reduced from 25479 seconds of the original PDP scheme[2] to 1 second.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2016
【分類號】：TP309;TP333

【相似文獻】

相關(guān)期刊論文 前10條

1 沈煒,陳純;基于條件可信第三方的不可否認協(xié)議[J];浙江大學學報(工學版);2004年01期

2 沈煒;基于離線條件可信第三方的掛號郵件協(xié)議[J];計算機工程;2004年07期

3 張福泰;;具有分布式半可信第三方的公平交換協(xié)議[J];計算機工程;2006年03期

4 ;我國提出《引入在線可信第三方的鑒別機制》提案[J];計算機安全;2010年02期

5 王彩芬,葛建華,屈勁,楊世勇;一個帶半可信第三方的公平非否認交換協(xié)議[J];華中科技大學學報;2001年07期

6 任艷麗,張建中;一個不含可信第三方的多方不可否認協(xié)議[J];計算機工程與應用;2004年36期

7 陳更力;張青;;不可否認協(xié)議中的可信第三方[J];計算機與網(wǎng)絡;2005年13期

8 任艷麗,張建中;一個含透明可信第三方的不可否認協(xié)議[J];計算機工程與應用;2005年05期

9 董濤;余昭平;劉振;;一個新的無可信第三方的多方不可否認協(xié)議[J];計算機工程與應用;2006年10期

10 孫玲芳;許金波;朱蕓;;基于可信第三方的安全支付協(xié)議的設計與分析[J];計算機應用;2006年12期

相關(guān)會議論文 前3條

1 王遠敏;汪學明;;一種改進的含離線可信第三方多方不可否認協(xié)議[A];邏輯學及其應用研究——第四屆全國邏輯系統(tǒng)、智能科學與信息科學學術(shù)會議論文集[C];2008年

2 王巖;孫斌;;基于可信第三方的安全可問責云存儲方案[A];第九屆中國通信學會學術(shù)年會論文集[C];2012年

3 艾助雄;何大可;何敏;;一個網(wǎng)絡游戲中虛擬物品的安全交易平臺[A];2006中國西部青年通信學術(shù)會議論文集[C];2006年

相關(guān)博士學位論文 前1條

1 沈煒;用于公平交換的若干協(xié)議和規(guī)范的研究與應用[D];浙江大學;2003年

相關(guān)碩士學位論文 前10條

1 楊綠茵;基于隱式可信第三方的數(shù)據(jù)持有性證明算法[D];北京郵電大學;2016年

2 常思遠;基于可信第三方的Android應用完整性驗證模型[D];河北大學;2015年

3 李龍一佳;支持去重的動態(tài)數(shù)據(jù)安全審計云存儲系統(tǒng)[D];北京理工大學;2015年

4 趙魏娟;基于可信第三方推薦的信譽機制模型研究[D];西安建筑科技大學;2013年

5 王巖;基于可信第三方的安全可問責云存儲方案的研究與實現(xiàn)[D];北京郵電大學;2013年

6 李強;類離線可信第三方不可否認協(xié)議設計及分析[D];重慶大學;2014年

7 李升;云計算環(huán)境下的服務監(jiān)管模式及其監(jiān)管角色選擇研究[D];合肥工業(yè)大學;2013年

8 任艷麗;關(guān)于不可否認協(xié)議中第三方的研究[D];陜西師范大學;2005年

9 寧春雨;基于可信第三方的數(shù)據(jù)凈化研究[D];北京郵電大學;2013年

10 姚鶴齡;基于可信第三方的移動Agent系統(tǒng)的安全性設計與實現(xiàn)[D];山東大學;2005年

，

本文編號：2479942