【摘要】：云存儲(chǔ)是云計(jì)算的一種重要服務(wù),允許數(shù)據(jù)所有者將其數(shù)據(jù)托管在云服務(wù)器中,并通過網(wǎng)絡(luò)向用戶提供數(shù)據(jù)訪問。通過這種數(shù)據(jù)的外包服務(wù),可以給數(shù)據(jù)所有者帶來諸多方便：1)減少存儲(chǔ)管理的壓力；2)減少存儲(chǔ)硬件和軟件以及數(shù)據(jù)維護(hù)的費(fèi)用；3)可以實(shí)現(xiàn)任意地點(diǎn)、任意時(shí)間的數(shù)據(jù)訪問。與此同時(shí),云存儲(chǔ)也帶來了新的安全問題。數(shù)據(jù)存儲(chǔ)在云端后,其安全性高度依賴于云服務(wù)提供商。事實(shí)上云服務(wù)提供商是不能被完全信任的。首先,由于自然災(zāi)害、硬件故障、軟件故障和黑客攻擊等原因不可避免地造成數(shù)據(jù)的丟失。其次,云服務(wù)提供商可能對(duì)數(shù)據(jù)所有者的數(shù)據(jù)采取不可信的行為。如通過丟棄沒有或很少被訪問的數(shù)據(jù)來節(jié)省存儲(chǔ)空間,或者隱瞞數(shù)據(jù)損壞事件來維護(hù)其聲譽(yù)。由此可以看出,云存儲(chǔ)并不能保證數(shù)據(jù)所有者數(shù)據(jù)的完整性。傳統(tǒng)基于簽名或者消息驗(yàn)證碼的完整性驗(yàn)證方法需要先從云服務(wù)器下載全部原始數(shù)據(jù),然后驗(yàn)證對(duì)應(yīng)的簽名或者消息驗(yàn)證碼的正確性。在云存儲(chǔ)環(huán)境下,因數(shù)據(jù)量大,該方法是非常低效的。為了安全高效地驗(yàn)證云端數(shù)據(jù)的完整性,第三方審計(jì)方法是近年來的研究熱點(diǎn)。數(shù)據(jù)所有者將數(shù)據(jù)文件分塊并為每一數(shù)據(jù)塊計(jì)算相應(yīng)的數(shù)據(jù)標(biāo)簽。數(shù)據(jù)塊和標(biāo)簽都存儲(chǔ)在云端,審計(jì)者通過抽樣檢查部分?jǐn)?shù)據(jù)塊與標(biāo)簽是否匹配來驗(yàn)證數(shù)據(jù)的完整性。其優(yōu)勢(shì)有：1)不需要下載全部原始數(shù)據(jù)。2)將審計(jì)工作委托給審計(jì)者,減輕了數(shù)據(jù)所有者的負(fù)擔(dān)。3)為數(shù)據(jù)所有者和云服務(wù)器商提供公平可信的審計(jì)結(jié)果。在第三方審計(jì)過程中,必須保證審計(jì)者是在不能獲取數(shù)據(jù)內(nèi)容的前提下進(jìn)行盲審計(jì)。否則,它將給所有者的數(shù)據(jù)帶來新的安全問題。當(dāng)考慮群組中多用戶都可以對(duì)云端同一份數(shù)據(jù)文件進(jìn)行訪問和修改時(shí),共享數(shù)據(jù)的完整性審計(jì)面臨著新的挑戰(zhàn),比如身份隱私保護(hù)和用戶撤銷等問題。數(shù)據(jù)所有者關(guān)心其數(shù)據(jù)完整性的同時(shí),云服務(wù)提供商同樣會(huì)關(guān)注存儲(chǔ)效率。當(dāng)將重復(fù)數(shù)據(jù)刪除技術(shù)和完整性審計(jì)結(jié)合考慮時(shí),重刪數(shù)據(jù)的完整性審計(jì)面臨著新的挑戰(zhàn),比如密文情況下重復(fù)數(shù)據(jù)刪除和重復(fù)標(biāo)簽刪除,以及重刪后怎么樣進(jìn)行完整性審計(jì)。當(dāng)檢查到云端數(shù)據(jù)被破壞或者丟失時(shí),數(shù)據(jù)所有者更關(guān)心的是被破壞或丟失的數(shù)據(jù)能否被修復(fù)。當(dāng)考慮再生碼存儲(chǔ)數(shù)據(jù)的完整性審計(jì)問題時(shí),其面臨著新的挑戰(zhàn),比如分布式存儲(chǔ)的完整性審計(jì)和錯(cuò)誤定位、修復(fù)過程的污染攻擊以及支持編碼數(shù)據(jù)更新的動(dòng)態(tài)審計(jì)。本文從個(gè)人數(shù)據(jù)、共享數(shù)據(jù)、密文重刪數(shù)據(jù)和再生碼存儲(chǔ)數(shù)據(jù)等四個(gè)方面對(duì)云存儲(chǔ)中的數(shù)據(jù)完整性審計(jì)問題進(jìn)行研究,提出了不同情況下的盲審計(jì)方法分別解決不同的關(guān)鍵問題。論文的主要工作可以總結(jié)為以下幾個(gè)方面：(1)提出了一種基于雙線性映射加密的個(gè)人數(shù)據(jù)完整性盲審計(jì)方法。首先,設(shè)計(jì)了個(gè)人數(shù)據(jù)盲審計(jì)方案的框架并給出了相應(yīng)的定義,該定義由5個(gè)算法組成。利用雙線性對(duì)映射的性質(zhì),在云服務(wù)器端將數(shù)據(jù)證據(jù)和標(biāo)簽證據(jù)加密后再合并,實(shí)現(xiàn)審計(jì)者在不知數(shù)據(jù)內(nèi)容的情況下進(jìn)行盲審計(jì)。其次,設(shè)計(jì)高效的索引機(jī)制支持?jǐn)?shù)據(jù)更新,使數(shù)據(jù)更新操作不會(huì)導(dǎo)致大量額外的計(jì)算和通信開銷,實(shí)現(xiàn)了動(dòng)態(tài)審計(jì)。最后針對(duì)多個(gè)審計(jì)請(qǐng)求,設(shè)計(jì)將不同的證據(jù)聚合的方法,以支持對(duì)多所有者多云服務(wù)器多文件的批量審計(jì),使批量審計(jì)的通信開銷與審計(jì)請(qǐng)求的數(shù)量無關(guān)。理論分析和實(shí)驗(yàn)結(jié)果表明,該方法是可證明安全的,與現(xiàn)有的方案相比,提出的方案有效提高了審計(jì)效率。(2)提出了一種基于代理重簽名的共享數(shù)據(jù)完整性盲審計(jì)方法。設(shè)計(jì)了共享數(shù)據(jù)盲審計(jì)方案的框架并給出了相應(yīng)的定義,該定義由6個(gè)算法組成。結(jié)合共享數(shù)據(jù)的特點(diǎn),重點(diǎn)研究審計(jì)過程中身份隱私保護(hù)和用戶撤銷問題。利用代理重簽名方法,計(jì)算標(biāo)簽證據(jù)時(shí)將其他用戶簽名的標(biāo)簽轉(zhuǎn)成成質(zhì)詢用戶簽名的標(biāo)簽,從而實(shí)現(xiàn)身份隱私保護(hù)。同時(shí)使得審計(jì)開銷與用戶數(shù)據(jù)無關(guān)。該方法還實(shí)現(xiàn)了用戶直接撤銷,不需要重新計(jì)算被撤銷用戶簽名的標(biāo)簽。詳細(xì)的安全性分析表明,本章的方案是可證明安全的。與現(xiàn)有的方案相比,在審計(jì)和用戶撤銷等方面提高了效率。(3)提出了一種基于代理重加密的密文重刪數(shù)據(jù)完整性盲審計(jì)方法。設(shè)計(jì)了密文重刪數(shù)據(jù)盲審計(jì)方案的框架并給出了相應(yīng)的定義,該定義由7個(gè)算法組成。在同一框架下實(shí)現(xiàn)了客戶端密文重復(fù)數(shù)據(jù)刪除和云端數(shù)據(jù)完整性審計(jì)。利用代理重加密方法,實(shí)現(xiàn)了密文重刪對(duì)所有者加密的密鑰沒有限制。設(shè)計(jì)新的標(biāo)簽生成方法,實(shí)現(xiàn)了標(biāo)簽重刪,使得存儲(chǔ)開銷與所有者數(shù)量無關(guān)。同時(shí),審計(jì)者可以代表任意數(shù)據(jù)所有者驗(yàn)證重刪數(shù)據(jù)的完整性。詳細(xì)的安全性分析表明,本章的方案是可證明安全的。與現(xiàn)有的方案相比,在審計(jì)和重刪等方面提高了效率。(4)提出了一種基于增量矩陣的再生碼存儲(chǔ)數(shù)據(jù)完整性盲審計(jì)方法。設(shè)計(jì)了再生碼存儲(chǔ)數(shù)據(jù)盲審計(jì)方案的框架并給出了相應(yīng)的定義,該定義由10個(gè)算法組成。審計(jì)者不僅能一次性驗(yàn)證存儲(chǔ)在不同服務(wù)器上的數(shù)據(jù)的完整性,還能快速定位出錯(cuò)的服務(wù)器。數(shù)據(jù)修復(fù)時(shí)先進(jìn)行完整性檢查,以防止云服務(wù)器發(fā)起地污染攻擊。為了支持動(dòng)態(tài)審計(jì),提出了基于增量矩陣和索引機(jī)制的數(shù)據(jù)更新方法,使得數(shù)據(jù)更新不需要重新下載和編碼云端數(shù)據(jù)。詳細(xì)的安全性分析表明,本章的方案是可證明安全的。實(shí)驗(yàn)結(jié)果對(duì)方案的效率進(jìn)行了驗(yàn)證。
[Abstract]:Cloud storage is an important service in cloud computing that allows data owners to host their data in a cloud server and provide data access to users through the network. Through the outsourced service of this data, it can bring a lot of convenience to the data owners: 1) reduce storage management pressure; 2) reduce storage hardware and software and data dimension. At the same time, cloud storage also brings new security problems. When data is stored in the cloud, the security is highly dependent on cloud service providers. In fact, cloud service providers are not completely trusted. First, natural disasters, hardware failures, and software reasons. Barriers and hacker attacks inevitably cause data loss. Secondly, cloud service providers may take untrusted behavior for data owners' data, such as saving storage space by discarding data that is not or rarely accessed, or concealing data damage events to maintain their reputation. The integrity of data owner data is not guaranteed. The integrity verification method based on the traditional signature or message validation code needs to download all the original data from the cloud server first, and then verify the correctness of the corresponding signature or message authentication code. In the cloud storage environment, the method is very inefficient because of the large amount of data. The third party audit method is the research hotspot in recent years. The data owner blocks the data file and calculates the corresponding data labels for each data block. The data block and label are stored in the cloud. The auditor checks the integrity of the data by sampling the matching of the part of the data block to the label. The advantages are: 1) no need to download all the original data.2) to delegate the audit to the auditor, reduce the burden of the data owner.3) to provide a fair and credible audit result for the data owner and the cloud server. In the third party audit process, the auditor must be blinded on the premise that the data is not available. Otherwise, it will bring new security issues to the owner's data. When many users in the group can access and modify the same data file in the cloud, the integrity audit of shared data is faced with new challenges, such as identity privacy protection and user revocation. Data owners are concerned with their data integrity. At the same time, cloud service providers also pay attention to storage efficiency. When considering duplication of data deletions and integrity audits, the integrity audit of heavy censored data faces new challenges, such as repeated data deletions and repeat label deletions under the case of ciphertext, and how to carry out integrity audits after heavy censoring. When inspecting the cloud end When data is destroyed or lost, data owners are more concerned with whether the data being destroyed or lost can be repaired. When considering the integrity audit of the regenerated code storage data, it faces new challenges, such as the integrity audit and error location of the distributed storage, the pollution attack of the repair process, and the support for the update of the coded data. This paper studies the audit of data integrity in the cloud storage from four aspects, such as personal data, shared data, ciphertext censored data and regenerative code storage data, and puts forward the different key problems in different cases. The main work of this paper can be summarized as follows: (1) a blind audit method of personal data integrity based on bilinear map encryption is proposed. First, the framework of the personal data blind audit scheme is designed and the corresponding definition is given. The definition is composed of 5 algorithms. Using the properties of the bilinear pairing, the data evidence and the label evidence are encrypted and consolidated on the cloud server side. The present auditor performs a blind audit without knowing the content of the data. Secondly, the efficient index mechanism is designed to support the data updating, so that the data update operation does not lead to a large amount of additional computing and communication overhead and realizes the dynamic audit. Finally, the different methods of aggregation of evidence are designed to support multiple audit requests. The batch audit of multi cloud server multiple files makes the communication overhead of batch audit unrelated to the number of audit requests. The theoretical analysis and experimental results show that the method is proved to be safe. Compared with the existing schemes, the proposed scheme effectively improves the audit efficiency. (2) a kind of shared data integrity based on proxy re signature is proposed. The framework of the blind audit scheme of the shared data is designed and the corresponding definition is designed. The definition is composed of 6 algorithms. Combining the characteristics of the shared data, the identity privacy protection and the user revocation problem in the audit process are focused on. The proxy resignature method is used to calculate the label evidence when the labels of other users are transferred. This method also makes the audit cost unrelated to the user data. This method also implements the user direct revocation without recalculating the label of the revoked user's signature. Detailed security analysis shows that the scheme of this chapter is proved to be safe. Compared with the existing scheme, The efficiency of audit and user revocation is improved. (3) a blind data integrity audit method based on agent re encryption is proposed. The framework of the blind audit scheme of ciphertext re censoring data is designed and the corresponding definition is given. The definition is composed of 7 algorithms. In the same framework, the repeated data deletion of the client ciphertext is realized. And cloud data integrity audit. Using the agent re encryption method, there is no restriction on the encryption key of the owner. A new label generation method is designed to realize the tag deletion, which makes the storage cost unrelated to the number of the owners. At the same time, the auditor can verify the integrity of the deleted data on behalf of the owner of the data. The detailed security analysis shows that the scheme of this chapter is proved to be safe. Compared with the existing schemes, it improves the efficiency in audit and censoring. (4) a blind audit method of data integrity for regenerated codes based on incremental matrix is proposed. The framework of the regenerated code storage number based blind Audit Scheme is designed and the corresponding definition is given. The definition is composed of 10 algorithms. The auditor can not only verify the integrity of the data stored on different servers, but also quickly locate the wrong server. The integrity check is carried out to prevent the cloud server from launching pollution attacks. In order to support the dynamic audit, the incremental matrix and index machine are proposed. The data update method makes the data update without the need to re download and code the cloud data. Detailed security analysis shows that the scheme is proved to be safe. The experimental results verify the efficiency of the scheme.
【學(xué)位授予單位】：武漢大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP333

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李師謙;基于雜湊函數(shù)的數(shù)據(jù)完整性研究[J];山東理工大學(xué)學(xué)報(bào)(自然科學(xué)版);2003年03期

2 高春玲,張新顏;數(shù)據(jù)完整性機(jī)制的認(rèn)識(shí)與應(yīng)用[J];洛陽大學(xué)學(xué)報(bào);2003年04期

3 武立福,毛宇光;多級(jí)安全數(shù)據(jù)庫保密性和數(shù)據(jù)完整性研究[J];計(jì)算機(jī)工程與應(yīng)用;2004年08期

4 溫一軍;數(shù)據(jù)完整性應(yīng)用的深入研究[J];沙洲職業(yè)工學(xué)院學(xué)報(bào);2004年01期

5 郭艷光,于慶峰,胡敏,高明堂;淺析數(shù)據(jù)完整性問題及應(yīng)用[J];內(nèi)蒙古石油化工;2004年06期

6 劉慧娟,張奕黃;嵌入式系統(tǒng)中閃存數(shù)據(jù)完整性處理方法[J];儀器儀表學(xué)報(bào);2004年S1期

7 張華偉;楊凱;;Microsoft SQL Server 2000中的數(shù)據(jù)完整性機(jī)制探討[J];河南科技;2007年03期

8 龍映宏;;淺析數(shù)據(jù)完整性及其實(shí)現(xiàn)[J];電腦編程技巧與維護(hù);2009年24期

9 張俊楷;谷小婭;;空氣質(zhì)量監(jiān)測系統(tǒng)數(shù)據(jù)完整性研究[J];電腦知識(shí)與技術(shù);2013年19期

10 閃四清;數(shù)據(jù)完整性[J];個(gè)人電腦;1999年08期

相關(guān)會(huì)議論文 前5條

1 劉慧娟;張奕黃;;嵌入式系統(tǒng)中閃存數(shù)據(jù)完整性處理方法[A];第二屆全國信息獲取與處理學(xué)術(shù)會(huì)議論文集[C];2004年

2 曹丹陽;;數(shù)據(jù)完整性的檢測研究[A];中國計(jì)量協(xié)會(huì)冶金分會(huì)2008年會(huì)論文集[C];2008年

3 曹丹陽;;數(shù)據(jù)完整性的檢測研究[A];2008全國第十三屆自動(dòng)化應(yīng)用技術(shù)學(xué)術(shù)交流會(huì)論文集[C];2008年

4 彭涼;賴?yán)^宏;梁余發(fā);;MES中數(shù)據(jù)完整性的解決方案[A];冶金企業(yè)MES和ERP技術(shù)實(shí)踐論文集[C];2005年

5 吳愛珍;;CICS與數(shù)據(jù)完整性[A];中國航海學(xué)會(huì)內(nèi)河船舶駕駛專業(yè)委員會(huì)學(xué)術(shù)年會(huì)論文集[C];2004年

相關(guān)重要報(bào)紙文章 前3條

1 記者 劉學(xué)習(xí);NonStop拒絕宕機(jī)惡夢(mèng)[N];計(jì)算機(jī)世界;2003年

2 本報(bào)記者 周蕾;期待NonStop的新成長[N];網(wǎng)絡(luò)世界;2003年

3 賽迪評(píng)測硬件與網(wǎng)絡(luò)事業(yè)部網(wǎng)絡(luò)通信實(shí)驗(yàn)室;十項(xiàng)考驗(yàn)煉“真金”[N];通信產(chǎn)業(yè)報(bào);2004年

相關(guān)博士學(xué)位論文 前4條

1 張新鵬;云數(shù)據(jù)完整性與可用性研究[D];電子科技大學(xué);2016年

2 何凱;云存儲(chǔ)中數(shù)據(jù)完整性的聚合盲審計(jì)方法研究[D];武漢大學(xué);2016年

3 郝卓;遠(yuǎn)程數(shù)據(jù)完整性和認(rèn)證技術(shù)研究[D];中國科學(xué)技術(shù)大學(xué);2011年

4 周強(qiáng);無線傳感器網(wǎng)絡(luò)安全數(shù)據(jù)融合技術(shù)研究[D];南京郵電大學(xué);2014年

相關(guān)碩士學(xué)位論文 前10條

1 董慶運(yùn);基于存儲(chǔ)證據(jù)的云端數(shù)據(jù)完整性驗(yàn)證機(jī)制研究[D];河北大學(xué);2015年

2 陳科;基于動(dòng)態(tài)變色龍認(rèn)證樹的流式數(shù)據(jù)完整性驗(yàn)證研究與應(yīng)用[D];東北大學(xué);2014年

3 孟奕光;橋梁長期監(jiān)測數(shù)據(jù)完整性研究[D];石家莊鐵道大學(xué);2016年

4 王士雨;高效的云端數(shù)據(jù)完整性驗(yàn)證機(jī)制研究[D];電子科技大學(xué);2016年

5 陳陽;云環(huán)境下基于身份的數(shù)據(jù)完整性證明的研究及應(yīng)用[D];電子科技大學(xué);2016年

6 吳遠(yuǎn)棟;云存儲(chǔ)下數(shù)據(jù)完整性和安全性研究[D];長安大學(xué);2016年

7 楊光洋;云計(jì)算外包存儲(chǔ)中數(shù)據(jù)完整性審計(jì)的研究[D];青島大學(xué);2016年

8 鄭平;在藥品生產(chǎn)質(zhì)量管理體系中的數(shù)據(jù)完整性[D];上海交通大學(xué);2015年

9 孫志峰;云存儲(chǔ)中能量有效的數(shù)據(jù)完整性校驗(yàn)算法研究[D];東華大學(xué);2016年

10 于美麗;云存儲(chǔ)數(shù)據(jù)完整性校驗(yàn)中數(shù)據(jù)抽樣算法的研究[D];東華大學(xué);2015年

，

本文編號(hào)：2144086