【摘要】：云計(jì)算實(shí)現(xiàn)了人們長(zhǎng)期以來(lái)把計(jì)算作為一種資源的夢(mèng)想,它給人們帶來(lái)了諸多便利,比如按需自助服務(wù),無(wú)處不在的網(wǎng)絡(luò)訪問(wèn),快速資源伸縮,計(jì)量付費(fèi)及外包計(jì)算等。其中,云計(jì)算最顯著的優(yōu)勢(shì)就是外包模式。也就是說(shuō),資源受限的用戶可以將昂貴的計(jì)算任務(wù)外包給云服務(wù)器,并通過(guò)按需付費(fèi)的方式享受云計(jì)算無(wú)盡的計(jì)算和存儲(chǔ)服務(wù)。作為外包計(jì)算的一個(gè)重要分支,數(shù)據(jù)庫(kù)外包允許數(shù)據(jù)擁有者委托其數(shù)據(jù)庫(kù)管理權(quán)給云服務(wù)器并由云服務(wù)器來(lái)向數(shù)據(jù)庫(kù)用戶提供各種數(shù)據(jù)庫(kù)服務(wù),已經(jīng)引起了學(xué)術(shù)界的持續(xù)關(guān)注。然而,外包數(shù)據(jù)庫(kù)在為人們帶來(lái)諸多益處的同時(shí),也不可避免地面臨著一些新的安全挑戰(zhàn)。首先,由于云服務(wù)器是不完全可信的,數(shù)據(jù)外包之前需要進(jìn)行加密操作,這就使得如何完成數(shù)據(jù)高效檢索變得困難。其次,出于自身利益的驅(qū)動(dòng)或者受軟硬件運(yùn)行故障等因素影響,云服務(wù)器可能會(huì)誠(chéng)實(shí)地執(zhí)行部分檢索操作并返回給用戶不正確/不完整的檢索結(jié)果。因此,外包數(shù)據(jù)庫(kù)的安全審計(jì)問(wèn)題成為我們面臨的又一挑戰(zhàn)問(wèn)題。在本文中,我們主要圍繞安全數(shù)據(jù)外包中的關(guān)鍵問(wèn)題展開研究。主要包括：(1)如何實(shí)現(xiàn)外包數(shù)據(jù)庫(kù)的可驗(yàn)證檢索；(2)如何實(shí)現(xiàn)高維加密數(shù)據(jù)的近似最近鄰檢索；(3)如何實(shí)現(xiàn)安全數(shù)據(jù)去重中的惡意用戶身份追蹤。具體來(lái)說(shuō),本文主要貢獻(xiàn)可總結(jié)為以下幾個(gè)方面：1.我們首次解決了外包數(shù)據(jù)庫(kù)場(chǎng)景中云服務(wù)器返回空集時(shí)檢索結(jié)果的驗(yàn)證問(wèn)題。通過(guò)引入一個(gè)新的密碼學(xué)原語(yǔ)-布隆過(guò)濾器樹,我們提出了一種新的可驗(yàn)證外包數(shù)據(jù)庫(kù)審計(jì)方案。即使在云服務(wù)器有意返回空集作為檢索結(jié)果時(shí),該方案仍然能夠同時(shí)保證檢索結(jié)果的正確性和完整性。和現(xiàn)有的工作相比,所提出的方案能夠確保數(shù)據(jù)的機(jī)密性,適用于加密數(shù)據(jù)庫(kù)場(chǎng)景。(第三章)2.我們進(jìn)一步研究了外包數(shù)據(jù)庫(kù)可驗(yàn)證檢索問(wèn)題。利用可翻轉(zhuǎn)布隆過(guò)濾器(Invertible Bloom Filter),我們提出了一種靈活的可驗(yàn)證外包數(shù)據(jù)庫(kù)檢索方案。該方案能夠同時(shí)達(dá)到檢索結(jié)果可驗(yàn)證性和支持高效的數(shù)據(jù)更新操作。也就是說(shuō),當(dāng)新的數(shù)據(jù)記錄插入時(shí),當(dāng)前數(shù)據(jù)記錄無(wú)需做任何改變操作。這一特性使得其適用于動(dòng)態(tài)外包數(shù)據(jù)庫(kù)場(chǎng)景中。此外,借助于多用戶可搜索加密技術(shù),我們將該方案擴(kuò)展到了多用戶場(chǎng)景。由于索引中分別為數(shù)據(jù)擁有者和其他授權(quán)用戶存儲(chǔ)不同的可搜索內(nèi)容,該方案能夠有效抵抗云服務(wù)器和惡意用戶勾結(jié)攻擊。(第四章)3.我們研究了外包數(shù)據(jù)庫(kù)近似最近鄰檢索問(wèn)題。通過(guò)利用局部敏感哈希和保序加密相結(jié)合的方法,我們提出了一種新的高維密文數(shù)據(jù)最近鄰檢索方案。該方案能夠同時(shí)實(shí)現(xiàn)高效的近似最近鄰檢索和數(shù)據(jù)機(jī)密性。此外,我們提出的方案能夠支持高效的密文范圍查找。(第五章)4.我們研究了安全數(shù)據(jù)去重中的惡意用戶身份追蹤問(wèn)題。我們首次將用戶身份追蹤性引入到安全數(shù)據(jù)去重中。當(dāng)發(fā)生副本偽造攻擊(Duplicate Faking Attack)時(shí),該方法能夠追蹤惡意用戶的身份。進(jìn)一步地,我們構(gòu)造了一個(gè)具體的支持惡意用戶身份追蹤的去重方案-TrDupo具體來(lái)說(shuō),每個(gè)用戶上傳文件時(shí)伴隨著一種基于可追蹤簽名技術(shù)的匿名簽名。一旦發(fā)生副本偽造攻擊,追蹤代理者(Tracing Agent)能夠揭露惡意用戶的身份信息同時(shí)不會(huì)泄露其他用戶的身份信息或指向文件的鏈接信息。(第六章)
[Abstract]:Cloud computing has a long-term dream of computing as a resource, which brings many conveniences, such as on-demand self-service, ubiquitous network access, rapid resource expansion, metering, and outsourcing. Among them, the most significant advantage of cloud computing is the outsourcing model. That is, a resource-limited user can outsource expensive computing tasks to the cloud server and enjoy the endless computing and storage services of cloud computing in a pay-by-demand manner. As an important branch of the outsourcing calculation, the database outsourcing allows the data owner to delegate its database management authority to the cloud server and provide various database services to the database user by the cloud server, which has attracted the attention of the academic community. The outsourcing database, however, inevitably faces a number of new security challenges while creating a number of benefits for people. First, because the cloud server is not completely trusted, the encryption operation is required before the data is outsourced, which makes it difficult to complete the data efficient retrieval. Second, the cloud server may be able to perform some of the retrieval operations honestly and return to the user an incorrect/ incomplete search result for self-interest driven or affected by software and software running failures. Therefore, the issue of the security audit of the outsourcing database becomes another challenge to us. In this paper, we mainly study the key problems in the outsourcing of safety data. The method mainly includes: (1) how to realize the verifiable retrieval of the outsourcing database; (2) how to realize the approximate nearest neighbor search of the high-dimensional encrypted data; and (3) how to realize the malicious user identity tracking in the security data deduplication. In particular, the main contribution of this article can be summarized in the following aspects:1. For the first time, we have solved the verification problem of the retrieval result when the cloud server returned the empty set in the outsourcing database scene. By introducing a new cryptographic primitive-Bloom filter tree, we propose a new audit scheme of verifiable outsourcing database. Even when the cloud server intentionally returns an empty set as a search result, the scheme can still ensure the correctness and integrity of the search results. Compared with the existing work, the proposed scheme can ensure the confidentiality of the data and is suitable for encrypting the database scene. (chap. III)2. We further study the verification and retrieval problems of the outsourcing database. With the Invert Bloom Filter, we propose a flexible and verifiable database retrieval scheme. The scheme is capable of simultaneously achieving the data updating operation of the retrieval result and supporting the efficient data updating. That is, when a new data record is inserted, the current data record does not need to do any change operation. This feature makes it available in a dynamic outsourcing database scenario. In addition, by means of a multi-user searchable encryption technique, we extend the scheme to a multi-user scenario. Since different searchable content is stored separately for the data owner and other authorized users in the index, the scheme can effectively resist the collusion attack of the cloud server and the malicious user. (chap. IV)3. We have studied the near-nearest neighbor search problem of the outsourcing database. By using the combination of local sensitive hash and order-preserving encryption, we propose a new nearest neighbor search scheme for high-dimensional ciphertext data. The scheme can realize high-efficient near-nearest neighbor search and data confidentiality at the same time. In addition, our proposed solution is able to support efficient ciphertext-range finding. (chap. V)4. We have studied the problem of malicious user identity tracking in the de-duplication of security data. For the first time, user identity tracking is introduced into the security data de-duplication. The method can track the identity of a malicious user when a copy-forgery attack occurs. Further, we construct a specific de-duplication scheme that supports malicious user identity tracking. In particular, each user uploads a file with an anonymous signature based on a traceable signature technique. Once a copy-forgery attack occurs, the tracking agent can expose the identity information of the malicious user without revealing the identity information of the other user or the link information to the file. (Chapter VI)
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP311.13;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前3條

1 李莉,侯鈺;化工產(chǎn)品的“材料安全數(shù)據(jù)頁(yè)”(MSDS)[J];河北化工;2001年02期

2 孟宇龍;印桂生;王慧強(qiáng);;應(yīng)用WEMLS的安全數(shù)據(jù)集成模型[J];計(jì)算機(jī)工程;2010年12期

3 ;[J];;年期

相關(guān)博士學(xué)位論文 前1條

1 王劍鋒;云環(huán)境下外包數(shù)據(jù)的高效檢索及安全審計(jì)技術(shù)研究[D];西安電子科技大學(xué);2016年

，

本文編號(hào)：2507934