【摘要】：隨著近年來(lái)云存儲(chǔ)的發(fā)展,越來(lái)越多的企業(yè)與個(gè)人開(kāi)始認(rèn)識(shí)并使用云存儲(chǔ)。由于云存儲(chǔ)服務(wù)提供商不完全可信,云存儲(chǔ)的安全性一直是各界關(guān)注的焦點(diǎn),也成為云存儲(chǔ)能否大力發(fā)展的關(guān)鍵因素。云存儲(chǔ)安全主要包括機(jī)密性、完整性、可用性三個(gè)方面[1]。其中機(jī)密性指用戶在云中的數(shù)據(jù)以密文的形式存儲(chǔ),非授權(quán)用戶包括云存儲(chǔ)服務(wù)提供商不得非法獲取其明文;完整性指用戶在云中的數(shù)據(jù)與其原始數(shù)據(jù)一致,未被非法篡改或刪除,亦稱云端完整持有用戶數(shù)據(jù);可用性指授權(quán)用戶可以隨時(shí)訪問(wèn)或取回自己存儲(chǔ)在云中的數(shù)據(jù)。本論文對(duì)云存儲(chǔ)中完整性檢測(cè)算法——數(shù)據(jù)持有性證明(Provable of Data Possession,PDP)進(jìn)行深入研究,圍繞數(shù)據(jù)動(dòng)態(tài)更新、引入隱式可信第三方代替用戶進(jìn)行持有性審計(jì)、減少客戶端存文件開(kāi)銷這三大方面進(jìn)行研究,目的在于最大限度減少用戶在數(shù)據(jù)完整性檢測(cè)過(guò)程的開(kāi)銷,增加PDP方案的實(shí)用性。論文分別從數(shù)據(jù)更新模型,完整性審計(jì)架構(gòu)及存文件流程方面對(duì)現(xiàn)有PDP方案進(jìn)行改進(jìn),提出了兩種更加實(shí)用的方案——MF-PDP與UF-PDP,在保證系統(tǒng)安全性的前提下顯著減少了客戶端開(kāi)銷。最終,在分布式云存儲(chǔ)系統(tǒng)中進(jìn)行了方案實(shí)現(xiàn),并測(cè)試方案性能。在支持云端數(shù)據(jù)動(dòng)態(tài)更新方面,與現(xiàn)有研究關(guān)注數(shù)據(jù)的全動(dòng)態(tài)更新不同,本論文從另一個(gè)角度出發(fā),通過(guò)分析云存儲(chǔ)中典型的數(shù)據(jù)更新模式,提出了以文件組為單位進(jìn)行持有性審計(jì)的思想,并與基于RSA算法的同態(tài)認(rèn)證元結(jié)合,形成多文件數(shù)據(jù)持有性證明(Multiple-File PDP,MF-PDP)方案。通過(guò)在一次挑戰(zhàn)中挑戰(zhàn)一組文件的持有性,MF-PDP可以大幅度減少審計(jì)過(guò)程的開(kāi)銷,解決了現(xiàn)有方案中由于引入復(fù)雜數(shù)據(jù)結(jié)構(gòu)維護(hù)更新數(shù)據(jù)造成的審計(jì)開(kāi)銷大的缺陷。在引入可信第三方方面,針對(duì)現(xiàn)有方案中企業(yè)或機(jī)構(gòu)作為第三方存在的難于部署、潛在用戶隱私數(shù)據(jù)泄露的問(wèn)題,本論文采用基于隱式可信第三方的審計(jì)架構(gòu),將可信硬件作為隱式持有性審計(jì)者,代替用戶進(jìn)行持有性審計(jì),并引入顯篡改日志,將審計(jì)結(jié)果以可信的方式呈現(xiàn)給用戶,最大限度減少用戶在線時(shí)間。針對(duì)客戶端存文件開(kāi)銷大的問(wèn)題,本論文基于經(jīng)濟(jì)理性云服務(wù)器端的假設(shè),重新定義了 PDP方案的存文件流程,令云端生成文件的認(rèn)證元,并通過(guò)完整的交互協(xié)議保證了方案的安全性。通過(guò)與基于RSA和PRF的同態(tài)認(rèn)證元結(jié)合,形成近零用戶開(kāi)銷的數(shù)據(jù)持有性證明(User-Free PDP,UF-PDP)方案。為了驗(yàn)證上述方案的可行性并測(cè)試方案性能,本文基于分布式云存儲(chǔ)系統(tǒng)實(shí)現(xiàn)了 MF-PDP與UF-PDP。理論分析顯示,MF-PDP與UF-PDP將審計(jì)過(guò)程開(kāi)銷由O(n)降至O(1),在此之上,UF-PDP將客戶端的存文件計(jì)算開(kāi)銷由O(n)降至O(1)。實(shí)驗(yàn)結(jié)果表明,在保證安全性的前提下,MF-PDP將審計(jì)開(kāi)銷降至2秒以下,且不隨文件個(gè)數(shù)增加而顯著增長(zhǎng);當(dāng)待存文件大小為1G時(shí),UF-PDP將客戶端的時(shí)間開(kāi)銷由原始PDP方案[2]的25479秒降至1秒。
[Abstract]:With the development of cloud storage in recent years, more and more enterprises and individuals have started to recognize and use cloud storage. Because the cloud storage service provider is not completely trusted, the security of cloud storage has been the focus of attention in all circles, and it is also the key factor in the development of cloud storage. Cloud storage security includes three aspects of confidentiality, integrity, availability[1]. in which the confidentiality means that the data of the user in the cloud is stored in the form of a cipher text, the non-authorized user including the cloud storage service provider must not illegally obtain its plain text; the integrity means that the data of the user in the cloud is consistent with its original data and is not tampered with or deleted illegally, It is also known that the cloud fully holds user data; availability means that the authorized user can access or retrieve data stored in the cloud at any time. In this paper, the integrity detection algorithm _ data holding proof (PDP) in the cloud storage is deeply researched, the data dynamic update is carried out, an implicit trusted third party is introduced to replace the user for holding the auditing, and the three aspects of the cost of the client-side storage file are reduced. The purpose of the invention is to minimize the cost of the user in the data integrity detection process and to increase the practicability of the PDP scheme. In this paper, two more practical solutions _ MF-PDP and UF-PDP are proposed to improve the security of the system. Finally, the scheme is implemented in the distributed cloud storage system, and the performance of the scheme is tested. in that aspect of support the dynamic update of the cloud data, in contrast to the full dynamic update of the existing research interest data, And combining with the homomorphic authentication element based on the RSA algorithm to form a Multiple-File PDP (MF-PDP) scheme. By challenging the holding of a set of files in one challenge, the MF-PDP can greatly reduce the overhead of the audit process, and solve the defect that the audit cost caused by the introduction of the complex data structure maintenance update data in the prior scheme is large. in that aspect of introducing a trusted third party, aiming at the problem that an enterprise or a mechanism exist in an existing scheme as a third-party and is difficult to deploy and the private data of a potential user is leaked, the thesis adopts an implicit trusted third-party-based audit framework, and the trusted hardware is used as an implicit hold-in auditor, Instead of holding an audit with a user and introducing a tamper-evident log, the audit results are presented to the user in a trusted manner, minimizing the user's online time. Aiming at the problem of the large file overhead of the client, the paper redefines the file-keeping process of the PDP scheme based on the assumption of the server-side of the economic reason, so that the authentication element of the file is generated in the cloud, and the security of the scheme is ensured through the complete interaction protocol. A user-free pdp (uf-pdp) scheme is formed by combining a homomorphic authentication element based on rsa and prf to form a near-zero user overhead. In order to verify the feasibility of the above scheme and to test the performance of the scheme, this paper realizes the MF-PDP and UF-PDP based on the distributed cloud storage system. The theoretical analysis shows that MF-PDP and UF-PDP reduce the audit process overhead from O (n) to O (1), on which, the UF-PDP reduces the cost of the client's storage file from O (n) to O (1). The experimental results show that, on the premise of ensuring the security, the MF-PDP reduces the audit overhead to less than 2 seconds, and does not increase significantly with the increase of the number of files; when the file size to be stored is 1G, the time overhead of the UF-PDP to the client is reduced from 25479 seconds of the original PDP scheme[2] to 1 second.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP309;TP333

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 沈煒,陳純;基于條件可信第三方的不可否認(rèn)協(xié)議[J];浙江大學(xué)學(xué)報(bào)(工學(xué)版);2004年01期

2 沈煒;基于離線條件可信第三方的掛號(hào)郵件協(xié)議[J];計(jì)算機(jī)工程;2004年07期

3 張福泰;;具有分布式半可信第三方的公平交換協(xié)議[J];計(jì)算機(jī)工程;2006年03期

4 ;我國(guó)提出《引入在線可信第三方的鑒別機(jī)制》提案[J];計(jì)算機(jī)安全;2010年02期

5 王彩芬,葛建華,屈勁,楊世勇;一個(gè)帶半可信第三方的公平非否認(rèn)交換協(xié)議[J];華中科技大學(xué)學(xué)報(bào);2001年07期

6 任艷麗,張建中;一個(gè)不含可信第三方的多方不可否認(rèn)協(xié)議[J];計(jì)算機(jī)工程與應(yīng)用;2004年36期

7 陳更力;張青;;不可否認(rèn)協(xié)議中的可信第三方[J];計(jì)算機(jī)與網(wǎng)絡(luò);2005年13期

8 任艷麗,張建中;一個(gè)含透明可信第三方的不可否認(rèn)協(xié)議[J];計(jì)算機(jī)工程與應(yīng)用;2005年05期

9 董濤;余昭平;劉振;;一個(gè)新的無(wú)可信第三方的多方不可否認(rèn)協(xié)議[J];計(jì)算機(jī)工程與應(yīng)用;2006年10期

10 孫玲芳;許金波;朱蕓;;基于可信第三方的安全支付協(xié)議的設(shè)計(jì)與分析[J];計(jì)算機(jī)應(yīng)用;2006年12期

相關(guān)會(huì)議論文 前3條

1 王遠(yuǎn)敏;汪學(xué)明;;一種改進(jìn)的含離線可信第三方多方不可否認(rèn)協(xié)議[A];邏輯學(xué)及其應(yīng)用研究——第四屆全國(guó)邏輯系統(tǒng)、智能科學(xué)與信息科學(xué)學(xué)術(shù)會(huì)議論文集[C];2008年

2 王巖;孫斌;;基于可信第三方的安全可問(wèn)責(zé)云存儲(chǔ)方案[A];第九屆中國(guó)通信學(xué)會(huì)學(xué)術(shù)年會(huì)論文集[C];2012年

3 艾助雄;何大可;何敏;;一個(gè)網(wǎng)絡(luò)游戲中虛擬物品的安全交易平臺(tái)[A];2006中國(guó)西部青年通信學(xué)術(shù)會(huì)議論文集[C];2006年

相關(guān)博士學(xué)位論文 前1條

1 沈煒;用于公平交換的若干協(xié)議和規(guī)范的研究與應(yīng)用[D];浙江大學(xué);2003年

相關(guān)碩士學(xué)位論文 前10條

1 楊綠茵;基于隱式可信第三方的數(shù)據(jù)持有性證明算法[D];北京郵電大學(xué);2016年

2 常思遠(yuǎn);基于可信第三方的Android應(yīng)用完整性驗(yàn)證模型[D];河北大學(xué);2015年

3 李龍一佳;支持去重的動(dòng)態(tài)數(shù)據(jù)安全審計(jì)云存儲(chǔ)系統(tǒng)[D];北京理工大學(xué);2015年

4 趙魏娟;基于可信第三方推薦的信譽(yù)機(jī)制模型研究[D];西安建筑科技大學(xué);2013年

5 王巖;基于可信第三方的安全可問(wèn)責(zé)云存儲(chǔ)方案的研究與實(shí)現(xiàn)[D];北京郵電大學(xué);2013年

6 李強(qiáng);類離線可信第三方不可否認(rèn)協(xié)議設(shè)計(jì)及分析[D];重慶大學(xué);2014年

7 李升;云計(jì)算環(huán)境下的服務(wù)監(jiān)管模式及其監(jiān)管角色選擇研究[D];合肥工業(yè)大學(xué);2013年

8 任艷麗;關(guān)于不可否認(rèn)協(xié)議中第三方的研究[D];陜西師范大學(xué);2005年

9 寧春雨;基于可信第三方的數(shù)據(jù)凈化研究[D];北京郵電大學(xué);2013年

10 姚鶴齡;基于可信第三方的移動(dòng)Agent系統(tǒng)的安全性設(shè)計(jì)與實(shí)現(xiàn)[D];山東大學(xué);2005年

，

本文編號(hào)：2479942