發(fā)布時(shí)間：2018-03-16 20:00

  本文選題：云存儲(chǔ)　切入點(diǎn)：客戶端數(shù)據(jù)去重　出處：《南京理工大學(xué)》2017年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著云計(jì)算和云存儲(chǔ)服務(wù)廣泛使用,越來(lái)越多的企業(yè)和個(gè)人用戶將他們的數(shù)據(jù)信息外包給云服務(wù)提供商,這樣他們就可以隨時(shí)隨地享受云服務(wù)提供商所提供的數(shù)據(jù)存儲(chǔ)和計(jì)算服務(wù),并能減少數(shù)據(jù)存儲(chǔ)和維護(hù)成本。但是,當(dāng)存儲(chǔ)在云端的數(shù)據(jù)越來(lái)越多的時(shí)候,將會(huì)產(chǎn)生大量的冗余數(shù)據(jù),如何減少云服務(wù)提供商對(duì)相同文件的存儲(chǔ),已成為節(jié)約云存儲(chǔ)空間的一個(gè)迫切需求。同時(shí),云服務(wù)器是半可信的,它可能試圖竊取用戶的數(shù)據(jù)信息。因此,用戶在將數(shù)據(jù)上傳至云服務(wù)器之前,通常需要對(duì)數(shù)據(jù)進(jìn)行加密來(lái)實(shí)現(xiàn)數(shù)據(jù)的隱私保護(hù)。此外,用戶將數(shù)據(jù)外包給云服務(wù)器,也導(dǎo)致用戶喪失了對(duì)數(shù)據(jù)的絕對(duì)控制權(quán),云服務(wù)器可能有意或無(wú)意地破壞用戶的數(shù)據(jù),所以如何確保云端數(shù)據(jù)的完整性也成為了不可忽略的問(wèn)題。本文重點(diǎn)對(duì)云存儲(chǔ)數(shù)據(jù)安全去重和完整性審計(jì)問(wèn)題進(jìn)行了研究。具體工作如下:(1)針對(duì)客戶端數(shù)據(jù)去重場(chǎng)景中收斂加密存在的安全缺陷,我們利用盲簽名的方法構(gòu)造了一個(gè)更加安全的密鑰生成協(xié)議,通過(guò)引入一個(gè)密鑰服務(wù)器,實(shí)現(xiàn)了對(duì)收斂密鑰的二次加密,使得數(shù)據(jù)加密更加安全,能夠有效地預(yù)防暴力字典攻擊。并在此基礎(chǔ)上,提出了一個(gè)基于塊密鑰簽名的擁有權(quán)證明方法,用戶和云服務(wù)器之間必須執(zhí)行一個(gè)挑戰(zhàn)/響應(yīng)協(xié)議,才能確定用戶是否擁有和云端相同的文件,從而有效地預(yù)防了攻擊者通過(guò)單一的hash值來(lái)獲取文件,并且該方案能夠同時(shí)實(shí)現(xiàn)對(duì)密文數(shù)據(jù)的文件級(jí)和塊級(jí)去重。此外,理論分析和仿真結(jié)果表明,該方案能夠滿足更多安全屬性,同時(shí)具有較好的性能。(2)針對(duì)現(xiàn)有公開(kāi)審計(jì)方案只考慮群組用戶中僅有單個(gè)群管理者的情形,通過(guò)改進(jìn)可撤銷的群簽名和(t,s)門限方案,我們?cè)O(shè)計(jì)了一個(gè)適用于多管理者群組共享數(shù)據(jù)的公開(kāi)審計(jì)方案EPAM。該方案能夠?qū)崿F(xiàn)用戶的身份隱私、可追蹤性和不可陷害性,并且安全分析表明方案EPAM在隨機(jī)預(yù)言模型下是可證明安全的。此外,相比現(xiàn)有方案,實(shí)驗(yàn)結(jié)果表明方案EPAM擁有較小的計(jì)算開(kāi)銷。(3)借助阿里云的彈性計(jì)算服務(wù)(Elastic Compute Service,ECS)、對(duì)象存儲(chǔ)服務(wù)(Object Storage Service,OSS)以及關(guān)系型數(shù)據(jù)庫(kù)服務(wù)(Relational Database Service,RDS),并利用JPBC密碼學(xué)庫(kù)和JavaWeb開(kāi)發(fā)工具,設(shè)計(jì)與實(shí)現(xiàn)了一個(gè)云存儲(chǔ)數(shù)據(jù)安全去重和完整性審計(jì)原型系統(tǒng)。該系統(tǒng)能夠?qū)ξ覀冊(cè)O(shè)計(jì)的方案和現(xiàn)有方案進(jìn)行仿真實(shí)驗(yàn),從而驗(yàn)證每個(gè)方案在不同環(huán)節(jié)的計(jì)算開(kāi)銷,以對(duì)比分析不同方案的性能。
[Abstract]:With the widespread use of cloud computing and cloud storage services, more and more enterprises and individual users outsource their data information to cloud service providers. This allows them to enjoy data storage and computing services provided by cloud service providers at any time and anywhere, and to reduce the cost of data storage and maintenance. However, as more and more data is stored in the cloud, Will produce a lot of redundant data, how to reduce the cloud service provider to the same file storage, has become an urgent need to save cloud storage space. At the same time, the cloud server is semi-trusted, It may attempt to steal the user's data. Therefore, users usually need to encrypt the data to protect their privacy before uploading it to the cloud server. In addition, the user outsources the data to the cloud server. It also causes the user to lose absolute control over the data, and the cloud server may intentionally or unintentionally destroy the user's data, So how to ensure the integrity of cloud data has also become a problem that can not be ignored. This paper focuses on the cloud storage data security and integrity audit. Security flaws in convergent encryption in the scenario, We use blind signature method to construct a more secure key generation protocol. By introducing a key server, we realize the secondary encryption of the convergence key and make the data encryption more secure. On the basis of this, a proof method of ownership based on block key signature is proposed. A challenge / response protocol must be executed between the user and the cloud server. In order to determine whether the user has the same file as the cloud, it effectively prevents the attacker from obtaining the file through a single hash value, and the scheme can achieve both file level and block level heaviness of ciphertext data. Theoretical analysis and simulation results show that the scheme can satisfy more security attributes and has better performance. By improving the revocable group signature and tidbits) threshold scheme, we design an open audit scheme EPAM, which is suitable for multi-manager groups to share data. This scheme can realize user's identity privacy, traceability and non-framing. And the security analysis shows that the scheme EPAM can be proved to be safe under the stochastic prophecy model. In addition, compared with the existing scheme, The experimental results show that the scheme EPAM has a relatively small computational overhead. It makes use of Elastic Compute Service (EPAM), object Storage Service (OSS) and Relational Database Service (RDSs), and uses the JPBC cryptography library and JavaWeb development tools. A prototype system of cloud storage data security and integrity audit is designed and implemented. The system can simulate the scheme and the existing scheme, and verify the computing cost of each scheme in different links. Compare and analyze the performance of different schemes.
【學(xué)位授予單位】：南京理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP333;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 黃龍霞;張功萱;付安民;;基于層次樹(shù)的動(dòng)態(tài)群組隱私保護(hù)公開(kāi)審計(jì)方案[J];計(jì)算機(jī)研究與發(fā)展;2016年10期

2 王宏遠(yuǎn);祝烈煌;李龍一佳;;云存儲(chǔ)中支持?jǐn)?shù)據(jù)去重的群組數(shù)據(jù)持有性證明[J];軟件學(xué)報(bào);2016年06期

3 陳越;李超零;蘭巨龍;金開(kāi)春;王仲輝;;基于確定/概率性文件擁有證明的機(jī)密數(shù)據(jù)安全去重方案[J];通信學(xué)報(bào);2015年09期

4 楊超;張俊偉;董學(xué)文;馬建峰;;云存儲(chǔ)加密數(shù)據(jù)去重刪除所有權(quán)證明方法[J];計(jì)算機(jī)研究與發(fā)展;2015年01期

5 付艷艷;張敏;陳開(kāi)渠;馮登國(guó);;面向云存儲(chǔ)的多副本文件完整性驗(yàn)證方案[J];計(jì)算機(jī)研究與發(fā)展;2014年07期

6 李暉;孫文海;李鳳華;王博洋;;公共云存儲(chǔ)服務(wù)數(shù)據(jù)安全及隱私保護(hù)技術(shù)綜述[J];計(jì)算機(jī)研究與發(fā)展;2014年07期

，

本文編號(hào)：1621430