發(fā)布時間：2018-07-25 14:17

【摘要】：云存儲是云計算的一種重要服務(wù),允許數(shù)據(jù)所有者將其數(shù)據(jù)托管在云服務(wù)器中,并通過網(wǎng)絡(luò)向用戶提供數(shù)據(jù)訪問。通過這種數(shù)據(jù)的外包服務(wù),可以給數(shù)據(jù)所有者帶來諸多方便：1)減少存儲管理的壓力；2)減少存儲硬件和軟件以及數(shù)據(jù)維護(hù)的費用；3)可以實現(xiàn)任意地點、任意時間的數(shù)據(jù)訪問。與此同時,云存儲也帶來了新的安全問題。數(shù)據(jù)存儲在云端后,其安全性高度依賴于云服務(wù)提供商。事實上云服務(wù)提供商是不能被完全信任的。首先,由于自然災(zāi)害、硬件故障、軟件故障和黑客攻擊等原因不可避免地造成數(shù)據(jù)的丟失。其次,云服務(wù)提供商可能對數(shù)據(jù)所有者的數(shù)據(jù)采取不可信的行為。如通過丟棄沒有或很少被訪問的數(shù)據(jù)來節(jié)省存儲空間,或者隱瞞數(shù)據(jù)損壞事件來維護(hù)其聲譽(yù)。由此可以看出,云存儲并不能保證數(shù)據(jù)所有者數(shù)據(jù)的完整性。傳統(tǒng)基于簽名或者消息驗證碼的完整性驗證方法需要先從云服務(wù)器下載全部原始數(shù)據(jù),然后驗證對應(yīng)的簽名或者消息驗證碼的正確性。在云存儲環(huán)境下,因數(shù)據(jù)量大,該方法是非常低效的。為了安全高效地驗證云端數(shù)據(jù)的完整性,第三方審計方法是近年來的研究熱點。數(shù)據(jù)所有者將數(shù)據(jù)文件分塊并為每一數(shù)據(jù)塊計算相應(yīng)的數(shù)據(jù)標(biāo)簽。數(shù)據(jù)塊和標(biāo)簽都存儲在云端,審計者通過抽樣檢查部分?jǐn)?shù)據(jù)塊與標(biāo)簽是否匹配來驗證數(shù)據(jù)的完整性。其優(yōu)勢有：1)不需要下載全部原始數(shù)據(jù)。2)將審計工作委托給審計者,減輕了數(shù)據(jù)所有者的負(fù)擔(dān)。3)為數(shù)據(jù)所有者和云服務(wù)器商提供公平可信的審計結(jié)果。在第三方審計過程中,必須保證審計者是在不能獲取數(shù)據(jù)內(nèi)容的前提下進(jìn)行盲審計。否則,它將給所有者的數(shù)據(jù)帶來新的安全問題。當(dāng)考慮群組中多用戶都可以對云端同一份數(shù)據(jù)文件進(jìn)行訪問和修改時,共享數(shù)據(jù)的完整性審計面臨著新的挑戰(zhàn),比如身份隱私保護(hù)和用戶撤銷等問題。數(shù)據(jù)所有者關(guān)心其數(shù)據(jù)完整性的同時,云服務(wù)提供商同樣會關(guān)注存儲效率。當(dāng)將重復(fù)數(shù)據(jù)刪除技術(shù)和完整性審計結(jié)合考慮時,重刪數(shù)據(jù)的完整性審計面臨著新的挑戰(zhàn),比如密文情況下重復(fù)數(shù)據(jù)刪除和重復(fù)標(biāo)簽刪除,以及重刪后怎么樣進(jìn)行完整性審計。當(dāng)檢查到云端數(shù)據(jù)被破壞或者丟失時,數(shù)據(jù)所有者更關(guān)心的是被破壞或丟失的數(shù)據(jù)能否被修復(fù)。當(dāng)考慮再生碼存儲數(shù)據(jù)的完整性審計問題時,其面臨著新的挑戰(zhàn),比如分布式存儲的完整性審計和錯誤定位、修復(fù)過程的污染攻擊以及支持編碼數(shù)據(jù)更新的動態(tài)審計。本文從個人數(shù)據(jù)、共享數(shù)據(jù)、密文重刪數(shù)據(jù)和再生碼存儲數(shù)據(jù)等四個方面對云存儲中的數(shù)據(jù)完整性審計問題進(jìn)行研究,提出了不同情況下的盲審計方法分別解決不同的關(guān)鍵問題。論文的主要工作可以總結(jié)為以下幾個方面：(1)提出了一種基于雙線性映射加密的個人數(shù)據(jù)完整性盲審計方法。首先,設(shè)計了個人數(shù)據(jù)盲審計方案的框架并給出了相應(yīng)的定義,該定義由5個算法組成。利用雙線性對映射的性質(zhì),在云服務(wù)器端將數(shù)據(jù)證據(jù)和標(biāo)簽證據(jù)加密后再合并,實現(xiàn)審計者在不知數(shù)據(jù)內(nèi)容的情況下進(jìn)行盲審計。其次,設(shè)計高效的索引機(jī)制支持?jǐn)?shù)據(jù)更新,使數(shù)據(jù)更新操作不會導(dǎo)致大量額外的計算和通信開銷,實現(xiàn)了動態(tài)審計。最后針對多個審計請求,設(shè)計將不同的證據(jù)聚合的方法,以支持對多所有者多云服務(wù)器多文件的批量審計,使批量審計的通信開銷與審計請求的數(shù)量無關(guān)。理論分析和實驗結(jié)果表明,該方法是可證明安全的,與現(xiàn)有的方案相比,提出的方案有效提高了審計效率。(2)提出了一種基于代理重簽名的共享數(shù)據(jù)完整性盲審計方法。設(shè)計了共享數(shù)據(jù)盲審計方案的框架并給出了相應(yīng)的定義,該定義由6個算法組成。結(jié)合共享數(shù)據(jù)的特點,重點研究審計過程中身份隱私保護(hù)和用戶撤銷問題。利用代理重簽名方法,計算標(biāo)簽證據(jù)時將其他用戶簽名的標(biāo)簽轉(zhuǎn)成成質(zhì)詢用戶簽名的標(biāo)簽,從而實現(xiàn)身份隱私保護(hù)。同時使得審計開銷與用戶數(shù)據(jù)無關(guān)。該方法還實現(xiàn)了用戶直接撤銷,不需要重新計算被撤銷用戶簽名的標(biāo)簽。詳細(xì)的安全性分析表明,本章的方案是可證明安全的。與現(xiàn)有的方案相比,在審計和用戶撤銷等方面提高了效率。(3)提出了一種基于代理重加密的密文重刪數(shù)據(jù)完整性盲審計方法。設(shè)計了密文重刪數(shù)據(jù)盲審計方案的框架并給出了相應(yīng)的定義,該定義由7個算法組成。在同一框架下實現(xiàn)了客戶端密文重復(fù)數(shù)據(jù)刪除和云端數(shù)據(jù)完整性審計。利用代理重加密方法,實現(xiàn)了密文重刪對所有者加密的密鑰沒有限制。設(shè)計新的標(biāo)簽生成方法,實現(xiàn)了標(biāo)簽重刪,使得存儲開銷與所有者數(shù)量無關(guān)。同時,審計者可以代表任意數(shù)據(jù)所有者驗證重刪數(shù)據(jù)的完整性。詳細(xì)的安全性分析表明,本章的方案是可證明安全的。與現(xiàn)有的方案相比,在審計和重刪等方面提高了效率。(4)提出了一種基于增量矩陣的再生碼存儲數(shù)據(jù)完整性盲審計方法。設(shè)計了再生碼存儲數(shù)據(jù)盲審計方案的框架并給出了相應(yīng)的定義,該定義由10個算法組成。審計者不僅能一次性驗證存儲在不同服務(wù)器上的數(shù)據(jù)的完整性,還能快速定位出錯的服務(wù)器。數(shù)據(jù)修復(fù)時先進(jìn)行完整性檢查,以防止云服務(wù)器發(fā)起地污染攻擊。為了支持動態(tài)審計,提出了基于增量矩陣和索引機(jī)制的數(shù)據(jù)更新方法,使得數(shù)據(jù)更新不需要重新下載和編碼云端數(shù)據(jù)。詳細(xì)的安全性分析表明,本章的方案是可證明安全的。實驗結(jié)果對方案的效率進(jìn)行了驗證。
[Abstract]:Cloud storage is an important service in cloud computing that allows data owners to host their data in a cloud server and provide data access to users through the network. Through the outsourced service of this data, it can bring a lot of convenience to the data owners: 1) reduce storage management pressure; 2) reduce storage hardware and software and data dimension. At the same time, cloud storage also brings new security problems. When data is stored in the cloud, the security is highly dependent on cloud service providers. In fact, cloud service providers are not completely trusted. First, natural disasters, hardware failures, and software reasons. Barriers and hacker attacks inevitably cause data loss. Secondly, cloud service providers may take untrusted behavior for data owners' data, such as saving storage space by discarding data that is not or rarely accessed, or concealing data damage events to maintain their reputation. The integrity of data owner data is not guaranteed. The integrity verification method based on the traditional signature or message validation code needs to download all the original data from the cloud server first, and then verify the correctness of the corresponding signature or message authentication code. In the cloud storage environment, the method is very inefficient because of the large amount of data. The third party audit method is the research hotspot in recent years. The data owner blocks the data file and calculates the corresponding data labels for each data block. The data block and label are stored in the cloud. The auditor checks the integrity of the data by sampling the matching of the part of the data block to the label. The advantages are: 1) no need to download all the original data.2) to delegate the audit to the auditor, reduce the burden of the data owner.3) to provide a fair and credible audit result for the data owner and the cloud server. In the third party audit process, the auditor must be blinded on the premise that the data is not available. Otherwise, it will bring new security issues to the owner's data. When many users in the group can access and modify the same data file in the cloud, the integrity audit of shared data is faced with new challenges, such as identity privacy protection and user revocation. Data owners are concerned with their data integrity. At the same time, cloud service providers also pay attention to storage efficiency. When considering duplication of data deletions and integrity audits, the integrity audit of heavy censored data faces new challenges, such as repeated data deletions and repeat label deletions under the case of ciphertext, and how to carry out integrity audits after heavy censoring. When inspecting the cloud end When data is destroyed or lost, data owners are more concerned with whether the data being destroyed or lost can be repaired. When considering the integrity audit of the regenerated code storage data, it faces new challenges, such as the integrity audit and error location of the distributed storage, the pollution attack of the repair process, and the support for the update of the coded data. This paper studies the audit of data integrity in the cloud storage from four aspects, such as personal data, shared data, ciphertext censored data and regenerative code storage data, and puts forward the different key problems in different cases. The main work of this paper can be summarized as follows: (1) a blind audit method of personal data integrity based on bilinear map encryption is proposed. First, the framework of the personal data blind audit scheme is designed and the corresponding definition is given. The definition is composed of 5 algorithms. Using the properties of the bilinear pairing, the data evidence and the label evidence are encrypted and consolidated on the cloud server side. The present auditor performs a blind audit without knowing the content of the data. Secondly, the efficient index mechanism is designed to support the data updating, so that the data update operation does not lead to a large amount of additional computing and communication overhead and realizes the dynamic audit. Finally, the different methods of aggregation of evidence are designed to support multiple audit requests. The batch audit of multi cloud server multiple files makes the communication overhead of batch audit unrelated to the number of audit requests. The theoretical analysis and experimental results show that the method is proved to be safe. Compared with the existing schemes, the proposed scheme effectively improves the audit efficiency. (2) a kind of shared data integrity based on proxy re signature is proposed. The framework of the blind audit scheme of the shared data is designed and the corresponding definition is designed. The definition is composed of 6 algorithms. Combining the characteristics of the shared data, the identity privacy protection and the user revocation problem in the audit process are focused on. The proxy resignature method is used to calculate the label evidence when the labels of other users are transferred. This method also makes the audit cost unrelated to the user data. This method also implements the user direct revocation without recalculating the label of the revoked user's signature. Detailed security analysis shows that the scheme of this chapter is proved to be safe. Compared with the existing scheme, The efficiency of audit and user revocation is improved. (3) a blind data integrity audit method based on agent re encryption is proposed. The framework of the blind audit scheme of ciphertext re censoring data is designed and the corresponding definition is given. The definition is composed of 7 algorithms. In the same framework, the repeated data deletion of the client ciphertext is realized. And cloud data integrity audit. Using the agent re encryption method, there is no restriction on the encryption key of the owner. A new label generation method is designed to realize the tag deletion, which makes the storage cost unrelated to the number of the owners. At the same time, the auditor can verify the integrity of the deleted data on behalf of the owner of the data. The detailed security analysis shows that the scheme of this chapter is proved to be safe. Compared with the existing schemes, it improves the efficiency in audit and censoring. (4) a blind audit method of data integrity for regenerated codes based on incremental matrix is proposed. The framework of the regenerated code storage number based blind Audit Scheme is designed and the corresponding definition is given. The definition is composed of 10 algorithms. The auditor can not only verify the integrity of the data stored on different servers, but also quickly locate the wrong server. The integrity check is carried out to prevent the cloud server from launching pollution attacks. In order to support the dynamic audit, the incremental matrix and index machine are proposed. The data update method makes the data update without the need to re download and code the cloud data. Detailed security analysis shows that the scheme is proved to be safe. The experimental results verify the efficiency of the scheme.
【學(xué)位授予單位】：武漢大學(xué)
【學(xué)位級別】：博士
【學(xué)位授予年份】：2016
【分類號】：TP333

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李師謙;基于雜湊函數(shù)的數(shù)據(jù)完整性研究[J];山東理工大學(xué)學(xué)報(自然科學(xué)版);2003年03期

2 高春玲,張新顏;數(shù)據(jù)完整性機(jī)制的認(rèn)識與應(yīng)用[J];洛陽大學(xué)學(xué)報;2003年04期

3 武立福,毛宇光;多級安全數(shù)據(jù)庫保密性和數(shù)據(jù)完整性研究[J];計算機(jī)工程與應(yīng)用;2004年08期

4 溫一軍;數(shù)據(jù)完整性應(yīng)用的深入研究[J];沙洲職業(yè)工學(xué)院學(xué)報;2004年01期

5 郭艷光,于慶峰,胡敏,高明堂;淺析數(shù)據(jù)完整性問題及應(yīng)用[J];內(nèi)蒙古石油化工;2004年06期

6 劉慧娟,張奕黃;嵌入式系統(tǒng)中閃存數(shù)據(jù)完整性處理方法[J];儀器儀表學(xué)報;2004年S1期

7 張華偉;楊凱;;Microsoft SQL Server 2000中的數(shù)據(jù)完整性機(jī)制探討[J];河南科技;2007年03期

8 龍映宏;;淺析數(shù)據(jù)完整性及其實現(xiàn)[J];電腦編程技巧與維護(hù);2009年24期

9 張俊楷;谷小婭;;空氣質(zhì)量監(jiān)測系統(tǒng)數(shù)據(jù)完整性研究[J];電腦知識與技術(shù);2013年19期

10 閃四清;數(shù)據(jù)完整性[J];個人電腦;1999年08期

相關(guān)會議論文 前5條

1 劉慧娟;張奕黃;;嵌入式系統(tǒng)中閃存數(shù)據(jù)完整性處理方法[A];第二屆全國信息獲取與處理學(xué)術(shù)會議論文集[C];2004年

2 曹丹陽;;數(shù)據(jù)完整性的檢測研究[A];中國計量協(xié)會冶金分會2008年會論文集[C];2008年

3 曹丹陽;;數(shù)據(jù)完整性的檢測研究[A];2008全國第十三屆自動化應(yīng)用技術(shù)學(xué)術(shù)交流會論文集[C];2008年

4 彭涼;賴?yán)^宏;梁余發(fā);;MES中數(shù)據(jù)完整性的解決方案[A];冶金企業(yè)MES和ERP技術(shù)實踐論文集[C];2005年

5 吳愛珍;;CICS與數(shù)據(jù)完整性[A];中國航海學(xué)會內(nèi)河船舶駕駛專業(yè)委員會學(xué)術(shù)年會論文集[C];2004年

相關(guān)重要報紙文章 前3條

1 記者 劉學(xué)習(xí);NonStop拒絕宕機(jī)惡夢[N];計算機(jī)世界;2003年

2 本報記者 周蕾;期待NonStop的新成長[N];網(wǎng)絡(luò)世界;2003年

3 賽迪評測硬件與網(wǎng)絡(luò)事業(yè)部網(wǎng)絡(luò)通信實驗室;十項考驗煉“真金”[N];通信產(chǎn)業(yè)報;2004年

相關(guān)博士學(xué)位論文 前4條

1 張新鵬;云數(shù)據(jù)完整性與可用性研究[D];電子科技大學(xué);2016年

2 何凱;云存儲中數(shù)據(jù)完整性的聚合盲審計方法研究[D];武漢大學(xué);2016年

3 郝卓;遠(yuǎn)程數(shù)據(jù)完整性和認(rèn)證技術(shù)研究[D];中國科學(xué)技術(shù)大學(xué);2011年

4 周強(qiáng);無線傳感器網(wǎng)絡(luò)安全數(shù)據(jù)融合技術(shù)研究[D];南京郵電大學(xué);2014年

相關(guān)碩士學(xué)位論文 前10條

1 董慶運;基于存儲證據(jù)的云端數(shù)據(jù)完整性驗證機(jī)制研究[D];河北大學(xué);2015年

2 陳科;基于動態(tài)變色龍認(rèn)證樹的流式數(shù)據(jù)完整性驗證研究與應(yīng)用[D];東北大學(xué);2014年

3 孟奕光;橋梁長期監(jiān)測數(shù)據(jù)完整性研究[D];石家莊鐵道大學(xué);2016年

4 王士雨;高效的云端數(shù)據(jù)完整性驗證機(jī)制研究[D];電子科技大學(xué);2016年

5 陳陽;云環(huán)境下基于身份的數(shù)據(jù)完整性證明的研究及應(yīng)用[D];電子科技大學(xué);2016年

6 吳遠(yuǎn)棟;云存儲下數(shù)據(jù)完整性和安全性研究[D];長安大學(xué);2016年

7 楊光洋;云計算外包存儲中數(shù)據(jù)完整性審計的研究[D];青島大學(xué);2016年

8 鄭平;在藥品生產(chǎn)質(zhì)量管理體系中的數(shù)據(jù)完整性[D];上海交通大學(xué);2015年

9 孫志峰;云存儲中能量有效的數(shù)據(jù)完整性校驗算法研究[D];東華大學(xué);2016年

10 于美麗;云存儲數(shù)據(jù)完整性校驗中數(shù)據(jù)抽樣算法的研究[D];東華大學(xué);2015年

，

本文編號：2144086