發(fā)布時間：2018-03-16 20:00

  本文選題：云存儲　切入點(diǎn)：客戶端數(shù)據(jù)去重　出處：《南京理工大學(xué)》2017年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著云計算和云存儲服務(wù)廣泛使用,越來越多的企業(yè)和個人用戶將他們的數(shù)據(jù)信息外包給云服務(wù)提供商,這樣他們就可以隨時隨地享受云服務(wù)提供商所提供的數(shù)據(jù)存儲和計算服務(wù),并能減少數(shù)據(jù)存儲和維護(hù)成本。但是,當(dāng)存儲在云端的數(shù)據(jù)越來越多的時候,將會產(chǎn)生大量的冗余數(shù)據(jù),如何減少云服務(wù)提供商對相同文件的存儲,已成為節(jié)約云存儲空間的一個迫切需求。同時,云服務(wù)器是半可信的,它可能試圖竊取用戶的數(shù)據(jù)信息。因此,用戶在將數(shù)據(jù)上傳至云服務(wù)器之前,通常需要對數(shù)據(jù)進(jìn)行加密來實(shí)現(xiàn)數(shù)據(jù)的隱私保護(hù)。此外,用戶將數(shù)據(jù)外包給云服務(wù)器,也導(dǎo)致用戶喪失了對數(shù)據(jù)的絕對控制權(quán),云服務(wù)器可能有意或無意地破壞用戶的數(shù)據(jù),所以如何確保云端數(shù)據(jù)的完整性也成為了不可忽略的問題。本文重點(diǎn)對云存儲數(shù)據(jù)安全去重和完整性審計問題進(jìn)行了研究。具體工作如下:(1)針對客戶端數(shù)據(jù)去重場景中收斂加密存在的安全缺陷,我們利用盲簽名的方法構(gòu)造了一個更加安全的密鑰生成協(xié)議,通過引入一個密鑰服務(wù)器,實(shí)現(xiàn)了對收斂密鑰的二次加密,使得數(shù)據(jù)加密更加安全,能夠有效地預(yù)防暴力字典攻擊。并在此基礎(chǔ)上,提出了一個基于塊密鑰簽名的擁有權(quán)證明方法,用戶和云服務(wù)器之間必須執(zhí)行一個挑戰(zhàn)/響應(yīng)協(xié)議,才能確定用戶是否擁有和云端相同的文件,從而有效地預(yù)防了攻擊者通過單一的hash值來獲取文件,并且該方案能夠同時實(shí)現(xiàn)對密文數(shù)據(jù)的文件級和塊級去重。此外,理論分析和仿真結(jié)果表明,該方案能夠滿足更多安全屬性,同時具有較好的性能。(2)針對現(xiàn)有公開審計方案只考慮群組用戶中僅有單個群管理者的情形,通過改進(jìn)可撤銷的群簽名和(t,s)門限方案,我們設(shè)計了一個適用于多管理者群組共享數(shù)據(jù)的公開審計方案EPAM。該方案能夠?qū)崿F(xiàn)用戶的身份隱私、可追蹤性和不可陷害性,并且安全分析表明方案EPAM在隨機(jī)預(yù)言模型下是可證明安全的。此外,相比現(xiàn)有方案,實(shí)驗(yàn)結(jié)果表明方案EPAM擁有較小的計算開銷。(3)借助阿里云的彈性計算服務(wù)(Elastic Compute Service,ECS)、對象存儲服務(wù)(Object Storage Service,OSS)以及關(guān)系型數(shù)據(jù)庫服務(wù)(Relational Database Service,RDS),并利用JPBC密碼學(xué)庫和JavaWeb開發(fā)工具,設(shè)計與實(shí)現(xiàn)了一個云存儲數(shù)據(jù)安全去重和完整性審計原型系統(tǒng)。該系統(tǒng)能夠?qū)ξ覀冊O(shè)計的方案和現(xiàn)有方案進(jìn)行仿真實(shí)驗(yàn),從而驗(yàn)證每個方案在不同環(huán)節(jié)的計算開銷,以對比分析不同方案的性能。
[Abstract]:With the widespread use of cloud computing and cloud storage services, more and more enterprises and individual users outsource their data information to cloud service providers. This allows them to enjoy data storage and computing services provided by cloud service providers at any time and anywhere, and to reduce the cost of data storage and maintenance. However, as more and more data is stored in the cloud, Will produce a lot of redundant data, how to reduce the cloud service provider to the same file storage, has become an urgent need to save cloud storage space. At the same time, the cloud server is semi-trusted, It may attempt to steal the user's data. Therefore, users usually need to encrypt the data to protect their privacy before uploading it to the cloud server. In addition, the user outsources the data to the cloud server. It also causes the user to lose absolute control over the data, and the cloud server may intentionally or unintentionally destroy the user's data, So how to ensure the integrity of cloud data has also become a problem that can not be ignored. This paper focuses on the cloud storage data security and integrity audit. Security flaws in convergent encryption in the scenario, We use blind signature method to construct a more secure key generation protocol. By introducing a key server, we realize the secondary encryption of the convergence key and make the data encryption more secure. On the basis of this, a proof method of ownership based on block key signature is proposed. A challenge / response protocol must be executed between the user and the cloud server. In order to determine whether the user has the same file as the cloud, it effectively prevents the attacker from obtaining the file through a single hash value, and the scheme can achieve both file level and block level heaviness of ciphertext data. Theoretical analysis and simulation results show that the scheme can satisfy more security attributes and has better performance. By improving the revocable group signature and tidbits) threshold scheme, we design an open audit scheme EPAM, which is suitable for multi-manager groups to share data. This scheme can realize user's identity privacy, traceability and non-framing. And the security analysis shows that the scheme EPAM can be proved to be safe under the stochastic prophecy model. In addition, compared with the existing scheme, The experimental results show that the scheme EPAM has a relatively small computational overhead. It makes use of Elastic Compute Service (EPAM), object Storage Service (OSS) and Relational Database Service (RDSs), and uses the JPBC cryptography library and JavaWeb development tools. A prototype system of cloud storage data security and integrity audit is designed and implemented. The system can simulate the scheme and the existing scheme, and verify the computing cost of each scheme in different links. Compare and analyze the performance of different schemes.
【學(xué)位授予單位】：南京理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP333;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 黃龍霞;張功萱;付安民;;基于層次樹的動態(tài)群組隱私保護(hù)公開審計方案[J];計算機(jī)研究與發(fā)展;2016年10期

2 王宏遠(yuǎn);祝烈煌;李龍一佳;;云存儲中支持?jǐn)?shù)據(jù)去重的群組數(shù)據(jù)持有性證明[J];軟件學(xué)報;2016年06期

3 陳越;李超零;蘭巨龍;金開春;王仲輝;;基于確定/概率性文件擁有證明的機(jī)密數(shù)據(jù)安全去重方案[J];通信學(xué)報;2015年09期

4 楊超;張俊偉;董學(xué)文;馬建峰;;云存儲加密數(shù)據(jù)去重刪除所有權(quán)證明方法[J];計算機(jī)研究與發(fā)展;2015年01期

5 付艷艷;張敏;陳開渠;馮登國;;面向云存儲的多副本文件完整性驗(yàn)證方案[J];計算機(jī)研究與發(fā)展;2014年07期

6 李暉;孫文海;李鳳華;王博洋;;公共云存儲服務(wù)數(shù)據(jù)安全及隱私保護(hù)技術(shù)綜述[J];計算機(jī)研究與發(fā)展;2014年07期

，

本文編號：1621430