云存储环境下数据持有性审计技术研究与应用

发布时间：2018-02-27 12:16

本文关键词： 云存储云安全数据完整性并行审计 Hadoop MapReduce 数据持有性证明　出处：《湖南大学》2013年硕士论文　论文类型：学位论文

【摘要】：云存储是云计算理论和技术的衍生和发展，因具有使用便捷、按需付费(pay-as-you-go)和不受时间空间局限等特性而成为最有吸引力的分布式存储方式之一。然而，相较传统存储方式，在存储服务提供商缺失信任约束前提下，云存储用户无法直接有效管理自身数据，由此带来的云数据安全性问题制约了云存储技术的广泛应用和发展。数据完整性保证技术是保证云中数据安全性的关键技术，现有的完整性检测研究主要集中在验证算法的改进、数据动态更新的支持和损坏数据的恢复等方面，且大多处于理论研究阶段，无法适用以集群为主要构建方式的云存储环境。本文以构建适用于集群环境的云中数据完整性检测模型和技术为主要应用目标，详细研究和分析了目前数据持有性审计的研究现状，以数据持有性证明(Provable Data Possession,PDP)方案和数据持有性审计方案(Data PossessionAudit,DPA)为基础，结合集群式云存储环境的具体特点，提出了一种云数据完整性检测模型—数据持有性并行审计模型(Parallel Audit for DataPossession,PADP)。PADP综合利用PDP方案和DPA方案的优势，将用户与存储服务提供商完全分离，以信任的第三方审计器为中心，加入审计日志机制，在充分保证审计过程安全性的基础上可以显著减少用户进行数据完整性检测的存储和计算开销。针对传统数据持有性审计方案中原有算法无法适用集群式云存储环境问题，对PDP模型中基于RSA的同态标签验证算法进行了改进，提出和设计了一种基于MapReduce的挑战证明并行生成算法(MapReduce-based Parallel Generation Challenge ProofAlgorithm,MR_PGCPA)，并通过理论分析证明了该算法具有良好的安全性能。最后，基于以上模型和算法，设计和实现了一个基于Hadoop集群环境的PADP原型系统，，给出了详细的用例、模块和算法流程设计和实现细节。测试结果表明：PADP方案可以显著减少用户的通信量和存储开销；当存储文件较大、计算节点较多时，随MR_PGCPA算法的引入，可以显著的减少相应的计算开销，提高检测效率。
[Abstract]:Cloud storage is a derivation and development of cloud computing theory and technology. It is one of the most attractive distributed storage methods because of its advantages such as convenient use, pay-as-you-goon on demand and no limitation of time and space. However, compared with traditional storage methods, cloud storage has become one of the most attractive distributed storage methods. In the absence of trust constraints, cloud storage users can not manage their own data directly and effectively. The problem of cloud data security has restricted the wide application and development of cloud storage technology. Data integrity assurance technology is the key technology to ensure data security in the cloud. The existing researches on integrity detection mainly focus on the improvement of verification algorithm, the support of data dynamic update and the recovery of damaged data, and most of them are in the stage of theoretical research, so they can not be applied to the cloud storage environment which is built mainly by cluster. In order to construct the cloud data integrity detection model and technology suitable for cluster environment, this paper studies and analyzes the current research status of data holding audit in detail. On the basis of Provable Data possession-PDP) scheme and data possessionAuditor-DPA scheme, the paper combines the specific characteristics of cluster cloud storage environment. This paper presents a cloud data integrity checking model-parallel Audit for data possibilities PADP.PADP, which combines the advantages of PDP scheme and DPA scheme, separates users from storage service providers completely, and centers on trusted third-party auditors. Join the audit log mechanism, On the basis of fully guaranteeing the security of audit process, the storage and computing overhead of data integrity checking by users can be significantly reduced. In the traditional data holding audit scheme, the original algorithm can not be applied to the cluster cloud storage environment. The homomorphic tag verification algorithm based on RSA in PDP model is improved, and a challenge proof parallel generation algorithm based on MapReduce is proposed and designed. The algorithm is proved to have good security performance by theoretical analysis. Based on the above models and algorithms, a PADP prototype system based on Hadoop cluster environment is designed and implemented, and a detailed use case is given. The test results show that the proposed scheme can significantly reduce the amount of communication and storage overhead of the user, and when the storage file is large and there are more computing nodes, with the introduction of the MR_PGCPA algorithm, It can significantly reduce the computation cost and improve the detection efficiency.
【学位授予单位】：湖南大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP309.2;TP333

【参考文献】