支持去重的动态数据安全审计云存储系统

发布时间：2018-04-25 05:14

本文选题：持有性证明 + 数据去重　；参考：《北京理工大学》2015年硕士论文

【摘要】：目前云存储已经和人们的生活越来越紧密,然而其安全问题仍然是许多用户担忧的问题。完整性问题也是云存储存在的重大安全隐患之一,目前已经有数据持有性证明方案使用户可以在本地不存储额外数据的情况下随时随地验证其数据是否完整。但是针对云存储的数据去重技术,存在的方案不能有效的对验证所用的数据标签做数据压缩,其结果就是造成较大的存储开销。并且云端数据更新频繁,如何在数据动态更新的同时仍提供数据持有性的保证,是当前亟待解决的研究课题。本文提出了支持数据去重的数据持有性证明方案,改进了原有数据去重中利用MD5值冒领原数据使用权的安全问题,并且引入可信第三方对不同文件的验证密钥进行管理,拥有重复文件的用户通过可信第三方获取验证密钥,避免了文件标签的重复计算,利用额外的本地存储减少了时间消耗和通信代价。另外针对文件级云存储,设计了基于索引的动态数据持有性证明方案。该方案构造了通过统一资源定位符,从哈希表中确认标签位置的新型方案,在保证空间复杂度不变的同时,验证文件完整性算法的时间复杂度从O(logN)降低到O(1),方案效率显著提升。并且针对之前方案中往往存在文件I/O对验证时间的影响,采用了B+树多级索引来对文件做查询优化。该方案具有速度快,计算量小,通信代价低小等诸多优势,可应用于手机、平板等移动设备。针对提出的两个方案,本文做了安全性分析、性能分析,并且结合其特点在Android平台开发对应的客户端,基于百度云存储进行部署,证明了方案的可行性和实用性。结果表明,本文提出的方案与传统方案比较,针对数据去重场景大幅度地减少了存储开销,也降低了文件级的更新操作时间复杂度。
[Abstract]:Cloud storage has become increasingly close to people's lives, but its security is still a concern for many users. The integrity problem is also one of the major security risks in cloud storage. At present, there is a data holding certification scheme that allows users to verify whether their data is complete at any time and anywhere without storing additional data locally. However, the existing scheme can not effectively compress the data labels used in cloud storage, which results in a large storage cost. And the cloud data update frequently, how to provide the guarantee of data holding while updating the data dynamically, is the current research topic to be solved urgently. In this paper, we propose a data holding proof scheme to support data reduplication, improve the security of using MD5 value to obtain the right to use the original data, and introduce a trusted third party to manage the verification keys of different files. Users with duplicated files obtain authentication keys through trusted third parties to avoid double computation of file labels and use extra local storage to reduce time consumption and communication costs. In addition, for file level cloud storage, a dynamic data holding proof scheme based on index is designed. This scheme constructs a new scheme to confirm the label location from the hash table by unified resource locator. While keeping the space complexity unchanged, the time complexity of the file integrity verification algorithm is reduced from OGlogN to OF-1, and the efficiency of the scheme is improved significantly. In view of the influence of file I / O on the verification time in the previous scheme, a multilevel index of B tree is used to optimize the file query. This scheme has many advantages, such as high speed, low computation, low communication cost and so on. It can be used in mobile devices such as mobile phones and tablets. This paper analyzes the security and performance of the two schemes, and develops the corresponding client on the Android platform, which is based on Baidu cloud storage. The feasibility and practicability of the scheme are proved. The results show that compared with the traditional scheme, the proposed scheme greatly reduces the storage overhead and the update time complexity of the file level.
【学位授予单位】：北京理工大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP309.2;TP333

【相似文献】