云存储中数据完整性验证技术研究

发布时间：2018-05-06 19:42

本文选题：云存储 + 完整性验证　；参考：《电子科技大学》2017年硕士论文

【摘要】：在云存储环境中,文件所有者在将其文件从本地转移到云端进行在线存储后,在节省本地空间的同时也失去了对文件的物理控制能力。而云存储系统的服务器由于其中存储着大量有价值的文件和数据,另外云存储系统的服务器通常部署在公共网络上,常常成为网络攻击的目标,同时云存储系统为了获得海量的存储能力,使用了数量巨大的硬件存储设备,硬件数量的增加,使得不出现故障的可能性降低,甚至会使得故障的出现成为常态。由于上述原因,在用户使用云存储服务对文件进行在线托管时,对这些文件的完整性进行检查有其必要性。传统的完整性验证技术需要验证者对文件具有完全的物理控制能力,会给云存储服务器以及网络带宽造成较大负担。现有对云端的文件进行完整性检查的研究存在着效率较低、不支持动态操作等问题。本文在已有的完整性检查技术和协议的基础上,对现有工作中存在的不足之处开展研究,提出一种实用性更高的协议,以便对云端文件的完整性进行保护和检查。本文的主要创新点包括:1.基于跳表提出一种能够对完整性进行检查的数据结构本文基于跳跃列表和可用于进行完整性验证的默克尔哈希树,提出了一种能够用于对文件的完整性进行验证,且能够高效地执行节点插入与删除的数据结构(Acyclic Certificate Skip Lists,ACSL),该数据结构中节点之间无固定关系,并且引入了可达计数用于代替索引来进行节点的查找,从而解决了默克尔哈希树不支持节点插入与删除的不足;2.提出一种安全协议,可以公开检查云端文件的完整性本文基于ACSL,提出一种针对云存储系统的动态数据完整性验证协议(Dynamic Data Integrity Verifying,DDIV)。由于使用了本文所提出的ACSL数据结构,DDIV除具备对完整性进行检查的基本功能外,还能够高效地执行对文件的更新、追加等动态操作,同时在DDIV中使用非对称密码体制对ACSL中的关键信息进行签名,使得除文件所有者之外的任意使用者,都能够在获取文件所有者的公钥后,检查云端文件的完整性,而无需可信第三方的支持,相比于现有的支持公开验证的协议,DDIV有效的消除了系统的性能瓶颈。
[Abstract]:In the cloud storage environment, the file owner can save the local space and lose the physical control of the file after transferring the file from the local to the cloud for online storage. The servers of cloud storage systems store a lot of valuable files and data. In addition, the servers of cloud storage systems are usually deployed on public networks and are often the target of network attacks. At the same time, cloud storage system in order to obtain massive storage capacity, the use of a large number of hardware storage devices, the increase in the number of hardware, so that the possibility of failure will be reduced, and even make the occurrence of fault become the normal. For these reasons, it is necessary to check the integrity of files when users use cloud storage services to host files online. The traditional integrity verification technology requires the verifier to have complete physical control over the file, which will create a great burden on the cloud storage server and the network bandwidth. The existing researches on the integrity check of the files in the cloud have some problems such as low efficiency and no support for dynamic operation. Based on the existing integrity checking techniques and protocols, this paper studies the shortcomings of the existing work and proposes a more practical protocol to protect and check the integrity of cloud files. The main innovations of this paper include: 1. Based on hopping table, this paper presents a data structure that can check the integrity of the file. Based on the hopping list and the Merkel hash tree which can be used to verify the integrity of the file, this paper proposes a new method that can be used to verify the integrity of the file. And the data structure which can be inserted and deleted efficiently is acyclic Certificate Skip / ACSL, in which there is no fixed relation between nodes, and the reachable count is introduced to replace the index to search the node. This resolves the lack of node insertion and deletion in the Merkel Hash Tree. A security protocol is proposed to publicly check the integrity of cloud files. This paper presents a dynamic Data Integrity verification protocol for cloud storage systems based on ACSL-based dynamic data integrity verification protocol. Because of the use of the ACSL data structure proposed in this paper, in addition to the basic function of checking the integrity, it can also efficiently perform dynamic operations such as updating and appending files, etc. At the same time, the asymmetric cryptosystem is used in DDIV to sign the key information in ACSL, so that any user other than the file owner can check the integrity of the cloud file after obtaining the public key of the file owner. Without the support of trusted third parties, DDIV effectively eliminates the performance bottleneck of the system compared with the existing protocol which supports public verification.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP333

【参考文献】