云存储中数据安全关键技术研究及系统实现

发布时间：2018-06-13 10:54

本文选题：云存储 + 数据冗余　；参考：《北京邮电大学》2013年硕士论文

【摘要】：随着云存储系统的发展和在复杂环境中的应用,它的数据安全性也越来越受到广泛的关注。一方面,节点崩溃或者外部入侵都有可能导致数据不完整；另一方面当数据不完整时,由于云服务提供商故意隐瞒或其它因素,用户无法及时获知这种变化。针对上述问题,本文进行深入研究,围绕如何检测数据完整性和数据不完整时如何保障数据可用性这两点,提出了一个安全存储系统方案。本文从数据可用性着手,研究首先集中在数据的机密性、数据的丢失恢复和数据的篡改恢复。结合对称加密技术和纠删码技术,本文提出了一个基于Tornado码的数据安全存储方案(DSBT)。方案采用引导密码解决传统对称数据加密中密钥难以管理和保存的问题；采用纠删码中的Tornado码设计数据冗余系统以解决数据丢失恢复问题；并通过带密钥的哈希使Tornado码具备纠错功能从而解决数据的篡改问题。在此基础上,论文继续开展对数据可取回性检测(POR)的研究。在经典的基于BLS短签名的POR算法基础上,引入可信日志,采用可信日志向用户提供检测结果,实现轻量级的第三方架构。最后结合DSBT方案,优化POR算法的计算效率,使其与文件大小无关,达到常数级的计算复杂度。根据上述方案,本文实现了一个基于Cassandra的安全云存储原型系统。同时测试显示,系统能提供较强的数据丢失恢复能力,有效抵抗拜占庭错误,在可取回性方面的检测能力也同样突出,同时还具有非常高的计算效率,尤其在面对大文件时。
[Abstract]:With the development of cloud storage system and its application in complex environment, its data security has been paid more and more attention. On the one hand, the node crash or external intrusion may lead to incomplete data; on the other hand, when the data is incomplete, users can not know the change in time due to the cloud service provider deliberately concealing or other factors. Aiming at the above problems, this paper deeply studies how to detect the data integrity and how to guarantee the data availability when the data is incomplete, and puts forward a secure storage system scheme. In this paper, we focus on the confidentiality of data, the restoration of data loss and the restoration of data tampering. Combined with symmetric encryption and erasure code, a secure storage scheme based on Tornado code is proposed in this paper. The scheme adopts bootstrap cipher to solve the problem that the key is difficult to manage and save in the traditional symmetric data encryption, and the tornado code in erasure code is used to design the data redundancy system to solve the problem of data loss and recovery. The tornado code has error correction function by hashing with key to solve the problem of data tampering. On this basis, the thesis continues to carry out the research on data availability detection (POR). Based on the classical POR algorithm based on BLS short signature, the trusted log is introduced, and the trusted log is used to provide the detection result to the user, and the lightweight third-party architecture is realized. Finally, combined with the DSBT scheme, the computational efficiency of the POR algorithm is optimized to make it independent of the file size and achieve the computational complexity of constant level. According to the above scheme, this paper implements a secure cloud storage prototype system based on Cassandra. The test also shows that the system can provide strong data loss recovery ability, effectively resist Byzantine errors, and has the same outstanding detection ability in retrievability, and also has a very high computational efficiency, especially in the face of large files.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP333;TP309

【参考文献】