基于封闭环境的云存储安全方法研究

发布时间：2018-07-10 02:15

本文选题：云存储 + 数据安全　；参考：《河北大学》2017年硕士论文

【摘要】：云存储因其高效、便捷、海量存储的特点而颇受欢迎,然而云存储独特的环境使用户失去了对数据的绝对控制权,数据泄露事件层出不穷。为了保障数据的安全性,当前主流的解决办法是对数据进行加密。数据加密的位置分三种,首先是在客户端加密,在客户端加密可以充分保障用户数据的安全性,但是会对客户端造成巨大负担,且云服务商强大的计算能力得不到应用;其次是在云端加密,云端加密可以充分利用云服务提供商强大的计算能力,但用户数据有可能暴露给云服务提供商;还有些研究方案提出了第三方加密的思想,通过第三方服务器完成数据加密工作,仅仅将云提供商作为机械硬盘来使用。针对用户数据在云端加密不安全的问题,结合云环境虚拟化的特点,提出了一种基于封闭环境加密的云存储方案CB-CSS。通过虚拟机隔离技术构造封闭计算环境,改进RSA公钥加密算法使其无需重新产生大素数就能实现密钥变化,并通过SSL安全连接传输数据以及密钥,将数据在封闭计算环境中安全加密后再存储至分布式文件系统来保护用户数据的机密性,具有一点加密,多点安全存储的特点。封闭计算环境能阻止操作系统中不良应用以及云管理员的攻击,有效防范数据泄露。在开源云项目OpenStack上部署出来进行了性能测试,并和相关方案进行了安全性对比分析,实验结果表明,通过存储结构的改变,用户数据的机密性得到了提升,相较于其它在云端加密的云存储方案来说本方案所带来的性能损耗有所降低。
[Abstract]:Cloud storage is popular because of its high efficiency, convenience and mass storage. However, the unique environment of cloud storage makes users lose absolute control of data, and data disclosure events emerge in endlessly. In order to ensure the security of data, the current mainstream solution is to encrypt the data. The location of data encryption is divided into three types. Firstly, encryption in the client can fully protect the security of user data, but it will create a huge burden on the client, and the powerful computing power of cloud service provider can not be applied. Secondly, in cloud encryption, cloud encryption can make full use of the powerful computing power of cloud service provider, but user data may be exposed to cloud service provider. Data encryption is done through third-party servers, only cloud providers are used as mechanical hard drives. In order to solve the problem of user data encryption in the cloud, a cloud storage scheme CB-CSS based on closed environment encryption is proposed, which combines the characteristics of cloud environment virtualization. The closed computing environment is constructed by the isolation technology of virtual machine, and the RSA public key encryption algorithm is improved so that it can realize the key change without reproducing a large prime number, and transmit the data and key safely through SSL. The data is encrypted in the closed computing environment and stored in the distributed file system to protect the confidentiality of the user data. It has the characteristics of a little encryption and multi-point secure storage. The closed computing environment can prevent the bad application in the operating system and the attack of the cloud administrator, and prevent the data leakage effectively. The performance test is carried out on OpenStack, an open source cloud project, and the security analysis is carried out. The experimental results show that the confidentiality of user data is improved by changing the storage structure. Compared with other cloud storage schemes in cloud encryption, the performance loss caused by this scheme is reduced.
【学位授予单位】：河北大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP333;TP309

【参考文献】