面向云存储的用户数据安全机制研究
发布时间:2019-06-14 14:21
【摘要】:云计算环境依赖云存储系统为用户提供数据快速存储、检索等服务,用户的海量数据存储于云存储系统中,其数据的安全至关重要。近年来,云存储系统中大量泄密事件的发生表明,针对云存储的攻击越来越多,直接威胁到用户的数据安全。数据安全问题成为目前云存储发展所面临的重要问题之一。为了满足用户在使用云存储服务时对其重要数据的安全保护,必须增强云存储系统中面向用户数据安全的保护机制。通过设计数据的安全保护机制,研究机制中的关键技术,保证了用户的数据安全,满足了用户的服务需求,从而提升了整个云存储的服务质量。 本文通过研究和分析云存储环境下用户数据所面临的安全问题,建立了面向云存储用户的数据安全机制,研究了数据安全机制中的两项关键技术,,保证了用户数据的机密性和完整性。并通过对CloudSim云仿真平台的扩展构建,对数据安全机制进行了实验测试。本文主要贡献如下: 1.针对云存储环境下用户数据的安全问题,设计了一种面向用户的数据安全机制,提出了数据安全保护的机密性和完整性两项关键技术。针对云环境服务的特征,给出了数据安全服务访问流程,具体诠释了对用户数据安全的保护过程; 2.提出一种基于MDS矩阵的云数据机密性保护方法。对云存储服务中用户数据的机密性进行了研究,采用MDS矩阵的“半可恢复”这一特性,设计了一种秘密分散存储方案,并从理论上证明了方案的安全性;提出了一个高效的MDS矩阵构造算法,提高了方案的效率,保证了整个方案的实用性; 3.提出一种基于双线性对的云数据完整性验证方法。设计了一种基于双线性对的云数据完整性验证算法,该方案既不需要在本地保存数据的备份,也不需要对整个外包的文件进行计算,便可以在不泄漏用户隐私信息为前提下,对用户访问提供无限次的完整性验证; 4.采用CloudSim云计算仿真工具对数据安全机制进行实验验证。对CloudSim进行扩展,以实现面向云存储用户的数据安全机制,并在扩展的CloudSim平台上对安全机制进行实验模拟和比较分析。仿真实验表明,本文提出的数据安全机制对云用户数据存取效率影响小,可用性好。
[Abstract]:Cloud computing environment relies on cloud storage system to provide users with fast data storage, retrieval and other services. The massive data of users is stored in cloud storage system, and the security of its data is very important. In recent years, the occurrence of a large number of leak events in cloud storage systems shows that there are more and more attacks on cloud storage, which directly threaten the data security of users. Data security has become one of the important problems in the development of cloud storage. In order to meet the security protection of important data when users use cloud storage service, it is necessary to enhance the protection mechanism of user-oriented data security in cloud storage system. By designing the security protection mechanism of data, the key technologies in the mechanism are studied to ensure the data security of users and meet the service needs of users, thus improving the quality of service of the whole cloud storage. In this paper, by studying and analyzing the security problems of user data in cloud storage environment, a data security mechanism for cloud storage users is established, and two key technologies in data security mechanism are studied to ensure the confidentiality and integrity of user data. Through the extended construction of CloudSim cloud simulation platform, the data security mechanism is tested. The main contributions of this paper are as follows: 1. In order to solve the problem of user data security in cloud storage environment, a user-oriented data security mechanism is designed, and two key technologies of data security protection, confidentiality and integrity, are proposed. According to the characteristics of cloud environment service, the access flow of data security service is given, and the protection process of user data security is explained concretely. 2. A method of cloud data confidentiality protection based on MDS matrix is proposed. The confidentiality of user data in cloud storage service is studied. Based on the "semi-recoverable" characteristic of MDS matrix, a secret decentralized storage scheme is designed, and the security of the scheme is proved theoretically. An efficient MDS matrix construction algorithm is proposed, which improves the efficiency of the scheme and ensures the practicability of the whole scheme. A cloud data integrity verification method based on bilinear pairs is proposed. In this paper, a bilinear pair based cloud data integrity verification algorithm is designed. The scheme does not need to save the backup of the data locally, nor does it need to calculate the whole outsourced file, so it can provide unlimited integrity verification for user access without leaking user privacy information. CloudSim cloud computing simulation tool is used to verify the data security mechanism. The CloudSim is extended to realize the data security mechanism for cloud storage users, and the security mechanism is simulated and compared on the extended CloudSim platform. The simulation results show that the data security mechanism proposed in this paper has little effect on the data access efficiency of cloud users and has good availability.
【学位授予单位】:解放军信息工程大学
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP309.2;TP333
本文编号:2499454
[Abstract]:Cloud computing environment relies on cloud storage system to provide users with fast data storage, retrieval and other services. The massive data of users is stored in cloud storage system, and the security of its data is very important. In recent years, the occurrence of a large number of leak events in cloud storage systems shows that there are more and more attacks on cloud storage, which directly threaten the data security of users. Data security has become one of the important problems in the development of cloud storage. In order to meet the security protection of important data when users use cloud storage service, it is necessary to enhance the protection mechanism of user-oriented data security in cloud storage system. By designing the security protection mechanism of data, the key technologies in the mechanism are studied to ensure the data security of users and meet the service needs of users, thus improving the quality of service of the whole cloud storage. In this paper, by studying and analyzing the security problems of user data in cloud storage environment, a data security mechanism for cloud storage users is established, and two key technologies in data security mechanism are studied to ensure the confidentiality and integrity of user data. Through the extended construction of CloudSim cloud simulation platform, the data security mechanism is tested. The main contributions of this paper are as follows: 1. In order to solve the problem of user data security in cloud storage environment, a user-oriented data security mechanism is designed, and two key technologies of data security protection, confidentiality and integrity, are proposed. According to the characteristics of cloud environment service, the access flow of data security service is given, and the protection process of user data security is explained concretely. 2. A method of cloud data confidentiality protection based on MDS matrix is proposed. The confidentiality of user data in cloud storage service is studied. Based on the "semi-recoverable" characteristic of MDS matrix, a secret decentralized storage scheme is designed, and the security of the scheme is proved theoretically. An efficient MDS matrix construction algorithm is proposed, which improves the efficiency of the scheme and ensures the practicability of the whole scheme. A cloud data integrity verification method based on bilinear pairs is proposed. In this paper, a bilinear pair based cloud data integrity verification algorithm is designed. The scheme does not need to save the backup of the data locally, nor does it need to calculate the whole outsourced file, so it can provide unlimited integrity verification for user access without leaking user privacy information. CloudSim cloud computing simulation tool is used to verify the data security mechanism. The CloudSim is extended to realize the data security mechanism for cloud storage users, and the security mechanism is simulated and compared on the extended CloudSim platform. The simulation results show that the data security mechanism proposed in this paper has little effect on the data access efficiency of cloud users and has good availability.
【学位授予单位】:解放军信息工程大学
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP309.2;TP333
【参考文献】
相关期刊论文 前1条
1 郝斐;王雷;荆继武;常建国;;云存储安全增强系统的设计与实现[J];信息网络安全;2012年03期
本文编号:2499454
本文链接:https://www.wllwen.com/kejilunwen/jisuanjikexuelunwen/2499454.html
