云计算中外包存储数据完整性审计的研究

发布时间：2018-04-14 21:05

本文选题：云存储 + 数据完整性审计　；参考：《青岛大学》2017年硕士论文

【摘要】：云存储的灵活性和即用即付的存储服务方式,使其受到广泛欢迎。然而,存储在云端的数据可能会因为软/硬件故障或者人为失误等原因造成丢失或者损坏,因此,验证存储在云端数据的完整性十分必要。为了实现这个安全目的,人们提出了云存储数据完整性审计的概念。云存储数据完整性审计是一种能够帮助用户检查存储在云端数据完整性的有效安全机制。本文针对现有云存储数据完整性审计方案中的若干问题,提出了以下三个具有创新性质的方案:(1)提出了第一个具有私钥可恢复能力的共享数据云存储完整性检测方案。在该方案中,当一个群用户的私钥不可用时,可以通过群里的t个或者t个以上的用户帮助他恢复私钥。同时,设计了一个随机遮掩技术,用于确保参与成员私钥的安全性。用户也可验证被恢复私钥的正确性。(2)提出了一个新颖的共享云数据公开审计方案。与以往方案不同的是,在这个方案中,一旦群里有用户被撤销,则该用户就不能再访问属于这个群的共享数据。为了保护数据隐私和身份隐私,设计了一个新的随机遮掩技术。此外,该方案支持群动态(加入一个新的群用户或者撤销一个老的群用户)和批审计。(3)提出了一个支持轻量级认证器产生的公开云存储数据完整性审计方案,通过引入一个新的实体——认证器产生中心去帮助用户产生数据认证器。为了减少用户端的计算负担,将验证AGC产生的认证器正确性的工作交给云服务器来完成。此外,该方案可以保护数据隐私性。最后,在总结本文取得成果的同时,也对未来云存储安全领域需要进一步研究的方向进行展望。
[Abstract]:The flexibility of cloud storage and pay-as-you-go service make it popular.However data stored in the cloud may be lost or damaged due to software / hardware failure or human error. Therefore it is necessary to verify the integrity of data stored in the cloud.In order to achieve this security goal, people put forward the concept of cloud storage data integrity audit.Cloud storage data integrity audit is an effective security mechanism that can help users check the integrity of data stored in the cloud.Aiming at some problems in the existing cloud storage data integrity audit scheme, this paper proposes the following three innovative schemes: 1) propose the first shared data cloud storage integrity detection scheme with the ability of private key recoverability.In this scheme, when the private key of a group of users is not available, the private key can be recovered by means of t or more users in the group.At the same time, a random mask technique is designed to ensure the security of the private key of the participating member.Users can also verify the correctness of the recovered private key. 2) A novel public audit scheme for shared cloud data is proposed.In this scheme, once a user in the group is revoked, the user can no longer access the shared data belonging to the group.In order to protect data privacy and identity privacy, a new random masking technique is designed.In addition, the scheme supports group dynamics (adding a new group user or revoking an old group user) and batch auditing. It proposes a public cloud data integrity audit scheme that supports lightweight authenticators.A new entity-Authenticator Generation Center is introduced to help users generate data authenticators.In order to reduce the computational burden on the client, the verification of the correctness of the authenticator generated by AGC is left to the cloud server.In addition, the scheme can protect data privacy.Finally, after summarizing the achievements of this paper, the future research direction of cloud storage security field is prospected.
【学位授予单位】：青岛大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309;TP333

【参考文献】