云计算中用户数据隐私保护技术研究
发布时间:2019-01-02 18:02
【摘要】:云计算是从并行计算、网格计算、分布式计算等传统模式发展而成的一种新型数据计算与共享模式,其特点是计算高效、性价比高、使用便捷等。因为云计算的这些优点,越来越多的用户将自己本地主机的数据上传到云端,以享受资源的快捷共享和高效计算。但是云计算带给用户高效、便利的服务的同时,也将数据安全性问题一并带给了用户,如何保障数据安全成为了云计算发展的瓶颈。隐私保护技术是保障数据安全的核心技术之一,通过对上传数据加密、对云端过期数据确定性删除以及在加密状态下对数据检索等方法来保障数据的安全。传统的隐私保护技术存在着各式各样问题。如:条件代理重加密方案中存在对条件的保护不完善的问题;云数据密文检索方案中存在较低的检索准确率和检索容错率不高的问题;过期数据确定性删除方案中,存在缺乏对存储密钥的节点进行信任值评估的问题。本文针对传统隐私保护技术存在的上述问题,从条件代理加密方案、密文检索方案和过期数据确定性删除方案三方面进行了深入研究并提出相应的创新方案,主要内容概括如下。1.云计算中传统的条件代理重加密方案存在对设定的条件保护不足,容易被攻击者获得条件的内容从而猜测数据拥有者身份信息,继而猜测出密钥的具体信息造成隐私数据泄露的问题。本文针对上述问题在基于身份的代理重加密方案基础上,利用DNA编码对条件进行加密,隐匿条件信息,使得攻击者无法通过条件获知数据拥有者身份信息。本文通过不可区分选择明文攻击随机预言机模型证明提出的方案在DBDH复杂性问题下是安全的。2.云计算中传统密文检索方案存在检索效率不高,容错率低等问题。本文针对上述问题提出一种基于双陷门的密文检索方案,首先构造双索引结构来支持多关键词检索和模糊检索的并行操作,然后引入Huffman编码树和DFSC改良索引结构,提高检索容错率和减小索引存储空间,最后使用TF-IDF规则隐藏关键词词频。本文从索引、陷门和检索过程三个方面对提出方案进行安全分析,证明了其具有安全性,并通过实验证明了提出方案能够有效地提高检索容错率和减小索引存储空间。3.云计算中传统过期数据确定性删除方案存在缺乏对分布式哈希散列表(Distributed Hash Table,DHT)节点进行信任值评估的问题,若密钥分量存储在不可信或不诚实的DHT节点上,则极易导致密钥分量被窃取,从而导致密钥被恶意恢复,继而导致隐私数据泄露。本文针对上述问题提出一种基于信任值评估的数据确定性删除方案,通过对用于存储密钥分量的DHT节点的细粒度信任值评估,使用户能够选择信任值较高的节点存储密钥分量。本方案经实验证明能够有效的提高获取密钥分量的成功率。
[Abstract]:Cloud computing is a new data computing and sharing model which is developed from traditional models such as parallel computing grid computing and distributed computing. It is characterized by high computing efficiency high cost performance and convenient use. Because of these advantages of cloud computing, more and more users upload their local host data to the cloud to enjoy the rapid sharing of resources and efficient computing. However, cloud computing brings users efficient and convenient services, but also brings data security issues to users. How to ensure data security has become the bottleneck of cloud computing development. Privacy protection technology is one of the core technologies to ensure data security. The security of data is ensured by encrypting the uploaded data, deleting the cloud expired data determinedly, and retrieving the data in the encrypted state. There are various problems in traditional privacy protection technology. For example, the condition protection is not perfect in the conditional agent reencryption scheme, the retrieval accuracy is low and the fault tolerance is not high in the cloud data ciphertext retrieval scheme. In the scheme of deterministic deletion of expired data, there is a lack of evaluating the trust value of the node that stores the key. Aiming at the above problems existing in the traditional privacy protection technology, this paper makes a thorough study on the conditional agent encryption scheme, the ciphertext retrieval scheme and the deterministic deletion scheme of expired data, and puts forward corresponding innovative schemes. The main contents are summarized as follows. 1. In cloud computing, the traditional conditional agent reencryption scheme has insufficient protection of the set conditions, so it is easy for an attacker to obtain the content of the condition and guess the identity of the data owner. Then guess the key of the specific information caused by the problem of privacy data disclosure. Based on the identity-based proxy reencryption scheme, this paper uses DNA encoding to encrypt the condition and conceal the information of the condition, which makes the attacker unable to know the identity information of the data owner through the condition. In this paper, it is proved that the proposed scheme is secure under the DBDH complexity problem by using the indistinguishable plaintext attack random oracle model. 2. Traditional ciphertext retrieval schemes in cloud computing have some problems, such as low retrieval efficiency and low fault tolerance. In this paper, a ciphertext retrieval scheme based on double trapdoor is proposed. Firstly, a double-index structure is constructed to support the parallel operations of multi-keyword retrieval and fuzzy retrieval, then Huffman coding tree and DFSC improved index structure are introduced. Finally, TF-IDF rules are used to hide keyword frequency. This paper analyzes the security of the proposed scheme from three aspects: index, trapdoor and retrieval process, and proves that the proposed scheme is secure. The experiments show that the proposed scheme can effectively improve the fault-tolerant rate of retrieval and reduce the storage space of the index. In the traditional deterministic deletion scheme of expired data in cloud computing, there is a lack of trust evaluation for distributed hash (Distributed Hash Table,DHT) nodes, if the key components are stored on dishonest or untrusted DHT nodes. It is easy to cause the key component to be stolen, which leads to the malicious recovery of the key and the disclosure of privacy data. In this paper, a data deterministic deletion scheme based on the evaluation of trust value is proposed. By evaluating the fine grained trust value of the DHT node used to store the key component, the user can select the node with higher trust value to store the key component. Experiments show that this scheme can effectively improve the success rate of obtaining key components.
【学位授予单位】:山东师范大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309
本文编号:2398802
[Abstract]:Cloud computing is a new data computing and sharing model which is developed from traditional models such as parallel computing grid computing and distributed computing. It is characterized by high computing efficiency high cost performance and convenient use. Because of these advantages of cloud computing, more and more users upload their local host data to the cloud to enjoy the rapid sharing of resources and efficient computing. However, cloud computing brings users efficient and convenient services, but also brings data security issues to users. How to ensure data security has become the bottleneck of cloud computing development. Privacy protection technology is one of the core technologies to ensure data security. The security of data is ensured by encrypting the uploaded data, deleting the cloud expired data determinedly, and retrieving the data in the encrypted state. There are various problems in traditional privacy protection technology. For example, the condition protection is not perfect in the conditional agent reencryption scheme, the retrieval accuracy is low and the fault tolerance is not high in the cloud data ciphertext retrieval scheme. In the scheme of deterministic deletion of expired data, there is a lack of evaluating the trust value of the node that stores the key. Aiming at the above problems existing in the traditional privacy protection technology, this paper makes a thorough study on the conditional agent encryption scheme, the ciphertext retrieval scheme and the deterministic deletion scheme of expired data, and puts forward corresponding innovative schemes. The main contents are summarized as follows. 1. In cloud computing, the traditional conditional agent reencryption scheme has insufficient protection of the set conditions, so it is easy for an attacker to obtain the content of the condition and guess the identity of the data owner. Then guess the key of the specific information caused by the problem of privacy data disclosure. Based on the identity-based proxy reencryption scheme, this paper uses DNA encoding to encrypt the condition and conceal the information of the condition, which makes the attacker unable to know the identity information of the data owner through the condition. In this paper, it is proved that the proposed scheme is secure under the DBDH complexity problem by using the indistinguishable plaintext attack random oracle model. 2. Traditional ciphertext retrieval schemes in cloud computing have some problems, such as low retrieval efficiency and low fault tolerance. In this paper, a ciphertext retrieval scheme based on double trapdoor is proposed. Firstly, a double-index structure is constructed to support the parallel operations of multi-keyword retrieval and fuzzy retrieval, then Huffman coding tree and DFSC improved index structure are introduced. Finally, TF-IDF rules are used to hide keyword frequency. This paper analyzes the security of the proposed scheme from three aspects: index, trapdoor and retrieval process, and proves that the proposed scheme is secure. The experiments show that the proposed scheme can effectively improve the fault-tolerant rate of retrieval and reduce the storage space of the index. In the traditional deterministic deletion scheme of expired data in cloud computing, there is a lack of trust evaluation for distributed hash (Distributed Hash Table,DHT) nodes, if the key components are stored on dishonest or untrusted DHT nodes. It is easy to cause the key component to be stolen, which leads to the malicious recovery of the key and the disclosure of privacy data. In this paper, a data deterministic deletion scheme based on the evaluation of trust value is proposed. By evaluating the fine grained trust value of the DHT node used to store the key component, the user can select the node with higher trust value to store the key component. Experiments show that this scheme can effectively improve the success rate of obtaining key components.
【学位授予单位】:山东师范大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309
【参考文献】
相关期刊论文 前10条
1 王栋;熊金波;张晓颖;;面向云数据安全自毁的分布式哈希表网络节点信任评估机制[J];计算机应用;2016年10期
2 熊金波;李凤华;王彦超;马建峰;姚志强;;基于密码学的云数据确定性删除研究进展[J];通信学报;2016年08期
3 张坤;杨超;马建峰;张俊伟;;基于密文采样分片的云端数据确定性删除方法[J];通信学报;2015年11期
4 李晋国;田秀霞;周傲英;;面向DaaS保护隐私的模糊关键字查询[J];计算机学报;2016年02期
5 谭镇林;张薇;;适用于多方云计算的同态代理重加密方案[J];小型微型计算机系统;2015年08期
6 谭霜;贾焰;韩伟红;;云存储中的数据完整性证明研究及进展[J];计算机学报;2015年01期
7 冯贵兰;谭良;;基于信任值的云存储数据确定性删除方案[J];计算机科学;2014年06期
8 潘峰;葛运龙;张倩;申军伟;;基于身份的条件型广播代理重加密方案[J];计算机应用;2014年04期
9 翟学伟;;信任的本质及其文化[J];社会;2014年01期
10 熊金波;姚志强;马建峰;李凤华;刘西蒙;;面向网络内容隐私的基于身份加密的安全自毁方案[J];计算机学报;2014年01期
相关博士学位论文 前1条
1 周德华;代理重加密体制的研究[D];上海交通大学;2013年
相关硕士学位论文 前1条
1 苏弘逸;云计算数据隐私保护方法的研究[D];南京邮电大学;2012年
,本文编号:2398802
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2398802.html
