基于隐式可信第三方的数据持有性证明算法
发布时间:2019-05-18 11:04
【摘要】:随着近年来云存储的发展,越来越多的企业与个人开始认识并使用云存储。由于云存储服务提供商不完全可信,云存储的安全性一直是各界关注的焦点,也成为云存储能否大力发展的关键因素。云存储安全主要包括机密性、完整性、可用性三个方面[1]。其中机密性指用户在云中的数据以密文的形式存储,非授权用户包括云存储服务提供商不得非法获取其明文;完整性指用户在云中的数据与其原始数据一致,未被非法篡改或删除,亦称云端完整持有用户数据;可用性指授权用户可以随时访问或取回自己存储在云中的数据。本论文对云存储中完整性检测算法——数据持有性证明(Provable of Data Possession,PDP)进行深入研究,围绕数据动态更新、引入隐式可信第三方代替用户进行持有性审计、减少客户端存文件开销这三大方面进行研究,目的在于最大限度减少用户在数据完整性检测过程的开销,增加PDP方案的实用性。论文分别从数据更新模型,完整性审计架构及存文件流程方面对现有PDP方案进行改进,提出了两种更加实用的方案——MF-PDP与UF-PDP,在保证系统安全性的前提下显著减少了客户端开销。最终,在分布式云存储系统中进行了方案实现,并测试方案性能。在支持云端数据动态更新方面,与现有研究关注数据的全动态更新不同,本论文从另一个角度出发,通过分析云存储中典型的数据更新模式,提出了以文件组为单位进行持有性审计的思想,并与基于RSA算法的同态认证元结合,形成多文件数据持有性证明(Multiple-File PDP,MF-PDP)方案。通过在一次挑战中挑战一组文件的持有性,MF-PDP可以大幅度减少审计过程的开销,解决了现有方案中由于引入复杂数据结构维护更新数据造成的审计开销大的缺陷。在引入可信第三方方面,针对现有方案中企业或机构作为第三方存在的难于部署、潜在用户隐私数据泄露的问题,本论文采用基于隐式可信第三方的审计架构,将可信硬件作为隐式持有性审计者,代替用户进行持有性审计,并引入显篡改日志,将审计结果以可信的方式呈现给用户,最大限度减少用户在线时间。针对客户端存文件开销大的问题,本论文基于经济理性云服务器端的假设,重新定义了 PDP方案的存文件流程,令云端生成文件的认证元,并通过完整的交互协议保证了方案的安全性。通过与基于RSA和PRF的同态认证元结合,形成近零用户开销的数据持有性证明(User-Free PDP,UF-PDP)方案。为了验证上述方案的可行性并测试方案性能,本文基于分布式云存储系统实现了 MF-PDP与UF-PDP。理论分析显示,MF-PDP与UF-PDP将审计过程开销由O(n)降至O(1),在此之上,UF-PDP将客户端的存文件计算开销由O(n)降至O(1)。实验结果表明,在保证安全性的前提下,MF-PDP将审计开销降至2秒以下,且不随文件个数增加而显著增长;当待存文件大小为1G时,UF-PDP将客户端的时间开销由原始PDP方案[2]的25479秒降至1秒。
[Abstract]:With the development of cloud storage in recent years, more and more enterprises and individuals have started to recognize and use cloud storage. Because the cloud storage service provider is not completely trusted, the security of cloud storage has been the focus of attention in all circles, and it is also the key factor in the development of cloud storage. Cloud storage security includes three aspects of confidentiality, integrity, availability[1]. in which the confidentiality means that the data of the user in the cloud is stored in the form of a cipher text, the non-authorized user including the cloud storage service provider must not illegally obtain its plain text; the integrity means that the data of the user in the cloud is consistent with its original data and is not tampered with or deleted illegally, It is also known that the cloud fully holds user data; availability means that the authorized user can access or retrieve data stored in the cloud at any time. In this paper, the integrity detection algorithm _ data holding proof (PDP) in the cloud storage is deeply researched, the data dynamic update is carried out, an implicit trusted third party is introduced to replace the user for holding the auditing, and the three aspects of the cost of the client-side storage file are reduced. The purpose of the invention is to minimize the cost of the user in the data integrity detection process and to increase the practicability of the PDP scheme. In this paper, two more practical solutions _ MF-PDP and UF-PDP are proposed to improve the security of the system. Finally, the scheme is implemented in the distributed cloud storage system, and the performance of the scheme is tested. in that aspect of support the dynamic update of the cloud data, in contrast to the full dynamic update of the existing research interest data, And combining with the homomorphic authentication element based on the RSA algorithm to form a Multiple-File PDP (MF-PDP) scheme. By challenging the holding of a set of files in one challenge, the MF-PDP can greatly reduce the overhead of the audit process, and solve the defect that the audit cost caused by the introduction of the complex data structure maintenance update data in the prior scheme is large. in that aspect of introducing a trusted third party, aiming at the problem that an enterprise or a mechanism exist in an existing scheme as a third-party and is difficult to deploy and the private data of a potential user is leaked, the thesis adopts an implicit trusted third-party-based audit framework, and the trusted hardware is used as an implicit hold-in auditor, Instead of holding an audit with a user and introducing a tamper-evident log, the audit results are presented to the user in a trusted manner, minimizing the user's online time. Aiming at the problem of the large file overhead of the client, the paper redefines the file-keeping process of the PDP scheme based on the assumption of the server-side of the economic reason, so that the authentication element of the file is generated in the cloud, and the security of the scheme is ensured through the complete interaction protocol. A user-free pdp (uf-pdp) scheme is formed by combining a homomorphic authentication element based on rsa and prf to form a near-zero user overhead. In order to verify the feasibility of the above scheme and to test the performance of the scheme, this paper realizes the MF-PDP and UF-PDP based on the distributed cloud storage system. The theoretical analysis shows that MF-PDP and UF-PDP reduce the audit process overhead from O (n) to O (1), on which, the UF-PDP reduces the cost of the client's storage file from O (n) to O (1). The experimental results show that, on the premise of ensuring the security, the MF-PDP reduces the audit overhead to less than 2 seconds, and does not increase significantly with the increase of the number of files; when the file size to be stored is 1G, the time overhead of the UF-PDP to the client is reduced from 25479 seconds of the original PDP scheme[2] to 1 second.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309;TP333
本文编号:2479942
[Abstract]:With the development of cloud storage in recent years, more and more enterprises and individuals have started to recognize and use cloud storage. Because the cloud storage service provider is not completely trusted, the security of cloud storage has been the focus of attention in all circles, and it is also the key factor in the development of cloud storage. Cloud storage security includes three aspects of confidentiality, integrity, availability[1]. in which the confidentiality means that the data of the user in the cloud is stored in the form of a cipher text, the non-authorized user including the cloud storage service provider must not illegally obtain its plain text; the integrity means that the data of the user in the cloud is consistent with its original data and is not tampered with or deleted illegally, It is also known that the cloud fully holds user data; availability means that the authorized user can access or retrieve data stored in the cloud at any time. In this paper, the integrity detection algorithm _ data holding proof (PDP) in the cloud storage is deeply researched, the data dynamic update is carried out, an implicit trusted third party is introduced to replace the user for holding the auditing, and the three aspects of the cost of the client-side storage file are reduced. The purpose of the invention is to minimize the cost of the user in the data integrity detection process and to increase the practicability of the PDP scheme. In this paper, two more practical solutions _ MF-PDP and UF-PDP are proposed to improve the security of the system. Finally, the scheme is implemented in the distributed cloud storage system, and the performance of the scheme is tested. in that aspect of support the dynamic update of the cloud data, in contrast to the full dynamic update of the existing research interest data, And combining with the homomorphic authentication element based on the RSA algorithm to form a Multiple-File PDP (MF-PDP) scheme. By challenging the holding of a set of files in one challenge, the MF-PDP can greatly reduce the overhead of the audit process, and solve the defect that the audit cost caused by the introduction of the complex data structure maintenance update data in the prior scheme is large. in that aspect of introducing a trusted third party, aiming at the problem that an enterprise or a mechanism exist in an existing scheme as a third-party and is difficult to deploy and the private data of a potential user is leaked, the thesis adopts an implicit trusted third-party-based audit framework, and the trusted hardware is used as an implicit hold-in auditor, Instead of holding an audit with a user and introducing a tamper-evident log, the audit results are presented to the user in a trusted manner, minimizing the user's online time. Aiming at the problem of the large file overhead of the client, the paper redefines the file-keeping process of the PDP scheme based on the assumption of the server-side of the economic reason, so that the authentication element of the file is generated in the cloud, and the security of the scheme is ensured through the complete interaction protocol. A user-free pdp (uf-pdp) scheme is formed by combining a homomorphic authentication element based on rsa and prf to form a near-zero user overhead. In order to verify the feasibility of the above scheme and to test the performance of the scheme, this paper realizes the MF-PDP and UF-PDP based on the distributed cloud storage system. The theoretical analysis shows that MF-PDP and UF-PDP reduce the audit process overhead from O (n) to O (1), on which, the UF-PDP reduces the cost of the client's storage file from O (n) to O (1). The experimental results show that, on the premise of ensuring the security, the MF-PDP reduces the audit overhead to less than 2 seconds, and does not increase significantly with the increase of the number of files; when the file size to be stored is 1G, the time overhead of the UF-PDP to the client is reduced from 25479 seconds of the original PDP scheme[2] to 1 second.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309;TP333
【相似文献】
相关期刊论文 前10条
1 沈炜,陈纯;基于条件可信第三方的不可否认协议[J];浙江大学学报(工学版);2004年01期
2 沈炜;基于离线条件可信第三方的挂号邮件协议[J];计算机工程;2004年07期
3 张福泰;;具有分布式半可信第三方的公平交换协议[J];计算机工程;2006年03期
4 ;我国提出《引入在线可信第三方的鉴别机制》提案[J];计算机安全;2010年02期
5 王彩芬,葛建华,屈劲,杨世勇;一个带半可信第三方的公平非否认交换协议[J];华中科技大学学报;2001年07期
6 任艳丽,张建中;一个不含可信第三方的多方不可否认协议[J];计算机工程与应用;2004年36期
7 陈更力;张青;;不可否认协议中的可信第三方[J];计算机与网络;2005年13期
8 任艳丽,张建中;一个含透明可信第三方的不可否认协议[J];计算机工程与应用;2005年05期
9 董涛;余昭平;刘振;;一个新的无可信第三方的多方不可否认协议[J];计算机工程与应用;2006年10期
10 孙玲芳;许金波;朱芸;;基于可信第三方的安全支付协议的设计与分析[J];计算机应用;2006年12期
相关会议论文 前3条
1 王远敏;汪学明;;一种改进的含离线可信第三方多方不可否认协议[A];逻辑学及其应用研究——第四届全国逻辑系统、智能科学与信息科学学术会议论文集[C];2008年
2 王岩;孙斌;;基于可信第三方的安全可问责云存储方案[A];第九届中国通信学会学术年会论文集[C];2012年
3 艾助雄;何大可;何敏;;一个网络游戏中虚拟物品的安全交易平台[A];2006中国西部青年通信学术会议论文集[C];2006年
相关博士学位论文 前1条
1 沈炜;用于公平交换的若干协议和规范的研究与应用[D];浙江大学;2003年
相关硕士学位论文 前10条
1 杨绿茵;基于隐式可信第三方的数据持有性证明算法[D];北京邮电大学;2016年
2 常思远;基于可信第三方的Android应用完整性验证模型[D];河北大学;2015年
3 李龙一佳;支持去重的动态数据安全审计云存储系统[D];北京理工大学;2015年
4 赵魏娟;基于可信第三方推荐的信誉机制模型研究[D];西安建筑科技大学;2013年
5 王岩;基于可信第三方的安全可问责云存储方案的研究与实现[D];北京邮电大学;2013年
6 李强;类离线可信第三方不可否认协议设计及分析[D];重庆大学;2014年
7 李升;云计算环境下的服务监管模式及其监管角色选择研究[D];合肥工业大学;2013年
8 任艳丽;关于不可否认协议中第三方的研究[D];陕西师范大学;2005年
9 宁春雨;基于可信第三方的数据净化研究[D];北京邮电大学;2013年
10 姚鹤龄;基于可信第三方的移动Agent系统的安全性设计与实现[D];山东大学;2005年
,本文编号:2479942
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2479942.html
