【作者】 谭鹏许；

【导师】 陈越；

【作者基本信息】 解放军信息工程大学 ， 计算机应用技术， 2013， 博士

【摘要】 云计算已经得到广泛的关注,并且发展迅速。以数据中心网络为基础的分布式存储是构建云计算的物理实体。但是由于云计算环境下分布式存储的开放性带来的安全隐患,以及其数据可靠性的制约,使如何实现在数据可容错的过程中保证数据的安全性成为亟待解决的问题。本文研究了云计算环境下安全分布式存储架构与容错技术,主要内容和贡献如下。1.基于分层源地址验证技术的数据中心网络安全架构本文提出一种基于分层源地址验证的数据中心网络安全架构,设计了一种可验证源地址生成方法。数据中心网络中的服务器在发送数据时必须使用这种可验证地址作为源地址,在数据发送过程中,该地址将会被验证,确保每台服务器都无法仿冒其他服务器进行数据传输,而且从互联网通过开放端口传入数据中心内部的数据在没有被分配可验证地址的情况下无法在数据中心内部进行转发。为了保证验证的高效性,在验证过程中引入了分层验证和流认证的思想,在数据中心内部使用分层验证,而在数据中心间使用流认证。该架构的使用,可以帮助系统发现不正常的数据传输,过滤非法主机在网络内的数据传输,并定位数据中心内部可能的攻击者,防范直接利用互联网上的主机攻击系统获取数据。实验结果表明基于源地址验证的数据中心网络安全架构可以在不影响数据传输的情况下实现对数据包源地址的验证,其已经具备了实用价值,能够解决网络中利用伪造地址对数据网络中心进行攻击的问题。2.基于广播加密思想的安全再生码本文提出了一种将广播加密模型与再生码模型相结合的安全再生码——FCBE (Fault-tolerant Code Based on Broadcast Encryption,FCBE)。在FCBE模型构建过程中,借鉴了广播加密的思想,将编码存储及数据恢复的过程归结为一个广播过程,在数据存入系统时,由系统为其选择一个安全服务器的集合作为容错服务器。当存储服务器失效时,只有系统选定的容错服务器才能够实现数据恢复,而其他服务器即使截获了发送给容错服务器的数据块,也无法恢复原始数据。安全性分析证明了FCBE能够实现适应性安全,实验结果表明,其引入安全要素所造成的带宽占用是可以接受的,不会对整个数据中心网络的数据传输造成压力。3.基于门限机制的安全再生码本文提出了两种基于门限机制的安全再生码,其核心思想是在再生码模型中引入可靠第三方密钥服务器,用户将数据存放于数据中心时从编码矩阵中选取部分秘密,并将秘密分享给第三方密钥服务器,当需要对失效节点中的数据进行恢复或者是其他数据使用者下载数据时,需要经过第三方密钥服务器的验证,通过验证后才能够从中获取编码矩阵的秘密,进而构造解码矩阵恢复失效数据或下载原始数据。基于此思想本文提出了两种安全再生码SRCF (Secure Regenerating Code for Fault-tolerant, SRCF)和SRCS(Secure Regenerating code with Semi-adaptive, SRCS)。安全性分析证明了SRCF可以实现选择明文安全,而SRCS可以实现部分适应性攻击安全；实验结果表明,SRCF和SRCS引入安全要素所造成的带宽占用不大,不会对整个数据中心网络的数据传输造成压力。4.基于流水线思想的编码数据恢复模式本文提出了一种基于流水线思想的数据恢复模式。该模式借鉴了工业生产中流水线生产的思想,将待恢复服务器看作流水线上的产品,将存储服务器看作流水线工人,完成数据恢复的服务器即为生产完毕的产品。利用该模式可以进一步的降低数据恢复时所占用的带宽,从而减小引入安全要素所增加的带宽消耗。通过理论分析证明了该模式不会对数据恢复的正确性造成影响,且其可以减小带宽消耗。更多还原

【Abstract】 Nowadays, cloud computing has gotten extensive concern and rapid development. The distributed storage built on data center network is one of the necessary infrastructure of the cloud computing. However, the openness of distributed storage in cloud computing results in security risks and the data reliability is one of the constraints of cloud applications. Therefore, it is a significant problem that how to guarantee data security during the process of data reliability protection. This paper studies the secure distributed storage architecture of cloud computing with a secure fault-tolerant technology. Its main content and contributions are as follows.1. A secure architechture of the data centre network based on the hierarchical source address validation technique.A secure architecture of the data center network based on the hierarchical source address validation technique is proposed in this paper. A hierarchical source address which can be validated is designed. All servers in the data center must use this address as the source address when they send data packets to the network. Then, the address will be validated during the data transmission. This can ensure that no server can fake other servers to send data and the server which connects to the data center network without a hierarchical source address can’t transmit data in the network. In order to achieve efficient validation, the hierarchical validation and stream authentication are used in the architecture. The hierarchical validation is used inner the data center and the stream authentication is used inter the data centers. By using this architecture, the system can detect abnormal data transmission, filter the data packets transmitted by the illegal servers, and locate the potential attackers within the data center. The experimental result shows that this technique can validate the source addresses of data packets with a low cost.2. A secure regenerating code based on the broadcast encryptionA secure regenerating code called fault-tolerant Code Based on Broadcast Encryption (FCBE) is proposed. The encoding process of FCBE is transformed into a broadcast process. When data is stored into the system, a set of secure servers will be chosen for the fault-tolerance. When the storage server fails, only these chosen servers can regenerate the data and others cannot do so. It is proved that FCBE is adaptively secure. The experimental results show that FCBE can guarantee data security during the data regenerating process and the traffic bandwidth resulted from the secure validation is acceptable.3. A secure regenerating code based on the threshold schemeTwo secure regenerating codes based on the threshold scheme are proposed. The main idea is to introduce a key management server which is a trusted third party into the model of regenerating codes. When the owner stores data into the system, he will choose a secret from the encoding matrix and share the secret with the key management server. When the failed nodes regenerate data or other users download data from the storage servers, they need to provide security proof to the key management server. If and only if the security proof is validated by the key management server, they can get the secret from it and construct the decoding matrix to regenerate data. Then, based on this idea, the Secure Regenerating Code for Fault-tolerant (SRCF) and Secure Regenerating code with Semi-adaptive (SRCS) are designed. It is proved that the SRCF is chosen plaintext secure and the SRCS is semi-adaptive secure. The experimental results show that the traffic bandwidth resulted from the secure validation in SRCF and SRCS is acceptable, and it puts no much pressure on the data center transmission bandwidth.4. Coded data regeneration model based on the assembly lineA data regeneration model based on the assembly line is proposed. The model adopts the idea of industrial production assembly line. It treats the regenerating server as the semi-manufactured product, the storage server as the worker and the server which has finished regeneration as the finished product. By using this model, the bandwidth used in the data regeneration will be reduced. Theoretical analysis shows that this model can regenerate data correctly and indeed reduce the bandwidth used in the data regeneration.更多还原