云存储中的安全问题研究及应用

【作者】 刘雪；

【导师】 张键红；

【作者基本信息】 北方工业大学 ， 应用数学， 2012， 硕士

【摘要】 近年来,在云计算这一新兴技术的背景下,基于海量数据的云存储服务已经成为各界人士关注的重点。同样,人们对于这一新的存储模式的安全问题也同样关注。本文在前人研究的基础上,对云存储中的安全问题进行深入探讨并对某些安全问题给出相应的解决方案。本文主要进行了如下三个方面的工作：1.针对云存储中数据的恢复问题,我们提出基于秘密分享的数据存储和恢复方案,使用该方案的客户不用在其本地计算机中保存任何信息,就可以安全有效地从存储服务提供商那里提取所需的数据。由于该方案的公开可验证性,在数据恢复阶段,每一个服务器都可以验证它的合作者所提供的那份数据的正确性,从而可以防止服务器的欺骗。2.对于云存储中数据的完整性验证,我们没有采用传统的MAC验证方法,而是基于RSA安全假设,提出了一种无需保留原始文件的数据完整性验证方案。该方案中,客户只要在本地保留其私钥sk就可以达到对数据的完整性验证,这样可以真正地减轻用户的存储负担,并且减少通信中的数据流量。同时,用户还可授权可信第三方TPA代替其进行验证。3.我们基于离线TTP的公平交换技术,来阻止在数据交换过程中客户和服务器之间的欺骗,并且展示了在客户或者服务器产生不合法行为的情况下,TTP如何进行事后追踪,从而保证双方的利益,实现真正的公平。对于本文所述的数据恢复、完整性验证、数据安全交换问题,我们不仅给出了相应的解决方案,还运用密码学上的协议分析方法,对每一种方案的可行性及安全性进行理论上的证明,从而,确保这些方案能够在实际中得以应用。更多还原

【Abstract】 Recently, in the set of cloud computing as an emerging technology, cloud storage service based on huge amounts of data has become the focus of people from all fields of life. At the same time, the security issues of this new storage model is obtaining people’s attention. In this paper, combined with previous studies, we make a further discussion of the security issues in cloud storage. And also we give the solutions of some security issues. Here, we mainly make the following three works:Firstly, for the retrieval of data in this storage system, we propose a storage and retrieval scheme based on secret sharing. Users of this scheme do not need to store any information, then data can be extracted from the storage service provider safely and efficiently. Due to the public verification, every server can verify the correctness of its partners’ share in retrieval phase. So, this can prevent the cheat of the cooperative servers in retrieve phase.Secondly, about the data integrity verification in cloud storage, we didn’t utilize the traditional MAC authentication methods. Based on the RSA assumption, we put forward an integrity verification scheme in which the user does not need to store their original data in local PC. Users can achieve the integrity verification as long as they retain their private key locally,’[’his actually relieves the user’s storage burden and reduces the data traffic in the communication. At the same time, a trusted third party TPA authorized by the user can check data integrity in cloud instead of his/her.Thirdly, we apply a formula based on offline TTP fair exchange technology to prevent deception between client and server in the process of data exchange. And it shows the TTP how to execute later follow-ups in the case that the client or the server produces an unlawful behavior.With regard to the three security issues raised in this paper:data retrieval、integrity check、data exchange, not only do we give the solutions, but also we use analysis method in cryptographic protocol to demonstrate the feasibility and safety of each program. Thus it ensures that these schemes can be applied in practice.更多还原