雲端儲存安全中支援動態資料的公開稽核技術之研究
學年 101
學期 1
出版(發表)日期 2012-08-01
作品名稱 雲端儲存安全中支援動態資料的公開稽核技術之研究
作品名稱(其他語言) Public Auditing and Data Dynamic for Storage Security in Cloud Computing
著者 黃仁俊
單位 淡江大學資訊工程學系
描述 計畫編號:NSC101-2221-E032-048
 研究期間:201208~201307
 研究經費:668,000
委託單位 行政院國家科學委員會
摘要 雲端計算提供低成本且具擴展性的資料處理環境給與日倶增的各式各樣資訊應用 與服務,其中尤其是外包儲存雲端計算服務是一個頗具發展性與可行性的服務模式,其提供一個成本相對低、具擴展、不受計算平台限制的儲存空間協助雲端客戶管理儲存資料。外包儲存雲端計算服務可以減輕雲端客戶儲存管理和維護資料檔案的負擔,但是當雲端客戶的資料都儲存在企業組織外部非完全可信任的雲端儲存伺服器中時,此重要的服務如果是易受攻擊或失敗,將可能造成客戶無法挽回的損失,這些安全威脅可能來自於以下三個原因:(1)雲端基礎架構無法避免會受到内部/外部的攻擊,進而可能會破壞資料的完整性;(2)存在許多誘因可能觸發雲端服務提供者對雲端客戶產生不忠實的舉動;(3)雲端客戶可能無法及時掌握儲存資料不當的更改,縱使這些錯誤起因於使用者的不當操作所導致。因此,“雲端儲存用戶端如何確信其儲存於雲端儲存伺服器的資料正確?"是外包儲存雲端計算服務中一個非常重要的議題。有一直接的解決方案是雲端客戶定期下載整個資料檢驗其正確性,然而這是不切實際的做法,基於傳統的加密技術中的赫序函數和數位簽章技術必須具有資料本體方能驗證其完整性,而客戶的資料非常的多,此驗證作法所造成對雲端客戶與儲存伺服端額外負擔可能遠超過整個雲端服務的效 益。因此在外包儲存雲端計算服務中需要一有效的稽核技術以檢查雲端儲存伺服器中資料完整性和可用性,安全稽核機制為一可以追蹤和分析許多系統運作的重要解決方案包 括存取資料、安全危害和應用程式等運作。本計畫規劃研究發展支援資料動態運作的稽 核技術,用以有效率地驗證儲存於非完全可信任雲端儲存伺服器資料的完整性。本計畫擬研發之外包儲存雲端計算服務的稽核技術預期將達到下列安全和效能目標:公開稽核、批次稽核、無區塊資料驗證、支援資料動態運作,隱私保護、有效力證據、可究責性、錯誤糾正和低計算與通訊成本,其中特別是公開稽核的特性將使雲端客戶無須額外付出太多的建置與運作成本,而其儲存資料仍受到一定程度的保護前提下,稽核儲存資料的工作可委由非完全可信任第三方執行。本計畫研究成果將有助於雲端儲存伺服端維 持其資料正確性並提升雲端客戶對外包儲存雲端計算服務的信賴進而願意採用此雲端計算服務功能,相信對推廣與應用雲端計算服務和培育雲端計算人才均有很大的助益,也契合政府積極推動雲端計算服務發展的重要施政目標。 Cloud computing provides a scalable environment for growing amounts of data and processes that work on various applications and services. Especially, the outsourced storage in clouds is a new profit growth point by providing a comparably low-cost, scalable, location-independent platform for managing clients’ data. The cloud storage service relieves the burden for storage management and maintenance. However, the data of the clients are stored in an uncertain storage pool outside the enterprises in the outsourced storage cloud service model. If such an important service is vulnerable to attacks or failures, it would bring irretrievable losses to the clients. These security risks come from the following three reasons: (1) the cloud infrastructures are still susceptible to internal/ external threats that can damage data integrity; (2) there exist various motivations for cloud service providers to behave unfaithfully towards the cloud users; (3) the data changes may not be timely known by the cloud users, even if these errors may result from the users’ own improper operations. Therefore, “how can a cloud storage client be assured that its data outsourced to a cloud storage service provider is kept intact?” is a very important issue for the outsourced storage in clouds. The trivial solution is to let the client download its whole data periodically, which is unfortunately not acceptable in practice. In addition, the traditional cryptographic technologies, based on hash functions and signature schemes, cannot support for data integrity verification without a local copy of data. Therefore, it is necessary for cloud service providers to offer an efficient audit service to check the integrity and availability of stored data. Security audit is an important solution enabling trace back and analysis of any activities including data accesses, security breaches, application activities, and so on. This project plans to devise a dynamic audit service for verifying the integrity of an untrusted and outsourced storage. We plan to propose an efficient auditing scheme for outsourced storage in clouds achieving the security and performance objectives: public auditability, batch auditing, blockless verification, dynamic operations, privacy preserving, accountability effective forensic, error correction and lightweight. The research results of this project will widely deploy the outsourced storage in cloud. This project on the promotion and application of cloud computing services has great help.
關鍵字 雲端計算; 資料完整性; 動態資料; 公開稽核; 儲存安全; Cloud Computing; Data Integrity; Data dynamic; Public auditing; Storage security
語言 zh_TW
相關連結

機構典藏連結 ( http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/103022 )

機構典藏連結