研究生: |
陳之中 Chen, Chih-Chung |
---|---|
論文名稱: |
雲端聯盟之違約證明 Proof of Violation for Cloud Federation |
指導教授: |
黃冠寰
Hwang, Gwan-Hwan |
學位類別: |
碩士 Master |
系所名稱: |
資訊工程學系 Department of Computer Science and Information Engineering |
論文出版年: | 2016 |
畢業學年度: | 104 |
語文別: | 中文 |
論文頁數: | 36 |
中文關鍵詞: | 雲端聯盟 、違約證明 、即時稽核 |
DOI URL: | https://doi.org/10.6345/NTNU202203597 |
論文種類: | 學術論文 |
相關次數: | 點閱:118 下載:12 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
雲端聯盟(Cloud Federation)是聯合兩個或兩個以上服務提供者(Service Provider)組成之聯盟,在相同聯盟內的服務提供者會對其他服務提供者提出服務的請求,由所有提供服務之服務提供者以及使用者所組成之聯盟。
當使用者(Client)對服務提供者提出服務請求時,服務提供者會對其請求提供服務。根據使用者提出之服務請求,若無法完成,則轉發給其他服務提供者,由同個聯盟下其他的服務提供者,提供相對應之資料或服務,使用者僅需對單一服務提供者提出服務請求,不需要對應到其他服務提供者。
傳統上使用者對服務提供者提出請求,服務提供者會保留日誌檔,來記錄服務的過程,但日誌檔是不安全的。日誌檔的產生沒有經過密碼學的保護,也沒有雙方的確認,可能會遭受服務提供者竄改,使用者無法驗證日誌檔的正確性。當使用者提出服務請求,服務提供者將請求轉發給其他服務提供者,使用者無法得知服務提供者與其他服務提供者溝通之記錄,若發生問題則使用者無法得知是哪個環節出現問題,服務提供者無法提出可信的證明,來證明自己是正確的。
為了要證明違約,我們定義一個協定來規範服務提供者及使用者,我們稱為加密問責協定(Cryptographic Accountability Protocols),在本文中我們簡稱為CAP。我們要求服務提供者要保留每次的動作並留下雙方不可否認的證據,使用者需要留下最後一筆與服務提供者溝通的證據。若發生問題,可利用使用者手中證據來稽核[1]服務提供者,來確保整個系統的正確性。
我們先利用舊有的證明違約技術來實作[10],在實作的過程中會產生無法稽核的情況及將證明違約技術應用於雲端聯盟上會產生新的問題,我們提出新的架構應用於雲端聯盟上,來解決遇到的問題。
關鍵字:雲端聯盟、違約證明、即時稽核
[1]Kamara, Seny, and Kristin Lauter. “Cryptographic cloud storage,” Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2010. 136-149.
[2]“Google Drive,” https://www.google.com/intl/en/drive/.
[3]“Dropbox,” https://www.dropbox.com/.
[4]“OneDrive,” https://onedrive.live.com/about/en/
[5]“iCloud,” https://www.icloud.com/.
[6]“SugarSync,” https://www.sugarsync.com/.
[7]“Box,” https://www.box.com/.
[8]Raluca Ada Popa, Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang. “Enabling Security in Cloud Storage SLAs with CloudProof,” USENIX Annual Technical Conference. Vol. 242. 2011.
[9]Jun Feng, Yu Chen, Douglas Summerville, Wei-Shinn Ku, Zhou Su. “Enhancing cloud storage security against roll-back attacks with a new fair multi-party non-repudiation protocol,” Consumer Communications and Networking Conference (CCNC), 2011 IEEE. IEEE, 2011.
[10]Gwan-Hwan Hwang, Jenn-Zjone Peng, and Wei-Sian Huang. “A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices,” 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, 2013.
[11]Gwan-Hwan Hwang, and Yi-Ling Yuan. “Proof of violation for response time auditing in cloud systems,” The Journal of Supercomputing (2015): 1-12.
[12]Gwan-Hwan Hwang, Wei-Sian Huang, and Jenn-Zjone Peng. “Real-time proof of violation for cloud storage,” Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on. IEEE, 2014.
[13]Kremer, Steve, Olivier Markowitch, and Jianying Zhou. “An intensive survey of fair non-repudiation protocols,” Computer communications 25.17 (2002): 1606-1621.
[14]“台北市政府民政局” http://ca.gov.taipei/
[15]“中華民國醫師公會全國聯合會” http://www.tma.tw/stats/stater.asp
[16]Gwan-Hwan Hwang, and H.-F. Chen. “Efficient Real-time Auditing and Proof of Violation for Cloud Storage Systems,” in 9th IEEE International Conference on Cloud Computing, San Francisco, USA, 2016.
[17]Gwan-Hwan Hwang, Yi-Ling Yuan, and Chi Wu-Lee. “Cryptographic Accountability for Cloud-based Service-oriented Architecture Systems,”
Submitted to journal for publication (in revision)
[18]“Checkpoint,” http://blog.checkpoint.com/2016/06/07/facebook-maliciouschat/
[19]Kurze, Tobias, David Bermbach, Alexander Lenk, Marcel Kunze. “Cloud federation,” CLOUD COMPUTING 2011 (2011): 32-38.
[20]Chang-Ji Wang, Xi-Lei Xu, Dong-Yuan Shi, Wen-Long Lin. “An Efficient Cloud-Based Personal Health Records System Using Attribute-Based Encryption and Anonymous Multi-receiver Identity-Based Encryption,” P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on. IEEE, 2014.
[21]Andreas K. Triantafyllidis, Vassilis G. Koutkias, Ioanna Chouvarda, Nicos Maglaveras. “A pervasive health system integrating patient monitoring, status logging, and social sharing,” Biomedical and Health Informatics, IEEE Journal of 17.1 (2013): 30-37.
[22]Wan-Young Chung, Ee May Fong. “Seamless personal health information system in cloud computing,” Engineering in Medicine and Biology Society (EMBC), 2014 36th Annual International Conference of the IEEE. IEEE, 2014.
[23]Yeong-Tae Song, Sungchul Hong, and Jinie Pak. “Empowering patients using cloud based personal health record system,” Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2015 16th IEEE/ACIS International Conference on. IEEE, 2015.
[24]Fatma Zubaydi, Ayat Saleh, Fadi Aloul, Assim Sagahyroon. “Security of mobile health (mHealth) systems,” Bioinformatics and Bioengineering (BIBE), 2015 IEEE 15th International Conference on. IEEE, 2015.
[25]Wan, Au Thien, and Sriram Sankaranarayanan. “Development of a Health Information System in the Mobile Cloud Environment,” High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing (HPCC_EUC), 2013 IEEE 10th International Conference on. IEEE, 2013.
[26]Zhang, Xin, and Tingting Zhang. “Achieving scalability in a distributed electronic health record system,” Science and Information Conference (SAI), 2013. IEEE, 2013.
[27]Gwan-Hwan Hwang, Jenn-Zjone Peng, and Wei-Sian Huang. “A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on. IEEE, 2013.