研究生: |
林裕偉 Yu-Wei Lin |
---|---|
論文名稱: |
以多鏈結雜湊於證明違約中達成有效率的證據收集 Efficient Attestation Collection in Proof of Violation with Multiple Chains of Hash |
指導教授: |
黃冠寰
Hwang, Gwan-Hwan |
學位類別: |
碩士 Master |
系所名稱: |
資訊工程學系 Department of Computer Science and Information Engineering |
論文出版年: | 2014 |
畢業學年度: | 102 |
語文別: | 中文 |
論文頁數: | 32 |
中文關鍵詞: | 雲端儲存 、雲端安全 、不可否認性 、證明違約 、服務階層協定 |
英文關鍵詞: | Cloud Storage, Cloud Security, nonrepudiation, proof of violation, SLA, service-level agreement |
論文種類: | 學術論文 |
相關次數: | 點閱:173 下載:12 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
在雲端儲存空間中,對於使用者與服務提供者之間保持雙方不可否認性是非常重要的。根據證明違約(POV),可以讓服務提供者證明自己是無辜的以及讓使用者證明自己沒有過失,證明方法是根據使用者附上電子簽章的請求以及服務提供者維護資料在一個明確的狀態雙方所留下來的證據。使用者每次請求都會和服務提供者交換證據。這些證據是被單一鏈結雜湊所串連起來的,所以客戶端裝置可以只儲存最後一個證據,而且裡面包含著最後一個鏈結雜湊。服務提供者保留所有的證據以供稽核。
C&L scheme在不需要廣播最後一個證據或者保留證據的情況下達成了時段性證明違約,然而儘管存取動作是對同一帳戶下的不同檔案它仍然無法支援同步存取,因為所有證據都必須串聯成單一鏈結雜湊。我們解決C&L scheme中的這個問題,藉由應用多鏈結雜湊來達成檔案的同步存取。
A POV scheme enables a user or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. These proofs are based on attestations, which are signed messages that bind the users to the requests they make and the service provider to maintaining the data in a certain state. Users and the service provider exchange attestations for every request. These attestations are chain hashed so that the client device of the user only has to store the last attestation it received, which contains the last chain hash. The service provider keeps all the attestations, so that they can be used when auditing (or proving) is required.
While the C&L scheme can achieve epoch-based POV without the need for client devices to broadcast the latest attestation or keep all the attestations, it cannot support concurrent accesses even though these operations access different files because all the server-side attestations need to be combined into a single chain. We solve this problem by employing multiple chains of hash to provide concurrent file accesses in a single account.
[1] “Google Drive,” https://drive.google.com/start#home.
[2] “Dropbox,” https://www.dropbox.com/home.
[3] “SugarSync,” https://www.sugarsync.com/.
[4] “Microsoft SkyDrive,” http://skydrive.live.com/.
[5] “Box,” http://www.box.net.
[6] “Amazon S3 Service Level Agreement,” http://aws.amazon.com/s3-sla/.
[7] “Windows Azure Pricing and Service Agreement,” http://www.microsoft.com/windowsazure/pricing/.
[8] S. Kamara and K. Lauter, “Cryptographic cloud storage,” Financial Cryptography and Data Security, ser. Lecture Notes in Computer Science. Springer Berlin/Heidelberg, 2010, vol. 6054, pp. 136–149.
[9] J. Feng, Y. Chen, D. Summerville, W.S. Ku, and Z. Su., “Enhancing Cloud Storage Security Against Roll-back Attacks with a New Fair Multi-party Non-repudiation Protocol,” IEEE Consumer Communications and Networking Conference (CCNC), 2011.
[10] A. Shraer, I. Keidar, C. Cachin, Y. Michalevsky, A. Cidon, and D. Shaket., “Venus: Verification for untrusted cloud storage,” ACM CCSW 2010, pp. 19-30.
[11] A. Juels and B. S. Kaliski, “PORs: Proofs of retrievability for large files,” Proc. of ACM CCS, 2007,pp. 584-597.
[12] R. A. Popa and J. R. Lorch. “Enabling Security in Cloud Storage SLAs with CloudProof,” USENIX Annual Technical Conference (USENIX), 2011, pp. 31.
[13] Gwan-Hwan Hwang, Jenn-Zjone Peng, and Wei-Sian Huang, “A Mutual Nonrepudiation Protocol for Cloud Storage with Interchangeable Accesses of a Single Account from Multiple Devices,” The 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-2013), Melbourne, Australia, 16-18 July.
[14] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus: Scalable Secure File Sharing on Untrusted Storage,” in USENIX FAST (2003), pp. 29-42.
[15] A. Adya, W.J. Bolosky, M. Castro, G. Cermak, R. Chaiken, J.R. Douceur, J. Howell, J.R. Lorch, M. Theimer, and R. Wattenhofer, “Farsite: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment,” Proc. Fifth Symp. Operating System Design and Implementation (OSDI) , 2002, pp. 1-14.
[16] J. Kubiatowicz, D. Bindel, Y. Chen, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao, “Oceanstore: An Architecture for Global-Scale Persistent Storage,” Proc. Ninth Int’l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2000, pp. 190- 201.
[17] G. Ganger, P. Khosla, M. Bakkaloglu, M. Bigrigg, G. Goodson, S. Oguz, V. Pandurangan, C. Soules, J. Strunk, and J.Wylie, “Survivable storage systems,” DARPA Information Survivability Conference & Exposition II, 2001. DISCEX’01. Proceedings, vol. 2. IEEE, 2001, pp. 184–195.
[18] A. Rowstron and P. Druschel, “Storage Management and Caching in PAST, a Large-Scale, Persistent Peer-to-Peer Storage Utility,” SIGOPS Operating Systems Rev., vol. 35, no. 5, pp. 188-201, 2001.
[19] J. Strunk, G. Goodson, M. Scheinholtz, C. Soules, and G. Ganger, “Self-Securing Storage: Protecting Data in Compromised Systems,” Proc. Fourth Symp. Operating Systems Design and Implementation, Oct. 2000, pp. 12.
[20] A. Bessani, M. Correia, B. Quaresma, F. Andr´e, and P. Sousa, “Depsky: Dependable and secure storage in a cloud-ofclouds,” EuroSys’11, 2011, pp. 31-46.
[21] Y. Deswarte, J.-J. Quisquater, and A. Saidane, “Remote integrity checking,” Proc. Conference on Integrity and Internal Control in Information Systems (IICIS’03), November 2003.
[22] Y. Zhu, G. Ahn, H. Hu, S. Yau, H. An, and S. Chen, “Dynamic Audit Services for Outsourced Storages in Clouds,” IEEE Transactions on Services Computing, vol. PP, no. 99, p. 1, 2011.
[23] Kan Yang and Xiaohua Jia, “An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing,” IEEE Transactions on Parallel and Distributed Systems, vol. 24, no. 9, 2013.
[24] E. Goh, H. Shacham, N. Modadugu and D. Boneh. “Sirius: securing remote untrusted storage,” Proceedings of NDSS. 2003. pp. 131- 145.
[25] J. Li, M. Krohn, D. Mazi`eres, and D. Shasha, “Secure untrusted data repository (SUNDR),” Proceedings of the Symposium on Operating Systems Design and Implementation, 2004.
[26] C. Cachin, A. Shelat, and A. Shraer. “Efficient fork-linearizable access to untrusted shared memory,” Proc. 26th ACM Symposium on Principles of Distributed Computing (PODC), pp. 129–138, 2007.
[27] M. Majuntke, D. Dobre, M. Serafini, and N. Suri, “Abortable fork-linearizable storage,” in T. F. Abdelzaher, M. Raynal, and N. Santoro, editors, Proc. 13th Conference on Principles of Distributed Systems (OPODIS), vol 5923, pp. 255–269, 2009.
[28] C. Cachin and M. Geisler, ”Integrity protection for revision control,” in M. Abdalla and D. Pointcheval, editors,” Proc. Applied Cryptography and Network Security (ACNS), vol 5536, pp. 382–399, 2009.
[29] E. Stefanov, M. van Dijk, A. Oprea, and A. Juels, “Iris: A scalable cloud file system with efficient integrity checks,” The 28th Annual Computer Security Applications Conference (ACSAC 2012). ACM, 2012.