云计算中数据存储及其共享隐私增强理论与技术的研究

As a new service mode, cloud computing has received the most widespread attention, in the existed implementation of cloud computing services, the data privacy security issues have been confirmed as a big obstacle for the cloud computing. In addition, the data privacy problem is more serious because the cloud has the characteristics of crossing domains, virtual, dynamic of the elastic expansion. Consequently, this project focused on the research of privacy enhancement techniques in the cloud data storage, at the same time, we will design an approach of combining key establishing, encryption and authentication of data sharing access to enhance data privacy. Generally, the traditional network data security schemes cannot be efficiently applied to protect the cloud tenants’ big data. For some threats, especially the security threat of abusing private information and data is fatal for the tenant. In modern advanced information society, people have a variety of personalized requirements about their data information. Undoubtedly, privacy and security of personal data information is the most important concern for tenants when they store their confidential data on cloud storages. In this project, tenants’ private data will be separated into many sequenced parts before storage, in order to make the data secure, we only need to encrypt some data parts and then all the parts will be stored on different storage media. When other tenants access their data, the data parts in different data centers will be collected together and then be restored into original form based on the sequenced number of each data part. One can understand the big data only when he/she gets all the sequenced data parts. Furthermore, in order to protect the big data of a tenant (such as A) from unauthorized access, we only need to encrypt the storage path of the big data, and then we can get a cryptographic value which can be called cryptographic virtual mapping of big data. Generally, the path of the big data is k bytes level and can be stored, processed and transferred easily. We encrypt the path of the big data. In the proposed scheme, other tenants must be authenticated by tenant A before getting secret information kept by A. It is easy to share the secret information with other tenants based on identity encryption algorithm, if someone else, such as tenant (organization) B, wants to share the secret information with tenant A, B must provide his/her identity number to get the private key calculated and sent by the owner of the secret information based on IBE algorithm, the private key is calculated by identity based encryption algorithm. Afterwards, B can share the secret information with A using the private key. Finally, cloud application platform will be built based on the Hadoop of open source projects and architecture (HDFS mainly), and we will implement, test and validate our research on it.

作为一种新的服务模式,云计算受到了广泛的关注。在已实现的云计算服务中，数据的隐私安全问题被证实为云计算普及的巨大障碍。此外，云平台的动态、跨域、虚拟、弹性伸缩的特性以及云服务提供商对平台中数据可能的非法操作使得数据隐私问题更加严峻。鉴于此，本项目着力于研究云计算中数据存储及其共享的隐私增强理论及技术，研究并设计融密钥建立、加密与认证于一体的数据共享访问协议与方案。具体为：依据文件类型并借鉴网络数据报的思想研究数据隐私增强理论,设计数据划分（分块）算法并加密关键数据块以增强数据隐私，弱化云存储提供者对数据的操控并避免对整个数据加、解密操作导致的低效率问题；结合关键数据块和存储路径的加密操作，研究设计融共享密钥建立、加密与认证为一体的访问认证方案，增强数据隐私的同时降低系统的开销。最后，基于Hadoop开源项目和架构（重点是HDFS）搭建应用平台，对研究的理论、技术和方案进行验证、测试与实现。

云计算作为一种新的范式获得了研究界和工业界的广泛关注，云计算及其相关技术已经逐步获得了应用。但一些典型的云数据隐私泄露问题证实了数据的隐私安全问题是云计算普及的巨大障碍。此外，云平台的动态、跨域、虚拟、弹性伸缩的特性以及云服务提供商对存储于平台中的数据拥有控制权而使得数据隐私问题更加严峻。鉴于此，本项目主要着力于研究了云计算中的数据存储隐私增强技术，并设计融密钥建立、加密与认证于一体的数据共享访问隐私增强方案，重点探索了数据的分布式存储及其共享访问中的隐私增强技术。具体为：借鉴网络数据报的思想研究设计数据划分（分块）算法并加密部分数据块以增强数据隐私，以弱化云存储提供者对数据的操控并避免对整个数据加、解密操作导致的低效率问题；结合部分数据块的加密操作，设计了融合共享密钥建立、加密与认证为一体的数据访问认证方案，增强数据隐私的同时降低系统的开销。对于所研究的云数据分块安全存储方案与成果，我们基于Hadoop开源项目和架构（重点是HDFS）搭建了云应用平台，对提出的技术方案进行实现、测试与验证。实验结果表明：云租户数据逻辑存储块提交到云索引服务平台时，云租户对其私密数据的存储路径映射进行加密后，方案显示了较好的安全性、有效性。此外，测试结果也显示了方案在存储租户数据时所采用的冗余备份机制保证了租户数据存储的可靠性。对于所研究的云租户在云环境下密钥建立、加密与认证相关成果，我们在搭建的云计算测试环境下进行了综合的实验测试与比较，结果显示所提出的方案在系统效率和可行性方面都具有较好的效果。本项目的研究成果主要针对云计算环境下的数据隐私增强技术进行了浅显的尝试，所研究的问题主要针对数据的隐私保护及实现过程的效率等问题，对云计算的隐私安全应用起到粗浅的借鉴作用。