一种基于数据漂移的动态云安全存储机制

doi:10.3969/j.issn.1671-1122.2019.10.009

摘要/Abstract

摘要：

数据安全是云存储的基石,由于目前云存储系统数据存储物理位置相对固定,系统的不确定性和攻击复杂度均偏低。根据动态弹性安全防御的思想,通过动态改造,可以系统性地增加云存储的安全性。文章提出一种基于数据漂移技术的动态云安全存储机制,该存储机制首先将待存储文件分割成数据微粒并分散存储在不同的网络节点中;继而驱动数据微粒在存储节点间进行持续、随机化“漂移”;文件读取时就近聚集下载交付。为了提升系统的安全性,该存储机制的实现采用了均匀分布法与梅森旋转法组合的方法获得随机数;为了有效利用闲散网络带宽,同时不影响正常的网络数据通信,实现系统还增加了流量监控模块对数据的漂移进行主动控制。仿真表明,实验系统功能性及安全性良好。

关键词: 云存储, 安全, 动态, 漂移, 数据微粒

Abstract:

Data security is core issue of Cloud storage. Presently, Cloud storage physical positions of data are relatively changeless so that the uncertainty and complexity of system are low. According to the idea of dynamic resiliency for security defense, as long as the dynamic change is introduced, the security of Cloud storage might be enhanced systematically. Be derived from the idea, a novel mechanism, named dynamic cloud security storage system based on data drifting, is presented. The mechanism firstly separates a document into particles, and then stores them on different nodes of Cloud storage. The particles are driven to keep drifting among nodes during the store, to achieve the dynamic resilient storage view. Once user needs the document, all of the particles are gathered to the nearest node for following download. In order to improve the security, uniform distribution and Mason rotation method are mixed together to obtain better randomness. For the effective utilization of the idle network bandwidth, without affecting normal network data communication, the instance also adds a traffic monitoring module by actively drift traffic control. The simulations of the system with respect to the mechanism show that it has valid functions and security.

Key words: cloud storage, security, dynamic, drifting, data particle

中图分类号:

TP309

赵星, 王晓东, 张串绒. 一种基于数据漂移的动态云安全存储机制[J]. 信息网络安全, 2019, 19(10): 65-73.

Xing ZHAO, Xiaodong WANG, Chuanrong ZHANG. A Dynamic Cloud Security Storage System Based on Data Drifting[J]. Netinfo Security, 2019, 19(10): 65-73.

图/表 16

图1

图2

图3

表1

图4

表2

图5

图6

图7

图8

图9

图10

表3

图11

图12

表4

参考文献 20

[1]	WIKIPEDIA. Cloud Storage[EB/OL]. , 2018-5-15.
[2]	FU Yingxun, LUO Shengmei, SHU Jiwu, et al.Survey of Secure Cloud Storage System and Key Technologies[J]. Journal of Computer Research and Development, 2013, 50(1): 136-145.
	傅颖勋,罗圣美,舒继武.安全云存储系统与关键技术综述[J].计算机研究与发展,2013,50(1):136-145.
[3]	Executive Office Of President, National Science and Technology Council. Turstworthy Cyberspace: Strategic Plan for the Federal Cyber Security Research and Development Program[EB/OL].https://www.nitrd.gov/pubs/Fed_Cybersecurity_RD_Strategic_Plan_2011.pdf, 2011-12-10.
[4]	LIU Jie, ZENG Haoyang, TIAN Yongchun, et al.Technologies and Development Trend of Dynamic Resiliency for Security Defense[]]. Communication Technology, 2015, 48(2): 117-124.
	刘杰,曾浩洋,田永春,等.动态弹性安全防御技术及发展趋势[J].通信技术,2015,48(2):117-124.
[5]	RAGHU Y.Building the Infrastructure for Cloud Security: A Solutions View[M]. 1st ed.NY: Apress, Berkeley, 2014.
[6]	ZHAO Luyi.A Detailed Implementation of Fully Homomorphic Encryption Using Ideal Lattice[C]//IEEE. Proceedings of the 2014 International Conference on Electrical, Control and Automation, February 22-25, 2014. Shanghai, China. New York: IEEE, 2014: 132-139.
[7]	JAKE Loftus, ALEXANDER May, et al.On CCA-Secure Somewhat Homomorphic Encryption[C]//IEEE. SAC 2011, March 21-25, 2011, TaiChung, Taiwan China. New York: IEEE, 2013: 55-72.
[8]	LI shuanbao, FU Jianming, ZHANG Huanguo, et al. Scheme on User Identity Attribute Preserving Based on Ring Signcryption for Cloud Computing[J]. Journal on Communication, 2014, 35(9): 99-111.
	李栓宝,傅建明,张焕国,等.云环境下的基于环签密的用户身份属性保护方案[J].通信学报,2014,35(9):99-111.
[9]	LEE N Y, CHANG Y K.Hybrid Provable Data Possession at Untrusted Stores in Cloud Computing[C]// IEEE. 2011 IEEE 17th International Conference on Parallel and Distributed Systems, December 7-9, 2011, Washington, DC, USA. New York: IEEE, 2011: 638-645.
[10]	BOWERS D, JUELS A,OPREA A, et al.Proofs of Retrievability: Theory and Implementation[C]// ACM. Proc of the 2009 ACM Workshop on Cloud Computing Security, November 9-13, 2009, Chicago, IL, USA. New York: ACM, 2009: 43-54.
[11]	GE Yao, YONG Li, LINAN Lei, et al.An Efficient Dynamic Provable Data Possession Scheme in Cloud Storage[C]// Springer. 11th International Conference on Green, Pervasive and Cloud Computing(GPC 2016), May 5-8, 2016, Xi’an, China. New York: Springer-Verlag, 2016: 63-81.
[12]	NGUYEN T, CUTWAY A, SHI W S.Differentiated Replication Strategy in Data Centers[C]// Springer. Proceedings of the 7th IFIP International Conference on Network and Parallel Computing(NPC 2010), September 13-15, 2010, Zhenzhou, China. New York: Springer-Verlag, 2010: 277-288.
[13]	BESSANI A, CORREIA M, QUARESMA B, et al.DepSky: Dependable and Secure Storage in A Cloud-of-clouds[J]. ACM Trans on Storage, 2011, 9( 4): 31-46.
[14]	XIANG Fei, LIU Chuanyi, FANG Binxing, et al.Novel“Rich Cloud”Based Data Disaster Recovery Strategy[J]. Journal on Communications, 2013, 34(6): 92-100.
	项菲,刘川意,方滨兴,等.新的基于云计算环境的数据容灾策略[J].通信学报,2013,34(6):92-100.
[15]	BIAN Genqing, GAO Song, SHAO Bilin, et al.Security Structure of Cloud Storage Based on Dispersal[J]. Journal of Xi’an Jiaotong University, 2010, 10(9): 41-45.
	边根庆,高松,邵必林.面向分散式存储的云存储安全架构[J].西安交通大学学报,2010,10(9):41-45.
[16]	WANG jing, HUANG Chuanhe, WANG Jinhai, et al. An Access Control Mechanism with Dynamic Privilege for Cloud Storage[J]. Journal of Computer Research and Development, 2016, 53(4): 904-920.
	王晶,黄传河,王金海.一种面向云存储的动态授权访问控制机制[J].计算机研究与发展,2016,53(4): 904-920.
[17]	WU xiuguo. Research on Minimum Cost Data Replica Distribution Based on Dynamic Planning in Cloud Storage System[J]. Computer Engineering, 2017, 43(7): 29-37.
	吴修国. 云存储系统中基于动态规划的最小开销数据副本布局研究[J].计算机工程,2017,43(7):29-37.
[18]	MA weijun, RUAN Kun, FENG Jing, et al. Optimizing Algorithm for I/O Performance of Cloud Storage System Based on Dynamic Hybrid Range Mechanism[J]. Journal of Beijing University of Technology, 2013,39(5): 707-712.
	马玮骏,阮鲲,冯径,等.基于动态混合分片机制的云存储系统I/O性能优化算法[J].北京工业大学学报,2013,39(5): 707-712.
[19]	XPENXPEN. Mersenne Twister[EB/OL]. , 2019-1-15.
[20]	NAN Chunli, ZHANG Shengrui, NING Hang, et al.Random Number And its Performance Evaluation in Urban Traffic Simulation[J]. Computer engineering, 2009, 35(10): 259-261.
	南春丽,张生瑞,宁航,等.城市交通仿真中的随机数及其性能评价[J].计算机工程,2009,35(10):259-261.

命令	语义	适用
DLF	删除文件块	M/S
SED	请求传输文件	S
FAL	获取数据微粒失败	M/S
JON	节点申请加入	M
RFU	节点被拒绝	S
ACK	节点确认	S
DLN	删除节点	S