近年雲存儲發展迅速,它具彈性的收費模式還有使用上的便利性吸引了不少用家把它當作一個備份的平台,如何保障雲端上資料的完整性也就成了一項重要的課題。我們試著探討如何能有效地在客戶端檢查雲端上資料的完整性,並且在探測到雲存儲節點故障以後如何有效地進行修復。抹除碼(Erasure codes)透過產生冗餘,令編碼過後的資料能允許一定程度的缺片。雲端使用者可以利用抹除碼把檔案分散到不同的雲節點,即使其中一些節點壞了用戶還是能透過解碼餘下的資料來得出原檔。我們的研究是基於一種叫再造編碼(Regenerating code)的新興抹除碼。再造編碼借用了網絡編碼(Network coding)的概念,使得在修復錯誤節點的時候並不需要把完整的原檔先重構一遍,相比起一些傳統的抹除碼(如里德所羅門碼Reed-Solomoncode)能減少修復節點時需要下載的資料量。其中我們在FMSR這門再造編碼上實現了一個能有效檢測錯誤的系統FMSR-DIP。FMSR-DIP的好處是在檢測的時候只需要下載一小部份的資料,而且不要求節點有任何的編碼能力,可以直接對應現今的雲存儲。為了驗證我們系統的實用性,我們在雲存儲的測試平台上運行了一系列的測試。 / To protect outsourced data in cloud storage against corruptions, enabling integrity protection, fault tolerance, and efficient recovery for cloud storage becomes critical. To enable fault tolerance from a client-side perspective, users can encode their data with an erasure code and stripe the encoded data across different cloud storage nodes. We base our work on regenerating codes, a recently proposed type of erasure code that borrows the concept of network coding and requires less repair traffic than traditional erasure codes during failure recovery. We study the problem of remotely checking the integrity of regenerating-coded data against corruptions under a real-life cloud storage setting. Specifically, we design a practical data integrity protection (DIP) scheme for a specific regenerating code, while preserving the intrinsic properties of fault tolerance and repair traffic saving. Our DIP scheme is designed under the Byzantine adversarial model, and enables a client to feasibly verify the integrity of random subsets of outsourced data against general or malicious corruptions. It works under the simple assumption of thin-cloud storage and allows different parameters to be fine-tuned for the performance-security trade-off. We implement and evaluate the overhead of our DIP scheme in a cloud storage testbed under different parameter choices. We demonstrate that remote integrity checking can be feasibly integrated into regenerating codes in practical deployment. / Detailed summary in vernacular field only. / Chen, Chuk Hin Henry. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 38-41). / Abstracts also in Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Preliminaries --- p.4 / Chapter 2.1 --- FMSR Implementation --- p.4 / Chapter 2.2 --- Threat Model --- p.6 / Chapter 2.3 --- Cryptographic Primitives --- p.7 / Chapter 3 --- Design --- p.8 / Chapter 3.1 --- Design Goals --- p.8 / Chapter 3.2 --- Notation --- p.9 / Chapter 3.3 --- Overview of FMSR-DIP --- p.11 / Chapter 3.4 --- Basic Operations --- p.11 / Chapter 3.4.1 --- Upload operation --- p.11 / Chapter 3.4.2 --- Check operation --- p.13 / Chapter 3.4.3 --- Download operation --- p.15 / Chapter 3.4.4 --- Repair operation --- p.16 / Chapter 4 --- Implementation --- p.17 / Chapter 4.1 --- Integration of DIP into NCCloud --- p.17 / Chapter 4.2 --- Instantiating Cryptographic Primitives --- p.18 / Chapter 4.3 --- Trade-off Parameters --- p.19 / Chapter 5 --- Security Analysis --- p.22 / Chapter 5.1 --- Uses of Security Primitives --- p.22 / Chapter 5.2 --- Security Guarantees --- p.23 / Chapter 5.2.1 --- Corrupting an AECC Stripe --- p.23 / Chapter 5.2.2 --- Picking Corrupted Bytes for Checking --- p.25 / Chapter 5.2.3 --- Putting It All Together --- p.26 / Chapter 6 --- Evaluations --- p.27 / Chapter 6.1 --- Running Time Analysis --- p.27 / Chapter 6.2 --- Monetary Cost Analysis --- p.30 / Chapter 6.3 --- Summary --- p.33 / Chapter 7 --- Related Work --- p.34 / Chapter 8 --- Conclusions --- p.37 / Bibliography --- p.38
Identifer | oai:union.ndltd.org:cuhk.edu.hk/oai:cuhk-dr:cuhk_328556 |
Date | January 2012 |
Contributors | Chen, Chuk Hin Henry., Chinese University of Hong Kong Graduate School. Division of Computer Science and Engineering. |
Source Sets | The Chinese University of Hong Kong |
Language | English, Chinese |
Detected Language | English |
Type | Text, bibliography |
Format | electronic resource, electronic resource, remote, 1 online resource (viii, 41 leaves) : ill. (some col.) |
Rights | Use of this resource is governed by the terms and conditions of the Creative Commons “Attribution-NonCommercial-NoDerivatives 4.0 International” License (http://creativecommons.org/licenses/by-nc-nd/4.0/) |
Page generated in 0.0022 seconds