在這篇論文中,我們提出了一個新的方法,使雲端儲存系統能夠及時地發動 稽核以及 POV。我們考量一個使用者帳號的檔案可能由多個客戶端設備同時操作 存取等等動作的情況。客戶端的設備不需要暫存任何的檔案雜湊值或是檔案狀態 的資訊。
我們利用多個獨立的服務提供者,使用者每一次的操作都向所有服務提供者 發送請求指令,收集所有服務提供者的回傳資料後經比對能夠及時的確認資料的 完整性,而回傳資料上的簽章及密碼學的證據能夠達到 POV 的效果,當發生問 題時使用者和服務提供者雙方能夠以保留的證據稽核確認發生錯誤的是哪一方。
實驗結果顯示,本論文提出的方法相較於之前的雲端儲存即時稽核方法,平均來 看能夠節省 8 倍的時間,遇到最糟的情況能夠節省超過 20 倍的時間。而且本論 文提出的方法解決了之前方法會遭遇的一種最壞的情況,即使用者在長時間未上 線,下一次上線時要同步非常多動作所花的時間。
未來的研究方向,我們希望能夠將 FBHTree 套用到本論文的方法中,藉由 實驗觀察能不能增快 merkle tree 在更新檔案時的速度。另一方面我們希望可以將 系統中的同步伺服器,在本論文中同步伺服器的功能是確保各個設備之間動作的 順序性,若有新的演算法能不需依賴同步伺服器,將能使這個架構更彈性且降低 硬體成本。
參考著作
[1] "Google Drive," [Online]. Available: https://www.google.com/intl/en/drive/.
[2] "Dropbox," [Online]. Available: https://www.dropbox.com/.
[3] "OneDrive," [Online]. Available: https://onedrive.live.com/about/en/.
[4] "iCloud," [Online]. Available: https://www.icloud.com/.
[5] "SugarSync," [Online]. Available: https://www.sugarsync.com/.
[6] "Box," [Online]. Available: https://www.box.com/.
[7] S. Kamara and K. Lauter, "Cryptographic cloud storage," in Financial
Cryptography and Data Security, Springer, 2010, pp. 136-149.
[8] J. Feng, Y. Chen, D. Summerville, W.-S. Ku and Z. Su, "Enhancing cloud storage security against roll-back attacks with a new fair multi-party non-repudiation protocol," in Consumer Communications and Networking Conference (CCNC),
2011 IEEE, IEEE, 2011, pp. 521-522.
[9] E.-J. Goh, H. Shacham, N. Modadugu and D. Boneh, "SiRiUS: Securing Remote Untrusted Storage.," in NDSS, vol. 3, 2003, pp. 131-145.
[10] J. Li, M. N. Krohn, D. Mazieres and D. Shasha, "Secure untrusted data repository (SUNDR)," in OSDI, vol. 4, 2004, pp. 9-9.
[11] E. Stefanov, M. van Dijk, A. Juels and A. Oprea, "Iris: A scalable cloud file system with efficient integrity checks," in Proceedings of the 28th Annual
Computer Security Applications Conference, ACM, 2012, pp. 229-238.
[12] "Amazon S3 Service Level Agreement," [Online]. Available:
https://aws.amazon.com/s3/sla/.
[13] "The SLA for individual Azure services," [Online]. Available:
https://azure.microsoft.com/en-us/support/legal/sla/.
[14] G.-H. Hwang, W.-S. Huang and J.-Z. Peng, "Real-time proof of violation for cloud storage," in Cloud Computing Technology and Science (CloudCom), 2014
IEEE 6th International Conference on, IEEE, 2014, pp. 394-399.
[15] A. R. Yumerefendi and J. S. Chase, "Strong accountability for network storage,"
in ACM Transactions on Storage (TOS), vol. 3, ACM, 2007, p. 11.
[16] G.-H. Hwang, J.-Z. Peng and W.-S. Huang, "A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices," in Trust, Security and Privacy in Computing and Communications
(TrustCom), 2013 12th IEEE International Conference on, IEEE, 2013, pp.
439-446.
[17] R. C. Merkle, "A digital signature based on a conventional encryption function,"
in Advances in Cryptology—CRYPTO’87, Springer, 1987, pp. 369-378.
[18] D. K. Gifford, "Weighted voting for replicated data," in Proceedings of the
seventh ACM symposium on Operating systems principles, ACM, 1979, pp.
150-162.
[19] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang and K. Fu, "Plutus: Scalable Secure File Sharing on Untrusted Storage.," in Fast, vol. 3, 2003, pp. 29-42.
[20] A. Adya, W. J. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. R. Douceur, J.
Howell, J. R. Lorch, M. Theimer and R. P. Wattenhofer, "FARSITE: Federated, available, and reliable storage for an incompletely trusted environment," ACM
SIGOPS Operating Systems Review, vol. 36, no. SI, pp. 1-14, 2002.
[21] G. R. Ganger, P. K. Khosla, M. Bakkaloglu, M. W. Bigrigg, G. R. Goodson, S.
Oguz, V. Pandurangan, C. A. Soules, J. D. Strunk and J. J. Wylie, "Survivable storage systems," in DARPA Information Survivability Conference & Exposition
II, 2001. DISCEX'01. Proceedings, vol. 2, IEEE, 2001, pp. 184-195.
[22] A. Rowstron and P. Druschel, "Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility," in ACM SIGOPS Operating
Systems Review, vol. 35, ACM, 2001, pp. 188-201.
[23] J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. Soules and G. R. Ganger,
"Self-securing storage: protecting data in compromised system," in Proceedings
of the 4th conference on Symposium on Operating System Design &
Implementation-Volume 4, USENIX Association, 2000, pp. 12-12.
[24] A. Bessani, M. Correia, B. Quaresma, F. André and P. Sousa, "DepSky:
dependable and secure storage in a cloud-of-clouds," ACM Transactions on
Storage (TOS), vol. 9, no. 4, p. 12, 2013.
[25] Y. Deswarte, J.-J. Quisquater and A. Saïdane, "Remote integrity checking,"
Proceedings of IICIS, vol. 140, pp. 1-11, 2003.
[26] A. Juels and B. S. Kaliski Jr, "PORs: Proofs of retrievability for large files," in
Proceedings of the 14th ACM conference on Computer and communications security, Acm, 2007, pp. 584-597.
[27] Y. Zhu, H. Wang, Z. Hu, G.-J. Ahn, H. Hu and S. S. Yau, "Dynamic audit services for integrity verification of outsourced storages in clouds," in Proceedings of the
2011 ACM Symposium on Applied Computing, ACM, 2011, pp. 1550-1557.
[28] K. Yang and X. Jia, "An efficient and secure dynamic auditing protocol for data
Transactions on, vol. 24, no. 9, pp. 1717-1726, 2013.
[29] C. Cachin, A. Shelat and A. Shraer, "Efficient fork-linearizable access to untrusted shared memory," in Proceedings of the twenty-sixth annual ACM symposium on
Principles of distributed computing, ACM, 2007, pp. 129-138.
[30] M. Majuntke, D. Dobre, M. Serafini and N. Suri, "Abortable fork-linearizable storage," in Principles of Distributed Systems, Springer, 2009, pp. 255-269.
[31] C. Cachin and M. Geisler, "Integrity protection for revision control," in Applied
Cryptography and Network Security, Springer, 2009, pp. 382-399.
[32] A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky and D. Shaket, "Venus:
Verification for untrusted cloud storage," in Proceedings of the 2010 ACM
workshop on Cloud computing security workshop, ACM, 2010, pp. 19-30.
[33] R. A. Popa, J. R. Lorch, D. Molnar, H. J. Wang and L. Zhuang, "Enabling Security in Cloud Storage SLAs with CloudProof.," in USENIX Annual Technical
Conference, vol. 242, 2011.
[34] G.-H. Hwang and H.-F. Chen, "Efficient Real-time Auditing and Proof of Violation for Cloud Storage Systems," in 9th IEEE International Conference on