支援分散式編碼與可授權驗證的資料完整性檢查方法

Abstract

雲端儲存是近幾年相當受歡迎廣泛被使用的網路服務。在雲端儲存的應用中，使用者將他的資料儲存在遠端的儲存伺服器，使用者可以透過網際網路在任何時間任何地點不受限制地存取他的資料，也可以透過分享連結的方式和其他人共用資料，而不用花費大量的網路頻寬去傳送資料。雲端儲存服務提供使用者在資料存取上諸多便利，但是資料的安全性依然是很重要的考量，因為資料儲存在雲端，使用者自己沒有儲存備份的資料的，所以存取資料前必須去檢查資料的完整性以確保資料的正確性。資料完整性檢查的效率相當重要，當資料很大量的時候，使用者不會想要把全部資料取回來再做檢查，這將會花費大量的網路頻寬與時間。Ateniese等人提出了provable data possession方法，Juels和Kaliski提出了proof of retrievability方法，這兩種完整性檢查方法都不需要取回全部的資料。後續研究提出了多樣的應用環境和功能性，本篇研究在以上兩種方法為基礎下，探討資料完整性的應用情境與功能性議題：

我們首先考量一個以secure decentralized erasure code為基礎的分散式儲存系統。使用者為了達到可靠的資料儲存，常常會使用到erasure code來儲存資料。傳統的方式是由使用者對資料進行編碼後再產生完整性標籤，然後才上傳雲端儲存；在decentralized erasure code的架構下，使用者對資料產生完整性標籤後就上傳雲端儲存，資料和標籤再由各台伺服器獨立進行編碼儲存。為了支援這種分散式編碼的特性，完整性標籤必須具有同質性，伺服器才能夠獨立計算出對應的完整性標籤，同時又確保原始資料的完整性不會受到破壞。本篇研究設計出一套能夠支援分散式編碼的資料完整性方法，並且正規地證明其安全性。

我們接下來考量到一個雲端資料分享的應用情境。使用者透過雲端和其他人分享他的資料，其他人在存取資料前必須先檢查資料的完整性以確保資料的正確性。使用者限定只有經過授權的單位才可以存取他的資料，同樣地只有經過授權的單位才可以檢查資料的完整性。如果使用私密的完整性檢查方法，則只有使用者本人可以檢查資料完整性；如果使用公開的完整性檢查方法，則所有人都可以檢查資料完整性。要達到只有經過授權的單位才可以檢查資料，資料完整性檢查必須要提供有效的管理機制，使用者可以授權其他人去檢查他的資料，也可以註銷已經授權出去的能力，並且防止驗證能力的洩漏。本篇研究設計出一套能夠支援可授權驗證的資料完整性方法，並且提供完整的安全性證明。

Cloud storage is a popular network service in recent years. In the application of cloud storage, a user stores his data in a remote data cloud. The user can access his data via the Internet anywhere and anytime. The user can also share his data with his friends without costly data migration. Cloud storage provides a user with convenience of data storing and data sharing. Nevertheless, data security is the main concern of the user. We consider the issues of data integrity because data are not stored in the local repository. Before a user accesses his data, he has to check data integrity to make sure that the data are correct. Efficiency is important to data integrity check. When the stored data are quite large, a user will not like to retrieve the whole data back because it could consume much network bandwidth. Ateniese et al. proposed the provable data possession model. Juels and Kaliski proposed the proof of retrievability model. Both the two models allow a user to check data integrity without retrieving the data back. The related works have proposed various applications. In this dissertation, we consider new application and functionality for data integrity check:

First, we consider a secure decentralized erasure code-based storage system. To achieve a robust storage system, erasure code is usually used to encode data for multiple storage servers. For the regular encoding process, a user encodes his data into a codeword and generates an integrity tag for each codeword symbol. Then, the user stores each symbol-tag tuple to a storage server. For the decentralized encoding process, a user generates an integrity tag for each data block and dispatches each block-tag tuple to some storage servers. Each storage server independently receives some data blocks and encodes them into a codeword symbol. The integrity tags have to be homomorphic so that the storage server can compute the right tag for the stored symbol without the involvement of the user. We propose a novel integrity check scheme for secure decentralized erasure code and prove its security formally.

Second, we consider a data sharing scenario of cloud data. A user can share his data with his friends. Before his friend accesses his data, the friend has to check data integrity to make sure that the data are correct. The user allows only his friends to access his data and only the friends to check the data. To satisfy this requirement, an integrity check scheme has to provide management on verifiers. If the user uses a private integrity check scheme, only the user can check integrity of the data. If the user uses a public integrity check scheme, everyone can check integrity of the data. We propose a novel integrity check scheme to support verifier management. A user can delegate a verifier to check his data. The user can also revoke the verifier later. The delegated verifier cannot re-delegate the verification capability to someone else.