標題: | 一個兼具安全與彈性的雲端資料加密系統 A Secure and Elastic Cloud Data Encryption System |
作者: | 黃冠穎 Huang, Kuan-Ying 袁 賢銘 網路工程研究所 |
關鍵字: | 雲端儲存;安全性;雲端服務;密碼學;加密系統;Cloud storage;Security;Cloud service;Cryptography;Encryption system |
公開日期: | 2011 |
摘要: | 近幾年”雲端運算”一詞在IT產業掀起一股熱潮,越來越多服務商推出以”雲端”為名的相關的服務,其中最熱門的雲端服務莫過於”雲端儲存”。”雲端儲存”帶給使用者許多方便性,資料可以上傳到網路儲存空間而毋須再隨身攜帶如USB或隨身硬碟等儲存裝置;在任何時間和地點只要有網路即可透過電腦或行動裝置來存取資料;上傳後的資料透過特殊技術進行備份,因此使用者比較不用擔心檔案的遺失,即使不小心誤刪檔案仍有很大的機率可以將檔案拯救回來。然而,選擇使用雲端空間作為資料儲存或備份其最令人擔心的莫過於資料安全性的問題。
在此講到的安全性問題是指在資料上傳中或者是存在網路空間時,都有可能會被從中竊取資料或滲透伺服器來取得檔案。現今雲端儲存空間大多都是上傳檔案到伺服器後再進行加密儲存,不過這類的加密方式令使用者產生不安心感,因此使用者大多會搭配其他第三方資料加密程式自行加密檔案後再上傳。然而我們發現這類的加密系統其解密金鑰大多儲存在電腦上,這樣的後果可能導致解密金鑰會被竊取之外,在使用上也會變得很不彈性,因為當我們要存取檔案時我們必須使用同一台電腦或者我們必須在另外一台電腦上產生同樣一把解密鑰匙才可解密檔案。因此如何改善解密金鑰使用上的彈性也是另一個待需解決的問題。
在本論文中,我們提出完整一套包含加密應用程式以及雲端儲存的服務並取名為SSTreasury+。在資料安全性方面,我們讓使用者在上傳檔案前先透過應用程式進行加密以防止資料在傳輸過程中以及儲存在雲端空間時被有心人士竊取。此外我們也提出解密金鑰讓使用者隨身攜帶以增加使用上的彈性,以改進目前大部分的加密系統的解密金鑰只能存在使用者電腦的不方便性。並在後端儲存方面提出搭配現有的雲端儲存空間作為資料備份以降低建置成本。藉由以上提出的做法以期望達到一個安全、彈性的雲端儲存服務。 “Cloud computing” is quite popular in recent years, more and more service provider proposed cloud services especially cloud storage service. The cloud storage service brought many conveniences, for instance, users do not have to carry flash storage drives. The file could be accessed by using the computers or mobile devices via network at anytime and anywhere. Users do not need to care about the uploaded file that could be lost, because the service provider provides special techniques to backup. However, the most worrying problem that we care is security. The security which we mentioned here is that the file may be eavesdropped during transmission, and the file which stored in the storage server may be stolen by some bad guys. Nowadays, most of the cloud storage to let user upload the file to the server and then encrypt file by server, but in this way makes so many people feel uneasy. Some users usually use other third-party encryption system to encrypt the file before uploading. We found that most of the encryption systems save the decryption key could only in the computer, this leads inconvenience of using and it also could be stolen if the computer is public. So how to improve the flexible of storing decryption key is another issue we concern about. In this thesis, we proposed an integrated service which named SSTreasury+. It includes encryption application and storage service, user could encrypt files before uploading to the cloud to prevent being stolen during transmission or in the cloud storage. In addition, the decryption key which generated by application can be carried to increase flexibility and convenience. In the back-end storages we use existing cloud storage as a backup storage in order to reduce construction costs. We expected to achieve a safe and flexible cloud storage service by the above methods. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT079956534 http://hdl.handle.net/11536/50570 |
Appears in Collections: | 畢業論文 |