标题: 一个兼具安全与弹性的云端资料加密系统
A Secure and Elastic Cloud Data Encryption System
作者: 黄冠颖
Huang, Kuan-Ying

贤铭
网路工程研究所
关键字: 云端储存;安全性;云端服务;密码学;加密系统;Cloud storage;Security;Cloud service;Cryptography;Encryption system
公开日期: 2011
摘要: 近几年”云端运算”一词在IT产业掀起一股热潮,越来越多服务商推出以”云端”为名的相关的服务,其中最热门的云端服务莫过于”云端储存”。”云端储存”带给使用者许多方便性,资料可以上传到网路储存空间而毋须再随身携带如USB或随身硬碟等储存装置;在任何时间和地点只要有网路即可透过电脑或行动装置来存取资料;上传后的资料透过特殊技术进行备份,因此使用者比较不用担心档案的遗失,即使不小心误删档案仍有很大的机率可以将档案拯救回来。然而,选择使用云端空间作为资料储存或备份其最令人担心的莫过于资料安全性的问题。

在此讲到的安全性问题是指在资料上传中或者是存在网路空间时,都有可能会被从中窃取资料或渗透伺服器来取得档案。现今云端储存空间大多都是上传档案到伺服器后再进行加密储存,不过这类的加密方式令使用者产生不安心感,因此使用者大多会搭配其他第三方资料加密程式自行加密档案后再上传。然而我们发现这类的加密系统其解密金钥大多储存在电脑上,这样的后果可能导致解密金钥会被窃取之外,在使用上也会变得很不弹性,因为当我们要存取档案时我们必须使用同一台电脑或者我们必须在另外一台电脑上产生同样一把解密钥匙才可解密档案。因此如何改善解密金钥使用上的弹性也是另一个待需解决的问题。

在本论文中,我们提出完整一套包含加密应用程式以及云端储存的服务并取名为SSTreasury+。在资料安全性方面,我们让使用者在上传档案前先透过应用程式进行加密以防止资料在传输过程中以及储存在云端空间时被有心人士窃取。此外我们也提出解密金钥让使用者随身携带以增加使用上的弹性,以改进目前大部分的加密系统的解密金钥只能存在使用者电脑的不方便性。并在后端储存方面提出搭配现有的云端储存空间作为资料备份以降低建置成本。藉由以上提出的做法以期望达到一个安全、弹性的云端储存服务。
“Cloud computing” is quite popular in recent years, more and more service provider proposed cloud services especially cloud storage service. The cloud storage service brought many conveniences, for instance, users do not have to carry flash storage drives. The file could be accessed by using the computers or mobile devices via network at anytime and anywhere. Users do not need to care about the uploaded file that could be lost, because the service provider provides special techniques to backup. However, the most worrying problem that we care is security.

The security which we mentioned here is that the file may be eavesdropped during transmission, and the file which stored in the storage server may be stolen by some bad guys. Nowadays, most of the cloud storage to let user upload the file to the server and then encrypt file by server, but in this way makes so many people feel uneasy. Some users usually use other third-party encryption system to encrypt the file before uploading. We found that most of the encryption systems save the decryption key could only in the computer, this leads inconvenience of using and it also could be stolen if the computer is public. So how to improve the flexible of storing decryption key is another issue we concern about.

In this thesis, we proposed an integrated service which named SSTreasury+. It includes encryption application and storage service, user could encrypt files before uploading to the cloud to prevent being stolen during transmission or in the cloud storage. In addition, the decryption key which generated by application can be carried to increase flexibility and convenience. In the back-end storages we use existing cloud storage as a backup storage in order to reduce construction costs. We expected to achieve a safe and flexible cloud storage service by the above methods.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT079956534
http://hdl.handle.net/11536/50570
显示于类别:Thesis


文件中的档案:

  1. 653401.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.