有效改善網路檔案儲存安全性之架構設計

Abstract

隨著科技的快速發展，網路技術從早期的撥接上網，到98年的單向Cable，以至現今的ADSL，網路頻寬不斷以躍進的方式爆炸性成長。 網路原就充滿許多大量的資料交換，依賴著硬體技術的不斷進化，更多的功能、服務都可以輕而易舉的實做，應用層面亦更為廣泛。藉由網路存取資料已成為各種裝置必備之功能，許多軟硬體供應商也涉足雲端儲存技術，提供雲端存取服務；然而在享受這些服務的過程中，資料安全的疑慮卻也在無形中增加暴露風險。 目前一般網路安全著重在使用者的檔案加密，藉以防止其他使用者或是駭客的竊取，但卻忽略了提供儲存資料的服務供應商，有機會更輕而易舉的取得使用者資料。以著名的相片儲存服務軟體Instagram為例，就曾於2012年12月宣佈修改隱私權政策及服務條款，可在不通知使用者的情況下，將用戶的照片提供給廣告商。使用者資料被窺視的情況層出不窮，如何防範這種情況發生，即是本研究所關注的重點。 本研究以提昇使用者資料儲存之安全性為出發點，希望防止提供儲存空間的管理者對於資料的窺視及濫用；藉由設計各種資料儲存模組，並導入適宜的加密演算法，同時測試、比較模組的效能，有效的提昇資料安全性及資料隱私性。 研究結果指出，本研究所設計的虛擬資料儲存架構，整合AES Rijndael、DES等對稱性加密演算法，以Seek的方式快速取得所需檔案片段，提昇讀取檔案的速度，且有效強化資料安全性及隱私性，防止資料暴露的風險，降低管理者獲取使用者檔案資訊的可能性。

With the rapid development in technology, the network technology has transformed from the early one way Cable to the current ADSL system. The broadband speed also follows an explosive growth path along with the newest innovation. Internet consist plenty of information exchange. As the hardware standard improved, more functions and services can be easily performed. As a result, the applications on these technology are everywhere in our daily life. Accessing data through internet become a necessary function on digital devices. Many software providers also started developed such products to provide cloud service. However, the information safety issues arise while people enjoy the convenient services provided by internet technology. The current internet safety focuses on the file encryption by the user to avoid other users or hackers to access personal data. However, users often neglect the easy access to data from the service providers. Taking Instagram as an example, Instagram declared the edited term of use which allows them to use client’s photo for commercial purposes without notice. The focus of this study is to prevent such unwitting events from the users. This study started from users’ data security and further discusses the prevention on illegal use of data by the service providers. Using different type of data saving module along with appropriate encrypted algorithm to test out the most efficient and privacy-preserving one. The result of this research shows that the architecture of data warehouse with synchronous encryption algorithm AES Rijndael, DES can significantly improve data security and privacy and avoid the risk of data leakage, furthermore, to lower the possibility of administrator accessing users’ file information.