前瞻性雲端安全儲存、防護、行為分析與觀測平台---子計畫一：支援多樣功能之雲端資料安全儲存(I)

Abstract

由於網路的普及化，使得計算能力或儲存空間等資源，透過網路集結為一個大的資源進而提供服務，這樣的概念被稱為雲端服務 (cloud services)，以服務的資源種類又可以分為雲端計算 (cloud computing)以及雲端儲存(cloud storage)。同時行動裝置（如筆記型電腦，手機，PDA）的上網能力已十分健全。在網路與行動裝置的催化下，雲端服務已然是IT產業下一波的重點技術。 因為透過網路完成儲存功能與運算功能的便利性，已經有大量的雲端服務使用群眾。然而無論是網路傳輸媒介或者是網路本身都屬於公共空間，將資料儲存在這樣的空間中或者在這個環境下進行運算都將面對安全性的挑戰。舉例來說，資料與運算的隱私性將會日趨重要。網路上可以直接收發電子郵件是很便利的網路服務，但個人的信件資料應該受到保護不被他人(包括服務提供者)窺探。運算的功能也將會需要隱私，當中小企業將公司內部高成本的資料庫外包給雲端服務提供者，除了資料隱私需要保護，企業內部對資料庫進行的各種運算也都屬於企業內部機密，應該要被保障不會被雲端服務提供者得知。其他安全的議題還包括了資料存取的控制，機密資料的管理等。 本研究主要目標是研究在雲端系統中衍生的特殊儲存與計算安全議題，探討這些議題在不同應用服務中的重要性以及變化，研究如何設計系統或協定以滿足這些特性。本研究的最終目標是能夠完善目前雲端系統與雲端服務的安全性，以保護網路服務廣大使用者以及服務提供商的權益。

Due to the amazing advancement on networks, it is getting easier to access data through networks at any time and from anywhere. The resources in networks are aggregated and provide a lot variety of services to the users, who access them through their (mobile) computing devices, such as, notebooks, netbooks, smart phone, etc. This kind of services is called “cloud service”. We can further classify it into “cloud computing” and “cloud storage”. However, the security issues in cloud services are not fully addressed and solutions are limited. In this project we are concerned about the security problems incurred in cloud services, in particular, the security issues in the cloud storage systems and cloud computing systems. In the cloud storage systems, the related security issues are privacy, access control, key management and retrievability (robustness). Not only the issue of data confidentiality, we also address the issue that data are kept private while users can still have plenty functionalities over data. The main techniques for solving these problems are customized encryption schemes, erasure codes, secret sharing, cryptology, etc. In the cloud computing systems, the related security issues are computing privacy and correctness. The computing privacy is that a user can use the cloud computing service without revealing what he wants to compute. The correctness of the cloud computing should be verified by the issuer. In this project we shall provide solutions to the security problems in cloud systems. Our solutions shall not only solve the problems, but also has better efficiency cost and user friendliness. We shall start with the problem of storing encrypted data and supporting access control. We also consider other functionalities such as integrity checking or keyword search over the encrypted data. Eventually, we implement such a prototype system.