摘要
针对OpenStack Swift云存储系统直接且完整地存储用户文件带来的安全风险,为防止攻击者从Swift系统窃取完整的用户文件,本文采用数据分割技术将用户文件分割成若干块,分散存储至不同节点;为防止攻击者利用文件块内容之间的逻辑关系,恢复完整的用户文件,本文采用数据加密技术将分割后的文件以密文形式存储;为防止攻击者窃取密钥恢复用户文件,本文采用用户口令与秘密共享相结合的方式,以用户口令为基础分层级加密存储密钥。实验结果表明,本文方法加大了攻击者获取用户文件的难度,提高了OpenStack Swift云存储系统的安全性,性能开销属于可接受范围。
To solve the security problem caused by OpenStack Swift cloud storage system directly and completely storing user files,this paper proposes a method to enhance its security function. First of all,the user files are divided into several fragments by using data dispersal technology,which makes it difficult for attackers to obtain complete user files;Second,the segmented files are stored in ciphertext form through data encryption technology to prevent attackers from using the logical relationship between segmented file contents to recover complete user files;In addition,this paper presents a hierarchical management approach to protect various keys in different layers,and combines user password with secret sharing to prevent cryptographic materials leakage. The experimental results indicate that it will increase the difficulty for attackers to obtain user files after using this method,so as to ensure the security of data storage in OpenStack Swift system,and the performance cost is acceptable to users.
作者
宋元
周丹媛
石文昌
SONG Yuan;ZHOU Dan-yuan;SHI Wen-chang(School of Information,Renmin University of China,Beijing 100872,China;Key Laboratory of Data Engineering and Knowledge Engineering(Renmin University of China)of Ministry of Education,Beijing 100872,China)
出处
《吉林大学学报(工学版)》
EI
CAS
CSCD
北大核心
2021年第1期314-322,共9页
Journal of Jilin University:Engineering and Technology Edition
基金
国家自然科学基金项目(61472429,U1836209).
关键词
计算机应用技术
云计算
云存储安全
数据分割
数据加密
密钥管理
computer application technology
cloud computing
cloud storage security
data dispersal
data encryption
key management
