雲端外儲系統資料保護機制

The Data Protection Mechanism of Cloud Outsource Storage

黃仁俊(Ren Junn Hwang)；張軒齊(Hsuan Chi Chang)

雲端運算 ； 雲端儲存 ； 資料安全 ； Cloud computing ； Cloud storage ； Data security

資訊安全通訊

24卷3期（2018 / 07 / 01）

1 - 15

繁體中文

雲端計算的諸多優點吸引企業組織和個人將其資料由自行管理的傳統模式逐漸轉變為託管儲存在遠處的雲端伺服端，尤其雲端用戶可以將大量資料及相關管理與維護的工作負荷託管轉嫁給雲端伺服端，並以依用多少付多少的標準支付費用的形式使用近似毫無限制的資源。然而無可避免地，雲端用戶的儲存資料可能具機敏性，因此保護儲存資料的私密性與處理過程中隱私性的確保將成為雲端計算服務推展成功與否的重要關鍵。資料加密後再上傳到雲端伺服端是保護資料私密性最根本的做法，本研究設計並實作資料儲存於雲端儲存系統的安全技術，研究設計資料上傳與下載的安全機制，該機制提供的功能（1）資料上傳與下載過程資料私密性與完整性；（2）儲存於雲端儲存系統資料私密性與完整性；與（3）有效率的偵測錯誤資料區塊與資料復原功能。同時本研究亦以程式實現此安全機制於手機平台google與amazon提供雲端平台，本研究成果使儲存於雲端儲存系統的資料的安全性掌握在資料擁有者手中，無論雲端儲存服務提供的安全機能如何，讓儲存資料受到保護的程度都在資料擁有者所能控制的範圍內，讓資料因安全性問題可能造成的傷害或損失降到最低，而且整個機制的運作就在資料擁有者個人的手機平台上。本研究成果對雲端服務的推廣應有顯著的助益。

Cloud outsource storage has many advantages that attract many business organizations and individuals to store their data in a remote cloud storage. The cloud users transfer large amounts of data and maintenance workloads to cloud servers, and to use seemingly unlimited resources. There are sensitive data stored in the outsource storage. To protect the privacy of the stored data and to ensure the confidentiality of the processing will be the key to the success of cloud computing services. Data encryption and then upload to the cloud storage is the most fundamental protection of data privacy. This paper designs and studies the security technology of the data stored in the cloud storage. The proposed mechanism provides: (1) Data privacy and completeness of data upload and download processes. (2) Protect the privacy and integrity of the data stored in the cloud storage. (3) To detect and recover the error data blocks efficiently. The data owners perform the proposed protection processes (software) and upload the protected data to cloud outsource storage. The entire security processes are operated by the owner himself on his mobile platform. The extent to which stored data is protected is within the control of the data owner. This strategy minimizes the damage or loss caused by security problems. The research results will promote the cloud storage application services.

1. (2008).IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices.IEEE.
2. Bellare, M.,Canetti, R.,Krawczyk, H.(1996).Keying Hash Functions for Message Authentication.Annual International Cryptology Conference
3. Chen, P. M.,Lee, E. K.,Gibson, G. A.,Katz, R. H.,Patterson, D. A.(1994).RAID: HighPerformance, Reliable Secondary Storage.ACM Computing Surveys (CSUR),26,145-185.
4. Daemen, J.,Rijmen, V.(2001).The Design of Rijndael: AES – The Advanced Encryption Standard.Springer-Verlag.
5. Dworkin, M. J.(2010).Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices.National Institute of Standards and Technology.
6. Jamsa, K..Cloud Computing, SaaS, PaaS, Iaas, Virtualization, Business Models, Mobile, Security and More.
7. Raggo, M.,Hosmer, C.(2012).DATA HIDING Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols.Elsevier.
8. Stallings, W.(2017).Cryptography and Network Security Principles and Practice.
9. 林華鵬,周國森,郭志勇,單張麟,陳彥仲,林宗毅。雲端安全儲存系統。TANET2013台灣網際網路研討會〔論文集〕

1. 樊祖燁,黃俞程,彭建文,張鈞皓,方晴(2019)。古憶平台企劃之研究。美和學報，38(1)，1-16。
2. 温阡惠,羅雍筌,鄭莞玲,樊祖燁,劉芯妤,彭建文,陳思玫,張嘉欣(2021)。運用影像處理技術促進台灣自由行發展之研究。島嶼觀光研究，13(4)，47-86。