臺灣博碩士論文加值系統

在現今，人們使用雲端的服務越來越普及，例如雲端儲存(Cloud Storage)，但是用戶將自己比較重要的資料，放在不可相信的雲端上(untrusted server)會擔心所讀到的檔案是不正確或者不是最新的，或是遭受任何攻擊(例如roll-back attack 或是replay attack)。因此，很顯然用戶和服務提供商之間存在的許多問題。我們需要一個計劃來解決這些問題。
有一作法是將使用者資料備份，當有爭議時再去比較，但是此做法並不能保證哪一份是最新的以及其正確性，反而是增加更多的資源。在本篇論文中提出了一個機制，將用戶整個資料夾以及檔案以hash tree 方式儲存，稱為Merkle tree，以及利用hash tree產生之root hash來確保整個架構的唯一性，而雲端服務商保存著每次交換訊息所保留的證據，並交換root hash，確保雙方狀態是一致的，用戶讀到的檔案也為正確以及最新。
然而以上狀況在單一用戶是可行的，但是當有用戶有其他設備使用時，目前資料夾的狀態就必須更新至其他設備，以確保在做更新時，其他設備也是最新的。一般做法是對於還未更新的設備，將證據傳給他們(broadcasting)，但是此舉會增加其他設備不停訪問而增加多餘的時間，並且也會產生許多問題。
我們解決方法不需要使用broadcasting，而是有一個同步伺服器的機制，讓其他設備先暫時無法向server溝通，必須等待設備A與server完成一整個完整的運作，才可以解開同步伺服器，避免造成broadcasting不完備的情形。雖然同步伺服器的機制會增加其他設備等待的時間，但是藉此讓許多設備透過同步伺服器之中交換證據，等到要做操作時才會更新設備所儲存之Merkle tree，可以降低了許多時間，以達到真正的即時稽核( true instant audit)，也就是說，當用戶以及使用者有出錯時，馬上就可以偵測到。並再改善用戶驗證時需儲存的Merkle tree，每個設備只需存部份 Merkle tree(pMT)，若存取時沒有另一部分的Merkle tree，才需要更新，這樣一樣可以達到true instant audit，減少用戶儲存負擔。相關的實驗數據結果可以呈現各種交換程序所需要的時間，來證明這個機制的可行性以及優點。

Nowadays cloud service is becoming more and more popular. One of the most important applications is the cloud storage. However, storing important data in cloud storage may suffer serious security risks. For example, the service provider can launch roll-back attack which is to restore lost files using a backup of an early version of them and their associated digital signatures. Then, the service provider can deny that the user’s latest version of files have been lost. Therefore, we need a scheme to have the client device be able to audit if a file obtained from the service provider is valid.
In this paper, we first show that the intuitive solution of instant auditing by applying Merkle tree is inappropriate. Then, we propose an instant auditing communication protocol that can guarantee mutual nonrepudiation between the service provider and user and each client device only has to keep a partial Merkle tree of its account and its last attestation. All the client devices can audit if the obtained file is valid after every file writ operation without requiring broadcast their attestation to all other client devices.
The experimental results demonstrate the feasibility of the proposed scheme. A service provider of cloud storage can use the proposed scheme to provide instant auditing guarantee in their service-level agreement.

第一章 簡介 1
1.1 雲端儲存 1
1.2 稽核 2
1.3 目標 5
1.4 章節介紹 5
第二章 即時稽核架構 6
2.1 Partial Merkle tree 7
2.2 即時稽核溝通架構 9
2.3 即時稽核架構討論 13
第三章 實作與實驗數據 16
第四章 相關研究 31
第五章 結論 35
參考著作 36
附錄A 40

[1] “Google Drive,” https://drive.google.com/start#home
[2] “Dropbox,” https://www.dropbox.com/home
[3] “SugarSync,” https://www.sugarsync.com/
[4] “Microsoft SkyDrive,” http://skydrive.live.com/.
[5] “Box,” http://www.box.net
[6] AMAZON. “Amazon S3 Service Level Agreement, ”. http://aws.amazon.com/s3-sla/.
[7] MICROSOFT CORPORATION. “Windows Azure Pricing and Service Agreement,” http://www.microsoft.com/windowsazure/pricng/.
[8] J. Feng, Y. Chen, D. Summerville, W.S. Ku, and Z. Su. “Enhancing cloud storage security against roll-back attacks with a new fair multi-party non-repudiation protocol,” in IEEE Consumer Communications and Networking Conference (CCNC), pp.521-522,January 2011.
[9] Alexander Shraer, Idit Keidar, Christian Cachin, Yan Michalevsky, Asaf Cidon, and Dani Shaket, “Venus: Verification for untrusted cloud storage,” ACM CCSW 2010.

[10] Seny Kamara and Kristin Lauter. “Cryptographic Cloud Storage,” in Financial Cryptography Workshops, pp. 136-149, January 2010.
[11] R. C. Merkle. “A digital signature based on a conventional encryption function,” in A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, pp. 369-378, 1988
[12] Gwan-Hwan Hwang, Jenn-Zjone Peng, and Wei-Sian Huang. A Mutual
Nonrepudiation Protocol for Cloud Storage with Interchangeable Accesses of a Single Account from Multiple Devices
[13] E. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing remote untrusted storage. In Proc. Network and Distributed Systems Security Symposium (NDSS 2003), pages 131–145, 2003.
[14] M. Kallahalla, E. Riedel, R. Swaminathan, Q.Wang, and K. Fu. Plutus: Scalable secure file sharing on
untrusted storage. In Proc. 2nd USENIX Conference on File and Storage Technologies (FAST), 2003.
[15] M. T. Goodrich, C. Papamanthou, R. Tamassia, and N. Triandopoulos. Athos: Efficient authentication of outsourced file systems. In Proc. Information Security Conference 2008, 2008.
[16] R. A. Popa, J. Lorch, D. Molnar, H. J. Wang, and L. Zhuang. Enabling security in cloud storage SLAs with CloudProof. In Proc. 2011 USENIX Annual Technical Conference (USENIX), 2011.
[17] The Apache Software Foundation, “Welcome to Apache Hadoop!” http://hadoop.apache.org/.
[18] A. Adya, W. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. Douceur, J. Howell, J. Lorch, M. Theimer, and R. Wattenhofer, “FARSITE: Federated, Available, and Eliable Storage for an Incompletely Trusted Environment,” In OSDI, pages 1–14, December 2002.
[19] J. Kubiatowicz, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao. “Oceanstore: An Architecture for Global-scale Persistent Storage,” In ASPLOS, December 2000.
[20] G. Ganger, P. Khosla, M. Bakkaloglu, M. Bigrigg, G. Goodson, S. Oguz, V. Pandurangan, C. Soules, J. Strunk, and J. Wylie. Survivable storage systems. In DARPA Information Survivability Conference and Exposition, IEEE, volume 2, pages 184–195, June 2001.
[21] P. Druschel and A. Rowstron. Storage management and caching in PAST, a large-scale, persistent peerto-peer storage utility. In SOSP, 2001.
[22] J. Strunk, G. Goodson, M. Scheinholtz, C. Soules, and G. Ganger, “Self-securing storage: protecting data in compromised systems,” In OSDI, October 2000.
[23] Jinyuan Li, Maxwell Krohn, David Mazie`res, and Dennis Shasha, “SUNDR: Secure untrusted data repository,” In OSDI (2004).
[24] C. Cachin, A. Shelat, and A. Shraer. Efficient fork-linearizable access to untrusted shared memory. In Proc. 26th ACM Symposium on Principles of Distributed Computing (PODC), pages 129–138, 2007.
[25] M. Majuntke, D. Dobre, M. Serafini, and N. Suri. Abortable fork-linearizable storage. In T. F. Abdelzaher, M. Raynal, and N. Santoro, editors, Proc. 13th Conference on Principles of Distributed Systems (OPODIS), volume 5923 of Lecture Notes in Computer Science, pages 255–269, 2009.
[26] C. Cachin and M. Geisler. Integrity protection for revision control. In M. Abdalla and D. Pointcheval, editors, Proc. Applied Cryptography and Network Security (ACNS), volume 5536 of Lecture Notes in Computer Science, pages 382–399, 2009.
[27] Jun Feng, Yu Chen, Douglas H. Summerville: “A fair multi-party non-repudiation scheme for storage clouds,” in Collaboration Technologies and Systems (CTS), pp. 457-465, May 2011