臺灣博碩士論文加值系統

近年來雲端儲存空間盛行，我們習慣將大大小小甚至是重要資料存放在雲端儲存空間上，然而我們所上傳的重要資料都很有可能被雲端儲存服務的公司私下查看，因此對於個人的隱私性以及企業的機密性造成很大的威脅，但是若要自行建立雲端儲存空間，所需耗費的成本卻又十分龐大。
本論文主要探討如何實作一個有隱私性的雲端快取伺服器，該系統主要分為兩個部份，第一部份為本地端的快取伺服器，第二部份則與雲端儲存空間連結，使用者可透過系統將檔案加密後上傳到雲端儲存空間，並且在本地端的伺服器上存放常用的檔案以減少從雲端儲存空間存取檔案的時間。當使用者需要使用檔案時，系統會自動從雲端儲存空間上下載使用者所需的檔案，另外也可分享檔案給其他同於系統內的使用者使用。
透過這樣的系統，我們不再受限於現有雲端儲存空間平台的限制，可以增進重要資料的安全性，同時也可以提昇存取資料的效能，不需要耗費大量的成本，就解決了現有雲端儲存服務的兩大缺點。

Cloud storage is very popular in recent years. People usually store their important data in cloud storage. However, the cloud storage provider might secretly access our data. It is really a big threats to personal privacy and confidentially of business information. Even if we want to build our own cloud storage system, it will cost a lot of resources.
This paper will discuss on how to implement a secure cloud storage caching system. The system consists of two main parts: local cache server and the connection between local cache server and cloud storage. Users can encrypt and upload their data to the cloud storage through this system. When they need to access their data, they will using this system to download and decrypt data from cloud storage. Besides, the system will preserve some data in local storage as cache, so it will not necessary that to download files from cloud storage every time. Users can also share their files to other users in the system.
Though systems like this, we will not limit by the disadvantages of cloud storage. We could improve the security of data and the efficiency of accessing data at the same time with low-cost.

論文審定書 i
致謝 ii
摘要 iii
Abstract iv
目錄 v
圖次 viii
表次 ix
第一章 序論 1
1.1 研究動機與目的 1
1.2 論文架構 2
第二章 背景知識 3
2.1 雲端儲存空間 3
2.1.1 基本介紹 3
2.1.2 Dropbox 3
2.1.3 Amazon Simple Storage Service 4
2.2 加密技術 5
2.2.1 對稱式加密演算法 5
2.2.2 非對稱式加密演算法 11
2.3 網頁開發技術 12
2.3.1 PHP 12
2.3.2 HTML5 12
2.3.3 JavaScript 13
2.3.4 OAuth 14
第三章 系統架構及功能介紹 15
3.1 系統架構 15
3.2 資料庫架構 16
3.3 功能介紹 18
3.3.1 註冊 18
3.3.2 登入 20
3.3.3 上傳 21
3.3.4 下載 22
3.3.5 分享 22
3.3.6 任務排程 23
3.3.7 檔案快取 24
3.4 系統需求 24
3.4.1 軟體需求 24
3.5 硬體需求 25
第四章 實作技術探討 26
4.1 上傳及加密 26
4.1.1 讀取檔案內容 27
4.1.2 加密檔案內容 27
4.1.3 傳送檔案內容 28
4.1.4 完成上傳檔案 29
4.2 下載及解密 32
4.2.2 從Dropbox下載 33
4.2.3 檔案金鑰解密 34
4.2.4 讀取檔案內容 34
4.2.5 解密檔案內容 35
4.2.6 附加至暫存檔案 36
4.2.7 完成下載檔案 37
4.3 分享檔案 37
4.3.1 設定分享檔案 37
4.3.2 下載被分享檔案 38
4.4 快取系統 39
4.5 任務排程 40
第五章 系統分析與比較 42
5.1 Hope Bay ArkExpress 42
5.2 Riverbed SteelStore 43
5.3 簡單比較 43
第六章 結論 45
參考文獻 46
附錄一 51
附錄二 65

[1]Amazon Simple Storage Service (S3) - Online Cloud Storage for Data &; Files。網址：http://aws.amazon.com/s3/。上網日期：2014-6-10
[2]Advanced Encryption Standard - Wikipedia。網址：http://en.wikipedia.org/wiki/Advanced_Encryption_Standard。上網日期：2014-6-10
[3]Block cipher mode of operation - Wikipedia。網址：http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation。上網日期：2014-6-10
[4]PHP: PDO Manual。網址：http://php.net/manual/en/book.pdo.php。上網日期：2014-6-10
[5]PHP: cURL。網址：http://php.net/manual/en/intro.curl.php。上網日期：2014-6-10
[6]OAuth 2.0 and the Road to Hell。網址：http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/。上網日期：2014-6-10
[7]Hope Bay Technologies。網址：http://www.hopebaytech.com/products/products_arkexpress.html。上網日期：2014-6-10
[8]SteelStore - Cloud Integrated Storage。網址：http://www.riverbed.com/products/cloud-storage/。上網日期：2014-6-10
[9]Dropbox - Core API。網址：https://www.dropbox.com/developers/core。上網日期：2014-6-10
[10]W3C HTML5 FileAPI。網址：http://dev.w3.org/2006/webapi/FileAPI/。上網日期：2014-6-10
[11]XMLHttpRequest。網址：https://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html。上網日期：2014-6-10
[12]crypto-js - JavaScript implementations of standard and secure cryptographic algorithms。網址：https://code.google.com/p/crypto-js/。上網日期：2014-6-10
[13]Jsencrypt。網址：https://github.com/travist/jsencrypt。上網日期：2014-6-10
[14]PHP: Hypertext Preprocessor。網址：https://php.net/。上網日期：2014-6-10
[15]Iulia Ion, Niharika Sachdeva, Ponnurangam Kumaraguru, and Srdjan Čapkun. 2011. Home is safer than the cloud!: privacy concerns for consumer cloud storage. In Proceedings of the Seventh Symposium on Usable Privacy and Security(SOUPS ''11). ACM, New York, NY, USA, Article 13.
[16]Idilio Drago, Marco Mellia, Maurizio M. Munafo, Anna Sperotto, Ramin Sadre, and Aiko Pras. 2012. Inside dropbox: understanding personal cloud storage services. In Proceedings of the 2012 ACM conference on Internet measurement conference (IMC ''12). ACM, New York, NY, USA, pp. 481-494.
[17]Huijun Xiong, Xinwen Zhang, Danfeng Yao, Xiaoxin Wu, and Yonggang Wen. 2012. Towards end-to-end secure content storage and delivery with public cloud. In Proceedings of the second ACM conference on Data and Application Security and Privacy (CODASPY ''12). ACM, New York, NY, USA, pp. 257-266.
[18]Min-Yu Chen, Chi-Wei Liu, and Min-Shiang Hwang. 2013. SecureDropbox: a file encryption system suitable for cloud storage services. In Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference (CAC ''13). ACM, New York, NY, USA, Article 21.
[19]Seny Kamara and Kristin Lauter. 2010. Cryptographic cloud storage. In Proceedings of the 14th international conference on Financial cryptograpy and data security (FC''10), Radu Sion, Reza Curtmola, Sven Dietrich, Aggelos Kiayias, Josep M. Miret, Kazue Sako, and Francesc Sebe (Eds.). Springer-Verlag, Berlin, Heidelberg, pp. 136-149.
[20]Jianying Zhou. 2014. On the security of cloud data storage and sharing. In Proceedings of the 2nd international workshop on Security in cloud computing (SCC ''14). ACM, New York, NY, USA, pp. 1-2.
[21]Zhonghua Sheng, Zhiqiang Ma, Lin Gu, and Ang Li. 2011. A privacy-protecting file system on public cloud storage. In Proceedings of the 2011 International Conference on Cloud and Service Computing (CSC ''11). IEEE Computer Society, Washington, DC, USA, pp. 141-149.
[22]João Rodrigues, Bernardo Ferreira, and Henrique Domingos. 2013. TMS: a trusted mail repository service using public storage clouds. In Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing (MW4NextGen ''13). ACM, New York, NY, USA, Article 2.
[23]Alysson Bessani, Miguel Correia, Bruno Quaresma, Fernando André, and Paulo Sousa. 2011. DepSky: dependable and secure storage in a cloud-of-clouds. In Proceedings of the sixth conference on Computer systems (EuroSys ''11). ACM, New York, NY, USA, pp. 31-46.
[24]Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. 2006. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1 (February 2006), pp. 1-30.
[25]Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (November 1979), pp. 612-613.
[26]Sushmita Ruj, Milos Stojmenovic, and Amiya Nayak. 2012. Privacy Preserving Access Control with Authentication for Securing Data in Clouds. In Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012) (CCGRID ''12). IEEE Computer Society, Washington, DC, USA, pp. 556-563.
[27]Paolo Gasti, Giuseppe Ateniese, and Marina Blanton. 2010. Deniable cloud storage: sharing files via public-key deniability. In Proceedings of the 9th annual ACM workshop on Privacy in the electronic society (WPES ''10). ACM, New York, NY, USA, pp. 31-42.
[28]Gansen Zhao, Ziliu Li, Wenjun Li, Hao Zhang, and Yong Tang. 2012. Privacy Enhancing Framework on PaaS. In Proceedings of the 2012 International Conference on Cloud and Service Computing (CSC ''12). IEEE Computer Society, Washington, DC, USA, pp. 131-137.
[29]Tanmay Sinha, Vrns Srikanth, Mangal Sain, and Hoon Jae Lee. 2013. Trends and research directions for privacy preserving approaches on the cloud. In Proceedings of the 6th ACM India Computing Convention (Compute ''13). ACM, New York, NY, USA, Article 21.
[30]Frederic P. Miller, Agnes F. Vandome, and John McBrewster. 2009.Advanced Encryption Standard. Alpha Press.
[31]NIST Computer Security Division''s (CSD) Security Technology Group (STG) (2013). "Block cipher modes". Cryptographic Toolkit. NIST. Retrieved April 12, 2013.
[32]Morris Dworkin. Recommendation for block cipher modes of operation: methods and techniques. NIST Special Publication 800-38A, December 2001.
[33]Barry Leiba. 2012. OAuth Web Authorization Protocol. IEEE Internet Computing 16, 1 (January 2012), pp. 74-77.
[34]Hammer-Lahav, E., Ed., "The OAuth 1.0 Protocol", RFC 5849, April 2010.
[35]Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749, October 2012.
[36]Antonio Garrote Hernández and María N. Moreno García. 2010. A formal definition of RESTful semantic web services. In Proceedings of the First International Workshop on RESTful Design (WS-REST ''10), Cesare Pautasso, Erik Wilde, and Alexandros Marinos (Eds.). ACM, New York, NY, USA, pp. 39-45.
[37]Fielding, Roy T.; Taylor, Richard N. (May 2002), "Principled Design of the Modern Web Architecture" (PDF), ACM Transactions on Internet Technology (TOIT) (New York: Association for Computing Machinery) 2 (2): pp. 115–150.
[38]Steve Ward and Mat Hostetter. 2003. Curl: a language for web content. Int. J. Web Eng. Technol. 1, 1 (August 2003), pp. 41-62.
[39]Fette, I. and A. Melnikov, "The WebSocket Protocol", RFC 6455, December 2011.
[40]Yupu Zhang, Chris Dragga, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2014. ViewBox: integrating local file systems with cloud storage services. In Proceedings of the 12th USENIX conference on File and Storage Technologies (FAST''14). USENIX Association, Berkeley, CA, USA, pp. 119-132.