90 2015 cloud computing 1-1 2 4 2010 32 5 6 3 7 8 3 1 9 2 10 3 7 3 4 11

35 3 2015 6 Journal of Nanjing University of Posts and Telecommunications Natural Science Edition Vol. 35 No. 3 Jun. 2015 doi 10. 14132 /j. cnki. 1673-5439. 2015. 03. 014 1 4 2 3 4 1. 310032 2. 4036 3. 210023 4. 210093 TP393. 1 A 1673-5439 2015 03-0089-08 Secure data storage scheme for cloud tenants based on encrypted data storage path mapping CHENG Hongbing 1 4 RONG Chunming 2 YANG Geng 3 ZENG Qingkai 4 1. College of Computer Science & Technology Zhejiang University of Technology Hangzhou 310032 China 2. Department of Electronic Engineering & Computer Science University of Stavanger Stavanger 4036 Norway 3. School of Computer Science & Technology Nanjing University of Posts and Telecommunications Nanjing 210023 China 4. State Key Laboratory for Novel Software Technology Nanjing University Nanjing 210093 China Abstract Currently the conventional security network schemes cannot be used to protect the cloud tenants' big data efficiently. For some threats especially the security threat of abusing private information and data is always fatal to the tenants. In this paper tenants' big data will be separated into many logical sequenced parts before being stored in order to make the data secure. It only needs to encrypt some data parts rather than the whole data and then all the data parts will be stored on different storage media. At least one can understand the big data only when he /she obtains all the sequenced data parts. Furthermore in order to make the data more secure and robust the proposed scheme will store more than one copy of data on cloud storage media. The analysis and simulation results show that the proposed scheme can be efficient to protect the storage data for cloud tenants. Key words cloud computing data security encrypted storage path mapping 2015-03-13 http nyzr. njupt. edu. cn 61402413 LY14F020019 2012M511732 11-JY-009 0571-85290027 E-mail chenghb@ zjut. edu. cn

90 2015 cloud computing 1-1 2 4 2010 32 5 6 3 7 8 3 1 9 2 10 3 7 3 4 11

3 91 2 12-13 5 6 5 CESVMC CESVMC 6 REN 16-17 MingCloud 18 Master / Slave GFS HDFS Sector 14 Kademlia Ming- Cloud 19 20 15 GFS BigTable Dynamo 21 7 22 BLP Bell-LaPadula Biba CCACSM 2 1

92 2015 K 逻 辑 数 据 块 1 1 云 ( 大 ) 数 据 分 块 器 逻 辑 数 据 块 2 逻 辑 数 据 块 3 加 密 部 分 逻 辑 块 Data Data Data Data 分 配 器 云 存 储 索 引 逻 辑 数 据 块 m 1 1 2 Data public x s Data private m s s Mapping Storage_Path = Data. P 1 M 1 M 2 M j P 2 M 1 M 2 M r P s M 1 M 2 M t P i M 1 M 2 M j m i j F Trapdoor m O m 2

3 93 4 6 m 存 储 服 务 提 供 者 2 Data Printing 5 Office App CRM 6 CPU Data storage 云 平 台 1~x 数 据 块 1~m 数 据 块 Users 存 储 服 务 提 供 者 1 x Data Service 1 1 3 ILM Backup 2 7 Service 存 储 服 务 提 供 者 3 Service 2 Employees 2 Private Business App/Service Service m m Data Ftp Web Email 4 1 BBS 3 存 储 服 务 提 供 者 4 存 储 服 务 提 供 者 s 3 3. 1 2 3 /4 78% 1 2 /3 66% 1 2

94 2015 3 k p m/ mk /n? 3. 2 p n m k 4 Hadoop 3 Hadoop HDFS 20 K Federal 10. 0 i5-2400 CPU 4 G DDR 50 G 租 户 端 TCP/IP 元 节 点 网 络 节 点 节 点 节 点 节 点 节 点 节 点 3 4. 2 GByte HDFS m s n HDFS TCP /IP p 0 p 1 p n 1 p n 1 p n

3 95 5 1 5 10 20 4 1 2 k 1 2 3 4 5% 10% 15% 4 m 1 5 10 20 10 数 据 存 储 代 价 /s 60 40 20 m=5 m=1 m=10 m=20 2. J. 2011 32 7 3-21. LUO Junzhou JIN Jiahui SONG Aibo et al. Cloud com- 0 puting Architecture and key technologies J. Journal on 1 2 3 4 5 6 7 8 9 10 Communications 2011 32 7 3-21. in Chinese 测 试 次 数 3 WANG C WANG Q REN K et al. Privacy-preserving 4 public auditing for data storage security in cloud computing 5 C Proceedings of IEEE INFOCOM. 2010 1-9. 5 4 4 GELLMAN R. Privacy in the clouds Risks to privacy and k 1 confidentiality from cloud computing C Proceedings of the World Privacy Forum. 2012. 2 3 4 5% 10% 5. 15% J. 2011 34 12 2391-2402. HUANG Ruwei GUI Xiaolin YU Si et al. Privacy-preserving computable encryption scheme of cloud computing J. Chinese Journal of Computers 2011 34 12 2391-2402. in Chinese 6. 1.0 J. 2014 4 880-895. SHEN Zhirong XUE Wei SHU Jiwu. Survey on the research and development of searchable encryption schemes 租 户 数 据 可 用 性 1 MELL P GRANCE T. The NIST definition of cloud computing draft J. NIST Special Publication 2011 800 145. k=1 J. Journal of Software 2014 4 880-895. in Chinese k=2 k=3 k=4 7 CHENG Hongbing RONG Chunming YANG Geng et al. I- 0.5 0 5 10 15 dentity based encryption and biometric authentication for 存 储 结 点 失 效 率 /% secure data access in cloud computing J. Chinese Journal 5 of Electronics 2012 21 2 254-259. 8.

96 2015 J. 2012 1 26-31. LIU Zhengwei WEN Zhongling ZHANG Haitao. Cloud computing and cloud data management J. Journal of Computer Researh and Development 2012 1 26-31. in Chinese 9. J. 2014 3 116-122. WANG Yichuan MA Jianfeng LU Di et al. Cloud droplets freezing attack in cloud computing J. Journal of Xidian University Natural Science Edition 2014 3 116-122. in Chinese 10 MANYIKA J CHUI M BROWN B et al. Big data The next frontier for innovation competition and productivity R. New York McKinsey Global Institute 2011 1-137. 11 KAUFMAN L M. Data security in the world of cloud computing J. IEEE Security & Privacy 2009 7 4 61-64. YAO Zhiqiang XIONG Jinbo MA Jianfeng et al. A secure electronic document self-destructing scheme in cloud computing J. Journal of Computer Research and Development 2014 7 1417-1423. in Chinese 13 J. 2011 34 10. 22. J. 2012 33 3 59-66. 2013 46 12 116-122. LI Jian HUANG Qingjia LIU Yiyang et al. A task scheduling algorithm for large graph processing in cloud computing J. Journal of Xi an Jiaotong University 2013 46 12 116-122. in Chinese 15 ZISSIS D LEKKAS D. Addressing cloud computing security issues J. Future Generation Computer Systems 2012 28 3 583-592. 16 WANG C WANG Q REN K et al. Toward secure and dependable storage s in cloud computing J. IEEE Transactions on Services Computing 2012 5 2 220-232. 17. J. 2012 23 4 962-986. WANG Yijie SUN Weidong ZHOU Song et al. Key technologies of distributed storage for cloud computing J. Journal of Software 2012 23 4 962-986. in Chinese 18. J. 2011 39 5 1100-1107. WU Jiyi FU Jianqing PING Lingdi et al. Study on the P2P cloud storage system J. Acta Electronica Sinica 2011 39 5 1100-1107. in Chinese 19 HO R. Cloud computing and enterprise migration strategies C Distributed Computing Innovations for Business Engineering and Science-autofilled. 2013 156. 20. 12. J. 2014 3 109-115. J. 2014 7 TAN Pengxu CHEN Yue LAN Julong et al. Secure 1417-1423. fault-tolerant code for cloud storage J. Journal on Communications 2014 3 109-115. in Chinese 21 YU S WANG C REN K et al. Achieving secure scalable and fine-grained data access control in cloud computing C Proceedings of IEEE INFOCOM. 2010 1-9. 1753-1767. LIN Guoyuan HE Shan HUANG Hao et al. Access control security model based on behavior in cloud computing YU Ge GU Yu BAO Yubin et al. Large scale graph data processing on cloud computing environments J. Chinese environment J. Journal on Communications 2012 33 Journal of Computers 2011 34 10 1753-1767. in 3 59-66. in Chinese Chinese 14. J. 1979 - H3C