Research On Secure Distributed Storage Architechture And Fault-tolerant Techneque In Cloud Computing

Nowadays, cloud computing has gotten extensive concern and rapid development. The distributed storage built on data center network is one of the necessary infrastructure of the cloud computing. However, the openness of distributed storage in cloud computing results in security risks and the data reliability is one of the constraints of cloud applications. Therefore, it is a significant problem that how to guarantee data security during the process of data reliability protection. This paper studies the secure distributed storage architecture of cloud computing with a secure fault-tolerant technology. Its main content and contributions are as follows.1. A secure architechture of the data centre network based on the hierarchical source address validation technique.A secure architecture of the data center network based on the hierarchical source address validation technique is proposed in this paper. A hierarchical source address which can be validated is designed. All servers in the data center must use this address as the source address when they send data packets to the network. Then, the address will be validated during the data transmission. This can ensure that no server can fake other servers to send data and the server which connects to the data center network without a hierarchical source address can’t transmit data in the network. In order to achieve efficient validation, the hierarchical validation and stream authentication are used in the architecture. The hierarchical validation is used inner the data center and the stream authentication is used inter the data centers. By using this architecture, the system can detect abnormal data transmission, filter the data packets transmitted by the illegal servers, and locate the potential attackers within the data center. The experimental result shows that this technique can validate the source addresses of data packets with a low cost.2. A secure regenerating code based on the broadcast encryptionA secure regenerating code called fault-tolerant Code Based on Broadcast Encryption (FCBE) is proposed. The encoding process of FCBE is transformed into a broadcast process. When data is stored into the system, a set of secure servers will be chosen for the fault-tolerance. When the storage server fails, only these chosen servers can regenerate the data and others cannot do so. It is proved that FCBE is adaptively secure. The experimental results show that FCBE can guarantee data security during the data regenerating process and the traffic bandwidth resulted from the secure validation is acceptable.3. A secure regenerating code based on the threshold schemeTwo secure regenerating codes based on the threshold scheme are proposed. The main idea is to introduce a key management server which is a trusted third party into the model of regenerating codes. When the owner stores data into the system, he will choose a secret from the encoding matrix and share the secret with the key management server. When the failed nodes regenerate data or other users download data from the storage servers, they need to provide security proof to the key management server. If and only if the security proof is validated by the key management server, they can get the secret from it and construct the decoding matrix to regenerate data. Then, based on this idea, the Secure Regenerating Code for Fault-tolerant (SRCF) and Secure Regenerating code with Semi-adaptive (SRCS) are designed. It is proved that the SRCF is chosen plaintext secure and the SRCS is semi-adaptive secure. The experimental results show that the traffic bandwidth resulted from the secure validation in SRCF and SRCS is acceptable, and it puts no much pressure on the data center transmission bandwidth.4. Coded data regeneration model based on the assembly lineA data regeneration model based on the assembly line is proposed. The model adopts the idea of industrial production assembly line. It treats the regenerating server as the semi-manufactured product, the storage server as the worker and the server which has finished regeneration as the finished product. By using this model, the bandwidth used in the data regeneration will be reduced. Theoretical analysis shows that this model can regenerate data correctly and indeed reduce the bandwidth used in the data regeneration.