Research On Key Techniques Of Secure Storage For Cloud Disaster Recovery

Cloud Computing and Cloud Storage provide a kind of new third party IT resource and service model, which can make users able to build elasticity IT system based on their demand. These technologies propose an effective solution for the increase of IT resource demands caused by the rapid development of information technology. Because these tech-nologies provides transparent computing and storage services, security and trust problem becomes the most important issue when users make their choices. And because of these problems, Cloud Computing and Cloud Storage still can not be used for large-scale application promotion. So the storage security research about Cloud Computing and Cloud Sto-rage not only can promot this technology, but also can effectively pro-mote the informatization construction in our country. And this research has important theoretical significance and practical value.This paper focuses on the key techniques of storage security for cloud disaster recovery, such as data confidentiality, data integrity and data avalibility. This research puts forward a kind of unified massive cloud disaster service managed by safety storage architecture and storage secu-rity techniques based on data splitting. The main contributions of this pa-per are summarized as follows:Firstly, this paper puts forward ESSA, a highly efficient data scram-bling and split method in three-dimensional space for processing mass backup files, which can keep the privacy of information contained in backup data and prevent being leaked to the attacker and the cloud sys-tem manager. ESSA scrambles data in three-dimensional and uses the complexity of data structure recovery to ensure the confidential of split data. Analysis results show that ESSA not only has large-scale "restore space" which is not less than key space of encrypt scheme,also provides semantic security by the differences of scrambling rules which is better than threshold schemes. Unlike the traditional data confidentiality protec-tion scheme, ESSA supports a fine grit data de-duplication process, which makes up for the data de-duplication efficiency influence of traditional data confidentiality to a certain extent.Secondly, this paper puts forward a kind of integrity check method based on data split and a series of data integrity verification protocol through the various stages of disaster-backup files’life cycle. This paper uses the coordinate property for each data pieces to propose a generation plan of integrity checking information, which will not only ensure the in-tegrity check of the piece, but also hide coordinate propert in it for user confirmation every time when he visits the data. According to the defini-tion of data integrity checking and the characteristics of integrity check information proposed, three kinds of data integrity verification protocol are designed respectively for the data backup, storage and restore pro-cesss to protect the integrity of cloud disaster recovery service. Cloud disaster recovery system which uses this scheme can provide data integr-ity service and prove its credibility for users. It also can effectively pre-vent malicious users’s blackmail behavior.Thirdly, this paper puts forward ECESSA, a kind of data availability technique in both user level and storage system level for cloud disaster recovery, which can make sure the restorability of disaster-recovery data in third party services. At the user level, ECESSA proposes a parity check code for each column and row of every plane in three-dimensional struc-ture based on the research of RAID, so that random fault can be recov-ered unless a special situation happens. Experimental results show that fault-tolerance rate and extra storage space rate will change as the para-meter changes, and tests out the balance of these rates for users’choice. At the cloud disaster recovery service level, ECESSA proposes a data re-dundance and location scheme for mass storage nodes according to the caracteristic of user level scheme, which can make improvement of data redundancy and prevents leak of the data by malicious redundancy node.Fourthly, this paper presents a cloud disaster-recovery service system architecture based on the research of data split scheme. Whether using Software as a Service, Platform as a Service or Infrastructure as a Service, the service user can use this architecture to protect the safty of backup files. Unlike the traditional cloud security model, this architecture pro-vides third party disaster recovery service based on data split scheme and the key tecniqu of data secure storage for split data, which can satisfy the data security needs of building mass data disaster-recovery service on third party cloud.