Research On Data Integrity Verification In The Cloud Storage Service

With the rapid development of cloud computing,cloud storage service(CSS)has become an important new type data storage model.CSS provides a online data storage service with the form of outsource,which has the advantages of pay-as-you-go,flexible scalability,easy access and so on.CSS greatly reduces the data storage costs and effectively improve the efficiency of resource utilization rate.CSS also brings considerable relief from the heavy burden of management for users.However,data integrity in the cloud storage is vulnerable to be affected by cloud security incidents.Users can not confirm whether the data in the cloud is intact or not,so that it becomes a major reason for users to use less or no CSS.Moreover,the"hidden" damage data can weakens the data recovery ability which affects data storage security.Therefore,it is urgent to research the methods and techniques of data integrity verification(DIV)in cloud storage service in order to promote the healthy development of cloud storage servce.Recently,researchers have proposed many models and methods to take the data integrity verification in simple scenarios of cloud storage,which have a good performance.Howerver,when we face with the complex cloud storage environment,the existing methods have following problems.(1)Facing the massive data,how to coordinate and complete the verification of global files,which is under the prerequisite to meet the auditing demends of users.(2)How to effectively reduce the update cost of the dynamic data caused by frequent updates.(3)How to quickly identify the invalid files in Batch audit.(4)How to use multiple audit proxies to enhance the robustness of the audit system and improve its scalability.To address the problems mentioned above,we conduct in-depth study on DIV in the complex cloud storage environment,and propose a series of models and algorithms to the new situation and requirements.This work was supported by the fund of the National High Technology Research and Development Program of China(863 Program).The main topics and contributions of this thesis can be summarized as follows:(1)We propose a self-adaptive data integiry verification method,which can coordinate the comletion of DIV for the large-scale files,and can meet the diverse needs of users.By analyzing the attribute information of files,the method can dynamically adjust the audit projects to make the high matching between the audit requirements of files and the execution strength of audit projects,which can save a lot of audit cost.On the basis of different initiators,we design two different update algorithms of audit projects to enhance the update flexibility of audit projects.The active update algorithm achieves in-order audit for the global files and guarantee the high coverage rate for the audit system.The lazy update algorithm makes the hot-spot files timely audited to meet the urgent audit needs.Our experiments show that the method can reduce more than 50%of the total audit time than the traditional method.Moreover,SA-PDP can improve the standard-reaching rate of audit projects by more than 30%than basic audit method.(2)We propose a dynamic DIV model with supporing delay-updating,which can effectivly improve the updating efficiency of dynamic data.By using the locality feature of data update,the model adoptes a delay-updating policy and achieve the reorganization and merging of the update sequence,which reduces a lot of invalid update request.Through adding the update status,the merkle hash tree of file integrity checking structure has stronger expression ability.We realize the concurrent updates for the updated state tree to avoid the repeated updates of a large number of intermediate nodes,which saves the update costs.In addition,the data update protection mechanism is provides to prevent the "false alarm" to ensure the correctness of audit system.Both formal analysis and the experimental results indicate that CU-MHT can efficiently reduce the number of updating MHT and significantly improves the update efficiency for the audit model of provable data possesion in the cloud.Specifically,for updating the 1%content of 1GB file,CU-MHT can save 89%read and write operations in the best case while save 49%read and write operations in the worst case.(3)We propose a batch audit scheme with fast searching invalid files to solve the problem that the batch audit schemes are vulnerable to be attacked by "invalid file”which are difficult to find.Through establishing correlation between audit results,we change the calculation way for the right nodes of binary search tree.It only needs to use intermediate results to make the verification,which reduces the number of batch audit for the search process.And we execute the exponents-test in the process of batch audit,which can complete the subtree search process by onle an audit.It effectively shortens the search length of subtree to further reduce the search number.According to the historical query information,the hybrid search method can reduce the search cost of aggregation parts of invalid files.Security analysis and performance analysis show that our proposed methods can quicly identify the invalid files and efficiently resist the "invalid files" attack to ensure the feasibility and efficiency of batch audit scheme.(4)We propose an audit method of data integrity that supports multiple proxies to solve the issue that the traditional PDP models with single proxy easily become the single point of failure and catche the performance bottleneck.The model achieves the scalability management based on circular linked list structure for multiple proxies.It uses multilevel list structure to achieve fast distribution of audit tasks.And we propose task scheduling algorithms based on polling or shortest-first queue to achieve load balance.In addition,we propose a task state backup protocol based on the weak consistency to realize the low cost for system fault processing.The experimental results indicate that MP-PDP can efficiently reduce the audit time for files and quickly add or delete the audit proxy,which can effectively improve the system's availability and performance.