Research On Data Security In Distributed Storage Based On Network Coding

Distributed storage system(DSS)stores data distributed across multiple devices,resulting in several advantages such as high reliability,high availability,and high access efficiency.It has become one of the mainstream schemes for large-scale data storage,but it faces security risks such as eavesdropping attacks and information leakage.Therefore,the research on data security in distributed storage system has become one of the current hot issues.As an effective method to improve network throughput,robustness and security,network coding technology is termed as regenerating code(RC)in distributed storage system.Using RC to protect DSS against eavesdropping has become a research hotspot in the field of data security.In practice,heterogeneous DSS applications are appearing constantly.Further,compared with traditional model,generalized model has become a recent research hotspot because of its huge potential performance gains,better applicability for heterogeneous scenarios and more practical appeal.In addition,perfect security is not necessary in practice,since different practical applications usually have different security level requirements.Therefore,aiming at new data storage needs of heterogeneous DSS,generalized model and practical applications requiring different security levels,how to design regenerating code to protect system against eavesdropping is a key issue of this paper.Aiming at protecting DSSs against eavesdropping,taking network coding as the core technology,taking theoretical analysis of system security constraints and the explicit and optimal code implementation as the way,the work in this thesis mainly studies the data security in heterogeneous systems and generalized model,as well as the scenarios with different security levels.The eavesdropping issues studied in this thesis include major eavesdropping models such as node eavesdropping and link eavesdropping.The main contributions are described as follows.(1)The problem of link eavesdropping in heterogeneous DSS is studied based on network coding.First,for the specific DSS where repair bandwidth is heterogeneous,the condition of the highest security level is derived in theory.The classical homogenous DSS coding framework-product matrix(PM)framework-is generalized,then an extended PM(EPM)framework is proposed for heterogeneous DSS.Further,in traditional model,the proposed EPM framework is applied to design the explicit,optimal minimum remote-repair bandwidth regenerating(MRBR)code satisfying the condition of the highest security level.The properties of data reconstruction and data repair of MRBR code are proved strictly.For demonstration,the example implementation of MRBR code is provided.In traditional model,the proposed MRBR code construction is the first explicit,optimal heterogeneous RC satisfying the condition of the highest security level.In addition,the proposed EPM framework can also be applied to homogenous system.(2)Data security in generalized model is evaluated,a class of RC construction in which the security level can be designed flexibly is provided,and the upper bound of secrecy capacity is derived in generalized model.Considering the problem of node eavesdropping,and compared with traditional model,the advantages of data security in generalized model are analyzed.The metric of security level is given in theory.A explicit construction of RC in which security level can be designed flexibly is provided in generalized model.Furthermore,the upper bound of secrecy capacity is derived in generalized model.Comparison analyses indicate the obtained upper bound is consistent with the ones obtained under different conditions in traditional model.Based on the provided RC construction,an example implementation which arrives at the obtained upper bound and makes the system obtain perfect security is provided at minimum bandwidth regenerating(MBR)point,indicating the tightness of the obtained upper bound.(3)The RC design against eavesdropping is provided,which obtains the minimum storage and the minimum repair bandwidth.Considering the problem of node eavesdropping,a generalized transposed matrix theory is proposed for code design.In this,combined with the method of grouping design,an explicit and optimal minimum storage and minimum bandwidth regenerating(MSBR)code construction is given in generalized model to obtain the minimum storage and the minimum bandwidth.By changing the code parameters,the provided MSBR code has different performances,including the number of storage nodes,reconstruction selectivity,repair selectivity,and code rate.In addition,by comparing and analyzing the coding examples,the tradeoff between data reconstruction selectivity and the security level is provided in the generalized model,which has an important guiding role for the practical system designs.The provided MSBR code is the first optimal explicit RC construction possessing the minimum storage,the minimum bandwidth and different security levels.(4)The relationship between the security level and the important system parameters is studied.Compared with traditional model,the freedom degree of data repair is proposed to measure the relaxation on data repair in generalized model.In this,considering the problem of node eavesdropping,the analysis of system information flow graph is given.The tradeoff between the storage and repair bandwidth in generalized model is derived,and the relationship between the security level and the important system parameters is given in theory.Comparative analysis shows that the generalized model can possess a better tradeoff between storage and repair bandwidth,compared with the one in traditional model.Besides,the relationship between capacity gain at MBR point and freedom degree of data repair is provided compared with traditional model.The numerical result analyses provide the performance curves associated with security level and freedom degree of data repair.The code example is provided to achieve the MBR point on the obtained tradeoff between storage and repair bandwidth,realizing the consumer-specified security level,indicating the availability of obtained tradeoff between storage and repair bandwidth.In summary,this thesis conducts a systematic and in-depth study on the eavesdropping prevention problem in DSS based on network coding.By using information theory,graph theory,optimization,matrix theory and linear algebra,aiming at the problem of link eavesdropping in heterogeneous DSS and the problem of node eavesdropping in generalized model,the system security constraints are deduced,system information flow graph analyses are provided,the relationship between security level and important system parameters is given,and the explicit optimal code constructions are provided,which can possess the highest security level,different security levels,the minimum storage and the minimum repair bandwidth respectively.The corresponding comparative analyses,numerical results and example implementations are also given.The problems of eavesdropping preventions in DSSs have been solved to some extent.The proposed theories and technologies further exert the potential of network coding on protecting DSS against eavesdropping,expand the traditional anti-eavesdrop theory and technology,expand the scope of application scenarios,improve the design flexibility and increase practicability.