| Cloud storage has become a trend of the commercial storage solution in recent years. Traditional security solutions couldn't solve all the problems that the cloud storage is faced with. The cloud service providers hold the encryption strategy, which means the data of users is actually plain to them. Thus, the protection of cloud storage data privacy is becoming important.By analyzing the behavior of common cloud storage client, we designed an architecture for cloud storage data privacy protection, which consists of a secure file system and a key managing system. Base on Linux VFS mechanism, we designed a secure file system, which can run as modules on those file systems that follow the POSIX standards and can replace its encryption module in order to be adapted for different algorithms. The secure file system uses an encryption strategy that one file is encrypted by one specific key, making the uploaded data encrypted on the cloud. It doesn't change the way the application behave, thus implementing a transparent encryption work for the cloud storage. At the same time, we build a key managing system using Java Web technology, in order to protect the keys that are used in the secure file systems. With symmetric and asymmetric encrypting algorithms, we manage the key files of different users individually, providing ways for personal key management and multi-user key sharing.We made some tests and analyses of our systems. It proves that our architecture can protect the data on the cloud transparently while it doesn't change the way people use those existing cloud storage products. The architecture improves the security of cloud storage without influencing user experience, which has some practical value. |
PDF Full Text Request