Research On The Security Assurance Mechanism Of Cloud Services Based On Trusted Computing

In recent years,cloud storage services have become more and more popular in the applications of individuals and enterprises,and traditional data storage and protection methods cannot meet the increasingly prominent security needs.Therefore,this paper studies the new safeguard mechanism in order to solve many security defects in cloud storage system,and the main innovation works are as follows:1.Combining with Raptor fountain code and trusted computing technology,a new security model is established for cloud storage service.The model is divided into three levels:trusted platform,trusted domain and trusted service,which transmits the trust from the underlying hardware to the system node and then to the entire cloud storage system.2.Aiming at the problems of traditional cloud storage technology,such as low security,low fault tolerance and low decoding efficiency,this paper applies the Raptor fountain code to cloud data storage,and proposes the Raptor decoding method based on the feedback according to the characteristics of cloud storage system.The simulation results show that the improved decoding method greatly reduces the redundancy of decoding and the total time of user acquisition.3.During the trusted platform layer of the model,in order to overcome the disadvantages such as low operation efficiency and limited storage space of the hardware trusted cryptography module(TCM),this paper designs and implements the virtual TCM as the security coprocessor of hardware TCM for the new safeguard mechanism.Virtual TCM implements a similar framework and function with hardware TCM and provides the call interfaces for upper-layer applications.Meanwhile,in order to improve the security of virtual TCM,the security channel is reserved between the hardware TCM and the virtual TCM,and the trusted measurement of virtual TCM is carried out when the platform is started.4.During the trusted domain layer of the model,in view of the shortcomings that user platform may not be secure and nodes don't trust each other,this paper realizes trusted startup and integrity reporting based on hardware TCM,namely one node can prove its credibility to the remote node in the case of platform security.The trusted domain is a prerequisite for control and business during the trusted service layer.5.During the trusted service layer of the model,in order to handle the problems that the data is easy to be leaked and damaged,etc.,this paper,based on TCM and combining with the convenience that we only need to protect the bidiagraph of Raptor code,realizes the encrypted transmission and storage of meta data,as well as the integrity test of the data block.This paper implements the security model of cloud storage system on embedded platform and tests the key functions when the system is running,the test results show that operation data is correct and the system has achieved the design goal of the system.