云存储中基于可信硬件的数据存储位置保障方法研究
Research on Using Trusted Hardware for Data Location Assurance in Cloud Storage
DOI: 10.12677/CSA.2017.73023, PDF, HTML, XML, 下载: 1,640  浏览: 2,132 
作者: 王 冠*, 许瑞雪:北京工业大学,北京
关键词: 云存储安全可信计算数据存储位置可信密码模块Cloud Storage Security Trusted Computing Data Geo-Location TCM
摘要: 在云存储中,一些处理敏感数据(如政府文件、资产数据、健康数据等)的用户需要限制数据存储的地理位置,而目前大多数云存储供应商并没有向用户提供验证数据存储位置的方法。针对这个问题,采用可信硬件来标识物理机器并利用可信第三方来验证数据实际存储位置。此外,还可以验证云存储供应商提供的物理机器的可信性。分析结果表明,本文提出的方法具有很高的安全性,通过采用TCM芯片及额外的位置审计,能够可靠地验证数据存储的实际位置。
Abstract: Recently, the lack of geo-location assurance of data stored in cloud storage has become a main reason which restricts organizations that deal with sensitive data (e.g., financial data, health data) to adopt cloud storage. This paper proposed a mechanism for verifying the geographic location of the stored data. We use Trusted Cryptographic Module (TCM) to identify physical machines and use a trusted third party to verify the actual location. In addition, our approach enables the verification of the trustworthiness of the physical machines which the cloud storage operators provide. The discussion shows that the approach of this paper has an adequate level of security, and by the usage of TCM and additional location audits, can enable a reliable location verification of the stored data.
文章引用:王冠, 许瑞雪. 云存储中基于可信硬件的数据存储位置保障方法研究[J]. 计算机科学与应用, 2017, 7(3): 183-191. https://doi.org/10.12677/CSA.2017.73023

参考文献

[1] Tate, S.R. and Vishwanathan, R. (2013) Multi-User Dynamic Proofs of Data Possession Using Trusted Hardware. ACM, San Antonio, 353-364.
[2] Shetty, S. and Rogers, T. (2014) Classification Based IP Geolocation Approach to Locate Data in the Cloud Data Centers. ACM, USA.
[3] http://www.zdnet.com
[4] Christoph, K. (2013) Using Trusted Platform Modules for Location Assurance in Cloud Networking. Network and System Security, Springer, Berlin Heidelberg, 109-121.
[5] Yang, H.-J. (2013) Victor Costan. Authenticated Storage Using Small Tusted Hardware. ACM, 35-46.
[6] Noman, A. and Adams, C. (2014) Hardware-Based DLAS: Achieving Geo-Location Guarantees for Cloud Data Using TPM and Provable Data Possession. ACM, Crown, 280-285.
[7] Trusted Computing Group (2004) TCG Specification Architecture Overview Revision 1.2.
http://www.trustedcomputinggroup.org
[8] 冯登国, 等. 可信计算-理论与实践[M]. 北京: 清华大学出版社, 2013: 18-46.
[9] Zhang, S.R. (2004) Design and Implementation of a TCG-Based Integrity Measurement Architecture. Proceedings of the 13th Usenix Security Symposium, USA, 1-20.