進階搜尋


   電子論文尚未授權公開,紙本請查館藏目錄
(※如查詢不到或館藏狀況顯示「閉架不公開」,表示該本論文不在書庫,無法取用。)
系統識別號 U0026-2107201513384500
論文名稱(中文) 提供同態加密安全計算於對等服務雲端平台
論文名稱(英文) Secure Computing through Homomorphic Encryption on A Peer-Servicing Public Cloud Computing Platform
校院名稱 成功大學
系所名稱(中) 資訊工程學系
系所名稱(英) Institute of Computer Science and Information Engineering
學年度 103
學期 2
出版年 104
研究生(中文) 蔡維宸
研究生(英文) Wei-Chen Tsai
電子信箱 ted8073@gmail.com
學號 P76024392
學位類別 碩士
語文別 英文
論文頁數 65頁
口試委員 指導教授-鄭憲宗
口試委員-連震杰
口試委員-林建良
口試委員-張惇育
口試委員-陳煥
中文關鍵字 雲端運算  資訊安全  同態加密  MapReduce  Hadoop 
英文關鍵字 Cloud computing  Homomorphic Encryption  MapReduce  Hadoop  Security 
學科別分類
中文摘要 隨著巨量資料時代來臨,雲端運算也趨於普及,它提供了低成本、易於管理和重新提供資源等優點進而提高利潤。但如何保證數據安全性,保持客戶端的個人訊息保密會是雲端計算上安全性的重要問題。
應用雲端運算時,為了避免受到惡意的攻擊與資料的竊取,同態加密系統提供了一個絕佳的解決方案。而全同態加密法的架構源自於西元2009年由Gentry所提出,它讓加密後的密文執行特定的運算後,再將其解密即可得出該對應的明文運算結果。
本研究提出一套系統,利用全同態運算將客戶的加密數據進行處理,得出正確的結果,而在整個處理過程中無需對數據進行解密,能真正解決將數據及其處理委託給第三方時的安全性問題。此外我們將此系統建立在對等服務雲端平台,以防止單一伺服器失效而造成系統無法使用的情形。然而,機密性、完整性與可用性是資訊安全的核心判斷準則,另外將全同態加密與混淆電路做結合來提供驗證計算的機制,我們以此來證明本系統資安機制的防護強度。
英文摘要 With the huge amount of information era is coming, and cloud computing is more universal. The advantages of cloud computing include reduced costs, easy maintenance and re-offering the resources, thereby increasing profits. But how to ensure data security, maintain client confidentiality of personal information is an important issue on cloud computing security.
On the cloud computing applications, in order to avoid malicious attacks and data theft, homomorphic encryption system provides an excellent solution. The structure of fully homomorphic encryption originated in 2009 as proposed by Gentry, which allows a worker without the secret decryption key to compute any result of the data on one hand and still keep the data privacy on the other hand.
This thesis proposes a system that utilizes fully homomorphic computation to process the customer's encrypted data, and get the right result without the need to decrypt the data in the whole process, there is a secure problem when data entrusted to a third party and it is able to resolve.
In addition, we built this system on a peer-servicing public cloud computing platform and to avoid system crash caused by single user offline. However, confidentiality, integrity and availability of information security are core criterions, we combine homomorphic scheme with garbled circuits to provide a mechanism of verifiable computation, and we utilize information security mechanisms to prove the secure strength of this system.
論文目次 摘要 I
Abstract II
ACKNOWLEDGEMENT IV
TABLE OF CONTENTS V
LIST OF TABLES VII
LIST OF FIGURES VII
Chapter 1. Introduction and Motivation 1
1.1. Introduction 1
1.2. Motivation 4
1.3. Thesis Overview 6
Chapter 2. Background and Related Work 7
2.1. MapReduce 7
2.1.1. Framework 7
2.1.2. Execution Flow 8
2.2. Hadoop 9
2.3. Homomorphic Encryption 11
2.4. Yao’s Garbled Circuit Construction 15
2.5. P2P-MapReduce 17
2.6. Related Work 20
Chapter 3. System Design 22
3.1. Problem Description 22
3.2. Enhanced Fully Homomorphic Encryption Cipher 23
3.2.1. Checksum Block Cipher 23
3.3. Verifiable Computation Scheme 32
3.3.1. Threat Model 34
3.3.2. Rabin's oblivious transfer protocol 34
3.3.3. Three phase of verifiable computation 37
Chapter 4. Implementation and Experiment 40
4.1. Experiment environment and settings 40
4.2. Scenario Application 41
4.3. Experiment Results 44
4.3.1. Secure Stock Evaluation 45
4.3.2. Secure SMS Filtering 47
4.3.3. Secure Satisfaction Evaluation 49
4.3.4. SubBytes of Three Phases 51
4.3.5. MixColumns of Three Phases 53
4.3.6. SubBytes of Four Procedures 55
4.3.7. MixColumns Procedures 56
4.3.8. Fault Tolerance 58
Chapter 5. Conclusions and Future Work 62
References 63
參考文獻 [1] Pascal Paillier. “Public-key cryptosystems based on composite degree residuosity classes”. In 18th Annual Eurocrypt Conference (EUROCRYPT'99), Prague, Czech Republic , volume 1592, 1999.
[2] Julien Bringe and al. “An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication”, Springer-Verlag, 2007.
[3] R. Rivest, A. Shamir, and L. Adleman. “A method for obtaining digital signatures and public key cryptosystems”. Communications of the ACM, 21(2) :120-126, 1978. Computer Science, pages 223-238. Springer, 1999.
[4] Taher ElGamal. “A public key cryptosystem and a signature scheme based on discrete logarithms.” IEEE Transactions on Information Theory, 469-472, 1985.
[5] Ronald L. Rivest, Leonard Adleman, and Michael L. Dertouzos. “On Data Banks and Privacy Homomorphisms”, chapter On Data Banks and Privacy Homomorphisms, pages 169-180. Academic Press, 1978.
[6] Dan Boneh, Eu-Jin Goh, and Kobbi Nissim. “Evaluating 2-DNF formulas on ciphertexts”. In Theory of Cryptography Conference, TCC'2005, volume 3378 of Lecture Notes in Computer Science, pages 325-341. Springer, 2005.
[7] “Hadoop”, http://hadoop.apache.org/.
[8] C. T. Chu, S. K. Kim, Y. A. Lin, Y. Yu, G. R. Bradski,A. Y. Ng, and K. Olukotun, “Map-reduce for machine learning on multi core,” in NIPS, B. SchÖlkopf, J. C. Platt, and T. Hoffman, Eds. MIT Press, 2006, pp. 281–288.
[9] J. Ekanayake, S. Pallickara, and G. Fox, “Mapreduce for data intensive scientific analysis,” in eScience, 2008. eScience ’08. IEEE Fourth International Conference on, 2008, pp. 277–284.
[10] G. Mackey, S. Sehrish, J. Lopez, J. Bent, S. Habib, and J. Wang, “Introducing mapreduce to high end computing,” in Petascale Data Storage Workshop Held in conjunction with SC08, 2008.
[11] W. Du, J. Jia, M. Mangal, and M. Murugesan, “Uncheatable grid computing,”in ICDCS ’04: Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS’04). Washington, DC, USA:IEEE Computer Society, 2004, pp. 4–11.
[12] S. Zhao, V. Lo, and C. Gauthier Dickey, “Result verification and trust based scheduling in peer-to-peer grids,” in P2P ’05: Proceedings of the Fifth IEEE International Conference on Peer-to-Peer Computing. Washington, DC, USA: IEEE Computer Society, 2005, pp. 31–38.
[13] L. F. G. Sarmenta, “Sabotage-tolerance mechanisms for volunteer computing systems,” Future Generation Computer Systems, vol. 18, no. 4, pp. 561–572, 2002.
[14] C. Ranger, R. Raghuraman, A. Penmetsa, G. Bradski, and C. Kozyrakis, “Evaluating mapreduce for multi-core and multiprocessor systems,” In HPCA ’07: Proceedings of the 2007 IEEE 13th International Symposium on High Performance Computer Architecture, pages 13–24, Washington, DC, USA, 2007. IEEE Computer Society.
[15] Tebaa M, El Hajji S (2012) “Homomorphic encryption applied to the cloud computing security”. In: Proceedings of the World Congress on Engineering. volume 1, pp. 4–6.
[16] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “(Leveled) fully homomorphic encryption without bootstrapping”, in ITCS, S. Goldwasser, ed., ACM, New York, 2012, pp. 309–325.
[17] A. Dou, V. Kalogeraki, D. Gunopulos, T. Mielikainen, V. H. Tuulos. “Misco: A MapReduce framework for mobile systems”. 3rd Int. Conference on Pervasive Technologies Related to Assistive Environments (PETRA'10), New York, USA, 2010.
[18] “Google MapReduce”, http://research.google.com/archive/mapreduce.html.
[19] H. Lin, X. Ma, J. Archuleta, W.-c. Feng, M. Gardner, Z. Zhang. “MOON: MapReduce On Opportunistic eNvironments”.19th International Symposium on High Performance Distributed Computing (HPDC'10), Chicago, USA, 2010.
[20] B. Tang, M. Moca, S. Chevalier, H. He, G. Fedak. “Towards MapReduce for Desktop Grid Computing”. 5th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC'10), Fukuoka, Japan, 2010.
[21] A. Yao. Protocols for secure computations. In Proceedings of the IEEE Symposium on Foundations of Computer Science, 1982.
[22] A. Yao. How to generate and exchange secrets. In Proceedings of the IEEE Symposium on Foundations of Computer Science, 1986.
[23] Y. Lindell and B. Pinkas. A proof of Yao’s protocol for secure two-party computation. Journal of Cryptology, 22(2):161–188, 2009.
[24] Kreuter, B., Shelat, A., Shen, C.H.: Billion-gate secure computation with malicious adversaries. pp. 14–14. Security 2012, USENIX Association (2012).
[25] Lindell, Y., Pinkas, B.: Secure two-party computation via cut-and-choose oblivious transfer. pp. 329–346. TCC 2011, Springer-Verlag (2011).
[26] Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure two-party computation is practical. pp. 250–267. ASIACRYPT 2009, Springer-Verlag (2009).
[27] Shelat, A., Shen, C.H.: Two-output secure computation with malicious adversaries. pp. 386–405. EUROCRYPT 2011, Springer-Verlag (2011).
[28] Gómez, J.M., Cajigas, G., Puertas Sanz, E., Carrero García, F. Content Based SMS Spam Filtering, Proceedings of the 2006 ACM Symposium on Document Engineering, Amsterdam, The Netherlands, ACM Press. Oct., 2006.
[29] Daemen, Joan; Rijmen, Vincent (March 9, 2003). "AES Proposal: Rijndael" (PDF). National Institute of Standards and Technology. p. 1. Retrieved 21 February 2013.
[30] John Schwartz (October 3, 2000). "U.S. Selects a New Encryption Technique". New York Times.
[31] National Institute of Standards and Technology (NIST), “Advanced Encryption Standard,“ Federal Information Processing Standards Publication 197, November 2001.
[32] Gennaro, R., Gentry, C., Parno, B.: Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010).
[33] Stallings, William (2014). Cryptography and Network Security (6th ed.). Upper Saddle River, N.J.: Prentic Hall. pp. 67–68. ISBN 978-0133354690.
[34] Brakerski Z, Vaikuntanathan V (2011) Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Advances in Cryptology-CRYPTO 2011. Springer Berlin, Heidelberg. pp 505-524.
[35] Craig Gentry and Shai Halevi. Fully homomorphic encryption without squashing using depth-3 arithmetic circuits. Manuscript, to appear in FOCS 2011, available at http://eprint.iacr.org/2011/279.
[36] Oded Regev, “On lattices, learning with errors, random linear codes, and cryptography,” in Proceedings of the thirty-seventh annual ACM symposium on Theory of computing (Baltimore, MD, USA: ACM, 2005), 84-93.
[37] Chris Peikert, “Public-key cryptosystems from the worst-case shortest vector problem: extended abstract,” in Proceedings of the 41st annual ACM symposium on Theory of computing (Bethesda, MD, USA: ACM, 2009), 333-342.
[38] Peikert, Chris (2014-10-01). Mosca, Michele, ed. “Lattice Cryptography for the Internet”. Lecture Notes in Computer Science. Springer International Publishing. pp. 197–219. ISBN 978-3-319-11658-7.
[39] Marozzo F, Talia D, Trunfio P. P2P-MapReduce: parallel data processing in dynamic cloud environments. J. Comput. System Sci. 2012;78(5):1382–402.
[40] P. Rogaway. Evaluation of some blockcipher modes of operation. Technical report, Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan, Feb.2011.
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2020-08-03起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw