- 學位論文
在雲端運算環境中建立輕量計算資源之安全機制
Building Lightweight Security Mechanism in Cloud Computing Environment
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
由於現今資訊技術快速的蓬勃發展,透過快速成長的電腦硬體與不斷加大的網路頻寬,使得網際網路的使用者日漸俱增。為了滿足使用者的需求,雲端運算(Cloud Computing)的概念因應而生。然而,由於進入雲端運算環境的門檻較低,提供雲端服務的成本低廉,使得許多供應商紛紛投入雲端運算的環境,快速的提升雲端運算環境上服務的種類與數量,促使更多使用者進入雲端的世界享受雲端所提供的服務與資源。 然而,雲端運算的大量服務也為資訊安全帶來新的挑戰與威脅。而各個供應商為解決雲端運算所帶來的挑戰與威脅,大多是直接利用傳統網際網路的資訊安全技術。然而,由於雲端運算環境上存在大量的應用服務以及資料中心,且是共享資源的環境,所以在應用服務與資料中心的資訊通訊以及認證是一個必須考慮的安全議題。除此之外,在雲端運算中的各個服務,所需的安全機制與等級都不盡相同。所以,為提升使用者以及服務供應商在雲端運算環境中的安全性,並符合雲端運算得特性,在不浪費資源的前提下,維持高品質的服務並提升雲端運算環境中的安全性為本研究所要探討的主要議題。 在本研究中,針對雲端運算環境中的使用者端與伺服器端所面臨的不同安全議題,提出相對應的安全機制。本研究在使用者端提出:(1)以群組認證協議(Group Key Authentication;GKA)提供使用者能夠快速的取得多個伺服器的服務;(2)利用雙重認證與授權安全機制(Two-Factor Authentication and Authorization;TFAA)提供更嚴謹的認證與授權,提升雲端運算的安全性;並以(3)混合式動態凱薩加密系統(Hybrid Dynamic Caesar Cipher;HDCC)提高密碼被破解的困難度,加強使用者使用雲端運算服務的安全性。 本研究在伺服器端則提出:(1)以模糊函數建構動態安全風險管理模式(Fuzzy-based Dynamic Security Risk Management model;FDSRM)依據服務需求不同的安全等級需求,彈性的設定安全架構與安全機制;並以(2)基於加密的認證與金鑰協議(Cipher-based Authentication and Key Agreement;CAKA)提供服務伺服器與資料中心的資訊通訊及認證的安全。
並列摘要
Network bandwidth and hardware technology is developing rapidly and vigorous development of the Internet that makes Internet user increases gradually. A new concept, Cloud Computing, is fulfilling the requests of the users. However, the lower threshold of enter the Cloud Computing environment can provide the lower cost of cloud services, and let many service providers have invested in the Cloud Computing environment. According to the characteristics of Cloud Computing, the kinds and numbers of services are increased rapidly in the Cloud Computing environment. A large of Cloud Computing services also brings new challenges and threats to information security. Most of the service providers use the traditional Internet security technology to solve the challenges and threats of security. However, there is a large numbers of application services and data center in the Cloud Computing environment, and Cloud Computing is a shared resource environment. Therefore, the security issues of authentication and communication in application services and data center are considered. In this study, the security of users and service providers in the Cloud Computing environment are promoted, and the characteristics of Cloud Computing are kept. Under the premise of not wasting resources are maintained, a high Quality of Service (QoS) is provided and the security in the Cloud Computing environment is enhanced to the main topics investigated in this study. In the present study, the different security issues faced by the user client and server in the Cloud Computing environment put forward the corresponding security mechanisms. This study presented three security methods for client. First, Group Key Authentication (GKA) is proposed for user to obtain the services of multiple servers quickly. Second, Two-Factor authentication and Authorization (TFAA) provides a more stringent authentication and authorization, and enhance the security of Cloud Computing. Third, Hybrid Dynamic Caesar Cipher (HDCC) is proposed to improve the password can be compromised difficulty, and HDCC can strengthen the safety of users of Cloud Computing services. However, two security methods for server are presented. First, according to the service needs, a different level of security requests need to be considered, hence, Fuzzy-based Dynamic Security Risk Management model (FDSRM) is proposed that the flexibility to configure security architecture and security mechanisms is provided. Second, Cipher-based Authentication and Key Agreement (CAKA) is proposed to keep the security of information communication nd the authentication of server and data center.
參考文獻
[3]F.T. Ammari and J. Lu(2010), “Advanced XML Security: Framework for Building Secure XML Management System(SXMS),” Proceedings of the 7th International Conference on Information Technology: New Genera-tions(ITNG), Las Vegas, NV, pp. 120-125.
[6]H.Y. Chien and C.H. Chen(2007), “Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards,” Computer Standards and Interface, Vol. 29, No. 2, pp. 254-259.
[7]Y.W. Chen, J.T. Wang, K.H. Chi, and C.C. Tseng(2010), “Group-Based Authentication and Key Agreement,” Wireless Personal Communications, Vol. 62, No. 4, pp.965-978.
[8]A. Chonka, J. Singh, and W.L. Zhou(2009), “Chaos Theory Based Detection against Network Mimicking DDoS Attacks,” IEEE Communication Letters, Vol. 13, No. 9, pp. 717-719.
[9]A. Chonka, Y. Xiang, W.L. Zhou, and A. Bonti(2011), “Cloud Security Defence to Protect Cloud Computing Against HTTP-DoS,” Journal of Network and Computer Applications, Vol. 34, No. 4, pp. 1097-1107.
延伸閱讀
- 楊貴清(2012)。雲端運算環境中資料安全性之探討〔碩士論文,崑山科技大學〕。華藝線上圖書館。https://doi.org/10.6828/KSU.2012.00004
- 陳志誠、劉用貴(2016)。建構雲端環境資料安全存取模型暨績效評估。資訊管理學報,23(1),1-32。https://www.airitilibrary.com/Article/Detail?DocID=16085752-201601-201603010004-201603010004-1-32
- 賴森堂(2015)。以安全風險量測模式評估雲端運算的安全性。電腦稽核,(32),31-44。https://www.airitilibrary.com/Article/Detail?DocID=2073090X-201508-201508140007-201508140007-31-44
- 蔡一郎(2010)。雲端運算與雲端安全架構。資訊安全通訊,16(4),84-93。https://doi.org/10.29614/DRMM.201010.0005
- Huang, W. H. (2018). A Research on Security Mechanisms for Cloud Computing [master's thesis, National Taichung University of Science and Technology]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0061-2407201813493400