| Summary: | 博士 === 國立交通大學 === 電信工程研究所 === 104 === With the advances of virtualization techniques and mobile communication, data sharing services, such as Dropbox and Google Drive, become popular in recent years.
Users can utilize their terminals to collect data, save their data remotely to cloud servers through the Internet, and share their data with other members. However, security and efficiency are the two major concerns for data sharing services.
In this dissertation, we investigate network coding techniques for secure and efficient data sharing services.
In the first part, we investigate the link eavesdropping problem for network coding encrypted cloud storage systems. Network coding can recover data with small repair bandwidth and high reliability compared to the existing erasure coding and replication methods. However, no matter what data recovery techniques are used, it is easy to eavesdrop the repaired data from the transmission link between the local datacenter and its remote backup site. This kind of network security issue is called link eavesdropping. We propose a systematic design methodology for a network coded cloud storage system to determine the parameters of data recovery system for a specified security level. We will present the analytical performance curves to relate the remote repair bandwidth and the number of coded data fragments. Then the number of storage nodes and the link capacity between the dataceneter and the backup site can be determined for different security levels.
In the second part, we examine the overflow problem of a network coded cloud storage system. Unlike encryption schemes, network coding incurs no bandwidth expansion since data are simply mixed together.
However, if the encoding parameter does not match the storage parameter of a network coded system, the length of the network coded data is longer than the original data, which is called the overflow problem of network coding.
We develop an innovative encoding system to avoid the overflow problem when it is applied to a cloud storage environment. The proposed network coding based secure storage (NCSS) scheme incorporates encoding procedures and encoded data distribution scheme, taking into account of the both requirements of security and quality of service (QoS) parameters. We also suggest the guidelines for designing network coding parameters to minimize the amount of encrypted data in the local user and increase the computation speeds of the network coding.
In the third part, we present a topology-aware network coding (TANC) technique to reduce packet retransmissions for wireless multicast. Because retransmission requests from each member of a multicast group are very different, especially in a lossy wireless channel, an efficient packet retransmission mechanism is of importance. In order to retransmit packets effectively, the proposed TANC scheme integrates the network topology information during the encoding phase, and thus has the intelligence of sending the lost encoded packets in the retransmission phase.
Our simulation results show that TANC can reduce 50% of packet retransmissions compared to random linear network coding (RLNC) for different numbers of uncoded packets, nodes, and packet loss probabilities.
In the fourth part, we develop a network coding based pseudonym scheme to protect mobile data privacy, assuming that the intruders have huge computing power and the untrusted cloud servers. Current Hash-based pseudonym methods are computationally secure. However, increasingly growing computing power in the era of cloud computing may eventually break the cipher of Hash function in the near future. To overcome the challenges of the intruders with huge computing power, we adopt unconditionally secure network coding pseudonym scheme. We prove the proposed network coding pseudonym cannot be broken no matter how much computer power or time is available. Second, protecting data security from the insider attack is difficult because untrusted servers can access the information of data ownership. To resolve this issue, we further design a two-tier network coding method to decouple the data ownership information from its pseudonym. Our proposed network coding based pseudonym scheme can simultaneously defend the attacks from the explicit outsiders and the implicit insiders. Our experiments were performed for a location based service (LBS) in an untrusted cloud database. Compared to Hash-based pseudonym, the proposed network coding scheme with appropriate coding parameters can reduce the processing time and the energy consumption by more than 90% and 10%, respectively.
In summary, this dissertation contributes a systematic encoding method of network coding techniques for data sharing services. The proposed network coding schemes and systematic design methodology can provide important insights into the design of a secure and efficient data sharing service.
|
|---|
