帳號:guest(3.236.24.215)          離開系統
字體大小: 字級放大   字級縮小   預設字形  

詳目顯示

以作者查詢圖書館館藏以作者查詢臺灣博碩士論文系統以作者查詢全國書目勘誤回報
作者姓名(中文):劉政宗
作者姓名(英文):Cheng-Tsung Liu
論文名稱(中文):適用於雲端環境且以身份為基礎之確保責任歸屬帳務協定
論文名稱(外文):An Accountable Identity-based Billing Protocol for Cloud Environment
指導教授姓名(中文):羅乃維
指導教授姓名(英文):Nai Wei, Lo
口試委員姓名(中文):吳宗成
左瑞麟
口試委員姓名(英文):Tzong Chen, Wu
Ray Lin, Tso
學位類別:碩士
校院名稱:國立臺灣科技大學
系所名稱:資訊管理系
學號:M10109104
出版年(民國):103
畢業學年度:102
學期:2
語文別:英文
論文頁數:62
中文關鍵詞:雲端運算身份為基礎之加密系統身份辨識責任歸屬
外文關鍵詞:Cloud computingIdentity-based cryptosystemAuthenticationAccountability
相關次數:
  • 推薦推薦:0
  • 點閱點閱:42
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:1
  • 收藏收藏:0
雲端運算是許多公司IT基礎設施的選擇,雲端運算提供商在客戶需要之時提供按使用量計價特性的服務。根據此特性,雲端運算提供商處理資源使用記錄時必須要提供一套安全並合理的作法。否則客戶在使用雲端服務的帳單很可能會不正確,並且難以追蹤問題的來源。因此,一套健全的帳務協定是非常重要的,並且其必須要包括以下幾種需求:在安全且有效率的身分驗證機制下傳輸訊息;帳務交易流程中必須參與者相互驗證服務規格的機制;並且在協定下的記錄資訊必須在可追究責任與不可否認的特性下儲存。
在本篇論文中,我們設計出一套以身份為基礎之確保責任歸屬的帳務架構來解決上述的限制。我們加入以身份為基礎的加密機制到我們的協定來確保訊息交換的安全性與金鑰管理效率。我們在協定中也加入了可信的第三方稽核者來完成驗證機制。並且我們採用了可信賴平台模組中的證據資料來提供保證不可被竄改的記錄資訊機制。我們認為我們提出的這套適用於雲端環境的帳務協定可以有效的增加雲端服務產出帳單的可靠性。
Cloud computing is becoming a widespread adoption of company’s IT infra-structure. Cloud computing providers offer the service when the customer needs them which is based on a pay-per-use basis. According to the basis, the cloud computing provider must make sure the log of cloud resources usage is recorded in a reasonable and secure way. Otherwise, the monthly bill which charged with the customer may be incorrect and makes difficult for the customer and the provider to reason why and how the disputed expense incurred. Hence, a robust billing protocol is vital for cloud computing environment. This environment requires several requirements: (1) the billing transaction, which including several message exchanges, needs a secure and efficient authentication mechanism; (2) the whole process for billing transaction must involves a mutual participants verification mechanism for the consistency of service specification; and (3) all of the logs in the protocol must store in an accountability and non-repudiation way.
Our research goal in this paper is to design a feasible approach for accountable identity-based billing protocol to support these requirements: (1) we implement the identity-based encryption into our protocol to keep the message exchanging secure and efficient. (2) We added a trusted third party auditor which performs the verifica-tion mechanism for resolving the disputes. (3) Also, we adopt a trusted platform mod-ule which generating the attestation data to provide a non-tamper guaranteed log mechanism. Hence, we think that our proposed billing protocols are well-suitable for cloud environment, and significantly improve the reliability of monthly billing.
中文摘要I
AbstractII
誌謝III
ContentsIV
List of FiguresV
List of TablesVI
Chapter 1Introduction1
Chapter 2Related Work5
2.1Billing Systems6
2.2Security Concern for Billing8
2.3Accountability9
Chapter 3The Proposed Protocol11
3.1Overview11
3.2Notations14
3.3Proposed Billing Protocol16
3.3.1Phase 1: The Preliminary18
3.3.2Phase 2: The Transaction Hash Chain Creation and Registration19
3.3.3Phase 3: Billing Transaction20
3.4Monitoring Techniques24
3.5Verification Mechanism26
3.6Monthly Invoice Generation31
Chapter 4Protocol Analysis36
4.1Security Analysis36
4.2Performance Analysis40
4.3Discussion43
4.3.1The concern of actual deployment43
4.3.2The concern of adopting other encryption algorithms44
4.3.3The concern of scalability in our protocol44
Chapter 5Conclusion46
References47
[1]Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing 360-degree compared. In Grid Computing Environments Work-shop, 2008. GCE'08 (pp. 1-10). Ieee.
[2]Mell, P., & Grance, T. (2009). The NIST definition of cloud computing. National Institute of Standards and Technology, 53(6), 50.
[3]Haeberlen, A. (2010). A case for the accountable cloud. ACM SIGOPS Operat-ing Systems Review, 44(2), 52-57.
[4]Medvinsky, G., & Neuman, C. (1993, December). NetCash: A design for practi-cal electronic currency on the Internet. In Proceedings of the 1st ACM confer-ence on Computer and communications security (pp. 102-106). ACM.
[5]Barmouta, A., & Buyya, R. (2003, April). Gridbank: A grid accounting services architecture (gasa) for distributed systems sharing and integration. In Parallel and Distributed Processing Symposium, 2003. Proceedings. International (pp. 8-pp). IEEE.
[6]Foster, I., Kesselman, C., Tsudik, G., & Tuecke, S. (1998, November). A security architecture for computational grids. In Proceedings of the 5th ACM conference on Computer and communications security (pp. 83-92). ACM.
[7]Ruiz-Agundez, I., K Penya, Y., & G Bringas, P. (2010, October). A taxonomy of the future internet accounting process. In ADVCOMP 2010, The Fourth Interna-tional Conference on Advanced Engineering Computing and Applications in Sciences (pp. 111-117).
[8]Hirsh, D., Mills, C., & Ruth, G. R. (1991). Internet accounting: background.
[9]da Silva, F. A. P., Neto, P. A. D. M. S., Garcia, V. C., Assad, R. E., & Trinta, F. A. M. (2012). Accounting models for cloud computing: A systematic mapping study. In Proceedings of 8th International Conference on Grid Computing and Applica-tions (GCA).
[10]Litzkow, M. J., Livny, M., & Mutka, M. W. (1988, June). Condor-a hunter of idle workstations. In Distributed Computing Systems, 1988., 8th International Con-ference on (pp. 104-111). IEEE.
[11]Buyya, R., Abramson, D., & Giddy, J. P. (2000, May). Nimrod/G: An architec-ture for a resource management and scheduling system in a global computational grid. In High Performance Computing in the Asia-Pacific Region, 2000. Pro-ceedings. The Fourth International Conference/Exhibition on (Vol. 1, pp. 283-289). IEEE.
[12]Kwon, O. K., Hahm, J., Kim, S., & Lee, J. (2004, June). GRASP: a grid resource allocation system based on OGSA. In High performance Distributed Computing, 2004. Proceedings. 13th IEEE International Symposium on (pp. 278-279). IEEE.
[13]IBM Tivoli Usage and Accounting Manager V7. 1 Handbook. IBM, International Technical Support Organization, 2008.
[14]Dahan, M., Roberts, E., & Boisseau, J. (2007, November). TeraGrid User Portal v1. 0: Architecture, Design, and Technologies. In International Workshop on Grid Computing Environments.
[15]Dai, X., & Grundy, J. (2007). NetPay: An off-line, decentralized micro-payment system for thin-client applications. Electronic Commerce Research and Applica-tions, 6(1), 91-101.
[16]Bellare, M., Garay, J. A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., ... & Waidner, M. (2000). Design, implementation, and deployment of the iKP se-cure electronic payment system. Selected Areas in Communications, IEEE Jour-nal on, 18(4), 611-627.
[17]Patil, V., & Shyamasundar, R. K. (2005). E-coupons: an efficient, secure and delegable micro-payment system. Information Systems Frontiers, 7(4-5), 371-389.
[18]Rivest, R. L., & Shamir, A. (1997, January). PayWord and MicroMint: Two sim-ple micropayment schemes. In Security Protocols (pp. 69-87). Springer Berlin Heidelberg.
[19]Park, K. W., Han, J., Chung, J., & Park, K. H. (2013). THEMIS: A Mutually ver-ifiable billing system for the cloud computing environment. Services Computing, IEEE Transactions on, 6(3), 300-313.
[20]RSA Data Security, Understanding Public Key Infrastructure (PKI) An RSA Data Security White Paper. Retrieved from ftp://ftp.rsa.com/pub/pdfs/understanding_pki.pdf.
[21]Shamir, A. (1985, January). Identity-based cryptosystems and signature schemes. In Advances in cryptology (pp. 47-53). Springer Berlin Heidelberg.
[22]Boneh, D., & Franklin, M. (2001, January). Identity-based encryption from the Weil pairing. In Advances in Cryptology—CRYPTO 2001 (pp. 213-229). Springer Berlin Heidelberg.
[23]Du, H., & Wen, Q. (2007, December). An efficient identity-based short signature scheme from bilinear pairings. In Computational Intelligence and Security, 2007 International Conference on (pp. 725-729). IEEE.
[24]Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., & Molina, J. (2009, November). Controlling data in the cloud: outsourcing computation without outsourcing control. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 85-90). ACM.
[25]Raj, H., Robinson, D., Tariq, T. B., England, P., Saroiu, S., & Wolman, A. (2011). Credo: Trusted Computing for Guest VMs with a Commodity Hypervisor. Tech-nical Report MSR-TR-2011-130, Microsoft Research.
[26]Haeberlen, A., Aditya, P., Rodrigues, R., & Druschel, P. (2010, October). Ac-countable Virtual Machines. In OSDI (pp. 119-134).
[27]Ko, R. K., Jagadpramana, P., & Lee, B. S. (2011, November). Flogger: A file-centric logger for monitoring file access and transfers within cloud compu-ting environments. In Trust, Security and Privacy in Computing and Communica-tions (TrustCom), 2011 IEEE 10th International Conference on (pp. 765-771). IEEE.
[28]Wongthai, W., Rocha, F. L., & van Moorsel, A. (2013, March). A Generic Log-ging Template for Infrastructure as a Service Cloud. In Advanced Information Networking and Applications Workshops (WAINA), 2013 27th International Conference on (pp. 1153-1160). IEEE.
[29]Macko, P., Chiarini, M., Seltzer, M., & Harvard, S. E. A. S. (2011). Collecting provenance via the Xen hypervisor. In 3rd USENIX Workshop on the Theory and Practice of Provenance.
[30]Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., & Boneh, D. (2003, October). Terra: A virtual machine-based platform for trusted computing. In ACM SIGOPS Operating Systems Review (Vol. 37, No. 5, pp. 193-206). ACM.
[31]Curry, S., Darbyshire, J., Fisher, D. W., Hartman, B., Herrod, S., Kumar, V., ... & Wolf, D. E. (2010). Infrastructure security: Getting to the bottom of compliance in the cloud. RSA Security Brief.
[32]"ISO/IEC 11889-1:2009" . ISO.org. International Organization for Standardiza-tion. Retrieved 29 November 2013.
[33]Azab, A. M., Ning, P., Wang, Z., Jiang, X., Zhang, X., & Skalsky, N. C. (2010, October). HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM conference on Computer and commu-nications security (pp. 38-49). ACM.
[34]Ye, L., Zhang, H., Shi, J., & Du, X. (2012, December). Verifying Cloud Service Level Agreement. In Global Communications Conference (GLOBECOM), 2012 IEEE (pp. 777-782). IEEE.
[35]Sekar, V., & Maniatis, P. (2011, October). Verifiable resource accounting for cloud computing services. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (pp. 21-26). ACM.
[36]Trusted Computing Group. TPM specifications version 1.2. Retrieved from https://www.trustedcomputinggroup.org/downloads/specifications/tpm/tpm.
[37]Choi, S., Han, J., Lee, J., Kim, J., & Jun, S. (2008). Implementation of a tcg-based trusted computing in mobile device. In Trust, Privacy and Security in Digital Business (pp. 18-27). Springer Berlin Heidelberg.
[38]Sailer, R., Zhang, X., Jaeger, T., & Van Doorn, L. (2004, August). Design and Implementation of a TCG-based Integrity Measurement Architecture. In USE-NIX Security Symposium (Vol. 13, pp. 16-16).
[39]Rotondo, S. A. (2011). Trusted Computing Group. Encyclopedia of Cryptog-raphy and Security, 1331-1331.
 
 
 
 
第一頁 上一頁 下一頁 最後一頁 top
* *