移动云服务的数据安全与隐私保护综述

doi:10.3969/j.issn.1000-436X.2013.12.018

摘要/Abstract

摘要：

移动云服务相比传统云具有移动互联、灵活终端应用和便捷数据存取等特点。然而，丰富的移动云服务应用也带来了更多的安全与隐私泄露问题。在阐述移动云服务的基本概念、应用与安全问题的基础上，给出了其安全与隐私保护体系结构，主要围绕安全协议与认证、访问控制、完整性验证、移动可信计算和基于加密、匿名、混淆的隐私保护等关键技术，分析其研究现状，论述已有技术的优势和不足，并探讨了未来的研究方向。

关键词: 移动互联网, 云计算, 移动终端, 数据安全, 隐私保护

Abstract:

Compared with the traditional cloud services,the mobi cloud services have the characteristics of the mobile interconnected,flexible end-user applications and convenient data access.However,the rich applications of mobile cloud services bring more security and privacy-leaking problems.The basic concepts,applications and security issues of mobile cloud services were shaded light on,and then describes the architecture of security and privacy-preserving was described,some key technologies were studied in this domain,mainly focusing on the research progress of the security protocols and authentication,access control,integrity verification,mobile trusted computing and the privacy-preserving based on encryption,anonymous and confusion,and the advantages and disadvantages were pointed out respectively.Finally,some future research direction were given at the end.

Key words: mobile internet, cloud computing, mobile devices, data security, privacy preserving

李瑞轩,董新华,辜希武,周湾湾,王聪. 移动云服务的数据安全与隐私保护综述[J]. 通信学报, 2013, 34(12): 158-166.

Rui-xuan LI,Xin-hua DONG,Xi-wu GU,Wan-wan ZHOU,Cong WANG. Overview of the data security and privacy-preserving of mobile cloud services[J]. Journal on Communications, 2013, 34(12): 158-166.

图/表 3

参考文献 44

[1]	中国互联网络信息中心. 第31次中国互联网络发展状况统计报告[R]. 北京：中国互联网络信息中心， 2012.4-5.China Internet Network Information Center. The 31th Statistical Re-port of China Internet Network Development State[R]. Beijing:China Internet Network Information Center, 2012.4-5.
[2]	吴吉义，沈千里，沈千里等. 云计算：从云安全到可信云[J]. 计算机研究与发展， 2011,48(Suppl):229-233. WU J Y , SHEN Q L , ZHANG J L , et al. Cloud computing:cloud se-curity to trusted cloud[J]. Journal of Computer Research and Devel-opment, 2011,48(Suppl):229-233.
[3]	冯登国，张敏，张妍等. 云计算安全研究[J]. 软件学报， 2011,22(1):71-83. FENG D G , ZHANG M , ZHANG Y , et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1):71-83.
[4]	房秉毅，张云勇，徐雷 . 移动互联网环境下云计算安全浅析[J]. 移动通信， 2011,9:25-28. FANG B Y , ZHANG Y Y , XU L . Briefly discuss on the secu ity of cloud computing in the mobile internet environment[J]. Mobile Com-munications, 2011,9:25-28.
[5]	吕慧，袁杰，肖悦等. 改进的基于椭圆曲线加密的3G 认证与密钥协商协议[J]. 计算机应用， 2012,32(1):58-60. LV H , YUAN J , XIAO Y , et al. Improved ECC-based authentication and key agreement protocol for 3G communication[J]. Journal of Computer Applications, 2012,32(1):58-60.
[6]	傅建庆，陈健，范容等. 基于代理签名的移动通信网络匿名漫游认证协议[J]. 电子与信息学报， 2011,33(1):156-162. FU J Q , CHEN J , FAN R , et al. A delegation-based protocol for ano-nymous roaming authentication in mobile communication network[J]. Journal of Electronics ＆ Information Technology, 2011,33(1):156-162.
[7]	LEE C , LI C , CHANG R . A simple and efficient authentication scheme for mobile satellite communication systems[J]. ternational Journal of Satellite Communications and Networking, 2012,30(1):29-38.
[8]	CHOW R , JAKOBSSON M , MASUOKA R , et al. Authentication in the clouds:a framework and its application to mobile sers[A]. Pro-ceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW)[C]. Chicago,USA, 2010.1-6.
[9]	刘宴兵，刘飞飞 . 基于云计算的智能手机社交认证系统[J]. 通信学报， 2012,33(Z1):28-34. LIU Y B , Y B F F . Cloud computing based smartphone social authen-tication system[J]. Journal on Communications, 2012,33(Z1):28-34.
[10]	YU S , WANG C , REN K , et al. Attribute based data sharing with attribute revocation[A]. Proceedings of the 5th ACM Symposium on Information,Computer and Communications Security (ASI, Beijing,China, 2010.261-270.
[11]	LI J , ZHAO G , CHEN X , et al. Fine-grained data access control sys-tems with user accountability in cloud computing[A]. Proceedings of the 2th International Conference on Cloud Computing (C udCom)[C]. Indianapolis,USA, 2010.89-96.
[12]	邵俊 . 代理重密码的研究[D]. 上海：上海交通大学， 2007. SHAO J . Proxy Re-cryptography Revisited[D]. Shanghai:Shanghai Jiaotong University, 2007.
[13]	ECHEVERRIA V , LIEBROCK L M , SHIN D . Permission manage-ment system:permission as a service in cloud computin[A]. The 34th Annual IEEE Computing Software and Applications Conference Workshops (COMPSAC)[C]. Seoul,South Korea, 2010.371-375.
[14]	熊庭刚，卢正鼎，张家宏 . 移动自组网的访问控制技术研究[J]. 计算机科学， 2011,38(4):72-75. XIONG T G , LU Z D , ZHANG J H . Research on access control tech-nology on mobile ad-hoc networks[J]. Computer Science, 2011,38(4):72-75.
[15]	UNAL D , CAGLAYAN M U . A formal role-based access control model for security policies in multi-domain mobile networks[J]. Computer Networks, 2013,57(1):330-350.
[16]	SHIN J , KIM Y , PARK W , et al. DFCloud:a TPM-based secure data access control method of cloud storage in mobile devices[A]. The 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings (CloudCom)[C]. 2012.
[17]	YUN A , SHI C , KIM Y . On protecting integrity and confidentiality of cryptographic file system for outsourced storage[A]. Proceedings of the first ACM Cloud Computing Security Workshop (CCSW)[C]. Chicago,USA, 2009.67-76.
[18]	杨翠，谭成翔 . 远端非可信平台 agent 完整性保护机制研究与设计[J]. 计算机应用， 2009,(11):3001-3004. YANG C , TAN C X . Research and design of agent integrity protection mechanism on remote untrusted platform[J]. Journal of Computer Ap-plications, Journal of Computer Ap-plications
[19]	JUELS A , KALISKI J B S . Pors:proofs of retrievability for large files[A]. ACM Conference on Computer and Communications Securi-ty (CCS)[C]. Virginia,USA, 2007.584-597.
[20]	ATENIESE G , BURNS R , CURTMOLA R , et al. Provable data pos-session at untrusted stores[A]. ACM Conference on Comp Communications Security (CCS)[C]. Virginia,USA, 2007.598-609.
[21]	ATENIESE G , DIPIETRO R , MANCINI L V , et al. Scalable and efficient provable data possession[A]. Proceedings of the 4th Interna-tional Conference on Security and Privacy in Communication Net-works (SecureComm'08)[C]. ACM:NewYork,NY,USA, 2008.1-10.
[22]	ZENG K . Publicly verifiable remote data integrity[A]. 10th Inter-national Conference on Information and Communication Securit (ICICS)[C]. Birmingham,UK, 2008.419-434.
[23]	李涛，胡爱群 . 可信模块与强制访问控制结合的安全防护方案[J]. 东南大学学报：自然科学版， 2011,41(3):513-517. LI T , HU A Q . Security protection scheme using mobile usted mod-ule and mandatory access control[J]. Journal of Southeast University (Natural Science Edition), 2011,41(3):513-517.
[24]	李磊，侯方勇，陈建勋 . 移动可信平台的发展与研究[J]. 电脑知识与技术， 2010(8):1833-1835. LI L , HOU F Y , CHEN J X . The development and research f mobile trusted platform[J]. Computer Knowledge and Technology, 2010(8):1833-1835.
[25]	SENY K , KRISTIN L . Cryptographic cloud storage[A]. Proceedings of the 14th International Conference on Financial cryptograpy and Data Security[C]. Canary Islands,Spain, 2010.136-149.
[26]	CRAIG G . Fully homomorphic encryption using ideal lattices[A]. Proceedings of the 41th Annual ACM Symposium on Theory of Computing (STOC)[C]. Bethesda,MD,USA, 2009.169-178.
[27]	ANANTHI S , SENDIL M S , KARTHIK S . Privacy preserving key-word search over encrypted cloud data[A]. Advances in Computing and Communications[C]. 2011.480-487.
[28]	HU H , XU J , REN C , et al. Processing private queries over untrusted data cloud through privacy homomorphism[A]. Proc of the 27th IEEE International Conference on Data Engineering (ICDE)[C]. Hannover,Germany, 2011.
[29]	CAO N , WANG C , LI M , et al. Privacy-preserving multi-keyword ranked search over encrypted cloud data[A]. Proc of the 30th IEEE International Conference on Computer Com munications (INFO-COM)[C]. Shanghai,China, 2011.829-837
[30]	侯清铧，武永卫，郑祎民等. 一种保护云存储平台上用户数据私密性的方法[J]. 计算机研究与发展， 2011,48(7):1146-1154. HOU Q H , WU Y W , ZHENG W M , et al. A method on protection of user data privacy in cloud storage platform[J]. Journa of Computer Research and Development, 2011,48(7):1146-1154.
[31]	黄汝维，桂小林，余思等. 云环境中支持隐私保护的可计算加密方法[J]. 计算机学报， 2011,34(12):2391-2402. HUANG R W , GUI X L , YU S , et al. Privacy-preserving computable encryption scheme of cloud compute[J]. Chinese Journa of Comput-ers, 2011,34(12):2391-2402.
[32]	WANG W , LI Z , OWENS R , et al. Secure and efficient access to outsourced data[A]. Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW)[C]. Chicago,USA, 2009.55-65.
[33]	ZHOU Z , HUANG D . Efficient and secure data storage operations for mobile cloud computing[A]. 2012 8th International Conference on Network and Service Management (CNSM)[C]. Las Vegas,USA, 2012.37-45.
[34]	TYSOWSKI P K , HASAN M A . Re-encryption-based key manage-ment towards secure and scalable mobile applications i clouds[R]. IACR Cryptology ePrint Archive, 2011.
[35]	SHIN Y , SHIN S , KIM M , et al. A secure self-encryption scheme for re-source limited mobile devices[A]. Proc of the International Conference on IT Convergence and Security[C]. Pyeong Chang,Korea, 2013.121-129.
[36]	SAMARATI P , SWEENEY L . Protecting privacy when disclosing information:k-anonymity and its enforcement through generalization and suppression[J]. International Journal on Uncertainty,Fuzziness and Knowledge-based Systems, 2002,10(5):557-570.
[37]	WONG R C , LI J , FU A W , et al. (ɑ,k)-anonymity:an enhanced K-anonymity model for privacy-preserving data publishing[A]. Pro-ceedings of the ACM SlGKDD International Conference on Know-ledge Discovery and Data Mining(SIGKDD)[C]. Philadelphia,PA,USA, 2006.754-759.
[38]	MACHANAVAJJHALA A , GEHRKE J , KIFER D , et al. L-diversity:privacy beyond k-anonymity[J]. ACM Trans on Knowledge Discovery from Data (TKDD), 2007,1(1):24-33.
[39]	NINGHUI L , TIANCHENG L , VENKATASUBRAMANIAN S . t-closeness:privacy beyond k-anonymity and l-diversity[A]. Proceed-ings of the 23rd International Conference on Data Engi Istanbul, Turkey, 2007.106-115.
[40]	LUPER D , CAMERON D , MILLER J A , et al. Spatial and temporal target association through semantic analysis and GPS data min-ing[A]. Proceedings of the 2007 International Conference on Informa-tion ＆ Knowledge Engineering (IKE)[C]. Las Vegas, 2007.251-257.
[41]	ZHANG G , YANG Y , YUAN D , et al. A trust-based noise injection strategy for privacy protection in cloud[J]. Software:Practice and Ex-perience, 2012,42(4):431-445.
[42]	CHENG H S , ZHANG D , TAN J G . Protection of privacy in pervasive computing environments[A]. IEEE Computer Society[C]. Las Vegas,USA, 2005.
[43]	倪巍伟，徐立臻，崇志宏 . 基于邻域属性熵的隐私保护数据干扰方法[J]. 计算机研究与发展， 2009,46(3):498-504. NI W W , XU L Z , CHONG Z H , et al. A privacy-preserving data per-turbation algorithm based on neighborhood entropy[J]. urnal of Computer Research and Development, 2009,46(3):498-504.
[44]	徐小龙，周静岚，杨庚 . 一种基于数据分割与分级的云存储数据隐私保护机制[J]. 计算机科学， 2013,40(2):98-102. XU X L , ZHOU J L , YANG G . Data privacy protection mechani m for cloud storage based on data partition and classificati[J]. Computer Science, 2013,40(2):98-102.

安全性要求	对其他用户	对服务提供商
安全协议与认证技术	非法认证过滤	统一认证、相互认证
数据访问控制	存储隔离、加密	存储加密、文件加密
数据私密性	虚拟机隔离、操作系统隔离	操作系统隔离
数据完整性	数据检验	数据检验、公开验证
移动可信计算	移动可信模块，阻止非法进程	可信链传递

代表技术	通用性	计算开销	数据缺损	隐私保护度
加密技术（DES、3DES、ADES、RSA、Diffe Hellman、ECC）	高	高	低	高
匿名技术（k-匿名、L-diversity匿名、T-closeness匿名）	高	中	中	高
混淆技术（添加随机变量、随机偏移值、错误数据、噪声）	中	低	高	中