云计算环境下安全分布式存储架构与容错技术研究
|
摘要
云计算已经得到广泛的关注,并且发展迅速。以数据中心网络为基础的分布式存储是构建云计算的物理实体。但是由于云计算环境下分布式存储的开放性带来的安全隐患,以及其数据可靠性的制约,使如何实现在数据可容错的过程中保证数据的安全性成为亟待解决的问题。本文研究了云计算环境下安全分布式存储架构与容错技术,主要内容和贡献如下。
1.基于分层源地址验证技术的数据中心网络安全架构
本文提出一种基于分层源地址验证的数据中心网络安全架构,设计了一种可验证源地址生成方法。数据中心网络中的服务器在发送数据时必须使用这种可验证地址作为源地址,在数据发送过程中,该地址将会被验证,确保每台服务器都无法仿冒其他服务器进行数据传输,而且从互联网通过开放端口传入数据中心内部的数据在没有被分配可验证地址的情况下无法在数据中心内部进行转发。为了保证验证的高效性,在验证过程中引入了分层验证和流认证的思想,在数据中心内部使用分层验证,而在数据中心间使用流认证。该架构的使用,可以帮助系统发现不正常的数据传输,过滤非法主机在网络内的数据传输,并定位数据中心内部可能的攻击者,防范直接利用互联网上的主机攻击系统获取数据。实验结果表明基于源地址验证的数据中心网络安全架构可以在不影响数据传输的情况下实现对数据包源地址的验证,其已经具备了实用价值,能够解决网络中利用伪造地址对数据网络中心进行攻击的问题。
2.基于广播加密思想的安全再生码
本文提出了一种将广播加密模型与再生码模型相结合的安全再生码——FCBE (Fault-tolerant Code Based on Broadcast Encryption,FCBE)。在FCBE模型构建过程中,借鉴了广播加密的思想,将编码存储及数据恢复的过程归结为一个广播过程,在数据存入系统时,由系统为其选择一个安全服务器的集合作为容错服务器。当存储服务器失效时,只有系统选定的容错服务器才能够实现数据恢复,而其他服务器即使截获了发送给容错服务器的数据块,也无法恢复原始数据。安全性分析证明了FCBE能够实现适应性安全,实验结果表明,其引入安全要素所造成的带宽占用是可以接受的,不会对整个数据中心网络的数据传输造成压力。
3.基于门限机制的安全再生码
本文提出了两种基于门限机制的安全再生码,其核心思想是在再生码模型中引入可靠第三方密钥服务器,用户将数据存放于数据中心时从编码矩阵中选取部分秘密,并将秘密分享给第三方密钥服务器,当需要对失效节点中的数据进行恢复或者是其他数据使用者下载数据时,需要经过第三方密钥服务器的验证,通过验证后才能够从中获取编码矩阵的秘密,进而构造解码矩阵恢复失效数据或下载原始数据。基于此思想本文提出了两种安全再生码SRCF (Secure Regenerating Code for Fault-tolerant, SRCF)和SRCS(Secure Regenerating code with Semi-adaptive, SRCS)。安全性分析证明了SRCF可以实现选择明文安全,而SRCS可以实现部分适应性攻击安全;实验结果表明,SRCF和SRCS引入安全要素所造成的带宽占用不大,不会对整个数据中心网络的数据传输造成压力。
4.基于流水线思想的编码数据恢复模式
本文提出了一种基于流水线思想的数据恢复模式。该模式借鉴了工业生产中流水线生产的思想,将待恢复服务器看作流水线上的产品,将存储服务器看作流水线工人,完成数据恢复的服务器即为生产完毕的产品。利用该模式可以进一步的降低数据恢复时所占用的带宽,从而减小引入安全要素所增加的带宽消耗。通过理论分析证明了该模式不会对数据恢复的正确性造成影响,且其可以减小带宽消耗。
Nowadays, cloud computing has gotten extensive concern and rapid development. The distributed storage built on data center network is one of the necessary infrastructure of the cloud computing. However, the openness of distributed storage in cloud computing results in security risks and the data reliability is one of the constraints of cloud applications. Therefore, it is a significant problem that how to guarantee data security during the process of data reliability protection. This paper studies the secure distributed storage architecture of cloud computing with a secure fault-tolerant technology. Its main content and contributions are as follows.
1. A secure architechture of the data centre network based on the hierarchical source address validation technique.
A secure architecture of the data center network based on the hierarchical source address validation technique is proposed in this paper. A hierarchical source address which can be validated is designed. All servers in the data center must use this address as the source address when they send data packets to the network. Then, the address will be validated during the data transmission. This can ensure that no server can fake other servers to send data and the server which connects to the data center network without a hierarchical source address can't transmit data in the network. In order to achieve efficient validation, the hierarchical validation and stream authentication are used in the architecture. The hierarchical validation is used inner the data center and the stream authentication is used inter the data centers. By using this architecture, the system can detect abnormal data transmission, filter the data packets transmitted by the illegal servers, and locate the potential attackers within the data center. The experimental result shows that this technique can validate the source addresses of data packets with a low cost.
2. A secure regenerating code based on the broadcast encryption
A secure regenerating code called fault-tolerant Code Based on Broadcast Encryption (FCBE) is proposed. The encoding process of FCBE is transformed into a broadcast process. When data is stored into the system, a set of secure servers will be chosen for the fault-tolerance. When the storage server fails, only these chosen servers can regenerate the data and others cannot do so. It is proved that FCBE is adaptively secure. The experimental results show that FCBE can guarantee data security during the data regenerating process and the traffic bandwidth resulted from the secure validation is acceptable.
3. A secure regenerating code based on the threshold scheme
Two secure regenerating codes based on the threshold scheme are proposed. The main idea is to introduce a key management server which is a trusted third party into the model of regenerating codes. When the owner stores data into the system, he will choose a secret from the encoding matrix and share the secret with the key management server. When the failed nodes regenerate data or other users download data from the storage servers, they need to provide security proof to the key management server. If and only if the security proof is validated by the key management server, they can get the secret from it and construct the decoding matrix to regenerate data. Then, based on this idea, the Secure Regenerating Code for Fault-tolerant (SRCF) and Secure Regenerating code with Semi-adaptive (SRCS) are designed. It is proved that the SRCF is chosen plaintext secure and the SRCS is semi-adaptive secure. The experimental results show that the traffic bandwidth resulted from the secure validation in SRCF and SRCS is acceptable, and it puts no much pressure on the data center transmission bandwidth.
4. Coded data regeneration model based on the assembly line
A data regeneration model based on the assembly line is proposed. The model adopts the idea of industrial production assembly line. It treats the regenerating server as the semi-manufactured product, the storage server as the worker and the server which has finished regeneration as the finished product. By using this model, the bandwidth used in the data regeneration will be reduced. Theoretical analysis shows that this model can regenerate data correctly and indeed reduce the bandwidth used in the data regeneration.
1.基于分层源地址验证技术的数据中心网络安全架构
本文提出一种基于分层源地址验证的数据中心网络安全架构,设计了一种可验证源地址生成方法。数据中心网络中的服务器在发送数据时必须使用这种可验证地址作为源地址,在数据发送过程中,该地址将会被验证,确保每台服务器都无法仿冒其他服务器进行数据传输,而且从互联网通过开放端口传入数据中心内部的数据在没有被分配可验证地址的情况下无法在数据中心内部进行转发。为了保证验证的高效性,在验证过程中引入了分层验证和流认证的思想,在数据中心内部使用分层验证,而在数据中心间使用流认证。该架构的使用,可以帮助系统发现不正常的数据传输,过滤非法主机在网络内的数据传输,并定位数据中心内部可能的攻击者,防范直接利用互联网上的主机攻击系统获取数据。实验结果表明基于源地址验证的数据中心网络安全架构可以在不影响数据传输的情况下实现对数据包源地址的验证,其已经具备了实用价值,能够解决网络中利用伪造地址对数据网络中心进行攻击的问题。
2.基于广播加密思想的安全再生码
本文提出了一种将广播加密模型与再生码模型相结合的安全再生码——FCBE (Fault-tolerant Code Based on Broadcast Encryption,FCBE)。在FCBE模型构建过程中,借鉴了广播加密的思想,将编码存储及数据恢复的过程归结为一个广播过程,在数据存入系统时,由系统为其选择一个安全服务器的集合作为容错服务器。当存储服务器失效时,只有系统选定的容错服务器才能够实现数据恢复,而其他服务器即使截获了发送给容错服务器的数据块,也无法恢复原始数据。安全性分析证明了FCBE能够实现适应性安全,实验结果表明,其引入安全要素所造成的带宽占用是可以接受的,不会对整个数据中心网络的数据传输造成压力。
3.基于门限机制的安全再生码
本文提出了两种基于门限机制的安全再生码,其核心思想是在再生码模型中引入可靠第三方密钥服务器,用户将数据存放于数据中心时从编码矩阵中选取部分秘密,并将秘密分享给第三方密钥服务器,当需要对失效节点中的数据进行恢复或者是其他数据使用者下载数据时,需要经过第三方密钥服务器的验证,通过验证后才能够从中获取编码矩阵的秘密,进而构造解码矩阵恢复失效数据或下载原始数据。基于此思想本文提出了两种安全再生码SRCF (Secure Regenerating Code for Fault-tolerant, SRCF)和SRCS(Secure Regenerating code with Semi-adaptive, SRCS)。安全性分析证明了SRCF可以实现选择明文安全,而SRCS可以实现部分适应性攻击安全;实验结果表明,SRCF和SRCS引入安全要素所造成的带宽占用不大,不会对整个数据中心网络的数据传输造成压力。
4.基于流水线思想的编码数据恢复模式
本文提出了一种基于流水线思想的数据恢复模式。该模式借鉴了工业生产中流水线生产的思想,将待恢复服务器看作流水线上的产品,将存储服务器看作流水线工人,完成数据恢复的服务器即为生产完毕的产品。利用该模式可以进一步的降低数据恢复时所占用的带宽,从而减小引入安全要素所增加的带宽消耗。通过理论分析证明了该模式不会对数据恢复的正确性造成影响,且其可以减小带宽消耗。
Nowadays, cloud computing has gotten extensive concern and rapid development. The distributed storage built on data center network is one of the necessary infrastructure of the cloud computing. However, the openness of distributed storage in cloud computing results in security risks and the data reliability is one of the constraints of cloud applications. Therefore, it is a significant problem that how to guarantee data security during the process of data reliability protection. This paper studies the secure distributed storage architecture of cloud computing with a secure fault-tolerant technology. Its main content and contributions are as follows.
1. A secure architechture of the data centre network based on the hierarchical source address validation technique.
A secure architecture of the data center network based on the hierarchical source address validation technique is proposed in this paper. A hierarchical source address which can be validated is designed. All servers in the data center must use this address as the source address when they send data packets to the network. Then, the address will be validated during the data transmission. This can ensure that no server can fake other servers to send data and the server which connects to the data center network without a hierarchical source address can't transmit data in the network. In order to achieve efficient validation, the hierarchical validation and stream authentication are used in the architecture. The hierarchical validation is used inner the data center and the stream authentication is used inter the data centers. By using this architecture, the system can detect abnormal data transmission, filter the data packets transmitted by the illegal servers, and locate the potential attackers within the data center. The experimental result shows that this technique can validate the source addresses of data packets with a low cost.
2. A secure regenerating code based on the broadcast encryption
A secure regenerating code called fault-tolerant Code Based on Broadcast Encryption (FCBE) is proposed. The encoding process of FCBE is transformed into a broadcast process. When data is stored into the system, a set of secure servers will be chosen for the fault-tolerance. When the storage server fails, only these chosen servers can regenerate the data and others cannot do so. It is proved that FCBE is adaptively secure. The experimental results show that FCBE can guarantee data security during the data regenerating process and the traffic bandwidth resulted from the secure validation is acceptable.
3. A secure regenerating code based on the threshold scheme
Two secure regenerating codes based on the threshold scheme are proposed. The main idea is to introduce a key management server which is a trusted third party into the model of regenerating codes. When the owner stores data into the system, he will choose a secret from the encoding matrix and share the secret with the key management server. When the failed nodes regenerate data or other users download data from the storage servers, they need to provide security proof to the key management server. If and only if the security proof is validated by the key management server, they can get the secret from it and construct the decoding matrix to regenerate data. Then, based on this idea, the Secure Regenerating Code for Fault-tolerant (SRCF) and Secure Regenerating code with Semi-adaptive (SRCS) are designed. It is proved that the SRCF is chosen plaintext secure and the SRCS is semi-adaptive secure. The experimental results show that the traffic bandwidth resulted from the secure validation in SRCF and SRCS is acceptable, and it puts no much pressure on the data center transmission bandwidth.
4. Coded data regeneration model based on the assembly line
A data regeneration model based on the assembly line is proposed. The model adopts the idea of industrial production assembly line. It treats the regenerating server as the semi-manufactured product, the storage server as the worker and the server which has finished regeneration as the finished product. By using this model, the bandwidth used in the data regeneration will be reduced. Theoretical analysis shows that this model can regenerate data correctly and indeed reduce the bandwidth used in the data regeneration.
引文
[1]工业和信息化部电信研究院,云计算白皮书[OL]:http://wenku.baidu.com/view/27a6e43483c4bb4cf7e cd115.html
[2]Dean J. Experiences with MapReduce, an abstraction for large-scale computation[A], In:Proc. of the PACT[C]. Seattle:ACM Press,2006:16-20.
[3]Greenberg A, Hamilton JR, Jain N. VL2:A scalable and flexible data center network[A]. In:Proc. of the SIGCOMM 2009[C].2009:51-62.
[4]Dally WJ, Towles BP. Principles and Practices of Interconnection Networks[M]. San Francisco:Morgan Kaufmann Publishers,2004.
[5]Abu-Libdeh H, Costa P, Rowstron A, O'Shea G, Donnelly A. Symbiotic routing in future data centers[A]. In:Proc. of the SIGCOMM 2010[C]. New Delhi:ACM Press,2010:51-62.
[6]Guo CX, Wu HT, Tan K, Shi L, Zhang YG, Lu SW. DCell:A scalable and fault-tolerant network structure for data centers[A]. In:Proc. of the SIGCOMM 2008[C]. Seattle:ACM Press,2008:75-86.
[7]穆飞,薛巍.一种面向大规模存储系统的数据副本映射算法[J].计算机研究与发展,2009,46(3):492-497.
[8]熊润群,罗军舟.云计算环境下Q0S偏好感知的副本选择策略[J].通信学报2011,32(7):93-102.
[9]王永剑,裴翔.Nova-BFT: —种支持多种故障模型的副本状态机协议[J].计算机研究与发展,2011,48(7):1134-1145.
[10]Guy L, Kunszt P, Laure E, Stockinger H, Stockinger K.. Replica management in data grids[OL]: http://people.isb-sib.ch/Heinz.Stockinger/publications/datagrid-ggf2002.pdf.
[11]Weil SA, Pollack KT, Brandt SA, Miller AEL. Dynamic metadata management for petabyte-scale file systems[A]. In:Proc. of the 2004 ACM/IEEE Conf. on Supercomputing (SC 2004) [C]. Pittsburgh:ACM Press,2004.
[12]王禹,赵跃龙.基于副本管理的P2P存储系统可靠性分析[J].华南理工大学学报(自然科学版),39(2):148-151.
[13]Muthitacharoen A, Morris R, Gil TM, Chen BJ. Ivy:A read/write peer-to-peer file system[A]. In:Proc. of the 5th Symp. on Operating Systems Design and Implementation[J]. Boston:ACM Press,2002:31-44.
[14]The apache software foundation. HDFS Architecture Guide [OL]:http://hadoop.apache.org/common/ docs/current/hdfs_design.html.
[15]Shvachko K, Kuang H, Radia S, Chansler R. The Hadoop distributed file system[A]. In:Proc. of the IEEE 26th Symp. on Mass Storage Systems and Technologies (MSST)[C]. Lake Tahoe:IEEE,2010:1-10.
[16]Decandia G, Hastorun D, Jampani M, Kakulapati G, Lakshman A, Pilchin A, Sivasubramanian S, Vosshall P, Vogels W. Dynamo:Amazon's highly available key-value store[A]. In:Proc. of the SOSP 2007[C]. Stevenson:ACM Press,2007:205-220.
[17]Karger D, Lehman E, Leighton T, Panigrahy R, Levine M, Lewin D. Consistent Hashing and random trees:Distributed caching protocols for relieving hot spots on the World Wide Web[A]. In:Proc. of the STOC[C]. El Paso:ACM Press,1997:654-663.
[18]Lakshman A, Malik P. Cassandra:A decentralized structured storage system. ACM SIGOPS Operating Systems Review[J],2010,44(2):35 40.
[19]Sashi K, Thanamani AS. A new replica creation and placement algorithm for data grid environment[A]. In:Proc. of the 2010 Int'1 Conf. on Data Storage and Data Engineering (DSDE)[C]. Bangalore:IEEE,2010: 265-269.
[20]Gu QF, Chen B, Zhang YP. Dynamic replica placement and location strategies for data grid[A]. In:Proc. of the 2008 Int'1 Conf. on Computer Science and Software Engineering (CSSE)[C]. Wuhan:IEEE,2008: 35-40.
[21]Ding Y, Lu Y. Automatic data placement and replication in grids[A]. In:Proc. of the HIPC[C]. Kochi: IEEE,2009:30-39.
[22]Hsiao HI, Dewitt DJ. Chained declustering:A new availability strategy for multiprocessor database machines[A]. In:Proc. of the 6th Int'1 Conf. on Data Engineering (ICDE) [C]. Los Angeles:University of Wisconsin,1990:456-465.
[23]Buyya R, Corte T, Jin H. Petal:Distributed virtual disks[A]. In:Proc. of the High Performance Mass Storage and Parallel I/O:Technologies and Applications[C]. Piscataway:Wiley-IEEE Press,2002: 420-430.
[24]Dabek F, Kaashoek MF, Karger D, Morris R, Stoica I. Wide-Area cooperative storage with CFS[A]. In: Proc. of the 18th ACM Symp. on Operating System Principles (SOSP) [C]. Banff:ACM Press,2001: 202-215.
[25]Rowstron A, Druschel P. Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility[A]. In:Proc. of the SOSP 2001 [C]. Banff:ACM Press,2001:188-201.
[26]Chandy JA. A generalized replica placement strategy to optimize latency in a wide area distributed storage system[A]. In:Proc. of the DADC 2008 [C]. Boston:ACM Press,2008:49-54.
[27]Patterson DA, Gibson G, Katz RH. A case for redundant arrays of inexpensive disks (RAID)[A]. In:Proc. of the SIGMOD[C]. Chicago:ACM Press,1988:109-116.
[28]Rizzo L. Effective erasure codes for reliable computer communication protocols[J]. Computer Communication Review,1997,27(2):24-36.
[29]Xiao N, Shu JW, Liu F, Li MQ. Research on the state of art of storage technologies and future trend[A]. In:Wang CH, ed. The Annual Report in 2008 on the Development of Computer Science and Technology[M]. Beijing:China Machine Press,2009:12-48.
[30]Weatherspoon H, Kubiatowicz JD. Erasure coding vs. replication:A quantitative comparison[A]. In:Proc. of the IPTPS[C]. Cambridge:Springer-Verlag,2002:328-337.
[31]Rodrigues R, Liskov B. High availability in DHTs:Erasure coding vs.replication[A]. In:Proc. of the IPTPS[C]. Ithaca:Springer-Verlag,2005:226-239.
[32]Zhang Z, Deshpande A, Ma XS, Thereska E, Narayanan D. Does erasure coding have a role to play in my data center?[R]. Microsoft Research,2010.
[33]Hafner JL. Weaver codes:Highly fault tolerant erasure codes for storage systems[A]. In:Proc. of the 4th USENIX Conf. on File and Storage Technologies (FAST 2005)[C]. San Francisco:USENIX Association, 2005:16-30.
[34]Gallager RG. Low-Density parity-check codes[J]. IEEE Trans, on Information Theory,1962,8(1):21-28.
[35]Luby MG, Mitzenmacher M, Shokrollahi MA, Spielman DA. Efficient erasure correcting codes[J]. IEEE Trans, on Information Theory,2001,47(2):569-584.
[36]Plank JS, Thomason MG. A practical analysis of low-density parity-check erasure codes for wide-area storage applications[A]. In:Proc. of the DSN 2004[C], Florence:IEEE,2004:115-124.
[37]张焕国,刘玉珍.密码学引论[M].武汉:武汉大学出版社,2004.
[38]Wikipedia. Standard RAID levels[OL]:http://en.wikipedia.org/wiki/Raid5#RAID_5
[39]R.W. Yeung, S.-Y.R. Li, N. Cai, and Z. Zhang. Network Coding Theory[J]. Foundation and Trends in Communications and Information Theory,2005,2:241-381.
[40]Szymon. How good is random linear coding based distributed networked storage[OL]: http://netcod.org/papers/11AcedanskiDMK-final.pdf
[41]Alexandros G. Dimakis, P. Brighten Godfrey, Martin J. Wainwright, Kannan Ramchandran. The Benefits of Network Coding for Peer-to-Peer Storage Systems[A]. In Third Workshop on Network Coding, Theory, and Applications[C].2007:1-6.
[42]Alexandros G. Dimakis, P. Brighten Godfrey, Yunnan Wu. Network Coding for Distributed Storage Systems[J]. IEEE Transactions on Information Theory 2008,56 (9):4539-4551.
[43]Yunnan Wu, Alexandros G. Dimakis, Kannan Ramchandrany. Deterministic Regenerating Codes for Distributed Storage[A]. In:Allerton Conference on Control, Computing,and Communication[C]. Urbana-Champaign, IL:IEEE,2007:1-8.
[44]Yunnan Wu, Alexandros G. Dimakis. Reducing Repair Traffic for Erasure Coding-Based Storage via Interference Alignment[A]. In:IEEE International Symposium on Information Theory[C]. Redmond, WA, US,2009:2276-2280.
[45]Dimakis, Alexandros G. A Survey on Network Codes for Distributed Storage[J]. Proceedings of the IEEE 2011,99 (3):476-489.
[46]Bernat Gast6n, Jaume Pujol, And Merce Villanueva. Quasi-cyclic Minimum Storage Regenerating Codes for distributed data compression[A]. In:Data Compression Conference[C]. Snowbird, UT, USA,2011: 33-42.
[47]Wu, Yunnan. Existence and Construction of Capacity-Achieving Network Codes for Distributed Storage[J]. IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS,2010,28 (2):277-288.
[48]Wu, Yunnan. A Construction of Systematic MDS Codes With Minimum Repair Bandwidth[J]. IEEE TRANSACTIONS ON INFORMATION THEORY,2011,57 (6):3738-3741.
[49]Viveck R. Cadambe, Syed A. Jafar, Hamed Maleki. Minimum Repair Bandwidth for Exact Regeneration in Distributed Storage[A]. In:2010 IEEE Wireless Network Coding Conference (WiNC)[C]. Bostn, USA, 2010:1-6.
[50]K. V. Rashmiy, Nihar B. Shahy, P. Vijay Kumary, Kannan Ramchandran. Explicit Construction of Optimal Exact Regenerating Codes for Distributed Storage[A]. In:47th Annual Allerton Conference on Communication, Control, and Computing[C]. Allerton House, Illinois,2009:1243-1249.
[51]K. V. Rashmiy, Nihar B. Shahy, P. Vijay Kumar. Optimal Exact-Regenerating Codes for Distributed Storage at the MSR and MBR Points via a Product-Matrix Construction[J]. IEEE Transactions on Information Theory,2011,57 (8):5227-5239.
[52]Nihar B. Shahy, K. V. Rashmiy, P. Vijay Kumary, Kannan Ramchandran. Explicit Codes Minimizing Repair Bandwidth for Distributed Storage[A]. In:2010 IEEE Information Theory Workshop (ITW)[C]. Cairo, Egypt,2009:1-5.
[53]Nihar B. Shahy, K. V. Rashmiy, P. Vijay Kumar. Interference Alignment in Regenerating Codes for Distributed Storage:Necessity and Code Constructions[J]. IEEE Transactions on Information Theory,2010, 58 (4):2134-2158.
[54]Changho Suh and Kannan Ramchandran. Exact Regeneration Codes for Distributed Storage Repair Using Interference Alignment[OL]:http://arxiv.org/abs/1001.0107v2
[55]Soroush Akhlaghi, Abbas Kiani and Mohammad Reza Ghanavati. A Fundamental Trade-off Between The Download Cost And Repair Bandwidth In Distributed Storage Systems[A]. In:2010 IEEE International Symposium on Network Coding (NetCod)[C]. Toronto, Ontario, Canada,2010:1-6.
[56]Fr'Ed'Erique Oggier, Anwitaman Datta. Byzantine Fault Tolerance of Regenerating Codes[A]. In:2011 IEEE International Conference on Peer-to-Peer Computing [C]. Kyoto, Japan,2011:112-121.
[57]Fr'Ed'Erique Oggier, Anwitaman Datta. Self-repairing Homomorphic Codes for Distributed Storage Systems[A]. In:IEEE INFOCOM[C]. Shanghai, China,2011:1215-1223.
[58]Yuchong Hu, Yinlong Xu, Xiaozhao Wang, Cheng Zhan and Pei Li. Cooperative Recovery of Distributed Storage Systems from Multiple Losses with Network Coding[J]. IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS,2010,28 (2):268-276.
[59]胡烯翀.基于网络编码的分布式存储容错机制研究[D].中国科技大学2010.
[60]Yuchong Hu, Chiu-Man Yu, Yan Kit Li, Patrick P. C. Lee, John C. S. Lui. NCFS:On the Practicality and Extensibility of a Network-Coding-Based Distributed File System[A]. In:2011 IEEE International Symposium on Network Coding (NetCod)[C]. Rennes, France,2011:7-12.
[61]Xiaozhao Wang, Yinlong Xu, Yuchong Hu, Kaiqian Ou. MFR:Multi-Loss Flexible Recovery in Distributed Storage Systems[A]. In:IEEE ICC 2010[C]. Cape Town, South Africa,2010:1-5.
[62]Hu Yuchong, Xu Yinlong, Wang Xiaozhao. MCR:A Mutual Cooperative Recovery Mechanism in Peer-to-Peer Storage Systems[A]. In:2nd IEEE International Conference on Broadband Network & Multimedia Technology[C]. Hefei, China 2009:681-686.
[63]Anne-Marie Kermarrec, Nicolas Le Scouarnecy and Gilles Strauby. Repairing Multiple Failures with Coordinated and Adaptive Regenerating Codes[A]. In:International Symposium on Network Coding (NetCod)[C]. Rennes, France 2011:1-6.
[64]Kenneth W. Shum, Yuchong Hu. Exact Minimum-Repair-Bandwidth Cooperative Regenerating Codes for Distributed Storage Systems[A]. In:IEEE International Symposium on Information Theory[C].2011: 1442-1446.
[65]Kenneth W. Shum, Yuchong Hu. Existence of Minimum-Repair-Bandwidth Cooperative Regenerating Codes[A]. In:International Symposium on Network Coding (NetCod)[C]. Rennes, France,2011:13-18.
[66]Shum, Kenneth W. Cooperative Regenerating Codes for Distributed Storage Systems[A]. In:IEEE International Conference on Communications (ICC)[C]. Hong Kong, China,2011:1-5.
[67]Al-Fares M, Loukissas A, Vahdat A. A scalable, commodity data center network architecture[A]. In:Proc. of the SIGCOMM 2008[C]. Seattle:ACM Press,2008:63-74.
[68]Mysore RN, Pamboris A, Farrington N. PortLand:A scalable fault-tolerant layer 2 data center network fabric[A]. In:Proc. of the SIGCOMM 2009[C]. Barcelona:ACM Press,2009:39-50.
[69]Paolo Costa, Austin Donnelly, Ant Rowstron, Greg O'Shea. CamDoop:Exploiting In-network Aggregation for Big Data Applications [A]. In:Proc. of the 9th USENIX conference on Networked Systems Design and Implementation[C]. CA, USA:ACM Press,2012:51-62.
[70]Costa P, Zahn T, Rowstron A, O'shea G, Schubert S. Why should we integrate services, servers, and networking in a data center?[A] In:Proc. of the WREN 2009[C]. Barcelona:ACM Press,2009:111-118.
[71]Guo CX, Lu GH, Li D, Wu HT, Zhang X, Shi YF, Tian C, Zhang YG, Lu SW. BCube:A high performance, server-centric network architecture for modular data centers[A]. In:Proc. of the SIGCOMM 2009[C]. Barcelona, Spain:ACM Press,2009:3-17.
[72]Li D, Guo CX, Wu HT, Tan K, Zhang YG, Lu SW. FiConn:Using backup port for server interconnection in data centers[A]. In:Proc. of the INFOCOM 2009[C]. Rio de Janeiro:IEEE,2009:2276-2285.
[73]Kent S, Atkinson R. Security Architecture for the Internet Protocol[S]. IETF, RFC2401,1998.
[74]Ferguson P, Senie D. Network Ingress Filtering:Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing[S]. IETF, RFC2827,2000.
[75]Li J, Mirkovic J, Wang M, et al. SAVE:source address validity enforcement protocol[A]. In:Proc IEEE INFOCOM[C]. Washington:IEEE,2002:1557-1566.
[76]Belenky A, Ansari N. IP traceback with deterministic packet marking[J]. IEEE Commun Lett,2003,7(4): 162-164.
[77]WU JianPing, REN Gang, LI Xing. Building a next generation Internet with source address validation architecture[J]. Science in China Series F:Information Sciences,51(11) 2008:1681-1691.
[78]Jun Bi, Guang Yao, Jianping Wu. An IPv6 Source Address Validation Tested and Prototype Implementation[J]. JOURNAL OF NETWORKS,4(2),2009:100-107.
[79]T. Aura.Cryptographically Generated Addresses (CGA)[S]. IETF, RFC 3972,2005.
[80]Marcelo Bagnulo, Alberto Garcia-Martinez, Arturo Azcorra. Efficient Security for IPv6 Multihoming[J]. ACM SIGCOMM Computer Communications Review,35(5),2005:61-68.
[81]谭作文,刘卓军,肖红光.一个安全公钥广播加密方案[J].软件学报,2005,16(7):1333-1343.
[82]Craig Gentry, Brent Waters. Adaptive Security in Broadcast Encryption Systems[A]. In:EUROCRYPT 2009[C]. Heidelberg,2009:171-188.
[83]Piyi Yang, Zhenfu Cao, Xiaolei Dong. A Dependable Threshold Broadcast Encryption System for Key Distribution in Mobile Ad Hoc Network[A]. In:Second International Conference on Dependability[C]. Athens/Glyfada, Greece,2009:1-6.
[84]Libert, Benoint. Anonymous Broadcast Encryption:Adaptive Security and Efficient Constructions in the Standard Model[A]. In:15th International Conference on Practice and Theory in Public Key Crptography[C]. Darmstadt,Germany,2012:206-224.
[85]Malek, Behzad. Adaptively Secure Broadcast Encryption with Short Ciphertexts[J]. International Journal of Network Security,2012,14 (2):71-79.
[86]Phan, Duong Hieu. Decentralized Dynamic Broadcast Encryption[A]. In:8th Conference on Security and Cryptography for Networks[C]. Amal, Italy,2012:166-183.
[87]Dan Boneh, Craig Gentry. Collusion resistant broadcast encryption with short ciphertexts and private keys[A]. In:CRYPTO 2005[C]. Heidelberg,2005:258-275.
[88]Seiko Arita, Koji Tsurudome. Construction of Threshold Public-Key Encryptions through Tag-Based Encryptions[A]. In:7th International Conference, ACNS 2009[C]. Paris-Rocquencourt, France,2008: 186-200.
[89]Bo Qin, Qianhong Wu. Threshold Public-Key Encryption with Adaptive Security and Short Ciphertexts[A]. In:ICICS[C]. LNCS,2010:62-76.
[90]Javier Herranz, Fabien Laguillaumie. Constant Size Ciphertexts in Threshold Attribute-Based Encryption[A]. In:International Association for Cryptologic Research 2010[C]. LNCS,2010:19-34.
[91]谭作文,范艳芳.分工式门限认证加密方案[J].计算机学报,2010,33(7):1183-1194.
[92]Bhichate Chiewthanakul, Nattayanee Darath. A (t, w) Threshold Scheme over Insecure Channels[A]. In: The 8th Electrical Engineering/Electronics, Computer.Telecommunications and Information Technology (ECTI)[C]. Thailand,2011:232-235.
[93]Bo Qin, Qianhong Wua, Lei Zhang. Provably secure threshold public-key encryption with adaptive security and short ciphertexts[J]. Information Sciences,2012,210:67-80.
[94]Boneh. Hierarchical Identity Based Encryption with Constant Size Ciphertext[A]. In:2005 EUROCRYPT[C]. Heidelberg,2005:440-456.
[2]Dean J. Experiences with MapReduce, an abstraction for large-scale computation[A], In:Proc. of the PACT[C]. Seattle:ACM Press,2006:16-20.
[3]Greenberg A, Hamilton JR, Jain N. VL2:A scalable and flexible data center network[A]. In:Proc. of the SIGCOMM 2009[C].2009:51-62.
[4]Dally WJ, Towles BP. Principles and Practices of Interconnection Networks[M]. San Francisco:Morgan Kaufmann Publishers,2004.
[5]Abu-Libdeh H, Costa P, Rowstron A, O'Shea G, Donnelly A. Symbiotic routing in future data centers[A]. In:Proc. of the SIGCOMM 2010[C]. New Delhi:ACM Press,2010:51-62.
[6]Guo CX, Wu HT, Tan K, Shi L, Zhang YG, Lu SW. DCell:A scalable and fault-tolerant network structure for data centers[A]. In:Proc. of the SIGCOMM 2008[C]. Seattle:ACM Press,2008:75-86.
[7]穆飞,薛巍.一种面向大规模存储系统的数据副本映射算法[J].计算机研究与发展,2009,46(3):492-497.
[8]熊润群,罗军舟.云计算环境下Q0S偏好感知的副本选择策略[J].通信学报2011,32(7):93-102.
[9]王永剑,裴翔.Nova-BFT: —种支持多种故障模型的副本状态机协议[J].计算机研究与发展,2011,48(7):1134-1145.
[10]Guy L, Kunszt P, Laure E, Stockinger H, Stockinger K.. Replica management in data grids[OL]: http://people.isb-sib.ch/Heinz.Stockinger/publications/datagrid-ggf2002.pdf.
[11]Weil SA, Pollack KT, Brandt SA, Miller AEL. Dynamic metadata management for petabyte-scale file systems[A]. In:Proc. of the 2004 ACM/IEEE Conf. on Supercomputing (SC 2004) [C]. Pittsburgh:ACM Press,2004.
[12]王禹,赵跃龙.基于副本管理的P2P存储系统可靠性分析[J].华南理工大学学报(自然科学版),39(2):148-151.
[13]Muthitacharoen A, Morris R, Gil TM, Chen BJ. Ivy:A read/write peer-to-peer file system[A]. In:Proc. of the 5th Symp. on Operating Systems Design and Implementation[J]. Boston:ACM Press,2002:31-44.
[14]The apache software foundation. HDFS Architecture Guide [OL]:http://hadoop.apache.org/common/ docs/current/hdfs_design.html.
[15]Shvachko K, Kuang H, Radia S, Chansler R. The Hadoop distributed file system[A]. In:Proc. of the IEEE 26th Symp. on Mass Storage Systems and Technologies (MSST)[C]. Lake Tahoe:IEEE,2010:1-10.
[16]Decandia G, Hastorun D, Jampani M, Kakulapati G, Lakshman A, Pilchin A, Sivasubramanian S, Vosshall P, Vogels W. Dynamo:Amazon's highly available key-value store[A]. In:Proc. of the SOSP 2007[C]. Stevenson:ACM Press,2007:205-220.
[17]Karger D, Lehman E, Leighton T, Panigrahy R, Levine M, Lewin D. Consistent Hashing and random trees:Distributed caching protocols for relieving hot spots on the World Wide Web[A]. In:Proc. of the STOC[C]. El Paso:ACM Press,1997:654-663.
[18]Lakshman A, Malik P. Cassandra:A decentralized structured storage system. ACM SIGOPS Operating Systems Review[J],2010,44(2):35 40.
[19]Sashi K, Thanamani AS. A new replica creation and placement algorithm for data grid environment[A]. In:Proc. of the 2010 Int'1 Conf. on Data Storage and Data Engineering (DSDE)[C]. Bangalore:IEEE,2010: 265-269.
[20]Gu QF, Chen B, Zhang YP. Dynamic replica placement and location strategies for data grid[A]. In:Proc. of the 2008 Int'1 Conf. on Computer Science and Software Engineering (CSSE)[C]. Wuhan:IEEE,2008: 35-40.
[21]Ding Y, Lu Y. Automatic data placement and replication in grids[A]. In:Proc. of the HIPC[C]. Kochi: IEEE,2009:30-39.
[22]Hsiao HI, Dewitt DJ. Chained declustering:A new availability strategy for multiprocessor database machines[A]. In:Proc. of the 6th Int'1 Conf. on Data Engineering (ICDE) [C]. Los Angeles:University of Wisconsin,1990:456-465.
[23]Buyya R, Corte T, Jin H. Petal:Distributed virtual disks[A]. In:Proc. of the High Performance Mass Storage and Parallel I/O:Technologies and Applications[C]. Piscataway:Wiley-IEEE Press,2002: 420-430.
[24]Dabek F, Kaashoek MF, Karger D, Morris R, Stoica I. Wide-Area cooperative storage with CFS[A]. In: Proc. of the 18th ACM Symp. on Operating System Principles (SOSP) [C]. Banff:ACM Press,2001: 202-215.
[25]Rowstron A, Druschel P. Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility[A]. In:Proc. of the SOSP 2001 [C]. Banff:ACM Press,2001:188-201.
[26]Chandy JA. A generalized replica placement strategy to optimize latency in a wide area distributed storage system[A]. In:Proc. of the DADC 2008 [C]. Boston:ACM Press,2008:49-54.
[27]Patterson DA, Gibson G, Katz RH. A case for redundant arrays of inexpensive disks (RAID)[A]. In:Proc. of the SIGMOD[C]. Chicago:ACM Press,1988:109-116.
[28]Rizzo L. Effective erasure codes for reliable computer communication protocols[J]. Computer Communication Review,1997,27(2):24-36.
[29]Xiao N, Shu JW, Liu F, Li MQ. Research on the state of art of storage technologies and future trend[A]. In:Wang CH, ed. The Annual Report in 2008 on the Development of Computer Science and Technology[M]. Beijing:China Machine Press,2009:12-48.
[30]Weatherspoon H, Kubiatowicz JD. Erasure coding vs. replication:A quantitative comparison[A]. In:Proc. of the IPTPS[C]. Cambridge:Springer-Verlag,2002:328-337.
[31]Rodrigues R, Liskov B. High availability in DHTs:Erasure coding vs.replication[A]. In:Proc. of the IPTPS[C]. Ithaca:Springer-Verlag,2005:226-239.
[32]Zhang Z, Deshpande A, Ma XS, Thereska E, Narayanan D. Does erasure coding have a role to play in my data center?[R]. Microsoft Research,2010.
[33]Hafner JL. Weaver codes:Highly fault tolerant erasure codes for storage systems[A]. In:Proc. of the 4th USENIX Conf. on File and Storage Technologies (FAST 2005)[C]. San Francisco:USENIX Association, 2005:16-30.
[34]Gallager RG. Low-Density parity-check codes[J]. IEEE Trans, on Information Theory,1962,8(1):21-28.
[35]Luby MG, Mitzenmacher M, Shokrollahi MA, Spielman DA. Efficient erasure correcting codes[J]. IEEE Trans, on Information Theory,2001,47(2):569-584.
[36]Plank JS, Thomason MG. A practical analysis of low-density parity-check erasure codes for wide-area storage applications[A]. In:Proc. of the DSN 2004[C], Florence:IEEE,2004:115-124.
[37]张焕国,刘玉珍.密码学引论[M].武汉:武汉大学出版社,2004.
[38]Wikipedia. Standard RAID levels[OL]:http://en.wikipedia.org/wiki/Raid5#RAID_5
[39]R.W. Yeung, S.-Y.R. Li, N. Cai, and Z. Zhang. Network Coding Theory[J]. Foundation and Trends in Communications and Information Theory,2005,2:241-381.
[40]Szymon. How good is random linear coding based distributed networked storage[OL]: http://netcod.org/papers/11AcedanskiDMK-final.pdf
[41]Alexandros G. Dimakis, P. Brighten Godfrey, Martin J. Wainwright, Kannan Ramchandran. The Benefits of Network Coding for Peer-to-Peer Storage Systems[A]. In Third Workshop on Network Coding, Theory, and Applications[C].2007:1-6.
[42]Alexandros G. Dimakis, P. Brighten Godfrey, Yunnan Wu. Network Coding for Distributed Storage Systems[J]. IEEE Transactions on Information Theory 2008,56 (9):4539-4551.
[43]Yunnan Wu, Alexandros G. Dimakis, Kannan Ramchandrany. Deterministic Regenerating Codes for Distributed Storage[A]. In:Allerton Conference on Control, Computing,and Communication[C]. Urbana-Champaign, IL:IEEE,2007:1-8.
[44]Yunnan Wu, Alexandros G. Dimakis. Reducing Repair Traffic for Erasure Coding-Based Storage via Interference Alignment[A]. In:IEEE International Symposium on Information Theory[C]. Redmond, WA, US,2009:2276-2280.
[45]Dimakis, Alexandros G. A Survey on Network Codes for Distributed Storage[J]. Proceedings of the IEEE 2011,99 (3):476-489.
[46]Bernat Gast6n, Jaume Pujol, And Merce Villanueva. Quasi-cyclic Minimum Storage Regenerating Codes for distributed data compression[A]. In:Data Compression Conference[C]. Snowbird, UT, USA,2011: 33-42.
[47]Wu, Yunnan. Existence and Construction of Capacity-Achieving Network Codes for Distributed Storage[J]. IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS,2010,28 (2):277-288.
[48]Wu, Yunnan. A Construction of Systematic MDS Codes With Minimum Repair Bandwidth[J]. IEEE TRANSACTIONS ON INFORMATION THEORY,2011,57 (6):3738-3741.
[49]Viveck R. Cadambe, Syed A. Jafar, Hamed Maleki. Minimum Repair Bandwidth for Exact Regeneration in Distributed Storage[A]. In:2010 IEEE Wireless Network Coding Conference (WiNC)[C]. Bostn, USA, 2010:1-6.
[50]K. V. Rashmiy, Nihar B. Shahy, P. Vijay Kumary, Kannan Ramchandran. Explicit Construction of Optimal Exact Regenerating Codes for Distributed Storage[A]. In:47th Annual Allerton Conference on Communication, Control, and Computing[C]. Allerton House, Illinois,2009:1243-1249.
[51]K. V. Rashmiy, Nihar B. Shahy, P. Vijay Kumar. Optimal Exact-Regenerating Codes for Distributed Storage at the MSR and MBR Points via a Product-Matrix Construction[J]. IEEE Transactions on Information Theory,2011,57 (8):5227-5239.
[52]Nihar B. Shahy, K. V. Rashmiy, P. Vijay Kumary, Kannan Ramchandran. Explicit Codes Minimizing Repair Bandwidth for Distributed Storage[A]. In:2010 IEEE Information Theory Workshop (ITW)[C]. Cairo, Egypt,2009:1-5.
[53]Nihar B. Shahy, K. V. Rashmiy, P. Vijay Kumar. Interference Alignment in Regenerating Codes for Distributed Storage:Necessity and Code Constructions[J]. IEEE Transactions on Information Theory,2010, 58 (4):2134-2158.
[54]Changho Suh and Kannan Ramchandran. Exact Regeneration Codes for Distributed Storage Repair Using Interference Alignment[OL]:http://arxiv.org/abs/1001.0107v2
[55]Soroush Akhlaghi, Abbas Kiani and Mohammad Reza Ghanavati. A Fundamental Trade-off Between The Download Cost And Repair Bandwidth In Distributed Storage Systems[A]. In:2010 IEEE International Symposium on Network Coding (NetCod)[C]. Toronto, Ontario, Canada,2010:1-6.
[56]Fr'Ed'Erique Oggier, Anwitaman Datta. Byzantine Fault Tolerance of Regenerating Codes[A]. In:2011 IEEE International Conference on Peer-to-Peer Computing [C]. Kyoto, Japan,2011:112-121.
[57]Fr'Ed'Erique Oggier, Anwitaman Datta. Self-repairing Homomorphic Codes for Distributed Storage Systems[A]. In:IEEE INFOCOM[C]. Shanghai, China,2011:1215-1223.
[58]Yuchong Hu, Yinlong Xu, Xiaozhao Wang, Cheng Zhan and Pei Li. Cooperative Recovery of Distributed Storage Systems from Multiple Losses with Network Coding[J]. IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS,2010,28 (2):268-276.
[59]胡烯翀.基于网络编码的分布式存储容错机制研究[D].中国科技大学2010.
[60]Yuchong Hu, Chiu-Man Yu, Yan Kit Li, Patrick P. C. Lee, John C. S. Lui. NCFS:On the Practicality and Extensibility of a Network-Coding-Based Distributed File System[A]. In:2011 IEEE International Symposium on Network Coding (NetCod)[C]. Rennes, France,2011:7-12.
[61]Xiaozhao Wang, Yinlong Xu, Yuchong Hu, Kaiqian Ou. MFR:Multi-Loss Flexible Recovery in Distributed Storage Systems[A]. In:IEEE ICC 2010[C]. Cape Town, South Africa,2010:1-5.
[62]Hu Yuchong, Xu Yinlong, Wang Xiaozhao. MCR:A Mutual Cooperative Recovery Mechanism in Peer-to-Peer Storage Systems[A]. In:2nd IEEE International Conference on Broadband Network & Multimedia Technology[C]. Hefei, China 2009:681-686.
[63]Anne-Marie Kermarrec, Nicolas Le Scouarnecy and Gilles Strauby. Repairing Multiple Failures with Coordinated and Adaptive Regenerating Codes[A]. In:International Symposium on Network Coding (NetCod)[C]. Rennes, France 2011:1-6.
[64]Kenneth W. Shum, Yuchong Hu. Exact Minimum-Repair-Bandwidth Cooperative Regenerating Codes for Distributed Storage Systems[A]. In:IEEE International Symposium on Information Theory[C].2011: 1442-1446.
[65]Kenneth W. Shum, Yuchong Hu. Existence of Minimum-Repair-Bandwidth Cooperative Regenerating Codes[A]. In:International Symposium on Network Coding (NetCod)[C]. Rennes, France,2011:13-18.
[66]Shum, Kenneth W. Cooperative Regenerating Codes for Distributed Storage Systems[A]. In:IEEE International Conference on Communications (ICC)[C]. Hong Kong, China,2011:1-5.
[67]Al-Fares M, Loukissas A, Vahdat A. A scalable, commodity data center network architecture[A]. In:Proc. of the SIGCOMM 2008[C]. Seattle:ACM Press,2008:63-74.
[68]Mysore RN, Pamboris A, Farrington N. PortLand:A scalable fault-tolerant layer 2 data center network fabric[A]. In:Proc. of the SIGCOMM 2009[C]. Barcelona:ACM Press,2009:39-50.
[69]Paolo Costa, Austin Donnelly, Ant Rowstron, Greg O'Shea. CamDoop:Exploiting In-network Aggregation for Big Data Applications [A]. In:Proc. of the 9th USENIX conference on Networked Systems Design and Implementation[C]. CA, USA:ACM Press,2012:51-62.
[70]Costa P, Zahn T, Rowstron A, O'shea G, Schubert S. Why should we integrate services, servers, and networking in a data center?[A] In:Proc. of the WREN 2009[C]. Barcelona:ACM Press,2009:111-118.
[71]Guo CX, Lu GH, Li D, Wu HT, Zhang X, Shi YF, Tian C, Zhang YG, Lu SW. BCube:A high performance, server-centric network architecture for modular data centers[A]. In:Proc. of the SIGCOMM 2009[C]. Barcelona, Spain:ACM Press,2009:3-17.
[72]Li D, Guo CX, Wu HT, Tan K, Zhang YG, Lu SW. FiConn:Using backup port for server interconnection in data centers[A]. In:Proc. of the INFOCOM 2009[C]. Rio de Janeiro:IEEE,2009:2276-2285.
[73]Kent S, Atkinson R. Security Architecture for the Internet Protocol[S]. IETF, RFC2401,1998.
[74]Ferguson P, Senie D. Network Ingress Filtering:Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing[S]. IETF, RFC2827,2000.
[75]Li J, Mirkovic J, Wang M, et al. SAVE:source address validity enforcement protocol[A]. In:Proc IEEE INFOCOM[C]. Washington:IEEE,2002:1557-1566.
[76]Belenky A, Ansari N. IP traceback with deterministic packet marking[J]. IEEE Commun Lett,2003,7(4): 162-164.
[77]WU JianPing, REN Gang, LI Xing. Building a next generation Internet with source address validation architecture[J]. Science in China Series F:Information Sciences,51(11) 2008:1681-1691.
[78]Jun Bi, Guang Yao, Jianping Wu. An IPv6 Source Address Validation Tested and Prototype Implementation[J]. JOURNAL OF NETWORKS,4(2),2009:100-107.
[79]T. Aura.Cryptographically Generated Addresses (CGA)[S]. IETF, RFC 3972,2005.
[80]Marcelo Bagnulo, Alberto Garcia-Martinez, Arturo Azcorra. Efficient Security for IPv6 Multihoming[J]. ACM SIGCOMM Computer Communications Review,35(5),2005:61-68.
[81]谭作文,刘卓军,肖红光.一个安全公钥广播加密方案[J].软件学报,2005,16(7):1333-1343.
[82]Craig Gentry, Brent Waters. Adaptive Security in Broadcast Encryption Systems[A]. In:EUROCRYPT 2009[C]. Heidelberg,2009:171-188.
[83]Piyi Yang, Zhenfu Cao, Xiaolei Dong. A Dependable Threshold Broadcast Encryption System for Key Distribution in Mobile Ad Hoc Network[A]. In:Second International Conference on Dependability[C]. Athens/Glyfada, Greece,2009:1-6.
[84]Libert, Benoint. Anonymous Broadcast Encryption:Adaptive Security and Efficient Constructions in the Standard Model[A]. In:15th International Conference on Practice and Theory in Public Key Crptography[C]. Darmstadt,Germany,2012:206-224.
[85]Malek, Behzad. Adaptively Secure Broadcast Encryption with Short Ciphertexts[J]. International Journal of Network Security,2012,14 (2):71-79.
[86]Phan, Duong Hieu. Decentralized Dynamic Broadcast Encryption[A]. In:8th Conference on Security and Cryptography for Networks[C]. Amal, Italy,2012:166-183.
[87]Dan Boneh, Craig Gentry. Collusion resistant broadcast encryption with short ciphertexts and private keys[A]. In:CRYPTO 2005[C]. Heidelberg,2005:258-275.
[88]Seiko Arita, Koji Tsurudome. Construction of Threshold Public-Key Encryptions through Tag-Based Encryptions[A]. In:7th International Conference, ACNS 2009[C]. Paris-Rocquencourt, France,2008: 186-200.
[89]Bo Qin, Qianhong Wu. Threshold Public-Key Encryption with Adaptive Security and Short Ciphertexts[A]. In:ICICS[C]. LNCS,2010:62-76.
[90]Javier Herranz, Fabien Laguillaumie. Constant Size Ciphertexts in Threshold Attribute-Based Encryption[A]. In:International Association for Cryptologic Research 2010[C]. LNCS,2010:19-34.
[91]谭作文,范艳芳.分工式门限认证加密方案[J].计算机学报,2010,33(7):1183-1194.
[92]Bhichate Chiewthanakul, Nattayanee Darath. A (t, w) Threshold Scheme over Insecure Channels[A]. In: The 8th Electrical Engineering/Electronics, Computer.Telecommunications and Information Technology (ECTI)[C]. Thailand,2011:232-235.
[93]Bo Qin, Qianhong Wua, Lei Zhang. Provably secure threshold public-key encryption with adaptive security and short ciphertexts[J]. Information Sciences,2012,210:67-80.
[94]Boneh. Hierarchical Identity Based Encryption with Constant Size Ciphertext[A]. In:2005 EUROCRYPT[C]. Heidelberg,2005:440-456.