Safety metadata management method based on integrality checking

Abstract

The invention relates to a safety metadata management method based on integrality checking, belonging to the field of storage safety. The method is characterized in that a self encryption technology for file data is used at a client to encrypt the file data, thereby improving the storage efficiency; a 64-heap hash tree is used at a safety metadata management server end to maintain the hash value of a file block, thereby providing integrality protection on the hash value of the file data block and realizing the high-efficiency verification on the user's access to file and the high-efficiency data updating; and simultaneously a root hash virtual linked list technology is used, thereby ensuring the integrality of root hash values of multiple 64-heap hash trees belonging to one file and supporting the user's concurrent access to the file to a certain extent.

Description

technical field [0001] A security metadata management method based on an integrity check belongs to the field of storage security, and particularly relates to the fields of integrity check and security metadata management. Background technique [0002] With the development of network technology, the demand for data storage and sharing in today's society is gradually increasing, and distributed and networked technologies are also being used more and more widely. However, as the data is separated from the user at the physical level, the chances of the data being leaked and tampered in the network storage increase. Therefore, how to let the user share the data with confidence and at the same time ensure the confidentiality and integrity of the data appears to be an issue. more and more important. [0003] The confidentiality value of the data is that the data will be unknown to users without access rights (also called illegal users), and users without access rights cannot obta...

AI Technical Summary

Problems solved by technology

Traditional security metadata management methods mainly include the following three methods: the first is to manage file-level hash values, that is, to use hash algorithms to calculate hash values ​​for the entire file and save them. When a user accesses the file, the The file recalculates the hash value and compares it with the previously saved hash value to judge the integrity of the file. The disadvantage of this method is: since the hash value is at the file level, when the user assigns a certain value to the file When partially modifying or reading a certain part of the file, in order to ensure that the data read by the user is complete, an integrity check is required, and the user needs to recalculate the hash value of the entire file and save it with the previous The hash value of the file is compared to determine whether the file is complete, which is too computationally expensive; the second is to manage the hash value of the file block level, and the specific operation process is: Divide a file into many fixed-size file blocks , and use the hash algorithm to calculate the hash value of each file block to ensure the integrity of the file block. At the same time, in order to ensure the integrity of the hash value of each file block, the hash value of each file block needs to be spliced ​​and merged , and save the hash value of the spliced ​​and merged results. The disadvantage of this method is: when the user needs to modify or read a certain file block, in order to ensure that the user reads the The file block is complete, and the user needs to recalculate the hash value of all file blocks, and then splicing and merging the calculated hash values ​​before calculating the hash, and judging whether the calculated hash value is consistent with the previously saved one. This is expensive, and the hash value is not effectively managed; the third approach is to use file block-level hash values ​​and a simple Merkle hash tree. The specific method is: first calculate the hash of each file block Value, and then build a Merkle hash tree; the specific construction method is as follows, first ensure that the number of leaf nodes of the Merkle hash tree is equal to the number of file blocks, and form a one-to-one mapping from leaf nodes to file blocks, and store corresponding files in each leaf node The hash value of the block, and then according to the fork number of the tree, start from the leaf node and calculate the hash value of all the child nodes of the internal node (ie: non-leaf nodes except the root node) after splicing, and Stored in the node, and finally until the root node, the hash value stored in the root node is signed, which finally ensures the integrity of the hash value of each file block. Although this method can effectively manage the hash value of the file block Hash value, but it may cause the height of the Merkle hash tree to be too large, so that each integrity check needs to visit the leaf node, which will not only require many times of I / O, but also cost a lot. In addition, The integrity of the Merkle hash tree is also not well protected

Images