Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for implementing safe storage system in cloud storage environment

A secure storage and cloud storage technology, applied in transmission systems, electrical components, etc., can solve problems such as dissemination, security storage system performance is not optimistic, and specific versions are required

Active Publication Date: 2011-04-13
TSINGHUA UNIV
View PDF3 Cites 158 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the secure storage systems currently implemented at home and abroad guarantee the confidentiality and integrity of files, there are still some shortcomings: First, the implementation of some storage systems requires the support of the underlying storage system, and even the version of the kernel Changes or specific kernel version requirements have brought a lot of inconvenience to users. If users need to use these secure storage systems, they need to install a specific underlying storage system, or require a specific version of the kernel, or need to modify the The kernel is modified; secondly, some secure storage systems use asymmetric encryption algorithms when operating files, and in some cases also need to use key rollback operations. Due to the high complexity of asymmetric encryption algorithms, Therefore, the performance of this type of secure storage system is not optimistic; again, most of today’s secure storage systems generally use the active revocation method when dealing with the user’s permission revocation. It will think that a user who has authorized access to the file will destroy the file or the user may distribute the content of the file, resulting in an effect that the file owner does not want to see, so the file owner may send this user However, since the user already has the key needed to access the file, in order to ensure the security of the file, the file owner has to immediately regenerate a new key and use the new key to re-create the key immediately. Encrypting the file and finally distributing the new key to legitimate users other than the revoked user is known as aggressive revocation. Some consequences of doing so are that, for large files, aggressive revocation brings The cryptographic overhead of immediately re-encrypting is extremely large, and in an environment with frequent revocations, the overhead of this secure storage system may also be unbearable for users

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for implementing safe storage system in cloud storage environment
  • Method for implementing safe storage system in cloud storage environment
  • Method for implementing safe storage system in cloud storage environment

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0069] Step 1: The user applies to obtain the user ID: the user ID is the unique identity of the user in the system, and the file owner and the trust domain server both use the user ID to determine the user's identity and determine its access rights; in order to securely and effectively To identify the identities of subjects in the system (including trust domain servers and users), so that the system can establish a mutual trust relationship between operating users, the system needs a secure user identity identification mechanism independent of the underlying storage system. In this system, the public key infrastructure (PKI, Public Key Infrastructure) is used to provide user identification for the system through digital certificates. A digital certificate is an electronic document issued to a subject by a fair and authoritative organization. The document records the name of the subject, the serial number of the certificate, the name of the issuer, the validity period of the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for implementing a safe storage system in a cloud storage environment and belongs to the technical field of storage safety. The method is characterized in that a trust domain is established in a server according to the requirements of a user; in the trust domain, identity authentication is performed by using an public key infrastructure (PKI); the independence between the storage system and a bottom layer system is realized by utilizing a filesystem in user space (FUSE); a hash value of a file is calculated by utilizing a secure hash algorithm (SHA1) and taking a block as a unit, a file block is encrypted by utilizing a key and an advanced encryption standard (AES) algorithm of a symmetric encipherment algorithm and taking a block as a unit, and a file cipher text is uploaded to a file server in a cloud storage area so as to guarantee the confidentiality and integrity of the file; a filer owner postpones encrypting the file again when permission is revoked by designating a user with the permission of accessing the file and the permissions thereof in an access control list; and only when the user modifies the content of the file, the user encrypts the file block in which the modified content is positioned again and the system implements three layers of key management, namely a file block key, a safe metadata file key and a trust domain server key so that not only the safety of the file is guaranteed when the permission is revoked, but also the management load of the system is not increased.

Description

technical field [0001] The method for implementing a secure storage system in a cloud storage environment belongs to the field of storage security, and particularly relates to technical fields such as security access control, key distribution management, and file management. Background technique [0002] Nowadays, with the rapid development of cloud computing technology, cloud storage has gradually received widespread attention and application. File owners can create files, upload files to cloud storage areas, and hand over files to cloud storage service providers for management. , at the same time, the owner of the file can allow designated other users to read and write access to the file, realizing shared access to the file. [0003] Although cloud storage service providers can provide users with convenient access to file sharing, the security issues in it cannot be ignored. First of all, the confidentiality of files cannot be guaranteed: files are stored in the cloud sto...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
Inventor 舒继武薛巍薛矛沈志荣
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com