Method for implementing safe storage system in cloud storage environment

Abstract

The invention relates to a method for implementing a safe storage system in a cloud storage environment and belongs to the technical field of storage safety. The method is characterized in that a trust domain is established in a server according to the requirements of a user; in the trust domain, identity authentication is performed by using an public key infrastructure (PKI); the independence between the storage system and a bottom layer system is realized by utilizing a filesystem in user space (FUSE); a hash value of a file is calculated by utilizing a secure hash algorithm (SHA1) and taking a block as a unit, a file block is encrypted by utilizing a key and an advanced encryption standard (AES) algorithm of a symmetric encipherment algorithm and taking a block as a unit, and a file cipher text is uploaded to a file server in a cloud storage area so as to guarantee the confidentiality and integrity of the file; a filer owner postpones encrypting the file again when permission is revoked by designating a user with the permission of accessing the file and the permissions thereof in an access control list; and only when the user modifies the content of the file, the user encrypts the file block in which the modified content is positioned again and the system implements three layers of key management, namely a file block key, a safe metadata file key and a trust domain server key so that not only the safety of the file is guaranteed when the permission is revoked, but also the management load of the system is not increased.

Description

technical field [0001] The method for implementing a secure storage system in a cloud storage environment belongs to the field of storage security, and particularly relates to technical fields such as security access control, key distribution management, and file management. Background technique [0002] Nowadays, with the rapid development of cloud computing technology, cloud storage has gradually received widespread attention and application. File owners can create files, upload files to cloud storage areas, and hand over files to cloud storage service providers for management. , at the same time, the owner of the file can allow designated other users to read and write access to the file, realizing shared access to the file. [0003] Although cloud storage service providers can provide users with convenient access to file sharing, the security issues in it cannot be ignored. First of all, the confidentiality of files cannot be guaranteed: files are stored in the cloud sto...

AI Technical Summary

Problems solved by technology

Although the secure storage systems currently implemented at home and abroad guarantee the confidentiality and integrity of files, there are still some shortcomings: First, the implementation of some storage systems requires the support of the underlying storage system, and even the version of the kernel Changes or specific kernel version requirements have brought a lot of inconvenience to users. If users need to use these secure storage systems, they need to install a specific underlying storage system, or require a specific version of the kernel, or need to modify the The kernel is modified; secondly, some secure storage systems use asymmetric encryption algorithms when operating files, and in some cases also need to use key rollback operations. Due to the high complexity of asymmetric encryption algorithms, Therefore, the performance of this type of secure storage system is not optimistic; again, most of today’s secure storage systems generally use the

Images