Key updating method applicable to cloud storage system

Abstract

The invention discloses a key updating method applicable to a cloud storage system. The key updating method comprises the following steps: key initialization, key updating, an IO write process and an IO read process. The core concept of the invention is that after the key is updated, a new key is only used for the new write operation, and the keys of other areas without the write operation are unchanged, and as the IO read and write takes the sector as the basic unit, the storage area is represented in a mode of bitmaps, one bit represents one sector, and one bitmap is assigned to one key. The advantages of the key updating method disclosed by the invention are mainly embodied as follows: the key of the storage system can be updated in real time, no business interruption is needed after the key is updated, and zero time window is achieved; the read and write performance cannot be affected after the key is updated; less resources are occupied; the key is periodically replaced to benefit the protection of data, and a more secure data protection mode can be provided for customers; the business continuity can be maintained after the key is updated; and a small extra overhead is needed, and the performance is increased.

Description

technical field [0001] The invention relates to a storage encryption technology, in particular to a key update method suitable for a cloud storage system. Background technique [0002] With the increasing development of cloud computing technology, the storage security of the server is facing a huge challenge. In order to solve the problem of storage security, data storage encryption technology has been widely used, and the key is the core of storage encryption. After the key is updated in the traditional method, either terminal services are required, or the performance is severely degraded after the key is updated and the service life of the disk is reduced. [0003] Among the existing invention patents, the patent "Key update method of cloud storage and implementation method of cloud data audit system" (patent number 201510192375.7, patent application date is April 22, 2015) introduces key update of cloud storage Method: When the cloud user needs to update the key, reques...

AI Technical Summary

Problems solved by technology

The patent "Multi-level authority management method for encrypted data sharing in cloud storage" (patent number 201310044503.4, patent application date is January 4, 2013), introduces the use of attribute-based encryption, access control, authority management and other methods to provide cloud Access to shared ciphertext and multi-level authority management in storage environment provide a reliable method. The invention has the advantages of easy implementation, strong user information protection, and fine authority control, but its resource occupation is large.

"Cloud storage encryption system based on domestic commercial encryption algorithm and its implementation method" patent (patent number 201410751081.9, patent application date is December 9, 2014), which introduces the design of an encryption system in the field of cloud storage, through data transmission and The domestic commercial encryption algorithm is added to the storage process for data encryption protection, but there is still a lack of real-time key update

Images