Distributed cloud security storage method and system and storage medium

A secure storage and distributed technology, applied in the field of cloud storage, can solve the problems of high decompilation risk, theft, application and data loss, etc., to avoid data leakage

Pending Publication Date: 2021-11-12
SHANDONG COMP SCI CENTNAT SUPERCOMP CENT IN JINAN
0 Cites 2 Cited by

AI-Extracted Technical Summary

Problems solved by technology

However, BS structure security is low
First, there is a risk of being stolen during data transmission, and the security risk of data without local encryption is extremely high
Second, since the applications are all installed in the cloud, and the applications and data are in the cloud, there is a high risk of decompilation. Once the cloud s...
View more

Method used

A kind of computer-readable storage medium that is stored with computer program of the present embodiment, when this program is executed by processor, realizes the method described in any of the above, the original file to be encrypted is locally encrypted and randomly Scrambling can effectively avoid data leakage during transmission; encrypted data blocks are distributed randomly and disorderly in multiple cloud hosts in the cloud, which can prevent attackers from obtaining all encrypted data of the original file; even if attackers obtain part of the encryption Even if a cloud attacker obtains all encrypted data blocks of a file, it is difficult to decrypt and reassemble the original file without encryption and scrambling keys. The distributed encrypted storage method and system guarantee the security of data during transmission and cloud storage, and can be used for cloud storage of government, enterprise, institution, and personal data, making users more assured of the security of cloud data. Further introduction is as follows:
The local block encryption of the original file to be encrypted and random scrambling can effectively avoid data leakage in the transmission process; the encrypted data block exists in a plurality of cloud hosts distributed randomly and disorderly in the cloud, which can prevent attacks The attacker obtains all the encrypted data of the original file; even if the attacker obtains some encrypted data blocks, it is difficult to determine the corresponding original file because the data block...
View more

Abstract

The invention discloses a distributed cloud security storage method and system and a storage medium, and the method comprises the steps: segmenting a target file into a plurality of data blocks, carrying out the block encryption of the data blocks through an SM4 or AES encryption algorithm, and obtaining encrypted data blocks; randomly scrambling the encrypted data block by using a preset scrambling algorithm; uploading the scrambled encrypted data blocks to different cloud hosts for distributed storage, and establishing a storage index in a local host; and according to the storage index, downloading the encrypted data block corresponding to the target file from the cloud host, performing inverse scrambling according to the scrambling key, performing decryption according to the encryption key, and recombining the target file. Block encryption and random scrambling of the target file are supported, distributed storage of a plurality of different cloud hosts at the cloud end is transmitted, an authorized user can open a system and download encrypted data blocks corresponding to the target file from the cloud hosts, the user is supported to browse and use the file without barriers, and the data leakage in the transmission process can be effectively avoided.

Application Domain

Digital data protectionFile access structures +1

Technology Topic

EngineeringDistributed computing +5

Image

  • Distributed cloud security storage method and system and storage medium
  • Distributed cloud security storage method and system and storage medium
  • Distributed cloud security storage method and system and storage medium

Examples

  • Experimental program(1)

Example Embodiment

[0047] Example 1
[0048] This embodiment provides a distributed cloud security storage method, comprising:
[0049] Step 1: dividing the object into a plurality of data blocks, preferably of the same size is divided into data blocks, the data blocks SM4 or AES block cipher encryption algorithm, the data block is encrypted, the encryption algorithm is an encryption key is arranged; Specific of:
[0050] If the target file size is not greater than the preset threshold, according to the first mode segmentation, or division according to a second mode; dividing said first mode, the second mode is divided to the target file is divided according to a preset size, and finally a tail added supplementary information data block, so that it is the same size as other data blocks. For example: For file is not greater than 1M, in accordance with the block size of 64K; greater than 1M for a data block size in accordance with 1M; 0 add enough last data block in the tail, which is the same so that other data block sizes.
[0051] Step 2: Use a preset scrambling algorithm to the encrypted data block is scrambled randomly, scrambling algorithm with a scrambling key arranged, comprising: a scramble key using the random number generated encrypted data blocks are scrambled randomly.
[0052] Step 3: the encrypted data block, the scrambled uploaded to the cloud different hosts distributed storage, and build an index stored in the local host; storing said index includes opposing each encrypted data block storage cloud corresponding to the arbitrary host.
[0053] Step 4: according to the stored index file to download encrypted data block corresponding to the target host from the cloud, according to the inverse scrambling scrambling key, decrypts the encryption key, respectively, and the recombinant target file. Comprises: comprising: memory according to the index, downloading encrypted data block corresponding to the local host, chaotic random number key generation set according to the encrypted data block inverse scrambling block to restore the original sequence; The encryption They were key to decrypt the restructuring restore the target file.
[0054] Original file to be encrypted local block encryption and random scrambling, can effectively prevent leakage of data during transmission; encrypting the data block in the cloud distributed randomly disordered plurality cloud host, the attacker can be prevented from access to the original All encrypted data file; even if the attacker obtains partial encrypted data block, since the same data block size, it is difficult to determine the corresponding original document; further, even if the cloud attacker obtains all of the encrypted data block of a file, because there is no encryption and scrambling keys, it is difficult to decrypt and reorganization of the original file. Method and system for distributed encrypted storage to protect the security of data in transmission and cloud storage process can be used to cloud storage on the government, enterprises and personal data, enabling users to cloud data security is more assured.
[0055] The present embodiment provides a security system having the above distributed cloud storage method implemented, comprising
[0056] Block encryption module configured to divide the object into a plurality of blocks of data, preferably the same size of a data block, the data blocks SM4 or AES block cipher encryption algorithm, the data block is encrypted, the encryption algorithm encryption disposed key; said encryption module comprises a block determining unit, the determination unit is configured for determining the size of the target file is not greater than a predetermined threshold value;
[0057] If the target file size is not greater than the preset threshold, according to the first mode segmentation, or division according to the second mode.
[0058] Block scrambling module configured to use the default algorithm for scrambling the encrypted random scrambling data block, comprising: a scramble key using the random number generated encrypted data blocks are scrambled randomly.
[0059] A data storage module, configured to encrypt a data block, the scrambled uploaded to the cloud different hosts distributed storage, and store the index to establish local host; comprising: encrypting each data block a scrambled storage cloud corresponding host information.
[0060] Recombinant decryption module configured to store the index in accordance with the target file to download encrypted data block corresponding to the host by the cloud, according to the inverse scrambling scrambling key, decrypts the encryption key, respectively, and the recombinant target file. For example: The index of the memory, to download encrypted data block corresponding to the local host. The home key generation chaos random number, the encrypted data inverse scrambling block, block to restore the original sequence; decrypt the file according to the target recombinant encryption key, respectively.
[0061] for example:
[0062] The present embodiment provides a document original local block cipher, encrypted data block cloud distributed storage method, a distributed cloud security storing step comprises:
[0063] Step 1: the original document in accordance with the local host fixed size block.
[0064] No greater than 1M for a file, in accordance with the block size of 64K; greater than 1M for a data block size in accordance with 1M; 0 add enough last data block in the tail, which is the same so that other data block sizes.
[0065] Step 2: Select SM4 AES encryption or block encryption algorithm
[0066] Using an encryption key block encryption of data blocks.
[0067] Step 3: scrambling algorithm using the encrypted data blocks are scrambled randomly.
[0068] Scrambling key using a random number generated encrypted data blocks are scrambled randomly.
[0069] Step 4: the encrypted data block, the scrambled uploaded to the cloud different hosts distributed storage,
[0070] And the establishment of the local host stores the index.
[0071] Local decrypt the original file intact restructuring steps include:
[0072] Step 1: Download the encrypted data block corresponding to the metafile from the cloud.
[0073] The index of the memory, to download encrypted data block corresponding to the local host.
[0074] Step 2: The scrambling key, the encrypted data block cloud after downloading inverse scrambling.
[0075] The key generates a random number, the encrypted data inverse scrambling block, block to restore the original order.
[0076] Step 3: Use the original encryption algorithm and encryption key to decrypt and reorganization of the original file.
[0077] The encryption algorithm and the encryption key used to decrypt the encrypted data block, as is a recombinant target file.
[0078] An apparatus according to the present embodiment, the apparatus comprises: one or more processors;
[0079] A memory for storing one or more programs,
[0080] When the one or more programs by the one or more processors, cause the one or more processors to perform the method of any of the above, the original file to be encrypted locally and block encryption random scrambling, can effectively prevent leakage of data during transmission; encrypting the data block in the cloud distributed randomly disordered plurality cloud host, the encrypted data can be prevented all the attacker to gain the original document; since the same data block size , even if the attacker obtains the encrypted data block portion, it is difficult to determine the corresponding original document; further, even if the attacker obtains all of the cloud encrypted data block of a file, the absence of scrambling and encryption keys, it is difficult to decrypt and recombinant Original file. Method and system for distributed encrypted storage to protect the security of data in transmission and cloud storage process can be used to cloud storage on the government, enterprises and personal data, enabling users to cloud data security is more assured.
[0081] A storage method according to the present embodiment is a computer program a computer readable storage medium, implementing the any of the above when the program is executed by the processor, the original file to be encrypted local block encryption and random scrambling, can effectively prevent leakage of data during transmission; encrypting the data block in the cloud distributed randomly disordered plurality cloud host, the encrypted data can be prevented all the attacker access to the original document; if an attacker access to encrypted data block portion, difficult to determine the corresponding original document; further, even if the attacker obtains all of the cloud encrypted data block of a file, the absence of scrambling and encryption keys, it is difficult to decrypt and reassemble the original file. Method and system for distributed encrypted storage to protect the security of data in transmission and cloud storage process can be used to cloud storage on the government, enterprises and personal data, enabling users to cloud data security is more assured. Further described as follows:
[0082] The computer system includes a central processing unit (CPU) 101, which may or load according to a program stored in a read only memory (ROM) 102 in the storage section from the random access memory (RAM) 103 a program to perform various actions and appropriate deal with. In the RAM103, also stores various programs and data required for system operation. CPU 101, ROM 102 and RAM 103 are connected to each other by a bus 104. Input / Output (I / O) interface 105 is also connected to the bus 104.
[0083] The following components are connected to the I / O interface 105: a keyboard, a mouse input section 106; an output portion comprising such as a cathode ray tube (CRT), liquid crystal display (LCD) and the like, and a speaker and the like; includes a hard disk storage section 108; and a communication portion includes such as a LAN card, a modem card such as a network interface 109. The communication section 109 performs communication processing via a network such as the Internet. Drive is also connected to I / O interface 105 as needed. Removable medium 511, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., if necessary mounted on the drive 510, so that a computer program read out therefrom is installed into the storage section 108 as necessary.
[0084] In particular, according to an embodiment of the present invention, with reference to the above process figure 1 The process described herein may be implemented as a computer software program. For example, embodiments of the present invention includes a computer program product comprising a computer-readable program carrying medium on a computer, the computer program comprising program code for performing the method is shown in the flowchart. In such an embodiment, the computer program may be downloaded from the network through the communication section and installation, and / or is installed from a removable medium. When the computer program is executed a central processing unit (CPU) 101, perform the functions described in the present application is defined in the system.
[0085]Note that the computer-readable medium shown in the present invention may be a computer readable signal medium or a computer-readable storage medium or any combination of the two. Computer readable storage media can, for example, - but not limited to, systems, devices, or devices, or devices, or devices, or semiconductors, or components, or semiconductors. More specific examples of computer readable storage media can include, but are not limited to, electrical connections, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), wipedible Programmable read-only memory (EPROM or flash), fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above. In the present invention, a computer-readable storage medium may be any tangible medium that can contain or store a program, the program may be an instruction execution system, apparatus, or device for use by or in connection with. In the present invention, a computer readable signal medium may include, in baseband or as part of a data signal propagated carrier which carries a computer readable program code. Such propagation data signals can be employed, including, but not limited to, electromagnetic signals, optical signals, or any suitable combination of the above. The computer readable signal medium can also be any computer readable medium other than the computer readable storage medium, which can transmit, propagate, or transmit programs for use by instruction execution system, device, or device or in combination thereof. . Computer readable program code embodied on a medium may be transmitted using any appropriate medium, including but not limited to: wireless, wireline, optical fiber cable, the RF and the like, or any suitable combination of the above.
[0086] Figures block figure 2 , Example 1 illustrates a system according to various embodiments of the present invention, the architecture of the method and computer program product may be implemented, functionality, and operation. In this regard, the flowchart or block diagrams each block may represent a module, a portion of the block, or the code of the module, segment, or which comprises one or more functions for implementing the specified logical executable instructions. It should also be noted that in some implementation of the replacement, the functions labeled in the box can occur in the order as indicated in the drawings. For example, two blocks shown in succession may in fact be executed substantially concurrently, they may sometimes be executed in the reverse order, which functions according to the set involved. Also it is noted that the block diagrams or flowcharts each block, and combinations of blocks in the block diagrams or flowchart illustration, and may be dedicated hardware-based system to achieve predetermined functions or operations performed, or may be combination of dedicated hardware and computer instructions to implement.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Mobile PC divulgence prevention device based on user track after departing from predetermined track

PendingCN111988134APrevent Data Leakage
Owner:拾贰叁零智能科技(海安)有限公司

Keyboard with one-key screen locking function

InactiveCN108459724APrevent Data Leakage
Owner:XIANGYANG NO 42 MIDDLE SCHOOL

Remote access method, computing device and readable storage medium

PendingCN114756317Aavoid visitingPrevent Data Leakage
Owner:UNIONTECH SOFTWARE TECH CO LTD

UEFI (Unified Extensible Firmware Interface)-based backup and one-key startup item guiding method

PendingCN114168207APrevent Data Leakageeasy to operate
Owner:成都傲梅科技有限公司

Classification and recommendation of technical efficacy words

  • Prevent Data Leakage

Commodity anti-counterfeiting traceability method based on block chain technology

InactiveCN112184252APrevent Data LeakageProtect business privacy data protection
Owner:雲禾(浙江)科技集团有限公司

Message notification isolation method and device

InactiveCN107231293APrevent Data Leakage
Owner:SANGFOR TECH INC

Design method and device for lubricating oil system for air blower and auxiliary equipment of compressor

ActiveCN106870911Aavoid duplication of effortPrevent Data Leakage
Owner:SHENYANG BLOWER WORKS GROUP CORP

Mobile PC divulgence prevention device based on user track after departing from predetermined track

PendingCN111988134APrevent Data Leakage
Owner:拾贰叁零智能科技(海安)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products