Unlock instant, AI-driven research and patent intelligence for your innovation.

Credible execution protection-based secure re-deletion storage system capable of performing re-deletion first and then performing encryption

A storage system and advanced technology, used in digital data protection, computer security devices, digital data information retrieval, etc., can solve the problem of a single attack point of the key server, reduce information leakage, save system overhead, and improve storage efficiency. Effect

Pending Publication Date: 2022-05-20
云链网科技(广东)有限公司
View PDF14 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The server-assisted key management design in DupLESS results in the key server being a single point of attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Credible execution protection-based secure re-deletion storage system capable of performing re-deletion first and then performing encryption
  • Credible execution protection-based secure re-deletion storage system capable of performing re-deletion first and then performing encryption
  • Credible execution protection-based secure re-deletion storage system capable of performing re-deletion first and then performing encryption

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] Such as Figure 1-12 As shown, the secure deduplication storage system based on trusted execution protection provided by the present invention first deduplication and then encryption is described in detail as follows:

[0040] Go to "Delete first, then encrypt"

[0041] Given the limitations of DaE, we investigate an unexplored design paradigm of implementing a secure data-deduplication storage system in "dedupe-before-encrypt" (DbE). Its main idea is to firstly delete the plaintext data blocks, delete the repeated data blocks, and then encrypt the non-repeated plaintext data blocks into ciphertext data blocks for storage.

[0042] Compared with DaE, DbE has many natural advantages. First of all, since DbE first deletes the plaintext data block first, DbE can use a content-independent key to encrypt each non-repeated plaintext data block (see 1) as in traditional symmetric encryption, so that it will not affect the data encryption. Do redeletion. This avoids the nee...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention is applicable to the field of large-scale data management technology improvement, and provides a trusted execution protection-based secure re-deletion storage system with re-deletion first and then encryption, which comprises a client, a data channel, a control channel and a cloud server, the client is connected with the cloud server through the data channel and the control channel, and the client is connected with the cloud server through the data channel and the control channel. The enclave is used for a user to upload own plaintext data blocks to the cloud through a data channel; the cloud server is used for maintaining a global fingerprint index to track data blocks stored by all clients, removing repeated data blocks in an enclave, encrypting non-repeated plaintext data blocks and finally storing ciphertext data blocks in a storage pool; the data channel is used for transmitting a plaintext data block initiated by a client, and the control channel is used for transmitting a stored related operation command. According to the system, the storage efficiency is effectively improved, and the performance is optimized. The system is simple in structure, and the system overhead is greatly saved.

Description

technical field [0001] The invention belongs to the technical improvement field of large-scale data management, and in particular relates to a secure deduplication storage system based on trusted execution protection which first deduplicates and then encrypts. Background technique [0002] In the face of rapid data growth, storing data on public cloud services provides a viable low-overhead, large-scale data management solution [1] . To prevent data privacy breaches, customers often demand end-to-end encryption protection so that their data is encrypted before being stored in an untrusted public cloud [2] . However, because the traditional symmetric encryption algorithm causes each user to use a different key to encrypt their own data, resulting in different encrypted data for data from different users, cross-user data deduplication is not supported. [0003] There are many studies in the literature on how to seamlessly combine encryption algorithms and data deduplication...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F3/06G06F16/215G06F16/22G06F16/2455G06F21/60
CPCG06F3/061G06F3/0614G06F3/0641G06F3/0643G06F16/215G06F16/2255G06F16/2455G06F21/602
Inventor 杨祚儒李经纬李柏晴
Owner 云链网科技(广东)有限公司