An electronic information storage system based on a cloud platform and a method thereof

By constructing environmental fingerprints on a cloud platform and generating pseudo-random key sequences using a chaotic mapping model, the data is noise-enhanced and stored in a steganographic manner. This solves the security risks caused by the separation of data ownership and physical possession in cloud storage systems, realizes environmental binding protection and self-destruction mechanisms for data, and enhances the security and confidentiality of the data.

CN122204271APending Publication Date: 2026-06-12TONGLING VOCATIONAL & TECH COLLEGE

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
TONGLING VOCATIONAL & TECH COLLEGE
Filing Date
2026-03-03
Publication Date
2026-06-12

AI Technical Summary

Technical Problem

In existing cloud platform electronic information storage systems, the separation of data ownership and physical possession creates security vulnerabilities. Attackers can easily carry out illegal copying, snapshot interception, and cold start attacks. Furthermore, static encryption lacks concealment when facing full-disk forensic scanning and cannot effectively resist the risk of leakage caused by mirror theft and illegal migration.

Method used

By collecting physical feature data of the computing environment to construct a unique environmental fingerprint, using a chaotic mapping model to generate a pseudo-random key sequence, processing the data for noise and storing it in a steganographic manner, and combining real-time physical feature re-collection and dynamic decryption, the environmental binding protection and self-destruction mechanism of the data are realized.

Benefits of technology

It effectively resists data theft and mirroring in the cloud environment, ensures data self-destruction at the logical level, enhances data confidentiality and privacy, and improves the system's dynamic defense capabilities and robustness.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122204271A_ABST
    Figure CN122204271A_ABST
Patent Text Reader

Abstract

The application discloses a cloud platform-based electronic information storage system and a method thereof, and belongs to the technical field of cloud storage data security and information steganography, and comprises the following steps: collecting current computing environment physical characteristic data and constructing a unique corresponding environment fingerprint; inputting the environment fingerprint as an initial excitation factor into a chaotic mapping model to generate a chaotic key sequence; fragmenting electronic information and mixing the electronic information with the chaotic key sequence to generate a noise data segment, and writing the noise data segment into a storage space in a steganographic manner; when a reading request is responded, real-time physical characteristics are re-collected to regenerate a decryption sequence for restoration; if the environment is physically changed or is mirror copied, the decryption sequence is divergent due to inconsistent characteristics, data is automatically scrambled to realize self-destruction; and the application effectively solves the security pain point that data is easily stolen in a complete mirror image and is difficult to detect in a cloud environment through an environment binding protection mechanism.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of cloud storage data security and information steganography technology, specifically to an electronic information storage system and method based on a cloud platform. Background Technology

[0002] Currently, cloud platform electronic information storage systems mainly rely on virtualization technology and logical file systems for construction. Data exists in the form of logical objects, is managed through standard file indexes, and relies on static keys or logical access control mechanisms to ensure security. This architecture aims to achieve flexible resource scheduling through hardware and software decoupling, enabling data to be migrated, backed up, and stored independently of the underlying physical hardware, thereby adapting to the highly dynamic requirements of the cloud computing environment.

[0003] However, with the popularization of cloud-native environments and the evolution of attack methods, this architecture of separating data ownership from physical ownership has brought significant security risks. Logically abstracted storage methods allow attackers to easily perform illegal copying, snapshot capture, and cold start attacks on virtual machine images or storage volumes, and conduct offline analysis in remote environments without being detected. Meanwhile, existing static encrypted storage lacks concealment when facing full-disk forensic scans, and because it cannot detect physical changes in the operating environment, data can still be restored after leaving the original hardware environment, failing to effectively resist the risk of data leakage caused by image theft and illegal migration. Therefore, a solution is urgently needed to address the problems existing in current technologies.

[0004] The information disclosed in the background section is only intended to enhance the understanding of the background of this disclosure, and therefore may include information that does not constitute prior art known to those skilled in the art. Summary of the Invention

[0005] To address the aforementioned technical problems, this invention discloses an electronic information storage system and method based on a cloud platform. Specifically, the technical solution of this invention is as follows:

[0006] A cloud-based method for storing electronic information includes:

[0007] Collect physical characteristic data of the current computing environment;

[0008] The physical feature data is subjected to feature extraction and standardization to construct a unique corresponding environmental fingerprint;

[0009] The environmental fingerprint is used as an initial excitation factor and input into a preset chaotic mapping model. By utilizing the initial value sensitivity of the chaotic system, a pseudo-random chaotic key sequence is generated.

[0010] The electronic information to be stored is acquired, the electronic information is divided into multiple data segments, and each data segment is confused with the chaotic key sequence to generate noisy data segments.

[0011] The noisy data fragments are written into the storage space of the current computing environment in a steganographic manner to complete the silent persistence of electronic information;

[0012] In response to a request to read the electronic information, real-time physical feature data of the current computing environment is reacquired in real time, and a decryption sequence is regenerated based on the real-time physical feature data.

[0013] The decryption sequence is used to reverse-engineer the noisy data segment; if the current computing environment undergoes physical changes or mirroring, causing the real-time physical feature data to be inconsistent with the environmental fingerprint, the generated decryption sequence diverges, resulting in garbled data in the reverse-engineered data, thus achieving data self-destruction of electronic information.

[0014] Preferably, the physical characteristic data includes clock drift data of the computing unit, access latency jitter data of the storage unit, and path response time data of the network unit;

[0015] The method for constructing a unique corresponding environmental fingerprint includes:

[0016] The clock drift data, the access delay jitter data, and the path response time data are acquired respectively, and denoising and normalization processes are performed respectively to generate corresponding feature vectors;

[0017] The feature vectors are concatenated or combined to generate a high-dimensional feature matrix.

[0018] The high-dimensional feature matrix is ​​hash-mapped to generate a fixed-length binary sequence, and the binary sequence is marked as an environmental fingerprint.

[0019] The clock drift data reflects the physical deviation of the specific hardware crystal oscillator in the current computing environment, and the access latency jitter data reflects the contention state of the internal bus in the current computing environment.

[0020] Preferably, the chaotic mapping model is a high-dimensional hyperchaotic system model;

[0021] The method for generating pseudo-random chaotic key sequences includes:

[0022] The environmental fingerprint is broken down into multiple sub-fingerprint parameters;

[0023] Each sub-fingerprint parameter is mapped to the initial state value and control parameters of the high-dimensional hyperchaotic system model;

[0024] Iteratively run a high-dimensional hyperchaotic system model to generate a multi-path sequence of chaotic state values;

[0025] Quantization and sampling processes are performed on multiple chaotic state value sequences to synthesize a chaotic key sequence;

[0026] The generation process of the chaotic key sequence depends entirely on the environmental fingerprint, and the system does not statically store any decryption keys.

[0027] Preferably, the confusion operation is a reversible XOR operation or a modulo addition operation;

[0028] The method for generating noisy data fragments includes:

[0029] Based on the length of the data slice, a subsequence of the corresponding length is extracted from the chaotic key sequence and marked as a mask sequence;

[0030] The data fragments are XORed bit by bit with the mask sequence to generate noisy data fragments that mask the original semantic information.

[0031] The noisy data segments exhibit a uniform distribution in terms of statistical characteristics and are indistinguishable from random noise.

[0032] Preferably, the method for writing noisy data fragments into the storage space of the current computing environment in a steganographic manner includes:

[0033] Scan the current computing environment's file system to identify system log files, temporary cache files, and file system metadata retention fields;

[0034] Noisy data fragments are disguised as meaningless log entries and appended to the system log file;

[0035] Alternatively, fill the noisy data fragments into the metadata retention fields of the file system;

[0036] Alternatively, by utilizing the unallocated cluster space of the file system, noisy data fragments can be written directly to disk sectors, and the area can be marked as a bad sector or a system reserved area to avoid scanning by regular file indexes.

[0037] Preferably, the method for segmenting electronic information into multiple data fragments employs the Shamir threshold segmentation strategy;

[0038] The method further includes:

[0039] Set a threshold value, which represents the minimum number of data fragments required to recover electronic information;

[0040] The generated noisy data fragments are distributed and stored in different physical storage media or logical partitions in the current computing environment;

[0041] When a read request occurs, it will only proceed if the number of successfully decrypted and verified noisy data segments reaches a threshold. Only then will the electronic information reorganization operation be performed.

[0042] Preferably, a time dimension factor is also introduced in the process of constructing a unique environmental fingerprint;

[0043] The method further includes:

[0044] Obtain the current timestamp data, and use the timestamp data and the physical feature data together as input parameters for constructing the environmental fingerprint;

[0045] Set the key update cycle;

[0046] When the system runtime exceeds the key update cycle, a re-encryption process is automatically triggered: a new chaotic key sequence is generated using the latest timestamp data and real-time physical feature data, and the stored noisy data fragments are transcoded and updated to achieve dynamic mimicry defense of the data.

[0047] Preferably, the data self-destruction mechanism includes:

[0048] Calculate the feature difference degree between the real-time physical feature data and the original environmental fingerprint;

[0049] If the feature difference is greater than the preset fault tolerance threshold, the current computing environment is determined to be an illegal environment.

[0050] The decryption sequence generated at this point is unrelated to the original chaotic key sequence;

[0051] The noisy data fragments are processed using the unrelated decryption sequence to output a semantically meaningless random data stream, thereby destroying the information at the logical level without physical deletion.

[0052] A cloud-based electronic information storage system includes:

[0053] The environment perception module is configured to collect physical feature data of the current computing environment, and perform feature extraction and standardization processing on the physical feature data to construct a unique corresponding environment fingerprint;

[0054] The chaotic encryption module is configured to input the environmental fingerprint as an initial excitation factor into a preset chaotic mapping model to generate a pseudo-random chaotic key sequence.

[0055] The data obfuscation module is configured to acquire electronic information to be stored, divide the electronic information into multiple data fragments, and perform obfuscation operations on each data fragment with the chaotic key sequence to generate noisy data fragments.

[0056] The hidden storage module is configured to write the noisy data fragments into the storage space of the current computing environment in a steganographic manner;

[0057] The secure reading module is configured to respond to a data reading request by driving the environmental perception module to re-acquire real-time physical feature data and regenerate the decryption sequence to reverse-engineer the noisy data fragments. It also outputs garbled characters to achieve data self-destruction when environmental changes cause feature mismatch.

[0058] Compared with the prior art, the present invention has the following beneficial effects:

[0059] 1. This invention constructs a unique environmental fingerprint by collecting the physical characteristics of the computing environment through an environmental perception module, and uses this fingerprint as the source for generating the decryption key. This mechanism makes the survival of electronic information completely dependent on the current physical hardware environment. Once an attacker migrates data to an illegal environment through virtual machine image copying or hard disk cloning, the fingerprint will not match due to the change in physical characteristics, and the decryption sequence generated by the system will diverge, and the decrypted data will automatically become garbled. This logical-level data self-destruction mechanism effectively solves the security pain point that data in the cloud environment is easily stolen by complete image and is difficult to detect, and realizes environmental binding protection of data.

[0060] 2. This invention abandons the traditional static key storage method and adopts a high-dimensional hyperchaotic system model to generate keys in real time. The system uses environmental fingerprints as the initial excitation factor of the chaotic system, and combines the initial value sensitivity and pseudo-random characteristics of chaotic mapping to dynamically synthesize chaotic key sequences only when reading data. This means that there are no fixed decryption key files in the system, and attackers cannot obtain keys by scanning the disk. At the same time, the noisy data fragments are statistically uniformly distributed. Combined with the complex dynamic behavior of the hyperchaotic system, this greatly increases the computational complexity of brute-force attacks and known-plaintext attacks, ensuring the confidentiality of cloud-stored data.

[0061] 3. This invention innovatively introduces a covert storage module, which disguises encrypted, noisy data fragments as system logs, fills them into file system metadata reserved fields, or writes them into disk sectors marked as bad sectors. This steganography method circumvents the indexing mechanism of conventional file systems, making sensitive data completely invisible in the file directory structure. For external intruders or forensic tools, the stored data only appears as meaningless system noise or damaged areas, making it difficult to locate the specific location of the data entity. This not only achieves covert data storage but also effectively interferes with scanning and reconnaissance activities targeting cloud storage systems.

[0062] 4. This invention enhances the dynamic defense capability and robustness of the system by introducing a time dimension factor and a Shamir threshold segmentation strategy. The system sets a key update cycle and periodically triggers re-encryption by combining real-time timestamps and physical characteristics, realizing dynamic mimicry defense of data and making data snapshots stolen in the past quickly invalid. At the same time, by using threshold segmentation to disperse data across different media, information can be reassembled as long as the minimum number of fragments is met. This design not only ensures the recoverability of data when some nodes fail or are attacked, but also increases the cost for attackers to hold valid data for a long time through periodic dynamic changes. Attached Figure Description

[0063] The present invention will be further explained below with reference to the accompanying drawings and embodiments:

[0064] Figure 1 This is a flowchart of the method of the present invention.

[0065] Figure 2 This is a system structure diagram of the present invention. Detailed Implementation

[0066] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to specific embodiments.

[0067] Example 1:

[0068] Please see Figure 1 A method for storing electronic information based on a cloud platform, comprising:

[0069] Collect physical characteristic data of the current computing environment;

[0070] Feature extraction and standardization are performed on physical feature data to construct a unique environmental fingerprint;

[0071] The environmental fingerprint is used as the initial excitation factor and input into the preset chaotic mapping model. By utilizing the initial value sensitivity of the chaotic system, a pseudo-random chaotic key sequence is generated.

[0072] The electronic information to be stored is obtained, the electronic information is divided into multiple data segments, and each data segment is confused with a chaotic key sequence to generate noisy data fragments.

[0073] Noisy data fragments are written into the storage space of the current computing environment in a steganographic manner, thus completing the silent persistence of electronic information;

[0074] In response to a request to read electronic information, the system re-acquires real-time physical characteristic data of the current computing environment and regenerates the decryption sequence based on the real-time physical characteristic data.

[0075] The decryption sequence is used to reverse the restoration of noisy data segments. If the current computing environment undergoes physical changes or mirroring, resulting in inconsistencies between real-time physical feature data and environmental fingerprints, the generated decryption sequence will diverge, causing the reversed data to be garbled, thus achieving data self-destruction of electronic information.

[0076] This embodiment elaborates on the execution logic of the above-mentioned cloud platform-based electronic information storage method. This method aims to solve the security paradox caused by the separation of data ownership and physical ownership in existing cloud storage solutions. The system performs a physical feature acquisition step, and obtains the non-deterministic behavior data of the current computing environment, i.e. the virtual machine or physical server instance carrying the task, in a high-frequency sampling manner through the underlying instruction set such as the RDTSC instruction under the x86 architecture or kernel probe. These data constitute the physical anchors of the subsequent encryption process.

[0077] For highly virtualized or containerized cloud-native environments, if the system is restricted from directly calling underlying hardware instructions, it uses kernel-mode probes to obtain micro-time jitter of virtual CPU scheduling interrupts, latency fluctuations of memory bus contention between containers, or soft interrupt processing latency of virtual network interfaces as equivalent mapping entropy sources of underlying physical characteristics at the virtualization level. The collected physical characteristic data is then subjected to feature extraction and standardization. During this process, the system removes sudden system interrupt interference and uses the Z-score standardization method to map heterogeneous data to a unified dimension space. Then, a fixed-length binary sequence is generated through a hash algorithm to construct an environment fingerprint that uniquely identifies the current physical hardware environment.

[0078] The environmental fingerprint is used as an initial excitation factor input into a pre-defined chaotic mapping model. This model, as a deterministic nonlinear dynamic system, utilizes its extreme sensitivity to initial conditions to resolve the environmental fingerprint into initial state values ​​and iteratively generates a series of pseudo-random chaotic key sequences strictly determined by the fingerprint. Based on this, the system acquires the electronic information to be stored and divides it into multiple data slices. For each slice, the corresponding subsequence is extracted from the chaotic key sequence and a reversible confusion operation is performed to generate noisy data fragments that are statistically uniformly distributed and cannot be deconstructed by semantic analysis.

[0079] The system performs steganographic write operations without creating regular file system indexes. Instead, it uses existing redundant space or log structures to fill in the data, making the data invisible in the file explorer. In response to requests to read electronic information, the system must re-collect the real-time physical characteristic data of the current computing environment on-site and regenerate the decryption sequence. If the current computing environment undergoes physical changes or mirroring, causing the real-time physical characteristic data to be inconsistent with the original environment fingerprint, the generated decryption sequence will diverge due to the amplification effect of the chaotic system, resulting in garbled data when reversed and restored, thus logically achieving the self-destruction of electronic information data.

[0080] This embodiment constructs an environment-aware storage closed loop, achieving physical environment binding of data while maintaining physical control over the cloud service provider. In scenarios where attackers copy virtual machine images containing data to another server, the changes in the fingerprints acquired during re-collection will cause the decrypted data to be completely corrupted due to the inherent differences in micro-characteristics such as crystal oscillator frequency deviation between the new and original environments. This effectively mitigates the risks of cold start attacks and image theft. When legitimate cloud host hot migration or hardware upgrades are involved, the system provides an administrator authorization interface to prioritize triggering the fingerprint re-entry process and simultaneously update the base key cycle in the automatic re-encryption process.

[0081] Example 2:

[0082] Physical characteristic data includes clock drift data of computing units, access latency jitter data of storage units, and path response time data of network units;

[0083] Methods for constructing a unique environmental fingerprint include:

[0084] Clock drift data, access latency jitter data, and path response time data are acquired separately, and denoising and normalization processes are performed on them respectively to generate corresponding feature vectors.

[0085] The feature vectors are concatenated or combined to generate a high-dimensional feature matrix;

[0086] The high-dimensional feature matrix is ​​hash-mapped to generate a fixed-length binary sequence, which is then labeled as an environmental fingerprint.

[0087] Among them, clock drift data reflects the physical deviation of the specific hardware crystal oscillator in the current computing environment, and access latency jitter data reflects the contention state of the internal bus in the current computing environment.

[0088] This embodiment provides a detailed description of the composition of physical feature data and the fingerprint construction method. The system acquires three types of multi-source heterogeneous data: clock drift data from the CPU timestamp counter and the external reference time deviation, reflecting the physical non-cloning characteristics caused by the manufacturing tolerances of quartz crystals; access latency jitter data from continuous read response fluctuations to specific memory addresses, reflecting bus contention and voltage noise; and path response time data from the ICMP response sequence of network anchors. To convert the above unstable analog quantities into stable digital features, the system introduces a normalization mapping function to process the original data sequence, as shown in the following formula:

[0089]

[0090] in, These are the normalized feature components; These are the original physical characteristic measurements; This is the historical average. Standard deviation; This is a preset minimum value used to prevent calculation errors caused by a denominator of zero;

[0091] Specifically, the method for constructing the system baseline database is as follows: During the initialization phase of the system's first deployment, in a clean environment with no business load, raw physical characteristic data is continuously collected for 24 hours at a frequency of 1Hz; the calculation standard is to select the arithmetic mean of the data within this time window as the baseline. The standard deviation of the data is selected as the standard deviation of the data. This is to establish a benchmark model that reflects the inherent properties of the hardware; here and The historical mean and standard deviation of the data collected during the initialization phase are uniformly correlated;

[0092] In this process, regarding noise reduction, the system specifically employs a median filtering algorithm with a sliding window size of 5 to filter out impulse noise, and combines this with the Grubbs criterion to identify and remove outliers that deviate from the mean by more than 3 times the standard deviation, thereby ensuring the purity of the physical feature data. To eliminate the impact of physical measurement noise on the stability of subsequent hash operations, i.e., to solve the problem of the inability to recover the key in a legitimate environment due to the hash avalanche effect, the system introduces a fuzzy extractor mechanism after generating the high-dimensional feature matrix: it uses a fault-tolerant quantization algorithm, such as Gray code-based interval mapping, to convert floating-point feature values ​​into binary codes.

[0093] To overcome the shortcomings of insufficient disclosure, this embodiment clarifies the specific interval boundary division rules: each feature component is quantized as a 2-bit Gray code, and the set of judgment thresholds is defined as follows. That is, based on the quartiles of the standard normal distribution; define the input variable to be quantized. The normalized feature components obtained from the aforementioned calculations are defined as the quantized output as a binary sequence. The specific mapping function expression is shown in the formula:

[0094]

[0095] The above mapping function realizes the mapping of continuous normalized feature components. Discretize into Gray code; the specific logic is: when When, output binary sequence ;when When, output binary sequence ;when When outputting the binary sequence ;when When outputting the binary sequence ;

[0096] The threshold table ensures that the generation probability of each quantized value is approximately equal under a standard normal distribution, thereby maximizing the information entropy of the fingerprint. In this embodiment, the error correction coding adopts the BCH(255,131) standard parameters, where the code length is... Information bits Error correction ability ;in, This represents the total number of bits in the code block. The original number of information bits. The maximum number of error-correctable bits; where, This means that under this BCH encoding system, the maximum number of random error bits that the system can detect and automatically correct in any 255-bit codeword block is 15 bits. The system divides the quantized binary stream into 131-bit blocks, padding any insufficient bits with zeros, and uses BCH error correction coding to generate auxiliary verification data. When reconstructing the fingerprint, this auxiliary data is used to eliminate micro-noise jitter in the real-time acquired data, ensuring that the feature vector in a legal environment can be accurately restored to a consistent binary sequence.

[0097] The system concatenates the generated clock drift, memory jitter, and network response feature vectors to generate a high-dimensional feature matrix. Elements in the high-dimensional feature matrix are extracted in row-major order, and each floating-point feature value is converted into a 64-bit double-precision binary code stream according to the IEEE 754 standard. These are then concatenated into a single bit stream as input. The SHA-512 algorithm is used to compress and map this bit stream, generating a 512-bit hash digest. If the number of bits required for subsequent parameter mapping exceeds 512, the digest is read cyclically to generate a fixed-length binary sequence as the environmental fingerprint.

[0098] Example 3:

[0099] The chaotic mapping model is a high-dimensional hyperchaotic system model. The method for generating pseudo-random chaotic key sequences includes: decomposing the environmental fingerprint into multiple sub-fingerprint parameters; mapping each sub-fingerprint parameter to the initial state value and control parameters of the high-dimensional hyperchaotic system model; iteratively running the high-dimensional hyperchaotic system model to generate multiple chaotic state value sequences; quantizing and sampling the multiple chaotic state value sequences to synthesize a chaotic key sequence. The generation process of the chaotic key sequence depends entirely on the environmental fingerprint, and no decryption key is statically stored in the system.

[0100] This embodiment specifies the chaotic mapping model and key generation mechanism, and selects the four-dimensional hyperchaotic Chen system with complex phase space trajectory; the system performs parameter mapping steps to decompose the environmental fingerprint into multiple sub-fingerprint parameters, and uses these parameters to perturb the initial state values ​​and control parameters of the dynamic equation.

[0101] To ensure the system remains in a hyperchaotic state, rather than a periodic or convergent state, this embodiment defines a specific parameter mapping algorithm: the environmental fingerprint, i.e., the binary sequence, is divided into 32-bit groups, and subsequences corresponding to each control parameter are extracted and converted into unsigned integers; a valid hyperchaotic interval is set for the control parameters, for example: Using the linear mapping formula:

[0102]

[0103] in, Refers to the 32-bit unsigned integer value extracted and converted from the binary sequence of the environmental fingerprint; and These represent the lower and upper limits of the value range for the corresponding control parameters; the specific floating-point parameter values ​​are calculated respectively; and to address the potential implicit truncation of data types in the formulas, the formulas... The calculations must be performed according to floating-point logic to obtain the precise scaling factor within the interval; among which, for The total number of states corresponding to the unsigned integer bits is used to accurately map fingerprint fragments to the proportional space of control parameters;

[0104] For the additional four initial state values ​​required to start a high-dimensional hyperchaotic system, this embodiment defines the following parameter sources and mapping rules: The system sequentially slices the environmental fingerprint with a 32-bit step size, and defines the 6th, 7th, 8th, and 9th slices as sub-fingerprint slices. And respectively used as the input integers for generation; XOR operation is used. To ensure that the state vector of the hyperchaotic system falls within the attraction domain at startup and to avoid iterative divergence, all four state variables are set... The initial state values ​​all take values ​​within the normalized interval. Using the formula:

[0105]

[0106] The above formulas are respectively Independent assignments are performed to ensure that the initial state vector possesses sufficient randomness and discriminative power in the four-dimensional phase space; to avoid The four state variables suffer from dynamic degradation due to being trapped in a symmetric hyperplane because of identical initial values. The system sequentially extracts four non-overlapping 32-bit sub-slices from the environmental fingerprint as the initial excitation sources for each dimension. Normalization is then performed, which completes all nine independent parameters required for model startup and eliminates implementation obstacles caused by missing elements. The dynamic equation is defined as follows:

[0107] This set of dynamic equations is specifically a four-dimensional hyperchaotic Chen system model:

[0108]

[0109] in, The mappings obtained respectively are as follows: ,and The corresponding control parameters obtained from the mapping This ensures that all input fingerprint perturbation factors have a clear mathematical contribution to the dynamic equations;

[0110] The system employs a fourth-order Runge-Kutta algorithm to discretize and iteratively solve the above differential equations; the specific iterative formula is as follows:

[0111]

[0112] in, , A four-dimensional state vector The intermediate slope vector is calculated as follows:

[0113]

[0114] in, Let the time iteration step be denoted here. , representing the precision control variable for numerical integration; since this system is an autonomous system, the function does not explicitly contain time, therefore, in actual calculation... This involves substituting the current state vector into the derivative vector of the aforementioned dynamic equations; after completing the iteration, the system discards the previous... The results of round-by-round iterations are used to eliminate transient effects. The value is set to To ensure the chaotic trajectory fully enters the attraction domain; the generated floating-point state value sequence is quantized and sampled, and dimension fusion mapping is performed: for the first... The four-dimensional state vector generated in the next iteration defines an intermediate variable, namely, the algebraic sum of the state values ​​of each dimension, as the quantization input to preserve the dynamic characteristics of all dimensions; then, the fractional part features of the floating-point number are extracted through a specific quantization formula. For the first The fusion value of the four-dimensional state vector generated in the next iteration is defined as:

[0115]

[0116] The specific quantification formula is as follows:

[0117]

[0118] in, Represents the fusion value of the four-dimensional state vector The absolute value, The shift factor is used to extract low-order decimal features in floating-point numbers that are highly sensitive to initial values; in this quantization formula, the absolute value is taken. This is to handle the positive and negative fluctuations generated by system iteration and to uniformly map them to the positive number space; The selection is based on the extraction of low-order features in floating-point numbers that are extremely sensitive to initial values ​​after the decimal point, through large-multiple shifts; modulo... The calculation result will then be mapped to a byte to output 8-bit data.

[0119] This indicates the floor function. This indicates a modulo operation on 256 to generate 8-bit byte data; where, For the first A chaotic state value after fusion mapping The shift factor is used to eliminate high-order correlation and retain the lower decimal places, which are extremely sensitive to initial values. This formula is used to generate an 8-bit byte format key stream; through processing, the final chaotic key sequence is synthesized; in this process, the key generation is completely dynamic, and there is no statically stored key file in the system.

[0120] Example 4:

[0121] The confusion operation is a reversible XOR operation or modulo addition operation; the method for generating noisy data fragments includes: according to the length of the data fragment, extracting a subsequence of the corresponding length from the chaotic key sequence and marking it as a mask sequence; performing a bitwise XOR operation between the data fragment and the mask sequence to generate noisy data fragments that mask the original semantic information; wherein, the noisy data fragments exhibit a uniform distribution in statistical characteristics and are indistinguishable from random noise.

[0122] This embodiment details the process of obfuscation and generating noisy data. Based on the length of the original data slices, the system extracts a subsequence of the corresponding length from the real-time generated chaotic key sequence and marks it as a mask sequence. Streaming processing is then performed, breaking down the data slices and the mask sequence bit-by-bit. This operation leverages the reflexivity and computational efficiency of the XOR operation, as shown in the following formula:

[0123]

[0124] in, Noisy data segments, derived from computation results; The raw data is fragmented and originates from the information to be stored. The mask sequence originates from a chaotic system.

[0125] The generated noisy data fragments exhibit a uniform distribution in statistical characteristics, with entropy values ​​close to their maximum values, making them indistinguishable from random magnetic noise on a disk or uninitialized memory garbage to an uninformed person.

[0126] This embodiment uses XOR obfuscation through chaotic masks to give stored data extremely strong concealment. In scenarios where forensic analysts perform a full disk scan, the noisy data appears as meaningless random noise and cannot be identified as encrypted files or valid data. This gives the data holder a seemingly valid right of denial and hides the fact that the data exists.

[0127] Example 5:

[0128] Methods for writing noisy data fragments into the storage space of the current computing environment in a steganographic manner include: scanning the file system of the current computing environment to identify system log files, temporary cache files, and metadata reserved fields of the file system; approximating the noisy data fragments as meaningless log entries and writing them into the system log file; or filling the noisy data fragments into the metadata reserved fields of the file system; or using the unallocated cluster space of the file system to write the noisy data fragments directly into disk sectors and marking the area as bad sectors or system reserved areas to avoid scanning of regular file indexes.

[0129] This embodiment details various steganography strategies designed to circumvent regular file index scanning. The system scans the current computing environment's file system, identifying low-priority system log files, file system metadata reserved fields, or unallocated cluster space. The system can employ a log masquerading strategy, encoding noisy data fragments into seemingly legitimate hexadecimal error codes or debugging information and appending them to the log file; or it can employ a metadata filling strategy, using extended attribute areas that are not read by user-level applications for storage; furthermore, the system can also execute a bad sector masquerading strategy, using the file system API to directly locate unallocated cluster space on the disk, write the data, and then modify the file allocation table or bitmap to mark these clusters as bad clusters or system reserved areas. Through these operations, the data disappears at the file system level and no longer appears in the regular file explorer or index list.

[0130] This embodiment utilizes the redundancy features and underlying structure of the file system to achieve deep data hiding. When facing scans from antivirus software, data leakage prevention systems, or regular file indexing services, the scanning tool will automatically ignore these areas because the data is disguised as system logs or hidden in sectors marked as bad sectors, thus effectively avoiding detection of specific file formats or content.

[0131] Example 6:

[0132] In this embodiment, the method for segmenting electronic information into multiple data fragments adopts the Shamir threshold segmentation strategy. The method further includes: setting a threshold value, where the threshold value represents the minimum number of data fragments required to recover the electronic information; distributing the generated noisy data fragments across different physical storage media or logical partitions in the current computing environment; and, when a read request occurs, only when the number of successfully decrypted and verified noisy data fragments reaches the threshold value... Only then will the electronic information reorganization operation be performed.

[0133] This embodiment introduces the Shamir threshold segmentation strategy to improve system reliability; the system sets a threshold value, wherein, The total number of data shards. The minimum number of fragments required to recover electronic information;

[0134] The specific construction method of Shamir threshold segmentation is as follows: Construct a... Polynomial of degree:

[0135]

[0136] in, The electronic information to be protected is converted into a large integer, and it is required that... , For large prime numbers, this embodiment selects... A prime number greater than the maximum value of the data block, such as Or Mersenne primes; To from a finite field The coefficients are randomly selected from the data; calculation is performed. Projection points ,in, As data fragments, the system disperses the generated noisy data fragments across different physical storage media in the current computing environment, such as different mounted EBS volumes or different logical partitions. When a read request occurs, the system attempts to decrypt the fragments at each location. Only when the number of successfully decrypted and verified fragments reaches a certain threshold does the system perform electronic information reconstruction using the Lagrange interpolation formula. The specific reconstruction formula is as follows:

[0137]

[0138] in, For the summation operator, For multiplication operators, The threshold value; The representative of the participants in the reorganization calculation The coordinates of the projection points of each data slice; Representing the first The actual numerical content stored in each data segment; This represents the target piece coordinates corresponding to the current summation term; this formula can be used to calculate the coordinates of any... The original information can be recovered from each valid fragment; if some fragments are lost due to disk damage or log rotation, the data can still be fully recovered as long as the remaining number meets the threshold requirement.

[0139] This embodiment enhances the fault tolerance of the steganography system through threshold segmentation and distributed storage mechanisms. Even if some data disguised as logs is accidentally deleted by the system's automatic cleanup tool, the system can still reconstruct the original information using the remaining valid fragments, thus solving the data persistence risk that steganography may bring and ensuring high data availability.

[0140] Example 7:

[0141] A time dimension factor was also introduced in the process of constructing a unique environmental fingerprint;

[0142] The method further includes:

[0143] Obtain the current timestamp data, and use the timestamp data and the physical feature data together as input parameters for constructing the environmental fingerprint;

[0144] Set the key update cycle;

[0145] When the system runtime exceeds the key update cycle, a re-encryption process is automatically triggered: a new chaotic key sequence is generated using the latest timestamp data and real-time physical feature data, and the stored noisy data fragments are transcoded and updated to achieve dynamic mimicry defense of the data.

[0146] This embodiment introduces a time dimension factor to achieve dynamic mimicry defense of data. When constructing the environmental fingerprint, the system obtains the current timestamp data and uses it together with the physical feature data as input parameters, so that the input of the chaotic system changes dynamically with time. The system sets a key update cycle and starts a background process to monitor the running time. In response to the system running time exceeding the key update cycle, the re-encryption process is automatically triggered: the system decrypts the data using the old timestamp and environmental fingerprint, and immediately generates a new chaotic key sequence using the latest timestamp and real-time physical feature data; the data is re-encrypted and overwritten, so that the stored ciphertext form is continuously updated on the timeline.

[0147] This embodiment implements a rolling encryption mechanism by introducing a time factor, which gives the data forward security. In the scenario where an attacker intercepts a disk snapshot at a certain historical point in time, the data in the snapshot will not be able to be decrypted in the future because the timestamp on which the data encryption in the snapshot depends has expired and the instantaneous physical feature perturbation at that time cannot be obtained. This effectively resists data mining attacks targeting historical backups.

[0148] Example 8:

[0149] The mechanisms for data self-destruction include:

[0150] Calculate the feature difference degree between the real-time physical feature data and the original environmental fingerprint;

[0151] If the feature difference is greater than the preset fault tolerance threshold, the current computing environment is determined to be an illegal environment.

[0152] The decryption sequence generated at this point is unrelated to the original chaotic key sequence;

[0153] The noisy data fragments are processed using the unrelated decryption sequence to output a semantically meaningless random data stream, thereby destroying the information at the logical level without physical deletion.

[0154] This embodiment details the data self-destruction mechanism based on feature difference degree. During the reading phase, the system uses pre-stored error correction auxiliary data to attempt error correction on the real-time acquired physical feature data, and extracts the error vector generated during the decoding process to calculate the feature difference degree. The calculation formula is as follows:

[0155]

[0156] in, Summation operator; : The total number of physical feature categories involved in the calculation, i.e., the total dimension of the feature vectors after environmental fingerprint segmentation; feature difference scalar. It is a floating-point number, derived from weighted calculation, and its physical meaning is the degree of environmental change;

[0157] : No. Error vector segments corresponding to physical characteristics; the system decodes the BCH and outputs the total error vector, with a length of... The bits are logically segmented according to the splicing order and bit length of each physical feature during fingerprint construction, thereby extracting the bit relative to the error correction codeword. Binary error subsequence of each feature In this embodiment, each physical feature is quantized into a binary sequence of fixed length bits, and the total error vector output by BCH decoding is logically segmented into segments corresponding to each feature category.

[0158] : Represents the number of non-zero elements in the error vector, i.e., the number of bit flips; the number of bit flips for the corresponding segment is an integer;

[0159] Feature weight coefficients, derived from stability statistics during the system initialization phase, are calculated using the following formula:

[0160]

[0161] in, Here, we take the weight normalization coefficient. Maintain the original statistical proportions of the weights to ensure the accuracy of the physical meaning; in practical applications, adjustments can be made according to the importance of each feature. For the system during the initialization phase, the first Class features The sample variance calculated after hourly high-frequency sampling; weights Inversely proportional to variance, this means that physical features with higher temporal stability have a higher decision weight in environmental fingerprint matching. To prevent extremely small positive numbers with a denominator of zero, this weighting mechanism ensures that highly stable features dominate the difference determination.

[0162] To address the issue of irreversible hash fingerprints in illegal environments, which prevent the recovery of original features, this system employs a differential backtracking method based on error correction decoding: It utilizes stored fuzzy extractor auxiliary data and real-time acquired feature values ​​to calculate the adjoint equation, and then uses the Berlekamp-Massey algorithm to attempt to calculate the precise error vector. In this step, the system executes a hierarchical judgment strategy, prioritizing physical checks before logical checks: determining whether BCH decoding was successful; if the number of bit flips exceeds the physical error correction radius of the BCH code... If the decoding fails, the system will directly determine that the environment is illegal, will not perform subsequent difference calculations, and will directly output garbled characters.

[0163] Only when decoding is successful and the error vector is output Only under these circumstances does the system further extract the error subsequence. And calculate the feature difference degree according to the formula. The system will calculate the weighted difference. With floating-point threshold Perform numerical comparison; if Even if BCH decoding is successful, i.e., the number of bit errors does not exceed the limit but the weight of key features is too large, the system will still determine that the current environment is illegal and actively output garbled text; here A floating-point threshold, set based on a statistically safe range, is used for weighted difference determination; the legality of the system's final determination must simultaneously satisfy the weighted difference requirement. And the total number of bit errors is less than or equal to the error correction radius. If any judgment fails, the generated decryption sequence is independent of the original sequence, thus achieving information destruction at the logical level.

[0164] Example 9:

[0165] Please see Figure 2 An electronic information storage system based on a cloud platform includes: an environment sensing module configured to collect physical feature data of the current computing environment, and perform feature extraction and standardization processing on the physical feature data to construct a unique corresponding environment fingerprint; a chaotic encryption module configured to input the environment fingerprint as an initial excitation factor into a preset chaotic mapping model to generate a pseudo-random chaotic key sequence; a data obfuscation module configured to acquire the electronic information to be stored, divide the electronic information into multiple data fragments, and perform obfuscation operations on each data fragment with the chaotic key sequence to generate noisy data fragments; a hidden storage module configured to write the noisy data fragments into the storage space of the current computing environment in a steganographic manner; and a secure reading module configured to respond to data reading requests, drive the environment sensing module to re-collect real-time physical feature data, and regenerate the decryption sequence to reverse restore the noisy data fragments, and output garbled characters to achieve data self-destruction when environmental changes cause feature mismatch.

[0166] This embodiment constructs a system architecture for executing the above methods. Each module works collaboratively to achieve environment-aware storage. The environment-aware module acts as the system's sensor, running in kernel mode or high-privilege mode. It is responsible for executing low-level instructions to collect physical feature data and performing normalization and hash operations to output environment fingerprints. The chaotic encryption module has a built-in numerical integrator for a high-dimensional hyperchaotic system. It receives the environment fingerprint as a seed, uses a streaming computing architecture to output a high-frequency chaotic key sequence, and does not cache the generated keys. The data obfuscation module acts as a data processing pipeline, connecting business applications and underlying storage, and performing sharding and XOR operations. Simultaneously, the hidden storage module acts as an extension of the file system driver, responsible for parsing the file system structure, locating the end of log files or the metadata area to perform steganographic I / O operations. The secure read module acts as the system's gatekeeper, triggering environment re-verification during reading and containing difference calculation logic. It is responsible for silently outputting garbled characters when environment features do not match.

[0167] This embodiment achieves a strong binding between software logic and hardware features through modular system design, and constructs the core architecture of Virtual Physical Unclonable Function (vPUF). In cloud environment deployment scenarios, the system can transform general cloud servers into dedicated storage nodes with physical security boundaries, ensuring that data cannot logically exist apart from the physical hardware from which it was created.

[0168] It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and are not intended to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims

1. A method for storing electronic information based on a cloud platform, characterized in that, include: Collect physical characteristic data of the current computing environment; The physical feature data is subjected to feature extraction and standardization to construct a unique corresponding environmental fingerprint; The environmental fingerprint is used as an initial excitation factor and input into a preset chaotic mapping model. By utilizing the initial value sensitivity of the chaotic system, a pseudo-random chaotic key sequence is generated. The electronic information to be stored is acquired, the electronic information is divided into multiple data segments, and each data segment is confused with the chaotic key sequence to generate noisy data segments. The noisy data fragments are written into the storage space of the current computing environment in a steganographic manner to complete the silent persistence of electronic information; In response to a request to read the electronic information, real-time physical feature data of the current computing environment is reacquired in real time, and a decryption sequence is regenerated based on the real-time physical feature data. The decryption sequence is used to reverse-engineer the noisy data segment; if the current computing environment undergoes physical changes or mirroring, causing the real-time physical feature data to be inconsistent with the environmental fingerprint, the generated decryption sequence diverges, resulting in garbled data in the reverse-engineered data, thus achieving data self-destruction of electronic information.

2. The electronic information storage method based on a cloud platform according to claim 1, characterized in that, The physical characteristic data includes clock drift data of the computing unit, access latency jitter data of the storage unit, and path response time data of the network unit. The method for constructing a unique corresponding environmental fingerprint includes: The clock drift data, the access delay jitter data, and the path response time data are acquired respectively, and denoising and normalization processes are performed respectively to generate corresponding feature vectors; The feature vectors are concatenated or combined to generate a high-dimensional feature matrix. The high-dimensional feature matrix is ​​hash-mapped to generate a fixed-length binary sequence, and the binary sequence is marked as an environmental fingerprint. The clock drift data reflects the physical deviation of the specific hardware crystal oscillator in the current computing environment, and the access latency jitter data reflects the contention state of the internal bus in the current computing environment.

3. The electronic information storage method based on a cloud platform according to claim 2, characterized in that, The chaotic mapping model is a high-dimensional hyperchaotic system model; The method for generating pseudo-random chaotic key sequences includes: The environmental fingerprint is broken down into multiple sub-fingerprint parameters; Each sub-fingerprint parameter is mapped to the initial state value and control parameters of the high-dimensional hyperchaotic system model; Iteratively run a high-dimensional hyperchaotic system model to generate a multi-path sequence of chaotic state values; Quantization and sampling processes are performed on multiple chaotic state value sequences to synthesize a chaotic key sequence; The generation process of the chaotic key sequence depends entirely on the environmental fingerprint, and the system does not statically store any decryption keys.

4. The electronic information storage method based on a cloud platform according to claim 3, characterized in that, The confusion operation is a reversible XOR operation or a modulo addition operation; The method for generating noisy data fragments includes: Based on the length of the data slice, a subsequence of the corresponding length is extracted from the chaotic key sequence and marked as a mask sequence; The data fragments are XORed bit by bit with the mask sequence to generate noisy data fragments that mask the original semantic information. The noisy data segments exhibit a uniform distribution in terms of statistical characteristics and are indistinguishable from random noise.

5. The electronic information storage method based on a cloud platform according to claim 1, characterized in that, The method for writing noisy data fragments into the storage space of the current computing environment in a steganographic manner includes: Scan the current computing environment's file system to identify system log files, temporary cache files, and file system metadata retention fields; Noisy data fragments are disguised as meaningless log entries and appended to the system log file; Alternatively, fill the noisy data fragments into the metadata retention fields of the file system; Alternatively, by utilizing the unallocated cluster space of the file system, noisy data fragments can be written directly to disk sectors, and the area can be marked as a bad sector or a system reserved area to avoid scanning by regular file indexes.

6. The electronic information storage method based on a cloud platform according to claim 1, characterized in that, The method for segmenting electronic information into multiple data fragments adopts the Shamir threshold segmentation strategy. The method further includes: Set a threshold value, which represents the minimum number of data fragments required to recover electronic information; The generated noisy data fragments are distributed and stored in different physical storage media or logical partitions in the current computing environment; When a read request occurs, it will only proceed if the number of successfully decrypted and verified noisy data segments reaches a threshold. Only then will the electronic information reorganization operation be performed.

7. The electronic information storage method based on a cloud platform according to claim 1, characterized in that, The process of constructing a unique environmental fingerprint also incorporates a time dimension factor. The method further includes: Obtain the current timestamp data, and use the timestamp data and the physical feature data together as input parameters for constructing the environmental fingerprint; Set the key update cycle; When the system runtime exceeds the key update cycle, a re-encryption process is automatically triggered: a new chaotic key sequence is generated using the latest timestamp data and real-time physical feature data, and the stored noisy data fragments are transcoded and updated to achieve dynamic mimicry defense of the data.

8. The electronic information storage method based on a cloud platform according to claim 1, characterized in that, The data self-destruction mechanism includes: Calculate the feature difference degree between the real-time physical feature data and the original environmental fingerprint; If the feature difference is greater than the preset fault tolerance threshold, the current computing environment is determined to be an illegal environment. The decryption sequence generated at this point is unrelated to the original chaotic key sequence; The noisy data fragments are processed using the unrelated decryption sequence to output a semantically meaningless random data stream, thereby destroying the information at the logical level without physical deletion.

9. A cloud-based electronic information storage system, used to implement the cloud-based electronic information storage method as described in any one of claims 1-8, characterized in that, include: The environment perception module is configured to collect physical feature data of the current computing environment, and perform feature extraction and standardization processing on the physical feature data to construct a unique corresponding environment fingerprint; The chaotic encryption module is configured to input the environmental fingerprint as an initial excitation factor into a preset chaotic mapping model to generate a pseudo-random chaotic key sequence. The data obfuscation module is configured to acquire electronic information to be stored, divide the electronic information into multiple data fragments, and perform obfuscation operations on each data fragment with the chaotic key sequence to generate noisy data fragments. The hidden storage module is configured to write the noisy data fragments into the storage space of the current computing environment in a steganographic manner; The secure reading module is configured to respond to a data reading request by driving the environmental perception module to re-acquire real-time physical feature data and regenerate the decryption sequence to reverse-engineer the noisy data fragments. It also outputs garbled characters to achieve data self-destruction when environmental changes cause feature mismatch.