KR20170049700A - Cloud system for storing secure data and method thereof - Google Patents
Cloud system for storing secure data and method thereof Download PDFInfo
- Publication number
- KR20170049700A KR20170049700A KR1020150149590A KR20150149590A KR20170049700A KR 20170049700 A KR20170049700 A KR 20170049700A KR 1020150149590 A KR1020150149590 A KR 1020150149590A KR 20150149590 A KR20150149590 A KR 20150149590A KR 20170049700 A KR20170049700 A KR 20170049700A
- Authority
- KR
- South Korea
- Prior art keywords
- data
- user terminal
- metadata
- server
- stored
- Prior art date
Links
Images
Classifications
-
- G06F17/30156—
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
- G06F11/1453—Management of the data involved in backup or backup restore using de-duplication of the data
-
- G06F17/30174—
-
- G06F17/30997—
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Quality & Reliability (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The exemplary embodiment of the present invention provides a metadata server that determines whether data is duplicated using metadata of uploaded data and transmits the duplicated data to a user terminal, and receives the duplicated data from the user terminal and verifies the duplicated data, And a storage server for storing data. Therefore, by verifying data transmitted to the information storage server, it is possible to reduce a number of communication times, a calculation amount, and a traffic amount of communication data generated in the process of storing cryptographic data, and reduce the risk of data contamination.
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cloud system for storing cryptographic data, and more particularly, to a cloud system and method in which cryptographic data is deduplicated and stored.
Recently, demand for cloud storage has increased and many studies are underway. With the development of IT technology, many kinds of devices are being used, and most of the devices are connected to the network. In the environment using existing local storage space, it is changing to store the data of the device in the cloud story using the network in recent years, or to integrate and manage the digital document and information of the enterprise. Cloud storage is largely classified as a private cloud and a public cloud, both of which use data storage in physical storage. As the amount of data stored increases, the number and amount of physical storage devices required increases, which is a costly problem for the cloud environment used by a large number of users. Many researches have been conducted to improve the data storage space efficiency of cloud storage. When many companies and researchers store the same data repeatedly, the actual storage space of the data can be reduced by referring to the originally stored data, rather than allocating space as many times as the number of requests, thereby reducing the maintenance cost of the cloud storage environment.
On the other hand, a technique for preventing repeated storage of data is called a data de-duplication technique. A method for preventing repeated storage of data proceeds in various manners, but a basic operation is performed by comparing previously stored data with newly stored data to determine whether or not the same data is stored. The method of comparing the stored data proceeds through a linear comparison, but the larger the size of the data, the slower the comparison speed of the data becomes.
As a unit for comparing data redundancy, there is a file unit comparison and a block unit comparison. The file-by-file comparison is a method of comparing data of a file unit as a single object, so that even if only one bit of data of two files is recognized as a different file, duplication is not performed. Therefore, the deduplication efficiency is low. However, because the size of a file can be as large as a single file, the deduplication processing speed is very fast. On the other hand, a method of dividing a single file into blocks is also used. In this method, a file is divided into blocks of a certain size and used as one object. The advantage of this method is that even if some of the original files of the two files are different, the duplication is more efficient than the file-by-file comparison method because the two files are individually blocked and only the same part is removed. However, in this method, since a file is divided into a plurality of blocks and each block undergoes a comparison process, the deduplication rate is slower than the deduplication per file unit.
Also, it can be classified into two types depending on the position of deduplication. Data deduplication typically involves deduplicating the original files by sending them to the cloud storage. This method is called a target deduplication method and since the original file is transferred to the cloud storage as it is, the user terminal does not require a deduplication operation. Also, since the hardware processing performance of cloud storage is generally higher than that of an individual user, the processing speed for de-duplication is fast. However, because data sources are transported to cloud storage, there is a lot of data communication traffic. On the other hand, a method of transferring the data to the cloud storage by processing the deduplication at the user's terminal may be used. In this method, data de-duplication is performed at the user's terminal to transmit only the non-duplicated data to the cloud storage. Therefore, data communication traffic is less than the target deduplication method. However, as described above, since the processing performance of the personal user terminal is lower than that of the hardware of the cloud storage, it may take a long time in the deduplication process and a heavy load may be generated on the user's terminal.
On the other hand, information leakage may occur due to internal and external factors of providers of cloud storage. If the information stored in the cloud storage is plain unencrypted, the contents of the leaked data can be fully known. Therefore, it is necessary to encrypt the data stored in the cloud storage. A simple encryption scheme is a technique in which different ciphertexts are generated according to the encryption key possessed by the encrypting subject even if the original text is the same. On the other hand, the data de-duplication technique is a technique of comparing two data to judge whether or not they are the same data. Therefore, even if the original data is the same, different ciphers are different from each other. Various encryption methods and communication methods are applied for this purpose. In this process, there arises a problem that a large number of communications and calculation are performed.
In addition, if integrity is not guaranteed because the verification procedure of the data stored in the cloud storage is not included, the data corresponding to the metadata by the third party different from the stored data and the data actually stored may be different from the data corresponding to the metadata There is a risk of contamination where the problem of getting stolen, corrupted, or malicious code is acquired.
SUMMARY OF THE INVENTION An object of the present invention is to provide an encryption data deduplication storage method which improves the communication method and communication data and has a relatively small number of communication and a calculation amount.
The exemplary embodiment of the present invention provides a metadata server that determines whether data is duplicated using metadata of uploaded data and transmits the duplicated data to a user terminal, and receives the duplicated data from the user terminal and verifies the duplicated data, And a storage server for storing data.
The metadata server may generate and transmit a unique session key for encrypting the data to the user terminal.
The metadata server decrypts the data encrypted with the session key and can read whether or not the data is duplicated with the stored metadata.
The metadata server may generate an unsaved data list and a signature value of the data list and transmit the generated signature list to the user terminal.
The storage server may receive the data block of the unsaved data list from the user terminal, process the data block, and compare the data block with the signature value.
The metadata server receives the signature value of the storage server and can generate and store metadata of the file from the signature value.
Data transmission between the user terminal and the metadata server may be performed through a hash value.
According to another embodiment of the present invention, there is provided a method for receiving a hash value of encrypted data from a user terminal and performing deduplication with previously stored data, receiving a duplicated data block generated from the duplicated data list from the user terminal, And synchronizing the stored data blocks. The present invention also provides a method for deduplicating and storing encrypted data in a cloud system.
And generating and transmitting a unique session key for encrypting the data to the user terminal before the deduplication step.
The deduplication step may decrypt the data encrypted with the session key and read the duplication with the stored metadata.
In the deduplication step, deduplication may be performed to generate an unsaved data list and a signature value of the data list, and transmit the unsigned data list and the signature value to the user terminal.
The storing may include receiving a data block of the unsaved data list from the user terminal, processing the data block, and comparing the data block with the signature value.
The synchronizing step may generate and store metadata of a file from the signature value.
As described above, the cloud system according to the present invention distinguishes between a metadata server and an information storage server, determines whether the meta data server is duplicated, and transmits only data that is not duplicated to the information storage server. Also, by verifying data transmitted to the information storage server, it is possible to reduce a number of communication times, a calculation amount, and a traffic amount of communication data generated in the process of storing encrypted data, and reduce the risk of data contamination.
FIG. 1 is a block diagram illustrating a system for redundantly storing encrypted data according to an embodiment of the present invention. Referring to FIG.
FIG. 2 is a diagram illustrating a method of Convergent Encryption (CE) technology according to an embodiment of the present invention.
3 is a diagram illustrating a structure of metadata according to an embodiment of the present invention.
4 is a flowchart showing a deduplication / storage method according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "electrically connected" with another part in between .
Throughout the specification, when an element is referred to as "comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. Also, the terms " part, "" module," and " module ", etc. in the specification mean a unit for processing at least one function or operation and may be implemented by hardware or software or a combination of hardware and software have.
The cloud system for duplicating and storing password data of the present invention is based on a metadata server and an information storage server. In order to compare and remove the encrypted data, the user communicates with the metadata server and has a procedure of uploading the corresponding file to the information storage server based on the result of communication with the metadata server.
Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the accompanying drawings.
1 is a block diagram illustrating a
Referring to FIG. 1, a
At this time, the information transmission / reception of each of the
The
The
In addition, the
The
The
After issuing the session key, the
The
The
In FIG. 1, the
Hereinafter, specific symbols will be used to describe them.
Before describing the embodiments of the present invention, the symbols used in the following description are defined as follows.
*: Participating object (
:user , : Metadata Server, : Information storage server): Original file
: One-way hash function
: Duplicate Number of
: Not duplicated Number of
: All Number of
: Convergent Encryption Encryption Key to Encrypt
: Encrypted with
: Hash < / RTI >
: Consisting of a set of List of
: Duplicate removed
: Duplicate removed
:file Hash < / RTI >
:user Identifier
: Encrypted Set of
: The session key between the metadata server and the user
: * Symmetric key
: * Public key
: * Private key
: Encryption using key ** as an encryption key
: Decryption using key ** as decryption key
Figure 2 illustrates a method of the Convergent Encryption (CE) technology used in the
CE encryption method is the original file
The hash value obtained by hashing the hash algorithm in the hash module As a symmetric key, and calculates it as shown in Equation (1) by using an encryption key encrypted by the encryption module.[ Equation 1 ]
3 is a diagram illustrating a structure of metadata according to an embodiment of the present invention.
Referring to FIG. 3, the metadata stored in the
Specifically, as shown in Equation 2,
Hash .& Quot; (2 ) & quot ;
Also,
And uses CE to encrypt it. CE encryption is a specially generated encryption key To use a general symmetric key encryption scheme. The generation of the encryption key used at this time is calculated as shown in Equation (3).& Quot; (3 ) & quot ;
Encrypted using The ( CID ), and the hashed data List of .
Also,
List of And on , , To generate metadata.Hereinafter, with reference to FIG. 4, a description will be given of a method of deduplicating and storing encryption data between the
The embodiment includes an encryption and deduplication request step of the
In the
First, the
After confirming the user's identity from the identifier, the
Next, the
Next, the deduplication step of the
The deduplication step may include comparing the hash value of the cipher data transmitted from the
First, the
Next, the
& Quot; (4 ) & quot ;
Next, the
First, the
to the next,
And the signature value received from theAccordingly, the
The comparison operation procedure is shown in Equation (5).
& Quot; (5 ) & quot ;
If the two hash values are equal to each other as in Equation (5), the unsaved data is stored.
Finally, when the data is normally stored in the
The
The operation of the secret key is shown in Equation (6).
& Quot; (6 ) & quot ;
The
As described above, after confirming whether or not the data is duplicated through the metadata, the information is stored in the
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but is capable of numerous modifications and alterations without departing from the spirit or scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention as defined in the following claims. There will be.
100: Cloud system
110: Metadata server
200: user terminal
Claims (5)
A storage server for receiving the deduplicated data from the user terminal and for verifying the deduplicated data,
≪ / RTI >
Receiving and verifying and storing the deduplicated data block generated from the deduplicated data list from the user terminal, and
Synchronizing the stored data blocks
And storing the encrypted data in the storage medium.
Before the deduplication step
Further comprising generating and transmitting a unique session key for encrypting the data to the user terminal, and transmitting the generated session key to the user terminal.
Wherein the de-
And decrypting the encrypted data with the session key and reading the duplicated data with the stored metadata.
Wherein the de-
And generating a signature value of the unlisted data list and the data list and transmitting the generated signature list to the user terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150149590A KR101790757B1 (en) | 2015-10-27 | 2015-10-27 | Cloud system for storing secure data and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150149590A KR101790757B1 (en) | 2015-10-27 | 2015-10-27 | Cloud system for storing secure data and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170049700A true KR20170049700A (en) | 2017-05-11 |
KR101790757B1 KR101790757B1 (en) | 2017-10-27 |
Family
ID=58741997
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150149590A KR101790757B1 (en) | 2015-10-27 | 2015-10-27 | Cloud system for storing secure data and method thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101790757B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190044264A (en) * | 2017-10-20 | 2019-04-30 | 김남희 | Good restaurant information providing system |
-
2015
- 2015-10-27 KR KR1020150149590A patent/KR101790757B1/en active IP Right Grant
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190044264A (en) * | 2017-10-20 | 2019-04-30 | 김남희 | Good restaurant information providing system |
Also Published As
Publication number | Publication date |
---|---|
KR101790757B1 (en) | 2017-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11108753B2 (en) | Securing files using per-file key encryption | |
US10877850B2 (en) | Systems and methods of transmitting data | |
EP3062261B1 (en) | Community-based de-duplication for encrypted data | |
US8892866B2 (en) | Secure cloud storage and synchronization systems and methods | |
CN106453612B (en) | A kind of storage of data and shared system | |
US10685141B2 (en) | Method for storing data blocks from client devices to a cloud storage system | |
KR102450295B1 (en) | Method and apparatus for deduplication of encrypted data | |
KR101285281B1 (en) | Security system and its security method for self-organization storage | |
EP3235163B1 (en) | De-duplication of encrypted data | |
Yan et al. | A scheme to manage encrypted data storage with deduplication in cloud | |
CN104852949A (en) | Cloud storage data management method and system based on hybrid encryption mechanism | |
CN103731423A (en) | Safe method for repeated data deleting | |
CN109787747B (en) | Anti-quantum-computation multi-encryption cloud storage method and system based on multiple asymmetric key pools | |
KR101790757B1 (en) | Cloud system for storing secure data and method thereof | |
CN109787965B (en) | Quantum computing resistant cloud storage method and system based on multiple asymmetric key pools | |
CN104683113A (en) | Security storage method based on data encryption | |
CN104660720A (en) | Security storage method based on identity authentication | |
CN117061126A (en) | System and method for managing encryption and decryption of cloud disk files | |
Gaikwad et al. | Journal homepage: http://www. journalijar. com INTERNATIONAL JOURNAL OF ADVANCED RESEARCH RESEARCH ARTICLE |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |