CN102984146A - Data management method for cloud computing - Google Patents
Data management method for cloud computing Download PDFInfo
- Publication number
- CN102984146A CN102984146A CN2012104802661A CN201210480266A CN102984146A CN 102984146 A CN102984146 A CN 102984146A CN 2012104802661 A CN2012104802661 A CN 2012104802661A CN 201210480266 A CN201210480266 A CN 201210480266A CN 102984146 A CN102984146 A CN 102984146A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- virtual machine
- monitor
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of cloud computing, and provides a data management method applicable to cloud computing. The data management method comprises uploading, storage, computing and destroying. The data uploading comprises establishing a credible channel with a virtual machine monitor on a server, and the server uses the virtual machine monitor to respond to user requests. According to the data management method for cloud computing, user data and keys in clear text forms can be guaranteed not to exist anywhere at a cloud server, traceable attacks are prevented, and data safety is guaranteed.
Description
Technical field
The invention belongs to the cloud computing technology field, be specifically related in the public cloud computing environment problem of secure data area and solution.
Background technology
Cloud computing is as one of following IT industry major technique trend, and its market potential is considerably beyond Web 2.0 concepts.But cloud computing offers a plurality of users with the form of serving by the internet with the IT resource of a large amount of scales.By the high efficient and flexible scheduling for the large-scale calculations resource; fortune is calculated can provide the as required calculation services of dynamic capacity-expanding and contraction for the user; for the cloud computing service merchant provides huge priority scheduling of resource space, farthest reduce cost with the scale effect simultaneously.
In the public cloud computing environment, data security mainly contains following four problems:
1. in the public cloud computing environment, the user worries that the privacy of its data can be subject to coming from the infringement of cloud service merchant, other clouds user or network hacker, can lose the controls such as establishment, propagation and destruction to data.
2. Intel Virtualization Technology and virtual machine dynamic migration are the core technologies in the cloud computing, are used for the computational resource dynamic dispatching.The complexity of virtual machine (vm) migration process and dynamic have brought the unit Data Protection Technologies not have chlamydate potential safety hazard to system.
3. as the core of cloud computing software layer, the volume of monitor of virtual machine itself is just in explosive increase, and the potential safety hazard of itself just becomes increasingly conspicuous.In case monitor of virtual machine is broken, all virtual machines on upper strata and user data are wherein controlled victim.
4. cloud computing server exists by direct contact and attack to hardware, for example bus and probe the memory, even exist the assailant with the possibility of the normal hardware of hardware replacement that is tampered.
For the data security of coming the public cloud environment and power control data problem; the Dissolver system combines the safety of monitor of virtual machine and strengthens and reliable computing technology; propose user data and destroyed omnidistance privacy protecting at the Cloud Server end from being created to, and provide the user to force as required to destroy system's support of the data in cloud.The data protection dynamics of Dissolver system is whole process, comprises executable code and the data of process.In the situation of the physical attacks that is not subject to directly contacting hardware, all oneself is successfully invaded even the Dissolver system can guarantee operating system and upper layer software (applications), and user data beyond the clouds yet can illegally not read or distort.
For the safety problem of user data when the virtual machine (vm) migration; the feasibility of safe migration of data and possible potential safety hazard wherein; the present invention has designed the safety transfer agreement; realized the PALM prototype system, guaranteed shielded user data and still keep its privacy and integrality in virtual machine dynamic migration process and after the migration.
Summary of the invention
The invention provides a kind of method that is applicable to the data safety management of cloud computing, comprise the uploading of data, storage, computing and destroy four-stage.
Wherein uploading data comprise for server on monitor of virtual machine set up trusted channel, server end is by the request of monitor of virtual machine relative users.Between user and the virtual machine according to the session key of determining, generated the timestamp Nollce of a pile RSA unsymmetrical key and 160 bits by the user, then the user sends an integrality verification request to Cloud Server, comprises timestamp Nollce and RSA PKI.Server response user comprises by session key Ksession of monitor of virtual machine generation, user time is stabbed Nonce, client public key and session key Ksession one reinstate the cryptographic Hash that the SHAI Hash calculation obtains 160 bits; Then, monitor of virtual machine calls the quote instruction of TPM, and this cryptographic Hash is imported into as parameter, obtains one with the quote testimony of TPM private key signature; Monitor of virtual machine is encrypted session key K session with client public key, and sends to the user together with the certificate of quote testimony and CA.After the user receives the answer of server end, can be on the CA of trusted third party the legitimacy of the certificate of authentication server; After the affirmation, can with in the certificate with PKI quote added the testimony bag verify, the signature that the really TPM of affirmation does; After reaffirming, the user just can check the PCR value of server end, confirms whether the monitor of virtual machine version of current operation is correct and complete.After reaffirming, the user can untie the session key packet with RSA private key SKU, obtains Ksession.Then the user with the SHAI algorithm confirm server do Nonce, the PKU of Hash and Ksession whether with oneself coupling; If can mate, illustrate that then this communication is not subject to man-in-the-middle attack.Data destroying be when the data life span reaches the user and specifies in limited time, and the user sends order and shows and inform that Dissolver carries out when prolonging the data life span.
Description of drawings
Fig. 1 is the life cycle of user data in cloud.
Fig. 2 is long-range testimony and the Handshake Protocol of the monitor of virtual machine of user and server end.
Fig. 3 is the life cycle of application program on server.
Embodiment
User data may exist with static storage or two kinds of forms of dynamic calculation at the Cloud Server end.When static storage, data may be copied many parts in order to fault-tolerant disaster tolerance; When dynamic operation, data may be present in the media such as internal memory, network or disk buffering.We with user data from uploading to high in the clouds to destroying the life cycle be called a piece of data fully.In the whole life cycle of data, its privacy may be subject to the threat of many aspects.
The user data lifecycle management refers to uploading of data, storage, and computing, and destroy, as shown in Figure 1.The below will introduce respectively this four management phases.At first, we need to introduce several communication entities, comprise the user, believable monitor of virtual machine, and intermediate layer.Telex network needed through some intermediate layers before arriving monitor of virtual machine, comprised the operating system and the upper strata tool software that move on intermediate network node and the destination server.These intermediate layers are incredible, thereby communicating by letter between user and the monitor of virtual machine need to be protected with encrypting.
Cloud Server need to be measured the software that starts by reliable computing technology in start-up course.Different from the credible calculating of tradition, Dissolver only need to guarantee the integrality of monitor of virtual machine, and do not require tolerance monitor of virtual machine after the startup software, because in threatening model, software layer on the monitor of virtual machine is incredible, its whether complete running that does not have influence on the Dissolver system.Cloud Server needs the metric of BIOS, GRUB and monitor of virtual machine is deposited among the PCR of TPM chip after start, after can be used to when making long-range testimony to the user.
The user at first need with server on monitor of virtual machine set up the trusted communications passage, then could upload the data to safely high in the clouds.Fig. 2 has described the agreement that secured communication channel is set up, and after Handshake Protocol is carried out, can decide through consultation the only session key known of both sides between user and the virtual machine.At first, the user need to generate the timestamp Nollce of a pair of RSA unsymmetrical key and 160 bits.In the first step, the user sends an integrality verification request to Cloud Server, wherein comprises timestamp Nollce and RSA PKI PK
U
Server end is by monitor of virtual machine response user request.At first, monitor of virtual machine generates a session key Ksession, and user time is stabbed Nonce, client public key PK
UAnd session key Ksession one reinstates the cryptographic Hash that the SHAI Hash calculation obtains 160 bits.Then, monitor of virtual machine calls the quote instruction of TPM, and this cryptographic Hash is imported into as parameter, obtains one with the quote testimony of TPM private key signature.Monitor of virtual machine is encrypted session key K session with client public key, and sends to the user together with the certificate of quote testimony and CA.
After the user receives the answer of server end, can be on the CA of trusted third party the legitimacy of the certificate of authentication server.After the affirmation, can with in the certificate with PKI quote added the testimony bag verify, the signature that the really TPM of affirmation does.After reaffirming, the user just can check the PCR value of server end, confirms whether the monitor of virtual machine version of current operation is correct and complete.After reaffirming, the user can untie the session key packet with RSA private key SKU, obtains Ksession.Then the user with the SHAI algorithm confirm server do Nonce, the PKU of Hash and Ksession whether with oneself coupling.If can mate, illustrate that then this communication is not subject to man-in-the-middle attack.
The user needed before uploading data first with data encryption.In the framework of Dissolver, data protection is around application program and set of applications.Single application program or one group of application program can be carried out adopted part by a master, some executable files, and some data files form.
It is that a set of applications generates a pair of unsymmetrical key PK that the user at first needs
App/ SK
AppInstrument application programs and data file that the user at first uses Dissolver to provide are encrypted.Encryption Tool at first generates the AES symmetric key of 128 bit wides, then with this symmetric key executable file text and data file is encrypted.In order to protect the AES symmetric key, the previous application keys SK that generates of Encryption Tool
AppThe end of program file will be attached to after the AES key encryption.
Processing to the data file is more simple, and Encryption Tool is encrypted whole data file with AES key.
Fig. 2 has identified the command format of new application program registration.The user is with client public key PK
UProgram, log-in command, main program title, main program PKI PK
AppAnd pre-set programs life length session key K
SessionSend to monitor of virtual machine after two encryptions, executable file and data file after then will encrypting upload to Cloud Server.
In the storage server that in form passes to cloud of user data with ciphertext.For considerations such as disaster tolerance and maintenances, cloud service system may carry out multi-point backup with data.In addition, the internal staff of malice also may illegally copy user data.Yet because data are stored with encrypted form, these legal or illegal data copies can't cause the threat of data-privacy.
In the user program implementation, dynamic data protection and encryption and decryption are similar to the protection of program running space.In program operation process, the internal memory in its privately owned running space can not be by other processes and operating system access.Monitor of virtual machine has played the function served as bridge of exchanges data between operating system and consumer process.Reading of copies data done in the user memory space and write fashionablely in operating system, because operating system do not have access limit, monitor of virtual machine can replace operating system to do copy.When copies data arrived secret program internal memory space, monitor of virtual machine was used program corresponding A ES symmetric key data is decrypted, and program can normally be carried out computing to data like this.Otherwise from secret program internal memory space copies data during to the outside, for example when doing disk write operation, monitor of virtual machine can at first use AES key that data are encrypted.Like this, the user data that is stored on the memory device all is ciphertext.It should be noted that in addition we do not carry out encryption and decryption to 1/0 read-write of walking network, because probably do not observe simultaneously the data protection agreement of Dissolver by the both sides of network service.If we need the data-privacy protection at hypothesis, the program by network service need to be in program explicit adding encryption and decryption logic.
In the moment of user's appointment, executable file, data file, AES key and asymmetric public key PK that Dissolver two can be relevant with program
APPDestroy.Data destroying has two modes, and the firstth, reach time limit of user's appointment in the data life span, and the user does not send the explicit Dissolver of informing of order and prolongs the data life span; The secondth, the order of the explicit transmission data destroying of user is destroyed data before data reach the existence time limit.
Provided a user data among Fig. 3 from being generated to the example of destruction.In the t0 time, a user registers in Cloud Server.In t1 and t2 time, the user uploads respectively two groups of application programs and data.Among the figure, one limit during default existence when the dotted line representation program is uploaded.In the t3 time, the user had prolonged its life span to t5 with order before program groups 1 expires, after the t5 time arrives, and program groups 1 auto-destruct.For program groups 2, the user did not destroy it with order indication Dissolver before it also reaches default life span t4.
The present invention proposes the agreement that data-privacy management and oneself destroy; under protocol frame; realized the Dissolve prototype system based on Xen monitor of virtual machine and CHAOS Process Protection system; this system can guarantee can not obtained by the cloud person of internaling attack of malice with the plaintext form in whole life cycle the user; and after the time limit of appointment; the Cloud Server end all no longer have Anywhere expressly user data and a key of form, thereby taken precautions against the retrospective attack.
Claims (5)
1. data managing method that is used for cloud computing, comprise upload, storage, computing and destruction four-stage, it is characterized in that: uploading data comprise for server on monitor of virtual machine set up trusted channel, server end is by the request of monitor of virtual machine relative users.
2. data managing method as claimed in claim 1, between user and the virtual machine according to the session key of determining, generated the timestamp Nollce of a pile RSA unsymmetrical key and 160 bits by the user, then the user sends an integrality verification request to Cloud Server, comprises timestamp Nollce and RSA PKI.
3. data managing method as claimed in claim 2, wherein server response user comprises by session key Ksession of monitor of virtual machine generation, user time is stabbed Nonce, client public key and session key Ksession one reinstate the cryptographic Hash that the SHAI Hash calculation obtains 160 bits; Then, monitor of virtual machine calls the quote instruction of TPM, and this cryptographic Hash is imported into as parameter, obtains one with the quote testimony of TPM private key signature; Monitor of virtual machine is encrypted session key K session with client public key, and sends to the user together with the certificate of quote testimony and CA.
4. data managing method as claimed in claim 1, after the user receives the answer of server end, can be on the CA of trusted third party the legitimacy of the certificate of authentication server; After the affirmation, can with in the certificate with PKI quote added the testimony bag verify, the signature that the really TPM of affirmation does; After reaffirming, the user just can check the PCR value of server end, confirms whether the monitor of virtual machine version of current operation is correct and complete; After reaffirming, the user can untie the session key packet with RSA private key SKU, obtains Ksession; Then the user with the SHAI algorithm confirm server do Nonce, the PKU of Hash and Ksession whether with oneself coupling; If can mate, illustrate that then this communication is not subject to man-in-the-middle attack.
5. data managing method as claimed in claim 1, wherein data destroying be when the data life span reaches the user and specifies in limited time, and the user sends order and shows and inform that Dissolver carries out when prolonging the data life span.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104802661A CN102984146A (en) | 2012-11-23 | 2012-11-23 | Data management method for cloud computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104802661A CN102984146A (en) | 2012-11-23 | 2012-11-23 | Data management method for cloud computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102984146A true CN102984146A (en) | 2013-03-20 |
Family
ID=47857891
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012104802661A Pending CN102984146A (en) | 2012-11-23 | 2012-11-23 | Data management method for cloud computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102984146A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103607273A (en) * | 2013-07-18 | 2014-02-26 | 焦点科技股份有限公司 | Data file encryption and decryption method based on time limit control |
| CN104580188A (en) * | 2014-12-29 | 2015-04-29 | 中国科学院信息工程研究所 | Method and system for protecting root CA certificate in virtualization environment |
| CN104992087A (en) * | 2015-06-29 | 2015-10-21 | 鹿毅忠 | Innovative and creative data information processing method for mobile terminal and mobile terminal |
| CN105471843A (en) * | 2015-11-13 | 2016-04-06 | 上海斐讯数据通信技术有限公司 | Data processing method and system based cloud calculation |
| CN106027503A (en) * | 2016-05-09 | 2016-10-12 | 浪潮集团有限公司 | Cloud storage data encryption method based on TPM |
| US11533341B2 (en) * | 2015-02-04 | 2022-12-20 | Intel Corporation | Technologies for scalable security architecture of virtualized networks |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101674324A (en) * | 2009-09-23 | 2010-03-17 | 南京邮电大学 | Multiple-mobile-agent credible interaction method for information acquisition system in open network |
| US20120134495A1 (en) * | 2010-11-29 | 2012-05-31 | Beijing Z & W Technology Consulting Co., Ltd. | Cloud Storage Data Access Method, Apparatus and System Based on OTP |
| CN102710663A (en) * | 2012-06-21 | 2012-10-03 | 奇智软件(北京)有限公司 | Method and device for obtaining cloud service |
-
2012
- 2012-11-23 CN CN2012104802661A patent/CN102984146A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101674324A (en) * | 2009-09-23 | 2010-03-17 | 南京邮电大学 | Multiple-mobile-agent credible interaction method for information acquisition system in open network |
| US20120134495A1 (en) * | 2010-11-29 | 2012-05-31 | Beijing Z & W Technology Consulting Co., Ltd. | Cloud Storage Data Access Method, Apparatus and System Based on OTP |
| CN102710663A (en) * | 2012-06-21 | 2012-10-03 | 奇智软件(北京)有限公司 | Method and device for obtaining cloud service |
Non-Patent Citations (1)
| Title |
|---|
| 张逢喆等: "云计算中的数据隐私性保护与自我销毁", 《计算机研究与发展》, vol. 48, no. 7, 31 December 2011 (2011-12-31), pages 1155 - 1167 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103607273A (en) * | 2013-07-18 | 2014-02-26 | 焦点科技股份有限公司 | Data file encryption and decryption method based on time limit control |
| CN103607273B (en) * | 2013-07-18 | 2016-12-28 | 焦点科技股份有限公司 | A kind of data file encipher-decipher method controlled based on time limit |
| CN104580188A (en) * | 2014-12-29 | 2015-04-29 | 中国科学院信息工程研究所 | Method and system for protecting root CA certificate in virtualization environment |
| CN104580188B (en) * | 2014-12-29 | 2017-11-07 | 中国科学院信息工程研究所 | A kind of method and system of the protection root ca certificate in virtualized environment |
| US11533341B2 (en) * | 2015-02-04 | 2022-12-20 | Intel Corporation | Technologies for scalable security architecture of virtualized networks |
| CN104992087A (en) * | 2015-06-29 | 2015-10-21 | 鹿毅忠 | Innovative and creative data information processing method for mobile terminal and mobile terminal |
| CN105471843A (en) * | 2015-11-13 | 2016-04-06 | 上海斐讯数据通信技术有限公司 | Data processing method and system based cloud calculation |
| CN105471843B (en) * | 2015-11-13 | 2018-07-06 | 上海斐讯数据通信技术有限公司 | Data processing method and system based on cloud computing |
| CN106027503A (en) * | 2016-05-09 | 2016-10-12 | 浪潮集团有限公司 | Cloud storage data encryption method based on TPM |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10785019B2 (en) | Data transmission method and apparatus | |
| TWI701929B (en) | Cryptographic calculation, method for creating working key, cryptographic service platform and equipment | |
| US9380037B2 (en) | Methods and devices for trusted protocols for a non-secured, distributed environment with applications to virtualization and cloud-computing security and management | |
| CN110214440B (en) | Computing system, method for transmitting protected data and readable storage medium | |
| KR101894232B1 (en) | Method and apparatus for cloud-assisted cryptography | |
| EP2974120B1 (en) | Trusted data processing in the public cloud | |
| CN102271037B (en) | Based on the key protectors of online key | |
| US9703965B1 (en) | Secure containers for flexible credential protection in devices | |
| CA2864347C (en) | Cloud-based key management | |
| Bhattasali et al. | Secure and trusted cloud of things | |
| US20140112470A1 (en) | Method and system for key generation, backup, and migration based on trusted computing | |
| WO2014194494A1 (en) | Method, server, host and system for protecting data security | |
| Sugumaran et al. | An architecture for data security in cloud computing | |
| CN111008094B (en) | Data recovery method, device and system | |
| CN102984146A (en) | Data management method for cloud computing | |
| WO2021129003A1 (en) | Password management method and related device | |
| CN113556230B (en) | Data security transmission method, certificate related method, server, system and medium | |
| EP3292654B1 (en) | A security approach for storing credentials for offline use and copy-protected vault content in devices | |
| Muthurajan et al. | An elliptic curve based schnorr cloud security model in distributed environment | |
| Pradeep et al. | Survey on the key management for securing the cloud | |
| Hussien et al. | Scheme for ensuring data security on cloud data storage in a semi-trusted third party auditor | |
| Gupta et al. | Cloud security using encryption techniques | |
| Xiong et al. | Cloudsafe: Securing data processing within vulnerable virtualization environments in the cloud | |
| Darwish et al. | Privacy and security of cloud computing: a comprehensive review of techniques and challenges | |
| KR101069500B1 (en) | Method for processing secret data based on virtualization and trusted platform module in network system, and computer readable recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130320 |