CN108683729A - A kind of environmental monitoring data safe storage system and method towards credible cloud - Google Patents
A kind of environmental monitoring data safe storage system and method towards credible cloud Download PDFInfo
- Publication number
- CN108683729A CN108683729A CN201810453258.5A CN201810453258A CN108683729A CN 108683729 A CN108683729 A CN 108683729A CN 201810453258 A CN201810453258 A CN 201810453258A CN 108683729 A CN108683729 A CN 108683729A
- Authority
- CN
- China
- Prior art keywords
- monitoring data
- user
- environmental monitoring
- node
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
The invention belongs to access, addressing or the distribution technique fields in storage system or architecture, disclose a kind of environmental monitoring data safe storage system and method towards credible cloud, each user corresponds to a con_ckb, is the conkeys for all containers that the user creates;User is needed to provide a user password User_key index of conckb, root node of the password as binary tree structure is derived from downwards child nodes by root node, left and right child node is calculated separately using hash algorithm SHA 256 in derivation history successively;Obtain index of the cryptographic Hash as con_key_box_slices of pth layer.The present invention realizes the prototype system of security mechanism;Calculating and the storage capacity for taking full advantage of cloud system, substantially increase the convenient degree that user uses, and user is not necessarily to voluntarily encryption, without relying on fixed client encryption and decryption.
Description
Technical field
The invention belongs to access, addressing or the distribution technique fields in storage system or architecture, more particularly to
A kind of environmental monitoring data safe storage system and method towards credible cloud.
Background technology
Currently, the prior art commonly used in the trade is such:With the arrival in Web2.0 epoch, got in people's life
Carry out more storage demand (picture, video, web mails, filing, backup of magnanimity etc.), the data come are createed in the whole world daily
Several hundred million growths is presented.It counts and shows according to IDC:Data between coming 10 years will increase by 44 times, will increase to the year two thousand twenty global metadata
35ZB is grown to, about 80% is unstructured data, and major part therein is inactive again.Under such demand driving,
Cloud storage service is come into being one by one for a kind of novel storage service, it grows up along with cloud computing, can be to use
Family or third-party application provide low cost, the storage resource of distribution according to need.Environmental monitoring data is that record designated area environment is each
The data of item index can carry out effective Feedback to the present situation and future trend of local environment and therefore pacify to these data
Full storage is very important, and current cloud storage service has been gradually introduced in the storage of environmental monitoring data, however
In the popularization and application of cloud storage service, safety becomes its current maximum obstacle.Cloud storage service provides storage to the user
Infrastructure and resource, full powers replace user to store and manage personal data this characteristics, make user to the number that is stored in the cloud
According to nourishing " sense out of control ".In addition high in the clouds safety accident takes place frequently in recent years, according to Ministry of Industry and Information in 2012 to Chinese public cloud service observation
Situation shows that user is exactly the safety and privacy concern of data to what the misgivings factor of cloud computing service ranked the first position, therefore protects
The personal secrets for protecting user data in cloud storage are most important.
In conclusion problem of the existing technology is:Cloud storage service has been gradually introduced environmental monitoring number at present
According to storage in, safety becomes current maximum obstacle, and user is made to nourish " sense out of control ", high in the clouds to the data being stored in the cloud
Safety accident takes place frequently,
Invention content
In view of the problems of the existing technology, the present invention provides a kind of environmental monitoring datas towards credible cloud to deposit safely
Storage system and method.
The invention is realized in this way a kind of environmental monitoring data method for secure storing towards credible cloud, it is described towards
The each user of environmental monitoring data method for secure storing of credible cloud corresponds to a con_ckb, is all of user establishment
The conkeys of containers;User is needed to provide a user password User_key, password conduct the index of conckb
The root node of binary tree structure derives from downwards child nodes by root node, hash algorithm SHA-256 is used in derivation history successively
To calculate separately left and right child node;Obtain index of the cryptographic Hash as con_key_box_slices of pth layer.
Further, in the environmental monitoring data method for secure storing towards credible cloud Swift by Ring from object
Data are specifically included to dummy node, then to the mapping between storage device:
The data structure of Ring is first provided, is the information list for each storage device for participating in the Ring first, record is each
Devid, zone, weight, IP of storage device:port、devicename、meta;Replica2part2dev_id, record
The corresponding storage devices of each Partition;Record the carry digit of Partition, part_shift;Followed by object data arrives
Dummy node:The dummy node that Ring is used is called Partition;The mapping of object data to dummy node is as follows:
md5('/account/container/object').digest())[0]>>self._part_shift;
Dummy node is to storage device:Partition ensures that storage device storage data quantity is equal to the mapping between storage device
Weighing apparatus;Storage device, which is found, for each Partition collects the Partition to be allocated, be denoted as (Parition_id,
replica_id);For each storage device, based on the Partition quantity that weight calculation should get, according to from more to less
Sequence;It is simultaneously Region, Zone, IP belonging to each device build oneself:port、Dev_id;Build whole hierarchical tree.
Further, the process of the mapping of the environmental monitoring data method for secure storing towards credible cloud is to store
Certain object data copy, first find store this object data minimum number layer;Most hungry storage is found in layer again
Equipment.
Further, the environmental monitoring data method for secure storing towards credible cloud specifically includes:Cryptographic Hash K (0,1)
First parameter i of=User_key, K (i, j) indicate that the level number of binary tree, second parameter j indicate the index in i-th layer
Number, as i=x, 1≤j≤2x;Then it obtains:
LeftCof ki,j=hash (k (i, j) | | (2*j) | | k (i, j))=k ((i+1), (2*j));
RightCof ki,j=hash (k (i, j) | | (2*j) | | k (i, j))=k ((i+1), (2*j));
Wherein | | | | it indicates connection, then passes through N=4 calculating, obtain 16 index values, make con_key_box_
The name of slice.Leftcof indicates that left connection, RightCof indicate that right connection, Hash indicate the cryptographic Hash of hash function
Another object of the present invention is to provide a kind of environmental monitoring data method for secure storing towards credible cloud
The environmental monitoring data safe storage system towards credible cloud, the environmental monitoring data secure storage system towards credible cloud
System includes:Client, server-side;
Swiftclient_module in client is responsible for providing PythonAPI, and swift provides the work(of command-line tool
Energy;
The code file under bin catalogues in server-side is the startup script of service processes;Code file under etc catalogues
It is the associated profile that service processes use;Swift catalogues are the core code of system, including agency service, tenant's management
Service, container management service, object environment monitoring data management service and public calling module.
Further, the environmental monitoring data safe storage system towards credible cloud is divided into three parts:Client, agency
Service node and memory node;
For client deployment on the local machine of service user, user passes through client operation environmental monitoring data;Generation
Agency service is run on reason service node, is the window that server-side externally services, is responsible for receiving the request of client, be closed
The authentication and authorization of method searches relative position of the environmental monitoring data on memory node, forwards the request to respective stored
Node makes corresponding failure handling simultaneously for failure, failure;Tenant's management service, container tube are run on memory node
Reason service and object environment monitoring data management service, are responsible for the management and storage of environmental monitoring data, operate in memory node
On finger daemon be responsible for the reliabilty and availability of guarantee environment monitoring data in systems.
Another object of the present invention is to provide the environmental monitoring data secure storages towards credible cloud described in a kind of application
The cloud storage service system of method.
In conclusion advantages of the present invention and good effect are:With the continuous growth of social demand, it is continuously created daily
The data bulk come is increased rapidly with exponential.In face of such storage demand, the cloud storage system of object-oriented provides good
Good solution, it be dedicated to concentrating provide to the user magnanimity, resilient expansion, the unstructured number of static state that persistence is high
According to storage service.But safety becomes the biggest obstacle during its popularization and application, safety of the user to data in cloud
Extremely worry with privacy, so the storage safety of protection user data is the premise of cloud storage service benign development.The present invention with
The Swift mechanism for the Openstack cloud operating systems increased income is prototype, it is proposed that a kind of to protect cloud using encryption and cutting techniques
The mechanism of environmental monitoring data storage safety is held, and realizes the prototype system of the security mechanism.The mechanism takes full advantage of cloud
The calculating of end system and storage capacity have provided the on-demand security mechanism used to the user, have substantially increased user and use just
Prompt degree, user are not necessarily to voluntarily encryption, without relying on fixed client encryption and decryption, only need to provide a user password UserJCey
It can be used the powerful efficient encryption function in high in the clouds and key management functions, user friendly strong.
Description of the drawings
Fig. 1 is the environmental monitoring data safe storage system structural representation provided in an embodiment of the present invention towards credible cloud
Figure;
In figure:1, client;2, server-side.
Fig. 2 is the environmental monitoring data method for secure storing flow chart provided in an embodiment of the present invention towards credible cloud.
Fig. 3 is fast source code skeleton schematic diagram provided in an embodiment of the present invention
Fig. 4 is the physical arrangement schematic diagram of swift provided in an embodiment of the present invention.
Fig. 5 is the long range mapping schematic diagram between copy provided in an embodiment of the present invention.
Fig. 6 is the structure schematic diagram of equipment hierarchical structure tree provided in an embodiment of the present invention.
Fig. 7 is level export schematic diagram provided in an embodiment of the present invention.
Fig. 8 is establishment user password title schematic diagram provided in an embodiment of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
Environmental monitoring data is the significant data that can reflect area surroundings present situation and future trend, storage to close weight
It wants, currently, with the increase of data volume, cloud storage service is gradually introduced in environmental monitoring data storage, and in concrete application
In the process, safety is the biggest obstacle encountered during cloud storage service promotes and applies.Amazon cloud services oneself become generally acknowledge in the industry
The fact standard, core component Swift oneself become very popular cloud storage mechanism, but the mechanism exist be easy leakage user
The deficiency of data, the present invention study the improvements in security method of environmental monitoring data memory mechanism in cloud, the present invention using it as prototype
Environmental monitoring environmental monitoring data secure storage prototype system based on encryption and cutting techniques, and be tested.As a result table
Bright, which can effectively reduce the risk that user information is revealed in cloud.
As shown in Figure 1, the environmental monitoring data safe storage system provided in an embodiment of the present invention towards credible cloud includes:
Client 1, server-side 2.
As shown in Fig. 2, the environmental monitoring data method for secure storing provided in an embodiment of the present invention towards credible cloud includes
Following steps:
S201:Each user corresponds to a con_ckb, is the conkeys for all containers that the user creates;
S202:User is needed to provide a user password User_key index of conckb, the password is as y-bend
The root node of tree construction is derived from downwards child nodes by root node, is divided using hash algorithm SHA-256 in derivation history successively
Left and right child node is not calculated;
S203:Obtain index of the cryptographic Hash as con_key_box_slices of pth layer.
The application principle of the present invention is further described below in conjunction with the accompanying drawings.
1, source code frame and programming model
The present invention studies the secure storage mechanism of environmental monitoring data, and the present invention is directed to the spy of environmental monitoring data
Point builds source code frame and programming model.In the model of framework of the present invention, Swift is to be based on python language developments
, it is made of client-side program and serve end program two parts." swiftclient_module " in client-side program is responsible for
PythonAPI is provided, " swift " provides the function of command-line tool.The major architectural of serve end program such as Fig. 3, under bin catalogues
Code file be service processes startup script;Code file under etc catalogues is the relevant configuration text that service processes use
Part;Swift catalogues are the core codes of system, include mainly agency service, tenant's management service, container management service, object
Environmental monitoring data management service and public calling module.In system building and deployment, client-side program, which is mounted on service, to be made
User side, such as the local of mirror image component or terminal user in OpenStack.Serve end program is disposed beyond the clouds, by system
It builds personnel's Run Script and starts service.As shown in Figure 3.
2, the physical structure of system
The physical structure of system can be divided into three parts:Client, proxy service node and memory node are such as schemed.Client
End is deployed on the local machine of service user, and user (uploads, download, update, deletes) environment by client operation and supervises
Measured data;Agency service is run in proxy service node, is the window that server-side externally services, and is mainly responsible for reception client
Request, carry out legal authentication and authorization, search relative position of the environmental monitoring data on memory node, forwarding is asked
Respective stored node is sought, corresponding failure handling is made simultaneously for situations such as failure, failure;Rent is run on memory node
Family management service, container management service and object environment monitoring data management service, are mainly responsible for the management of environmental monitoring data
And storage, the finger daemon operated on memory node are responsible for the reliability of guarantee environment monitoring data in systems and be can be used
Property.
Fig. 4 is the exemplary plot that Swift is built on a small scale.In order to preferably support large-scale concurrent requirements for access, in reality
Proxy service node can have several in the application of border, while need to do one layer of load before request accesses proxy service node
Equalizing layer.Certainly, memory node can also dynamically increase and decrease according to use demand, have extremely strong elastic zoom capabilities, and companion
With the increase and decrease of memory node, system can realize data on the migration of the data " minimum " between each memory node and each memory node
The work of amount of storage equilibrium.
3, improved consistency hash algorithm
The present invention introduces how Swift is realized by Ring from object data to dummy node in terms of two, then arrives storage
Mapping between equipment.The data structure for first providing Ring, is made of three parts:It is each storage device for participating in the Ring first
Information list, record devid, zone, weight, IP of each storage device:port、devicename、meta;
Replica2part2dev_id records the corresponding storage devices of each Partition;The carry digit of Partition is recorded,
part_shift.Followed by object data is to dummy node:The dummy node that Ring is used is called Partition, and Partition is one
A concept in logic, can regard several virtual boxes as, and a Partition box can correspond to multiple object datas.
The quantity of Partition is previously set by system building personnel according to system scale, typically the hundred of storage device quantity times.
The path (account/container/object) of one object data can be computed (Hash and displacement) and obtain the object
Some corresponding Partition of data.The mapping of object data to dummy node is as follows:
md5('/account/container/object').digest())[0]>>self._part_shift
Followed by dummy node is to storage device:Partition should ensure that storage device is deposited to the mapping between storage device
The equilibrium of data volume is stored up, considers the availability of data in system again, i.e., three of one data are backed up the storage being mapped to
Equipment should be " maximum distance " in system, even if in Data Migration, the copy of same part data will still keep " farthest
Distance storage ".As shown in Figure 5.
The core concept of storage device is found for each Partition is:Collect the Partition to be allocated, note
For (Parition_id, replica_id);For each storage device, the Partition numbers that should be got based on weight calculation
Amount, according to sorting from more to less;It is simultaneously Region, Zone, IP belonging to each device build oneself:port、Dev_id;Structure
Build whole hierarchical tree, such as Fig. 6.
The process of mapping is the copy of certain object data to that will store, and first finds and stores this object data quantity most
Few layer;Find the storage device of " most hungry " in this layer again.When system scale changes, number of devices increases and decreases
When, the quantity that every equipment corresponds to Partition will change, and remap at this time to Partition and storage device
To realize balance.
For specific application process if so, each user corresponds to a con_ckb in system, the inside is the institute that the user creates
There is the conkeys of containers.User is needed to provide a user password User_key, the password index of conckb
As the root node of binary tree structure, child nodes are derived from downwards by root node successively, hash algorithm is used in derivation history
SHA-256 calculates separately left and right child node, finally obtains rope of the cryptographic Hash as con_key_box_slices of pth layer
Draw.
Such as Fig. 7, specific algorithm step is, the present invention first enables cryptographic Hash K (0,1)=User_key, the first of K (i, j)
A parameter i indicates that the level number of binary tree, second parameter j indicate the call number in i-th layer, as i=x, 1≤j≤2x;It connects
The present invention to obtain:
LeftCof ki,j=hash (k (i, j) | | (2*j) | | k (i, j))=k ((i+1), (2*j)) (1)
RightCof ki,j=hash (k (i, j) | | (2*j) | | k (i, j))=k ((i+1), (2*j)) (2)
Wherein | | | | it indicates connection, then passes through N=4 calculating, obtain 16 index values, make con_key_box_
The name of slice.
The application effect of the present invention is explained in detail with reference to test.
1 test condition and purpose
Swift storage systems are built used here as 5 servers, wherein 1 is used as proxy service node, are left four works
For storage service node.Two pieces of SATA hard discs of every storage server carry, one piece of disk are divided into two as system disk, another piece of disk
What a area, outside access net and internal lan used is kilomega network.Such as following table.Computer uses 64
Ubimtu14.04LTS operating systems, on server deployment be added to the sec-Swift2.3.0 software systems conducts of security mechanism
Experimental situation.
1 hardware test environment of table
Test the correct execution of security mechanism major function.User is when using cloud storage system, for different important journeys
The environmental monitoring data of degree can on-demand memory mechanism safe to use.For environmental monitoring data to be protected, data are being uploaded
Before, user needs offer user password first to create dedicated for the container of storage protection environmental monitoring data, is uploaded to this
The object of container will be protected by security mechanism.Then, in user's operation (upload, download etc.) environmental monitoring data
Shi Junxu provides user password, and system will execute management and protection to environmental monitoring data according to security mechanism.For being not required to
Environmental monitoring data to be protected is executed according to the function that original system provides.For functional test, the present invention will provide operation examination
Example, and in the form of daily record record security mechanism whole implementation procedures.
2 System Functional Test results
Present invention displaying software function first first completes registration for a new user newuser.Realize tenant
Then the establishment of Newproject carries out the setting of username and password, such as Fig. 8:User newuser uploads downloaded object data
Tmp.32K, user mechanism safe to use upload data before, need first to create the container for storing encryption data, then into
Row uploads or downloaded object data manipulation, notices that the process of mechanism safe to use is required to user and provides user password User_
key.For example, user creates the container of the encrycon for storing encryption data, and the upload object data into the container
Tmp.32K, similarly downloads tmp.32K from encrycon containers, and the process of mechanism safe to use is both needed to provide user password.It connects
Establishment encrycon containers, the upload object data tmp.32K into container encrycon, the download pair from container encrycon
Image data tmp.32K, after receiving user's mechanism safe to use and storing the request of data, the security mechanism on proxy server
The course of work recorded by way of daily record.
Followed by security test as a result, being protected by data segmentation, data encryption technology and complete key managing project
Protect the sensitive data of user.Thus critical data is increased in system.The data that system is laid special stress on protecting have obj_frags, con_
Obj_key-box and con_key_box-slices.User's sensitive data objfrags and con_obj_key_box are all made of
AES-128 Encryption Algorithm encryptions, the ciphertext of formation are stored on memory node.For hereinbefore original system stored in clear
Example getfilecontxt, if mechanism safe to use stores, user first creates a con container for encryption handling, to
Upper transmitting file getfilecontxt, carries user password User_key in con in operation.Security mechanism is by getfilecontat
Environmental monitoring data is divided into 10 pieces, checks 10 pieces of environmental monitoring datas with the shape of ciphertext in the corresponding storage device of the present invention
Formula stores.
For con_key_box_slices obtained by privacy sharing algorithm process by Top layer key file con_ckb
" encoding block ".Privacy sharing algorithm is the encryption algorithm that a kind of " perfect-security " reaches Information theoretical secure.It should
Algorithm uses threshold value [m, n], i.e. environmental monitoring data D to pass through code conversion at N block environmental monitoring datas, at least through wherein
M blocks can restore environmental monitoring data D, and be arbitrarily less than m block numbers according to the arbitrary portion information that cannot all disclose former data.
The present invention provides proof procedure below:It is the distribution of privacy sharing first, using finite field gf (q), (q is prime number, q>N), it selects
N different nonzero elements in finite field, it is disclosed to be denoted as U.At random generate m-1 element and m-1 order polynomials,
Using finite field gf (q) (q is prime number, q > n), n different nonzero elements in finite field are selected, x is denoted asi, xiIt is open
's.M-1 element a is generated at random1,a2,...am-1And m-1 order polynomial f (x)=a0+a1x+...+am-1xm-1.For former ring
Border monitoring data D, enables D=a0, for xi(1≤i≤n) is calculated:Obtained f (xi)(1≤i≤n)
Environmental monitoring data block as after transform coding, i.e. con_key_box_slices.
In the recovery of key, the recovery process of former environmental monitoring data needs at least to know m block number evidences, i.e., appoints here and take
N m blocks in the block:f(xi) (1≤i≤m), group of equations:
It is converted into matrix:
It due to generalized circular matrix, is reversible, so equation group has unique solution, you can calculate unknown number a0+a1x+...+
am-1To obtain former environmental monitoring data a0,D.And m-1 block number evidences are known for oneself, the m-1 equations for having m unknown number are solved, not
Know that number there are infinite multiple solutions, and the possibility each solved is identical, therefore is unable to get about any of former environmental monitoring data D
Information.To sum up, it is that con_key_box_slices made of [m, n] privacy sharing takes in attacker that the present invention, which is said by threshold value,
It is perfectly safe in the case of less than m blocks.
3 system performance testing results
Time overhead test in ,-as user using the most frequent operation of cloud storage service be upload and download, therefore this
Experiment makes comparison survey with regard to big data and small data mechanism safe to use and without using the expense of security mechanism operation data respectively
Examination.Time due to completing data manipulation every time has certain randomness, so the present invention is to the same environmental monitoring data
The same operation do altogether 10 times experiment, be averaged as a result, obtaining following table:
The time overhead of 2 small data of table compares
When mechanism safe to use uploads data [32K-128M], time overhead is substantially in 13s between 60s;It is safe to use
When mechanism downloading data [32K-128M], time overhead is substantially in 2s between 20s.Although from can see decimal in Fig. 6-1
According to operating time multiplication, but since its radix is smaller, there is no generate for user experience for the time span increased
Excessive influence, here it is considered herein that mechanism safe to use and the time overhead that generates is user can receive in use
's.
The storage capacity for giving full play to and being utilized high in the clouds of security mechanism, space expense are mainly derived from security mechanism
Key management, here the present invention provide specific analysis.When user selects mechanism storage environment monitoring data D safe to use
When, the proxy server for receiving user's request first encrypts it, and ciphertext is divided into n blocks etc. by environmental monitoring data dispenser
The environmental monitoring data block of sizeTherefore the encryption of environmental monitoring data itself and segmentation (stripping) operation do not have
Increase additional memory space.But encryption mechanism makes system need the management work of additional responsible key, increases two class keys
Box;
First, object key box, each container corresponds to an object key box, and object key box is to be in
Dictionary structure { the ObjectName of key-value forms:(key, vi, pad) }, often increase an object in container
It is increased by one key-value pairs, therefore the object that the size container corresponding with its of each object key box includes
Quantity is directly proportional.
Second is that container key box, a user corresponds to a container key box, and container key box is equally in key-
Dictionary structure { the ContainerName of value forms:(key, vi, pad) }, user often creates a container, system
Just one container key of generation, one key-value pairs of increase, therefore what the size of container key box and user created
Container quantity is directly proportional.In addition to this, container key box needs to become con_key_box_ by privacy sharing
The size of slices, each slice are identical as original data con_ckb, if some | con_keyboxcon|, then secondary container key
Joint memory space needs nLcon.At the same time the space expense that key management is spent, reaches much smaller than data itself
The storage capacity in cloud is made full use of to provide the purpose of secure storage mechanism.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.
Claims (7)
1. a kind of environmental monitoring data method for secure storing towards credible cloud, which is characterized in that the ring towards credible cloud
Monitoring data method for secure storing each user in border corresponds to a con_ckb, is all containers that the user creates
conkeys;User is needed to provide a user password User_key index of conckb, password is as binary tree structure
Root node is derived from downwards child nodes by root node, is calculated separately using hash algorithm SHA-256 in derivation history successively
Left and right child node;Obtain index of the cryptographic Hash as con_key_box_slices of pth layer.
2. the environmental monitoring data method for secure storing towards credible cloud as described in claim 1, which is characterized in that the face
Into the environmental monitoring data method for secure storing of credible cloud Swift by Ring from object data to dummy node, then to storage
Mapping between equipment specifically includes:
The data structure of Ring is first provided, is the information list for each storage device for participating in the Ring first, records each storage
Devid, zone, weight, IP of equipment:port、devicename、meta;Replica2part2dev_id, record are each
The corresponding storage devices of Partition;Record the carry digit of Partition, part_shift;Followed by object data is to dummy section
Point:The dummy node that Ring is used is called Partition;The mapping of object data to dummy node is as follows:
md5('/account/container/object').digest())[0]>>self._part_shift;
Dummy node is to storage device:Partition ensures that storage device storage data quantity is balanced to the mapping between storage device;For
Each Partition finds storage device and collects the Partition to be allocated, and is denoted as (Parition_id, replica_
id);For each storage device, based on the Partition quantity that weight calculation should get, according to sorting from more to less;Together
When for Region, Zone, IP belonging to each device build oneself:port、Dev_id;Build whole hierarchical tree.
3. the environmental monitoring data method for secure storing towards credible cloud as claimed in claim 2, which is characterized in that the face
Process to the mapping of the environmental monitoring data method for secure storing of credible cloud is the copy of certain to be stored object data, first
Find the layer for storing this object data minimum number;Most hungry storage device is found in layer again.
4. the environmental monitoring data method for secure storing towards credible cloud as described in claim 1, which is characterized in that the face
It is specifically included to the environmental monitoring data method for secure storing of credible cloud:The of cryptographic Hash K (0,1)=User_key, K (i, j)
One parameter i indicates that the level number of binary tree, second parameter j indicate the call number in i-th layer, as i=x, 1≤j≤2x;
Then it obtains:
LeftCof ki,j=hash (k (i, j) | | (2*j) | | k (i, j))=k ((i+1), (2*j));
RightCof ki,j=hash (k (i, j) | | (2*j) | | k (i, j))=k ((i+1), (2*j));
Wherein | | | | it indicates connection, then passes through N=4 calculating, obtain 16 index values, make con_key_box_slice's
Name.
5. a kind of ring towards credible cloud of the environmental monitoring data method for secure storing towards credible cloud as described in claim 1
Border monitoring data safe storage system, which is characterized in that the environmental monitoring data safe storage system packet towards credible cloud
It includes:Client, server-side;
Swiftclient_module in client is responsible for providing PythonAPI, and swift provides the function of command-line tool;
The code file under bin catalogues in server-side is the startup script of service processes;Code file under etc catalogues is clothes
The associated profile that business process uses;Swift catalogues are the core codes of system, including agency service, tenant's management service,
Container management service, object environment monitoring data management service and public calling module.
6. the environmental monitoring data safe storage system towards credible cloud as claimed in claim 5, which is characterized in that the face
It is divided into three parts to the environmental monitoring data safe storage system of credible cloud:Client, proxy service node and memory node;
For client deployment on the local machine of service user, user passes through client operation environmental monitoring data;Agency's clothes
Agency service is run on business node, is the window that server-side externally services, is responsible for receiving the request of client, it is legal to carry out
Authentication and authorization searches relative position of the environmental monitoring data on memory node, forwards the request to respective stored node,
Corresponding failure handling is made simultaneously for failure, failure;Tenant's management service, container management service are run on memory node
With object environment monitoring data management service, it is responsible for the management and storage of environmental monitoring data, operates in keeping on memory node
Shield process is responsible for the reliabilty and availability of guarantee environment monitoring data in systems.
7. a kind of environmental monitoring data method for secure storing using towards credible cloud described in Claims 1 to 4 any one
Cloud storage service system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810453258.5A CN108683729B (en) | 2018-05-14 | 2018-05-14 | A kind of environmental monitoring data safe storage system and method towards credible cloud |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810453258.5A CN108683729B (en) | 2018-05-14 | 2018-05-14 | A kind of environmental monitoring data safe storage system and method towards credible cloud |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108683729A true CN108683729A (en) | 2018-10-19 |
CN108683729B CN108683729B (en) | 2019-06-18 |
Family
ID=63805603
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810453258.5A Active CN108683729B (en) | 2018-05-14 | 2018-05-14 | A kind of environmental monitoring data safe storage system and method towards credible cloud |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108683729B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109361513A (en) * | 2018-11-15 | 2019-02-19 | 桂林电子科技大学 | A kind of user's Weight Value Distributed Methods for Shamir privacy sharing |
CN113068128A (en) * | 2021-03-18 | 2021-07-02 | 西安电子科技大学 | User geographic position neighbor query method based on double cloud security computing protocol |
CN114064207A (en) * | 2021-11-10 | 2022-02-18 | 南京信易达计算技术有限公司 | User data container storage method in cloud storage system based on customized LINUX architecture |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101969391A (en) * | 2010-10-27 | 2011-02-09 | 北京邮电大学 | Cloud platform supporting fusion network service and operating method thereof |
CN102143022A (en) * | 2011-03-16 | 2011-08-03 | 北京邮电大学 | Cloud measurement device and method for IP network |
CN102307185A (en) * | 2011-06-27 | 2012-01-04 | 北京大学 | Data isolation method used in storage cloud |
CN102307221A (en) * | 2011-03-25 | 2012-01-04 | 国云科技股份有限公司 | Cloud storage system and implementation method thereof |
CN102591970A (en) * | 2011-12-31 | 2012-07-18 | 北京奇虎科技有限公司 | Distributed key-value query method and query engine system |
CN102609446A (en) * | 2012-01-05 | 2012-07-25 | 厦门市美亚柏科信息股份有限公司 | Distributed Bloom filter system and application method thereof |
CN102891856A (en) * | 2012-10-18 | 2013-01-23 | 中国科学院信息工程研究所 | Safe access method between plural entity and plural entity identity relaying party |
CN102916811A (en) * | 2012-10-18 | 2013-02-06 | 中国科学院信息工程研究所 | Multielement entity identity certificate information storage method |
CN103281400A (en) * | 2013-06-18 | 2013-09-04 | 清华大学 | Data segmenting, coding and recovering method used for cloud storage gateway |
CN103618703A (en) * | 2013-11-14 | 2014-03-05 | 中国人民武装警察部队工程大学 | Cloud computing data security boundary protection method |
CN104202361A (en) * | 2014-08-13 | 2014-12-10 | 南京邮电大学 | Cloud data protection method based on mobile agent |
-
2018
- 2018-05-14 CN CN201810453258.5A patent/CN108683729B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101969391A (en) * | 2010-10-27 | 2011-02-09 | 北京邮电大学 | Cloud platform supporting fusion network service and operating method thereof |
CN102143022A (en) * | 2011-03-16 | 2011-08-03 | 北京邮电大学 | Cloud measurement device and method for IP network |
CN102307221A (en) * | 2011-03-25 | 2012-01-04 | 国云科技股份有限公司 | Cloud storage system and implementation method thereof |
CN102307185A (en) * | 2011-06-27 | 2012-01-04 | 北京大学 | Data isolation method used in storage cloud |
CN102591970A (en) * | 2011-12-31 | 2012-07-18 | 北京奇虎科技有限公司 | Distributed key-value query method and query engine system |
CN102609446A (en) * | 2012-01-05 | 2012-07-25 | 厦门市美亚柏科信息股份有限公司 | Distributed Bloom filter system and application method thereof |
CN102891856A (en) * | 2012-10-18 | 2013-01-23 | 中国科学院信息工程研究所 | Safe access method between plural entity and plural entity identity relaying party |
CN102916811A (en) * | 2012-10-18 | 2013-02-06 | 中国科学院信息工程研究所 | Multielement entity identity certificate information storage method |
CN103281400A (en) * | 2013-06-18 | 2013-09-04 | 清华大学 | Data segmenting, coding and recovering method used for cloud storage gateway |
CN103618703A (en) * | 2013-11-14 | 2014-03-05 | 中国人民武装警察部队工程大学 | Cloud computing data security boundary protection method |
CN104202361A (en) * | 2014-08-13 | 2014-12-10 | 南京邮电大学 | Cloud data protection method based on mobile agent |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109361513A (en) * | 2018-11-15 | 2019-02-19 | 桂林电子科技大学 | A kind of user's Weight Value Distributed Methods for Shamir privacy sharing |
CN109361513B (en) * | 2018-11-15 | 2021-05-28 | 桂林电子科技大学 | User weight distribution method for Shamir secret sharing |
CN113068128A (en) * | 2021-03-18 | 2021-07-02 | 西安电子科技大学 | User geographic position neighbor query method based on double cloud security computing protocol |
CN113068128B (en) * | 2021-03-18 | 2021-11-23 | 西安电子科技大学 | User geographic position neighbor query method based on double cloud security computing protocol |
CN114064207A (en) * | 2021-11-10 | 2022-02-18 | 南京信易达计算技术有限公司 | User data container storage method in cloud storage system based on customized LINUX architecture |
Also Published As
Publication number | Publication date |
---|---|
CN108683729B (en) | 2019-06-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Attasena et al. | Secret sharing for cloud data security: a survey | |
US11874819B2 (en) | Systems and methods for data validation and assurance | |
CN108683729B (en) | A kind of environmental monitoring data safe storage system and method towards credible cloud | |
TWI737172B (en) | Computer system, computer program product and computer implement method for incremental decryption and integrity verification of a secure operating system image | |
Wang et al. | Research on data security in big data cloud computing environment | |
CN110199283A (en) | For the system and method that authentication platform is trusted in network function virtualized environment | |
CN116530050A (en) | Secure computing resource deployment using homomorphic encryption | |
US20220182233A1 (en) | Multi-phase protection for data-centric objects | |
Prajapati et al. | Efficient Cross User Client Side Data Deduplication in Hadoop. | |
Kumar et al. | Data security and encryption technique for cloud storage | |
US11356382B1 (en) | Protecting integration between resources of different services using service-generated dependency tags | |
KR20200142588A (en) | Retrieving personal information using low-linear public-key actions | |
Arfan | Mobile cloud computing security using cryptographic hash function algorithm | |
US11455391B2 (en) | Data leakage and misuse detection | |
Balamurugan et al. | Common cloud architecture for cloud interoperability | |
Benard et al. | A Review on Data Security and Emerging Threats in Cloud Computing | |
Jain et al. | Bloom Filter in Cloud Storage for Efficient Data Membership Identification | |
Xie et al. | A Situation Awareness System for the Information Security of Power Grid | |
Yi et al. | Application of Authorization in Smart Grid based on the PasS Microservice architecture | |
Gupta et al. | Hybrid Multi-User Based Cloud Data Security for Medical Decision Learning Patterns | |
Baligodugula et al. | A Comparative Study of Secure and Efficient Data Duplication Mechanisms for Cloud-Based IoT Applications | |
Patil et al. | A Review on Ensuring Data Security in Cloud | |
US20220405099A1 (en) | Generating masks for formats including masking restrictions | |
Gupta et al. | Blockchain Enabled Hadoop Distributed File System Framework for Secure and Reliable Traceability | |
Shen et al. | Remote data authentication scheme based balance binary sort Merkle hash tree |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |