CN109245881A - A kind of photograph video cloud encryption storage method - Google Patents

A kind of photograph video cloud encryption storage method Download PDF

Info

Publication number
CN109245881A
CN109245881A CN201811079446.2A CN201811079446A CN109245881A CN 109245881 A CN109245881 A CN 109245881A CN 201811079446 A CN201811079446 A CN 201811079446A CN 109245881 A CN109245881 A CN 109245881A
Authority
CN
China
Prior art keywords
data
box
encryption
blen
byte
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201811079446.2A
Other languages
Chinese (zh)
Inventor
宋晓军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tick Technology Co Ltd
Original Assignee
Hangzhou Tick Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tick Technology Co Ltd filed Critical Hangzhou Tick Technology Co Ltd
Priority to CN201811079446.2A priority Critical patent/CN109245881A/en
Publication of CN109245881A publication Critical patent/CN109245881A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Abstract

The invention discloses a kind of photograph video clouds to encrypt storage method, and using improved AES encryption algorithm, which includes: one, cipher key spreading;Two, the displacement of S box and inverse S box are replaced;Three, shiftrows and reverse shiftrows;Four, mixcolumns and inverse mixcolumns;Five, InvAddRoundKey.The present invention is based on the data flow encryption and decryption technology of file, user resources are transmitted to cloud again after client is encrypted, when user accesses data resource, and are decrypted in client.That is cloud storage is the data file encrypted, and there is no the leakages of data clear text in transmission process.By data encryption, the safety of personal data is effectively guaranteed, and the content on communication line is not leaked.Simultaneity factor while encryption to resource, also encrypts the data item in database, double-encryption more ensure that the security transmissions of resource using symmetric cryptosystem is improved.

Description

A kind of photograph video cloud encryption storage method
Technical field
The present invention relates to cloud data safe storage, the especially encryption technology of photograph video, specifically a kind of photo view Frequency cloud encrypts storage method.
Background technique
Cloud storage is the hot spot of industry and academia's research in recent years, and safety problem therein receives attractes attention in many ways. Cloud storage becomes numerous tissues as a kind of emerging service form with its elasticity configuration, on-demand the advantages that buying, is easy to maintain Storage selection.However under cloud storage mode, for data departing from the control range of user, which results in users can to server By property and the worry of Information Security.
Cloud storage service provided by Most current product, subscriber data file are substantially stored in clear, and data exist There is the possibility being stolen in transmission process at any time, this, which is undoubtedly, is exposed to the external world for the privacy of user, to cause user quick Feel the leakage of information.Most effective technological means is protected to file security so carrying out safety encryption to file and obviously having become.
Summary of the invention
In order to solve the above technical problems existing in the prior art, the present invention provides a kind of encryptions of photograph video cloud Storage method, using improved AES encryption algorithm, which includes: one, cipher key spreading;Two, S box is replaced It is replaced with inverse S box;Three, shiftrows and reverse shiftrows;Four, mixcolumns and inverse mixcolumns;Five, it takes turns close Key adds.
Further, the cipher key spreading includes:
Seed key is arranged in 4*4 matrix according to preferential mode is arranged, each column of matrix are known as the word of a 32bit, By seed key from 4 byte expansions at 44 words, each round encryption needs 4 words;Assuming that first character be w [0], second Word is that w [1], and the last character is w [43];
Preceding 4 words are initialized with seed key, then, expand 40 new words to array w;Recursive fashion:
If (1) i is not 4 multiple, then w [i]=w [i-4] ^w [i-1];
If (2) i is 4 multiple, then w [i]=w [i-4] ^T (w [i-1]);Wherein T is a function.
Function T is made of 3 parts: word circulation, byte substitution and wheel constant exclusive or;
(3) word recycles: 4 bytes in a word are moved to the left a byte respectively;I.e. [x0, x1, x2, x3] is converted For [x1, x2, x3, x0];
(4) byte substitution: i.e. S box is replaced;
(5) take turns constant exclusive or: the result of first two steps and wheel constant Rcon [j] are subjected to exclusive or.
Further, the S box displacement and inverse S box are replaced specific as follows:
Positive S box (Sbox), inverse S box (InvSbox) are calculated be stored in code in advance, and byte substitution is simplified to one simply Table lookup operation;Corresponding value is taken out come map operation by subscript, and the displacement of S box uses positive S box, and inverse S box displacement uses inverse S Box.
Further, the shiftrows and reverse shiftrows are specific as follows:
Byte matrix is passed through simple left circulative shift operation by row displacement;As a length of 128bit of key, state matrix I-th row moves to left i byte;Retrograde transposition is reduction row displacement, and cyclic shift, the i-th row of state matrix are right to the right for state matrix Move i byte.
Further, the mixcolumns and inverse mixcolumns are specific as follows:
Column hybrid algorithm is substituted using GF () domain arithmetic characteristic
According to multiplication of matrices it is found that in column process of obfuscation, the corresponding value of each byte is only related with 4 values of the column System;Multiplication and addition herein is all defined in GF (28) finite field:
(1) the value of some byte is multiplied 2, i.e. the binary digit of the value moves to left one, if the highest order of the value is 1, also Result exclusive or 00011011 after needing to shift;
(2) multiplication meets apportionment ratio to addition;
(3) each value uses nodulo-2 addition when being added;
Inverse column hybrid manipulation equally uses arithmetic characteristic on GF () domain to replace.
Further, the InvAddRoundKey specifically:
Data in 128 round key and state matrix are subjected to xor operation.
Further, when needing to handle pending data not is the integral multiple of packet data, the side of ciphertext peculation is taken Method, if block length is blen;The data of to be encrypted/decryption processing are d, length dlen;Remaining data to be processed are rd, Length is rdlen, has handled data s;Ciphering process is as follows:
Step (1) works as rdlen >=blen, i.e. remaining data is greater than block length, goes to step (2);Otherwise, it goes to step (3);
It is that the data of blen make cryptographic operation that step (2), which takes size from the head of rd, and the data obtained is spliced to the tail portion s, turns Step (1);
Step (3) is if rdlen > 0, i.e. the inadequate grouping of remaining data.Size is taken out at the end encrypted data s It is spliced to form the packet data block that a length is blen for the data and rd of blen-rdlen, it is encrypted and splices result To after encrypted data, (4) are gone to step;
Step (4) if rdlen==0, complete by all data encryptions, terminates encryption.
Further, decrypting process is as follows:
Step1: working as rdlen > 2*blen, turns Step 2;Otherwise, turn Step 3.
The data that blen long is taken out on the head of Step2:rd make decryption oprerations, are as a result spliced to the tail portion s, turn Step1.
Step3: working as rdlen=2*blen, turns Step 4;Otherwise, turn Step 5.
Step4: rdlen data deciphering is taken out.Until rdlen==0;As a result it is spliced to the tail portion s, turns Step 6.
Step5: it takes out the data block of the end remaining data rd blen size and makees decryption oprerations, remaining rd-blen is big Small data block is denoted as rd ', obtains data block data2;To the head blen-rd ' len of remaining data rd ' to be decrypted and data2 Data spliced, decrypted, obtain data3;End rd ' the len bit data of sequential concatenation s, data3, data2, obtain Complete ciphertext data turns Step 6;
Step6: all ciphertexts are decrypted into original text, terminate decryption.
Further, system host process realizes encrypting and decrypting operation, reads file operation by file and reads process realization, written document Operation is realized by file write process;Pending data and file data buffer area to be written realized using round-robin queue, host process Data directly are read in buffer area, and data are stored in writing buffer.
10. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that: further include to data Library encryption, using the cipher mode based on field.
The present invention is based on the data flow encryption and decryption technology of file, and user resources are transmitted to again after client is encrypted Cloud when user accesses data resource, and is decrypted in client.That is cloud storage is the data text encrypted Part, there is no the leakages of data clear text in transmission process.By data encryption, the safety of personal data is effectively guaranteed, with And the content on communication line is not leaked.Simultaneity factor encrypts resource same using symmetric cryptosystem is improved When, the data item in database is also encrypted, double-encryption more ensure that the security transmissions of resource.
Detailed description of the invention
Fig. 1 is encryption and decryption schematic diagram;
Fig. 2 is AES encryption algorithm for encryption flow chart;
Fig. 3 is byte substitution schematic diagram;
Fig. 4 is row displacement schematic diagram;
Fig. 5 is that process schematic is realized in encryption;
Fig. 6 is that process schematic is realized in decryption;
Fig. 7 is file handling procedure schematic diagram;
Fig. 8 is that basic security service schematic diagram is provided for upper-layer protocol in protocol layer;
Fig. 9 is ES encryption and decryption flow chart;
Figure 10 is S box schematic diagram;
Figure 11 is S-1 schematic diagram;
Figure 12 is positive row displacement schematic diagram;
Figure 13 is that positive nematic obscures schematic diagram;
Figure 14 is that reverse column obscure schematic diagram;
Figure 15 is seed key array format schematic diagram;
Figure 16 is the flow chart of function g.
Specific embodiment
The present invention will be further explained below with reference to the attached drawings.
The present invention guarantees data security to file encryption and decryption.Information or data becomes plaintext after enciphering transformation It at ciphertext form, can not be identified on surface, only those grasp exclusive privacy key, ability by the legitimate user authorized Ciphertext is reduced into plain text by decipherment algorithm;And the user of unauthorized can not then obtain in plain text.The present invention uses following measure: 1, information is encrypted.Encryption is carried out to information using Encryption Algorithm to store and transmit, and illegal user is made to be difficult to crack, it is unlikely In leakage secure content.2, database is encrypted.
Block cipher technology: for file encryption, Encryption Algorithm is the core of whole system, the foundation half root of selection It is determined according to the security requirement of system, under the premise of meeting security requirement, is used as much as possible fireballing encryption and calculates Method.Encryption Algorithm experienced the Advanced Encryption Standard AES that RSA, DES, 3DES develop to the publication of American National Standard Technical Board. AES will become the most important symmetric cryptographic algorithm of the following many decades as the replacer of DES algorithm, be a symmetric block ciphers Algorithm, block length and key length can be respectively designated 128,192 or 256.The algorithm has characteristics that There is immunity to all known attacks;On a variety of platforms, execution speed is fast and code is compact.
In cryptography, need to be known as in plain text by the way that the former message converted is protected.In plain text by becoming It changes into and not directly distinguishes that the hidden form of reading is known as ciphertext for one kind.
The relationship of plaintext and ciphertext:
C=EK (M),
M=DK (C).
Wherein: C is ciphertext, and M is that in plain text, parameter K is called key.
E is encryption or ciphering process: completing the conversion process for arriving ciphertext in plain text.
D is decryption or decrypting process: being the inverse process of encryption, i.e., recovers the process of plaintext by ciphertext.
Encryption Algorithm is referred to as to mapping function used when encrypting in plain text or transformation rule.
Used (inverse) mapping function or (inverse) transformation rule are referred to as decipherment algorithm when ciphertext is decrypted.Encryption It is usually carried out under the control of the key with decryption oprerations, encryption key and decruption key can be difference in modern age cryptosystem 's.Its principle is as shown in Figure 1.
Symmetric cryptosystem, also referred to as block cipher technology are exactly that encryption key can be calculated from decruption key, Decruption key can also be calculated from encryption key simultaneously, and in most of symmetry algorithm, encryption key and decryption Key is identical.
This technical requirements sender user and recipient user decide through consultation a key before secure communication.It sends out in this way The side of sending user and recipient user are encrypted and decrypted using identical cipher key pair information.
Symmetric cryptosystem since both sides possess identical key have the advantages that be easily achieved with it is fireballing, so extensively Encryption and decryption applied to communication and storing data.In addition, how safely key used in encrypting and decrypting to be sent to The problem of other side and one must be taken into consideration.Therefore, the safety of symmetric cryptosystem depends on key, and leakage key is just anticipated Taste anyone message that they send or receive can be decrypted, so the confidentiality of key is to communication security to closing weight It wants.Common symmetric encipherment algorithm in e-commerce of first stage has Data Encryption Standard DES (Data Encryption ) and Advanced Encryption Standard AES (Adcanced Encryption Standard) Standard.
Block cipher system have the characteristics that it is simple and direct, quick, and be easy standardization, become software and hardware encryption standard Mainstream.Present invention is generally directed to the encryption and decryption of file-level, therefore use the AES of block encryption technology is advanced to add in view of above-mentioned advantage Close algorithm.
AES advanced encryption algorithm process:
The processing unit of AES encryption algorithm is grouping, and the 128bit data (16 byte) of grouping can copy in sequence In the state matrix (stat) of 4*4, all transformation are all based on state matrix completion.AES transformation is that the wheel of more wheel iteration becomes Realization is changed, the number of iterations is related with key length.Round transformation is converted including 4 steps, including byte transformation, row transformation, column mixing With key plus.It is converted by nonlinear transformation, mixed function, the Nonlinear Diffusion that byte substitution operation is generated reaches repetition Mixing, so that the grouping diffusion after the completion of encryption is more evenly.Original password is extended to 11 groups by round key extension, and every wheel iteration makes With different keys.Encryption flow is as shown in Figure 2.
Algorithm is realized:
1. cipher key spreading
Seed key is arranged in 4*4 matrix according to the mode for arranging preferential, each column of matrix can be known as a 32bit Word.Seed key is exactly had 4 byte expansions at 44 words by the purpose of cipher key spreading, and each round encryption needs 4 words.It is false If first character is w [0], second word is that w [1], and the last character is w [43].
Preceding 4 words can be initialized with seed key, then, expand 40 new words to array w.Recursive fashion:
If (1) i is not 4 multiple, then w [i]=w [i-4] ^w [i-1].
If (2) i is 4 multiple, then w [i]=w [i-4] ^T (w [i-1]);Wherein T is a function.
Function T is made of 3 parts: word circulation, byte substitution and wheel constant exclusive or.
(3) word recycles: 4 bytes in a word are moved to the left a byte respectively.I.e. [x0, x1, x2, x3] is converted For [x1, x2, x3, x0]
(4) byte substitution: i.e. S box is replaced.
(5) take turns constant exclusive or: the result of first two steps and wheel constant Rcon [j] are subjected to exclusive or.
2. the displacement of S box and inverse S box are replaced
As shown in figure 3, the displacement of S box is also known as byte substitution.Positive S box (Sbox), inverse S box (InvSbox) calculate storage in advance In code, byte substitution can simplify into a simple table lookup operation.Taking out corresponding value by subscript is exactly that this is reflected Operation is penetrated, as shown in the figure.The displacement of S box uses positive S box, and inverse S box displacement uses inverse S box.
3. shiftrows and reverse shiftrows are as shown in figure 4, the function of row displacement is that byte matrix is passed through letter Single left circulative shift operation.When the i-th row of a length of 128bit of key, state matrix move to left i byte.Retrograde transposition is exactly also Former row displacement, cyclic shift, the i-th row of state matrix move to right i byte to state matrix to the right.
4. mixcolumns and inverse mixcolumns column hybrid algorithm: being substituted using GF () domain arithmetic characteristic
According to multiplication of matrices it is found that in column process of obfuscation, the corresponding value of each byte is only related with 4 values of the column System.Multiplication and addition herein is all defined in GF (28) finite field.It should be noted that following several points:
(1) the value of some byte is multiplied 2, i.e. the binary digit of the value moves to left one, if the highest order of the value (i.e. should for 1 128) numerical value is not less than, then the result exclusive or 00011011 after also needing to shift.
(2) multiplication meets apportionment ratio to addition, such as:
(3) matrix multiplication is different from multiplication of matrices herein, and each value uses nodulo-2 addition (to be equivalent to different when being added Or operation).
Inverse column hybrid manipulation equally uses arithmetic characteristic on GF () domain to replace, and only multinomial c (x) is different.
5. InvAddRoundKey
Data in 128 round key and state matrix are subjected to xor operation.Because the inverse operation of xor operation is Itself, so decryption InvAddRoundKey is also itself.
Optimization design:
1. ciphertext is diverted
Aes algorithm is block encryption algorithm, so needing to handle pending data not and being asking for the integral multiple of packet data Topic.If not handling this partial data, the raw information obtained after encrypting and decrypting will have more one in the last one grouping Partial error information, the data without being assigned often are exactly the rubbish in memory, to influence the readability of correct information. The method for taking " ciphertext peculation ", if block length is blen;The data of (encryption/decryption) to be processed are d, length dlen; Remaining data to be processed are rd, length rdlen.Data s is handled.It is as shown in Figure 5 to encrypt realization process.
Step (1) works as rdlen >=blen, i.e. remaining data is greater than block length, goes to step (2);Otherwise, it goes to step (3)。
It is that the data of blen make cryptographic operation that step (2), which takes size from the head of rd, and the data obtained is spliced to the tail portion s, turns Step (1).
Step (3) is if rdlen > 0, i.e. the inadequate grouping of remaining data.Size is taken out at the end encrypted data s It is spliced to form the packet data block that a length is blen for the data and rd of blen-rdlen, it is encrypted and splices result To after encrypted data (except the data for the blen-rdlen being removed), (4) are gone to step.
Step (4) if rdlen==0, complete by all data encryptions, terminates encryption.S is ciphertext.
Original text is divided into n group, less than one block length of n-th of grouping.The grouping of front n-2 directly encrypts, N grouping is lent after (n-1)th block encryption then to n block encryption.It is as shown in Figure 6 to decrypt realization process.
Step1: working as rdlen > 2*blen, turns Step 2;Otherwise, turn Step 3.
The data that blen long is taken out on the head of Step2:rd make decryption oprerations, are as a result spliced to the tail portion s, turn Step1.
Step3: working as rdlen=2*blen, turns Step 4;Otherwise, turn Step 5.
Step4: rdlen data deciphering is taken out.Until rdlen==0;As a result it is spliced to the tail portion s, turns Step 6.
Step5: (remaining rd-blen size data block is denoted as the data block of the taking-up end remaining data rd blen size Rd ') and make decryption oprerations, obtain data block data2;To the head blen-rd ' of remaining data rd ' to be decrypted and data2 The data of len are spliced, are decrypted, and data3 is obtained.Sequential concatenation s, data3, data2, end rd ' len bit data, Complete ciphertext data is obtained, Step 6 is turned.
Step6: all ciphertexts are decrypted into original text.Terminate decryption.
Illustrate: ciphertext is divided into n grouping, and preceding n-2 grouping is directly decrypted.Latter one grouping is first taken out in ending, Then the previous section that n-1 is grouped and has decrypted forms a packet deciphering, is then stitched together.
2. multi-threaded I/O optimization
File read and encryption and decryption processing speed be it is unmatched, as one per treatment grouping is primary with regard to reading and writing of files The states such as sky will obviously be in, and repeatedly either on or off file fairly time consuming, and file to be encrypted is also changeable , it may be possible to the text of several K, it is also possible to which the image/video etc. for encountering several G, it is also impossible for being all read into memory 's.In view of problem above, buffer area is set.
File handling procedure as shown in fig. 7, system host process realize encrypting and decrypting operation, read file operation by file read into Cheng Shixian, operating writing-file are realized by file write process.Pending data and file data buffer area to be written use circulation team Column realize that host process directly reads data in buffer area, and data are stored in writing buffer.Two, encrypting database technology.
Digital economy epoch, the most important resource of file encryption system do not comprise only the data of value, further include storage Place-database of these critical datas.Database security protection refers to the data in protection database, prevents irrelevant personnel Or unauthorized personnel steals, distorts and destroys to data in database.The outstanding feature of database is leaving concentratedly for data With it is shared, protect these data not to be stolen, destroy and be very important.Existing Database Systems have had taken up relevant Safety measure, such as user management and password controls, storage control, View Mechanism, storing process, trigger mechanism guarantee number According to safety and integrality.Therefore, in cipher mode problem, wiser way is only to field where key message Encryption, i.e. data item encryption, and to nonessential field, then continue to retain its original plaintext version.It is according to the present invention Data base encryption mechanism is just built upon on this cipher mode based on field.
One field uniquely carries out encrypting and decrypting by a data key, and similarly, a data key can only also be used To be encrypted to the data of a field.Such cipher mode is just referred to as the cipher mode based on field.To in table After data in certain field are encrypted, to obtaining data by SQL Server server and browsing file, it is necessary to Field could be decrypted by key.
Material is thus formed in terms of internal layer, database, the field of storage file is encrypted, just in case file leakage, external Personnel are also unable to get valuable information in the case where no key;In outer layer, All Files all pass through superencipherment Algorithm is being stored in cloud database after making encryption, and the legitimate user for only possessing decruption key can use relative key Successful decryption ciphertext data obtain useful file.
AES encryption data block block length is necessary for 128 bits, and key length can be 128 bits, 192 bits, 256 Any one (if when data block and key length deficiency, meeting polishing) in bit.
AES shares five kinds of modes of ECB, CBC, CFB, OFB, CTR.
1, AES is the cipher mode based on data block, that is to say, that data per treatment are one piece (16 bytes), when Filling when data are not the multiples of 16 bytes, here it is so-called block cipher (being different from the stream cipher based on bit), 16 Byte is block length.
2, the several ways of block encryption
ECB: being a kind of cipher mode on basis, and ciphertext is divided into the equal block of block length (insufficient polishing), then It individually encrypts one by one, one by one output composition ciphertext.
CBC: being a kind of circulation pattern, re-encrypt after the ciphertext of previous grouping and the plaintext xor operation of current group, The purpose for the arrangement is that enhancing cracks difficulty.
CFB/OFB is actually a kind of feedback model, and purpose is also the difficulty that enhancing cracks.
The encrypted result of ECB and CBC is different, the mode difference of the two, and CBC can be transported in first cryptographic block An initialization vector is added when calculation.
Embodiment
As shown in figure 8, providing basic security service for upper-layer protocol in protocol layer, SSL notes down agreement and assists for HTTP View has carried out special design, and the transport protocol HTTP of hypertext is run in SSL.The various high-rise associations of record encapsulation Compressed and decompressed, encrypting and decrypting, calculating and verification MAC etc. and security-related operation is embodied in view, dual to ensure that transmission Safety.
AES encryption algorithm is related to 4 kinds of operations: byte substitution (SubBytes), row displacement (ShiftRows), column are obscured (MixColumns) and InvAddRoundKey (AddRoundKey).Fig. 9 gives the process of AES encryption and decryption, as can be seen from the figure: 1) each step of decipherment algorithm respectively corresponds the inverse operation of Encryption Algorithm, 2) sequence of all operations of encryption and decryption is exactly opposite 's.It ensure that the correctness of algorithm just because of this several points (along with the operation of Encryption Algorithm and the every step of decipherment algorithm is reciprocal). The key of every wheel is obtained by seed key by key schedule respectively in encryption and decryption.The plaintext of 16 bytes, ciphertext in algorithm It is all indicated with respective loops with the matrix of a 4x4.
The major function that byte replaces is that the mapping of a byte to another byte is completed by S box.Here directly Provide having constructed as a result, Figure 10 is S box, Figure 11 is S-1 (S box inverse).S box is for providing the confusion of cryptographic algorithm.
S and S-1 is respectively the matrix of 16x16, completes the mapping that 8 bits are input to the output of 8 bits, the high 4- of input The corresponding value of bit is used as rower, and the corresponding value of low 4-bit is marked as column.Assuming that the value of input byte is a= A7a6a5a4a3a2a1a0, then output valve is S [a7a6a5a4] [a3a2a1a0], and the transformation of S-1 is also similarly.
Such as: the replaced value of byte 00000000B is (S [0] [0]=) 63H, then before replacement can be obtained by S-1 Value, (S-1 [6] [3]=) 00H.
Row displacement is the displacement between the internal matrix byte of a 4x4, for providing the diffusivity of algorithm.
1) positive row shifts positive row displacement for encrypting, and principle is as shown in figure 12.Wherein: the first row remains unchanged, Second row ring shift left, 8 bit, 16 bit of the third line ring shift left, 24 bit of fourth line ring shift left.
Assuming that the name of matrix is state, it is formulated as follows: state ' [i] [j]=state [i] [(j+i) % 4];Wherein i, j belong to [0,3].
2) reverse row displacement
Reverse row displacement is opposite operation, it may be assumed that the first row remains unchanged, 8 bit of the second row ring shift right, the third line 16 bit of ring shift right, 24 bit of fourth line ring shift right.
It is formulated as follows: state ' [i] [j]=state [i] [(4+j-i) %4];Wherein i, j belong to [0,3].Column Obscure: using a replacement of arithmetic characteristic on GF (28) domain, being equally used for providing the diffusivity of algorithm.
1) it is as shown in figure 13 to obscure the principle that positive nematic is obscured for positive nematic:
According to multiplication of matrices it is found that during column are obscured, the corresponding value of each byte only has with 4 values of the column Relationship.Multiplication and addition herein is all defined on GF (28), it should be noted that following several points:
(1) by value corresponding to some byte multiplied by 2, result be exactly the binary digit of the value is moved to left one, if The highest order of original value is 1, then the result exclusive or 00011011 after also needing to shift;[1];
(2) multiplication meets apportionment ratio to addition, such as: 07S0,0=(01 ⊕, 02 ⊕ 04) S0,0=S0,0 ⊕ (02·S0,0)(04·S0,0);
(3) matrix multiplication herein and multiplication of matrices in general sense are different, what each value was used when being added It is 28 addition of mould (XOR operation).
It gives one example below, it is assumed that the value of a certain column is as follows:
Calculating process is as follows:
Wherein:
0146=01000110B
01A6=10100110B
Then:
It is 1 since C9 corresponds to leftmost bit, it is therefore desirable to after C9 is moved to left one when calculating 02 product with C9 Value and (00011011) seek exclusive or.Other several values can similarly be found out.
2) it is as shown in figure 14 to obscure the principle for inversely arranging and obscuring for reverse column.
Cipher key spreading procedure declaration: 1) by seed key by Figure 15 format arrange, wherein k0, k1 ..., k15 successively Indicate a byte of seed key;It is indicated after arrangement with the word of 4 32 bits, is denoted as w [0], w [1], w [2], w respectively [3];)
2) w [j] successively as follows, is solved, wherein j is integer and belongs to [4,43];)
If 3) j%4=0, then w [j]=w [j-4] ⊕ g (w [j-1]), otherwise w [j]=w [j-4] ⊕ w [j-1];)
The process of function g is as shown in figure 16.
A) by 8 bit of w ring shift left;)
B) displacement of S box is done to each byte respectively;)
C) exclusive or is carried out with the constant of 32 bits (RC [j/4], 0,0,0), RC is an one-dimension array, and value is as follows:
RC={ 0x00,0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,0x1B, 0x36 }).
The value of RC only needs 10, and has used 11 herein, and actually RC [0] is not used in operation, increases RC It [0] is for the ease of using array representation in program.Since the minimum value that the minimum value of j is 4, j/4 is then 1, therefore will not Generate mistake.

Claims (10)

1. a kind of photograph video cloud encrypts storage method, using improved AES encryption algorithm, it is characterised in that: this is improved AES encryption algorithm includes: one, cipher key spreading;Two, the displacement of S box and inverse S box are replaced;Three, shiftrows and the displacement of reverse row become It changes;Four, mixcolumns and inverse mixcolumns;Five, InvAddRoundKey.
2. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The cipher key spreading includes:
Seed key is arranged in 4*4 matrix according to preferential mode is arranged, each column of matrix are known as the word of a 32bit, will plant For sub-key from 4 byte expansions at 44 words, each round encryption needs 4 words;Assuming that first character is w [0], second word is W [1], and the last character is w [43];
Preceding 4 words are initialized with seed key, then, expand 40 new words to array w;Recursive fashion:
If (1) i is not 4 multiple, then w [i]=w [i-4] ^w [i-1];
If (2) i is 4 multiple, then w [i]=w [i-4] ^T (w [i-1]);Wherein T is a function.
Function T is made of 3 parts: word circulation, byte substitution and wheel constant exclusive or;
(3) word recycles: 4 bytes in a word are moved to the left a byte respectively;I.e. [x0, x1, x2, x3] is transformed to [x1,x2,x3,x0];
(4) byte substitution: i.e. S box is replaced;
(5) take turns constant exclusive or: the result of first two steps and wheel constant Rcon [j] are subjected to exclusive or.
3. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The S box displacement and inverse S box are replaced specific as follows:
Positive S box (Sbox), inverse S box (InvSbox) are calculated be stored in code in advance, and byte substitution is simplified to one and simply looks into Table handling;Corresponding value is taken out come map operation by subscript, and the displacement of S box uses positive S box, and inverse S box displacement uses inverse S box.
4. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The shiftrows and reverse shiftrows are specific as follows:
Byte matrix is passed through simple left circulative shift operation by row displacement;When a length of 128bit of key, the i-th row of state matrix Move to left i byte;Retrograde transposition is reduction row displacement, and cyclic shift, the i-th row of state matrix move to right i to state matrix to the right Byte.
5. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The mixcolumns and inverse mixcolumns are specific as follows:
Column hybrid algorithm is substituted using GF () domain arithmetic characteristic
According to multiplication of matrices it is found that in column process of obfuscation, the corresponding value of each byte only has relationship with 4 values of the column; Multiplication and addition herein is all defined in GF (28) finite field:
(1) the value of some byte is multiplied 2, i.e. the binary digit of the value moves to left one, if the highest order of the value is 1, also needs By the result exclusive or 00011011 after displacement;
(2) multiplication meets apportionment ratio to addition;
(3) each value uses nodulo-2 addition when being added;
Inverse column hybrid manipulation equally uses arithmetic characteristic on GF () domain to replace.
6. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The InvAddRoundKey specifically:
Data in 128 round key and state matrix are subjected to xor operation.
7. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that: when needing to handle number to be processed When according to not being the integral multiple of packet data, the method for taking ciphertext to divert, if block length is blen;To be encrypted/decryption processing Data be d, length dlen;Remaining data to be processed are rd, and length rdlen has handled data s;Ciphering process It is as follows:
Step (1) works as rdlen >=blen, i.e. remaining data is greater than block length, goes to step (2);Otherwise, (3) are gone to step;
It is that the data of blen make cryptographic operation that step (2), which takes size from the head of rd, and the data obtained is spliced to the tail portion s, goes to step (1);
Step (3) is if rdlen > 0, i.e. the inadequate grouping of remaining data.Taking out size at the end encrypted data s is The data and rd of blen-rdlen are spliced to form the packet data block that a length is blen, encrypt to it and are spliced to result After encrypted data, (4) are gone to step;
Step (4) if rdlen==0, complete by all data encryptions, terminates encryption.
8. photograph video cloud as claimed in claim 7 encrypts storage method, it is characterised in that: decrypting process is as follows:
Step1: working as rdlen > 2*blen, turns Step 2;Otherwise, turn Step 3.
The data that blen long is taken out on the head of Step2:rd make decryption oprerations, are as a result spliced to the tail portion s, turn Step 1.
Step3: working as rdlen=2*blen, turns Step 4;Otherwise, turn Step 5.
Step4: rdlen data deciphering is taken out.Until rdlen==0;As a result it is spliced to the tail portion s, turns Step 6.
Step5: taking out the data block of the end remaining data rd blen size and make decryption oprerations, the remaining big decimal of rd-blen It is denoted as rd ' according to block, obtains data block data2;To the number of remaining data rd ' to be decrypted and the head blen-rd ' len of data2 According to being spliced, being decrypted, data3 is obtained;End rd ' the len bit data of sequential concatenation s, data3, data2 obtain complete Ciphertext data turns Step 6;
Step6: all ciphertexts are decrypted into original text, terminate decryption.
9. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
System host process realizes encrypting and decrypting operation, reads file operation by file and reads process realization, operating writing-file is write by file Process is realized;Pending data and file data buffer area to be written realize that host process is directly in buffer area using round-robin queue Data are read, and data are stored in writing buffer.
10. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that: further include adding to database It is close, using the cipher mode based on field.
CN201811079446.2A 2018-09-14 2018-09-14 A kind of photograph video cloud encryption storage method Withdrawn CN109245881A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811079446.2A CN109245881A (en) 2018-09-14 2018-09-14 A kind of photograph video cloud encryption storage method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811079446.2A CN109245881A (en) 2018-09-14 2018-09-14 A kind of photograph video cloud encryption storage method

Publications (1)

Publication Number Publication Date
CN109245881A true CN109245881A (en) 2019-01-18

Family

ID=65059475

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811079446.2A Withdrawn CN109245881A (en) 2018-09-14 2018-09-14 A kind of photograph video cloud encryption storage method

Country Status (1)

Country Link
CN (1) CN109245881A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110162989A (en) * 2019-05-28 2019-08-23 上海海洋大学 Polymorphic type file encryption based on CBC mode is shared and access control method
CN111064562A (en) * 2019-12-12 2020-04-24 北京计算机技术及应用研究所 Implementation method of AES algorithm on FPGA
CN112100698A (en) * 2020-09-23 2020-12-18 北京万协通信息技术有限公司 System and method for realizing NorFlash security access
CN113591117A (en) * 2021-08-04 2021-11-02 中国人民大学 Social platform daily conversation encryption method and system, storage medium and computing device
CN114143576A (en) * 2021-11-26 2022-03-04 广东爱视文化发展有限公司 Audio and video encryption protection on-demand method and device and electronic equipment
CN114286129A (en) * 2021-12-02 2022-04-05 赛轮集团股份有限公司 Audio and video data encryption and decryption method and device
CN114374817A (en) * 2021-12-31 2022-04-19 北京视通科技有限公司 Multi-party-based multimedia conference emergency command system
CN115208626A (en) * 2022-06-02 2022-10-18 北京交大微联科技有限公司 Communication method and device based on secure communication ciphertext transmission in railway signal system
CN115242548A (en) * 2022-09-20 2022-10-25 广州万协通信息技术有限公司 Privacy data directional encryption method and device, electronic equipment and storage medium
CN115801321A (en) * 2022-10-20 2023-03-14 北京海泰方圆科技股份有限公司 Data combination encryption method and device
CN116506560A (en) * 2023-06-27 2023-07-28 天津开发区中环系统电子工程股份有限公司 Video image real-time acquisition system and acquisition method
CN116523722A (en) * 2023-06-30 2023-08-01 江西云绿科技有限公司 Environment monitoring analysis system with machine learning capability
CN117407906A (en) * 2023-12-15 2024-01-16 莱芜职业技术学院 Software development data security encryption method based on DES algorithm

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801693A (en) * 2005-06-28 2006-07-12 华为技术有限公司 Short block processing method in block encryption algorithm
US20170033921A1 (en) * 2015-07-30 2017-02-02 Nxp, B.V. Encoding Values by Pseudo-Random Mask

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801693A (en) * 2005-06-28 2006-07-12 华为技术有限公司 Short block processing method in block encryption algorithm
US20170033921A1 (en) * 2015-07-30 2017-02-02 Nxp, B.V. Encoding Values by Pseudo-Random Mask

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张文锦,周荣,高燕,汪金虎: "基于AES算法的文件加密", 《张文锦,周荣,高燕,汪金虎》 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110162989A (en) * 2019-05-28 2019-08-23 上海海洋大学 Polymorphic type file encryption based on CBC mode is shared and access control method
CN111064562A (en) * 2019-12-12 2020-04-24 北京计算机技术及应用研究所 Implementation method of AES algorithm on FPGA
CN112100698B (en) * 2020-09-23 2023-10-31 北京万协通信息技术有限公司 System and method for realizing NorFlash secure access
CN112100698A (en) * 2020-09-23 2020-12-18 北京万协通信息技术有限公司 System and method for realizing NorFlash security access
CN113591117A (en) * 2021-08-04 2021-11-02 中国人民大学 Social platform daily conversation encryption method and system, storage medium and computing device
CN114143576A (en) * 2021-11-26 2022-03-04 广东爱视文化发展有限公司 Audio and video encryption protection on-demand method and device and electronic equipment
CN114143576B (en) * 2021-11-26 2024-04-09 广东爱视文化发展有限公司 Video-audio encryption protection on-demand method and device and electronic equipment
CN114286129A (en) * 2021-12-02 2022-04-05 赛轮集团股份有限公司 Audio and video data encryption and decryption method and device
CN114286129B (en) * 2021-12-02 2023-07-25 赛轮集团股份有限公司 Audio and video data encryption and decryption method and device
CN114374817A (en) * 2021-12-31 2022-04-19 北京视通科技有限公司 Multi-party-based multimedia conference emergency command system
CN115208626B (en) * 2022-06-02 2023-12-01 北京交大微联科技有限公司 Communication method and device based on secure communication ciphertext transmission in railway signal system
CN115208626A (en) * 2022-06-02 2022-10-18 北京交大微联科技有限公司 Communication method and device based on secure communication ciphertext transmission in railway signal system
CN115242548A (en) * 2022-09-20 2022-10-25 广州万协通信息技术有限公司 Privacy data directional encryption method and device, electronic equipment and storage medium
CN115242548B (en) * 2022-09-20 2022-12-20 广州万协通信息技术有限公司 Private data directional encryption method and device, electronic equipment and storage medium
CN115801321A (en) * 2022-10-20 2023-03-14 北京海泰方圆科技股份有限公司 Data combination encryption method and device
CN115801321B (en) * 2022-10-20 2023-11-14 北京海泰方圆科技股份有限公司 Data combination encryption method and device
CN116506560A (en) * 2023-06-27 2023-07-28 天津开发区中环系统电子工程股份有限公司 Video image real-time acquisition system and acquisition method
CN116506560B (en) * 2023-06-27 2023-09-29 天津开发区中环系统电子工程股份有限公司 Video image real-time acquisition system and acquisition method
CN116523722A (en) * 2023-06-30 2023-08-01 江西云绿科技有限公司 Environment monitoring analysis system with machine learning capability
CN117407906A (en) * 2023-12-15 2024-01-16 莱芜职业技术学院 Software development data security encryption method based on DES algorithm
CN117407906B (en) * 2023-12-15 2024-03-12 莱芜职业技术学院 Software development data security encryption method based on DES algorithm

Similar Documents

Publication Publication Date Title
CN109245881A (en) A kind of photograph video cloud encryption storage method
US8127130B2 (en) Method and system for securing data utilizing reconfigurable logic
US8416947B2 (en) Block cipher using multiplication over a finite field of even characteristic
CN101622816B (en) Flexible architecture and instruction for advanced encryption standard (AES)
CN101447870B (en) Safe storage method of private key based on technology of distributed password
US20090220083A1 (en) Stream cipher using multiplication over a finite field of even characteristic
US20170346622A1 (en) System And Method For Secure Communications And Data Storage Using Multidimensional Encryption
Chaitra et al. A survey on various lightweight cryptographic algorithms on FPGA
Widiasari Combining advanced encryption standard (AES) and one time pad (OTP) encryption for data security
Rawal Advanced encryption standard (AES) and it’s working
Mattsson Format controlling encryption using datatype preserving encryption
Pethe et al. A survey on different secret key cryptographic algorithms
CN102622561A (en) Enciphering and deciphering method for invoking data in software
Gaur et al. Comparative Study on Different Encryption and Decryption Algorithm
Sachdeva et al. Implementation of AES-128 using multiple cipher keys
Tarawneh Cryptography: Recent Advances and Research Perspectives
CN107317667A (en) Method for early warning and prior-warning device that a kind of identity document is lost
CN113408013A (en) Encryption and decryption chip framework with multiple algorithm rules mixed
Chaloop et al. Enhancing Hybrid Security Approach Using AES And RSA Algorithms
Haryono Comparison encryption of how to work caesar cipher, hill cipher, blowfish and twofish
Al-Kareem et al. A review of the most effective cryptography techniques based on conventional block cipher and lightweight
Bhowmika et al. A Symmetric Key-Based Cryptographic Transaction on Cryptocurrency Data
Datta et al. Proposed Safety and Security Model for Hand-Held Mobile Devices
Manikandaprabhu et al. A Review of Encryption and Decryption of Text Using the AES Algorithm
Tangri et al. Cryptography Techniques and its Application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20190118