CN109995505A - A kind of mist calculates data safety machining system and method, cloud storage platform under environment - Google Patents
A kind of mist calculates data safety machining system and method, cloud storage platform under environment Download PDFInfo
- Publication number
- CN109995505A CN109995505A CN201910171496.1A CN201910171496A CN109995505A CN 109995505 A CN109995505 A CN 109995505A CN 201910171496 A CN201910171496 A CN 201910171496A CN 109995505 A CN109995505 A CN 109995505A
- Authority
- CN
- China
- Prior art keywords
- data
- mist
- user
- ciphertext
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention belongs to cloud storage technical field, discloses a kind of mist and calculate data safety machining system and method, cloud storage platform under environment, be efficiently stored on Cloud Server and mist node using supporting that the encipherment scheme of duplicate removal guarantees data security;Use the data ownership of encryption attribute project management user and mist node;Data label is generated using MerkleTree, prevents malicious user from carrying out side-channel attack to server;The present invention can also support the dynamic of user right to update, i.e., prevent the user for having cancelled permission from reacquiring the data by the way of re-encryption, it is ensured that the safety of server data.In addition, the present invention has also carried out detailed safety analysis.It proves that the present invention can achieve expected security objectives, while can be realized efficient data storage and deduplication operation.
Description
Technical field
The invention belongs to cloud storage technical fields more particularly to a kind of mist to calculate data safety machining system and side under environment
Method, cloud storage platform.
Background technique
Currently, the prior art commonly used in the trade is such that more to favor with the development of cloud computing, more and more users
In placing the data on Cloud Server rather than in local side, International Data Center (IDC) (International Data
Center, IDC) a report point out that 2013, the 1 year newly generated data volume in the whole world was 4.4ZB, and 2017, the whole world
1 year newly generated data volume is increased sharply to 15.2ZB, it is contemplated that and to 2020, the annual newly generated data volume in the whole world is up to 40ZB,
This undoubtedly brings great burden to Cloud Server.And another report of IDC is pointed out, the data volume that the whole world generates every year
In, 75% data be it is duplicate, this seriously compromises the storage efficiency and communication overhead of Cloud Server, and it is superfluous to delete these
Remainder is according to the storage efficiency that can be greatly optimization cloud computing.In addition to this, the safety caused every year by leaking data is asked
Topic also emerges one after another.Shown according to cloud security alliance (Cloud Security Alliance, CSA) newest research achievement
In all security threats that cloud computing is subjected to, leaking data ranks first.2011, Google's mailbox was compromised, 15 general-purpose families
Impaired, the data of many users are permanently deleted, and certain customers' account is reset.2013, Yahoo user data persistently by
Leakage, until 2016, which was just solved, and was counted according to Yahoo, and about 1,000,000,000 users are by different degrees of influence.
2018, facebook fell into the ugly door event of leaking data, and Cambridge analysis company (Cambridge Analytica) passes through a
Application program obtains the personal data of 50,000,000 user of facebook, and facebook is declared, the user being actually damaged is far not
Only 50,000,000.It shows according to incompletely statistics, some large enterprises are every year on average because the loss of leaking data is up to 3,800,000 dollars.
Therefore, problem of data safety needs us to give the attention of height.Although the development of cloud computing greatly alleviates local device
Storage overhead and calculate pressure.However, on Cloud Server number of users sharply increase, Cloud Server centralization service
Some disadvantages also gradually reveal.Firstly, since Cloud Server is far from user, therefore postpone higher;Secondly, in cloud service
The peak period that device uses is easy to happen network congestion event, this makes user experience extremely bad;Finally, due to cloud computing collection
The failure of middle processing data, Cloud Server is likely to result in the paralysis of whole network.These problems become cloud computing development
Bottleneck.2011, Cisco for cloud computing presently, there are some problems, in thin cloud (Cloudlets) and edge calculations
On the basis of (Edge Computing), a kind of novel network query function normal form is proposed --- mist calculates (Fog
Computing).Mist, which calculates, mainly uses the technologies such as distributed system, virtualization, web2.0, has merged network, has calculated, deposits
Storage, using etc. abilities.By connecting physically discrete node, data and application program are dispersed in positioned at network
In the equipment at edge, corresponding service is provided for user nearby.Compared with cloud computing, mist calculating is distributed in network edge, therefore,
Postpone lower and mutually indepedent between each mist node, the damage of some node has no effect on the use of other nodes.Mist
Coming into being for calculating greatly alleviates some problems that cloud computing occurs.
In order to solve the problems, such as data safety, most cloud service providers, which use, allows user in client first by data
Encryption, then be uploaded to the mode of Cloud Server and solve problem of data safety, still, the key as selected by each user is not
Together, different ciphertexts can be encrypted to identical data, therefore, repeated data can not be deleted under ciphertext data.
Message lock encryption (Message-Locked Encryption, MLE), the cipher mode ensure that identical plaintext can be added
Close is identical ciphertext.However, MLE and do not have dynamic, if the permission of a user is revoked, but his MLE is close
Key remains in local side, can be by using protecting before if stealing after ciphertext if the user colludes with some hackers
The MLE key decryption stayed obtains clear data, this is absolutely unsafe for Cloud Server.
In conclusion problem of the existing technology is: encryption data duplicate removal and data update and incompatible and existing
Encryption data be only applicable to Cloud Server, therefore, existing mode there is no alleviate data growth brings Cloud Server
The data-privacy of user is not effectively protected yet in pressure.
Solve the difficulty of above-mentioned technical problem:
Due to the randomness of user key selection, cause identical clear text file that may be encrypted as different ciphertext texts
Part, in addition to this, after certain user's permission is revoked, these users still can be with ciphertext data in order to prevent, and needing will be close
Literary data are updated, and traditional update mode uses Re-encryption Technology, however, to complete data carry out re-encryption expense compared with
Greatly.
Solve the meaning of above-mentioned technical problem:
Not only it can guarantee being stored in Cloud Server for encryption data safety, but also can be realized efficient data re-encryption,
It can also guarantee that the user for being revoked permission can not correct ciphertext data simultaneously.
Summary of the invention
In view of the problems of the existing technology, the present invention provides a kind of mist calculate environment under data safety machining system and
Method, cloud storage platform.
The invention is realized in this way a kind of mist calculates data safety De-weight method under environment, the mist is calculated under environment
Data safety De-weight method the following steps are included:
The first step, user is encrypted data using MLE in client, and the label t of file is generated using Merkle tree, and
Encrypted file and file label t are uploaded to mist node;
Second step, mist node receives data label, and detects it whether in data directory;If so, mist node will
Data directory is added in the ownership of user, otherwise, into next step;
Third step, mist node arbitrarily chosen from MLE ciphertext 256 bits carry out re-encryption, and by 256 than selected from position
It sets and is distributed to other mist nodes with the key of re-encryption, data label and user's ownership are added to data directory by mist node
Table, and by after re-encryption data and data label be sent to Cloud Server;
4th step, Cloud Server receive the data that different mist nodes are sent, and according to the data label that mist node uploads, sentence
It is disconnected whether to have duplicate data;If so, only retaining a copy of it backup, remaining redundant data is deleted.
Further, user includes: using MLE encryption to data in client
(1) generation of key: input plaintext m is calculated the cryptographic Hash of plaintext using SHA256, obtains MLE key, i.e. hash
(m)→k;
(2) AES encryption is carried out using MLE key pair plaintext m generated in (1), obtains ciphertext c, i.e. Enc (m)k→c;
(3) user generates cryptographic Hash using MerkleTree to ciphertext c, is denoted as label t;
(4) user retains MLE key k, and ciphertext c and label t are uploaded to mist node.
Further, user data ownership detects:
Mist node by label t that user uploads compared with the data in the data directory oneself established, if t is in number
According in concordance list, mist node is not necessarily to receive the ciphertext c of user's upload, and directly the permission of user is added in data directory;
If t, not in concordance list, mist node needs to execute data re-encryption operation;
The re-encryption of ciphertext data:
(1) key generates: input security parameter obtains a random encryption key, referred to as FileKey:Gen (1λ)→
fk;
(2) re-encryption: 256 bits are chosen from MLE ciphertext c, are denoted as c1, remainder is denoted as c2, and using AES to c1
Encryption, obtains stub, it may be assumed that Encfk(c1)→stub;
(3) update of data directory: the ownership user of user data label t and t are added to data by mist node
Concordance list;
(4) data upload: mist node is by c2It is packaged into trimmedpackage, and by trimmedpackage, stub, with
And user tag t is uploaded to Cloud Server.Mist node retains random encryption key fk;
The update of ciphertext data:
(1) stub is decrypted: mist node receives the update request of server, is decrypted using the fk retained before to stub
To c1, i.e. Decfk(stub)→c1;
(2) MLE ciphertext is restored: by ciphertext c1With trimmedpackage (i.e. c2) splicing, obtain MLE ciphertext c;
(3) generation of new FileKey: input security parameter obtains random encryption key: Gen (1λ)→fk′;
(4) ciphertext re-encryption: 256 bits are chosen again from ciphertext c, are denoted as c '1, remaining part is denoted as c '2, by c '1
Using fk ' encryption, new stub, i.e. Enc are obtainedfk′(c′1)→stub;
(5) data upload: by c '2Be packaged into new trimmedpackage, and by new stub and
Trimmedpackage is uploaded to Cloud Server;
Re-encrypted private key distribution:
After mist node carries out re-encryption to ciphertext, by the key and c ' of re-encryption1The position of selection is shared with other
Mist node;Key is distributed to other nodes by the way of encryption attribute ABE by mist node, the specific steps are as follows:
(1) key generates: input security parameter 1λ, obtain public key PK and master key MK;That is, Setup (1λ) → PK,
MK;
(2) private key generates: input public key PK, the property set of master key MK and mist node export the private key of mist node;
That is, KenGen (PK, MK, S) → SK;
(3) encrypt: mist node is by c '1Selection position and encryption key as message M, input other mist nodes
Public key PK, message M and access strategy T, export ciphertext CT, be sent to Cloud Server, then be distributed to CT by Cloud Server
Other mist nodes;That is, Enc (PK, M, T) → CT;
(4) decrypt: remaining mist node receives ciphertext CT from Cloud Server, is solved using public key and the private key SK of oneself
Close, the corresponding access strategy T of each ciphertext can be just if the property set S of the mist node meets access strategy T
Really decryption, otherwise decryption failure;That is, Dec (PK, SK, CT) → MiffS ∈ T.
Further, data deduplication Yu the data storage of server end, and the data of redundancy are deleted, retain one in server end
Part data specific method includes:
(1) after Cloud Server receives the data and data label t that mist node is sent, these data are judged by detecting t
Whether have identical;
(2) it if it is not, then file label is stored in data directory, and places the data in Cloud Server, with
The data directory of mist node is different, and the data directory of Cloud Server only saves data label, and does not store gathering around for the data
The person of having;
(3) if so, identical data are deleted in cloud service, only retain a copy of it backup, delete remaining redundant data, and
Data label is added in data directory.
Further, user sends the cryptographic Hash of data, that is, can determine whether Cloud Server stores the data, certain malice
User may take the method, judge which data is housed on Cloud Server, it was demonstrated that the File Ownership POW of user has
Gymnastics is made
(1) by ciphertext deblocking, it is denoted as b1, b2..., bn;
(2) b is sought1, b2..., bnSuccessively cryptographic Hash is asked to obtain h1, h2..., hn;
(3) by h1With h2Cascade, h3With h4Cascade, and so on, by hn-1With hnCascade;
(4) Hash will be sought respectively after cascade, obtains hs1...hsn/2;
(5) again by hs1With hs2Cascade, hs3With hs4Cascade, and so on;
(6) it will continue to seek cryptographic Hash after cascade, constantly recycle, obtain final result, as data label t.
Another object of the present invention is to provide a kind of mists realized the mist and calculate data safety De-weight method under environment
Data safety machining system under environment is calculated, the mist calculates data safety machining system under environment and includes:
Client, user are encrypted data using MLE in client;
Mist node, mist node mainly execute four operations: the detection of user data ownership, the re-encryption of ciphertext data,
The update of ciphertext data and the distribution of re-encrypted private key;
Cloud Server, the data deduplication and data at Cloud Server charge server end store, and delete the data of redundancy, only
Retain a data in server end.
Another object of the present invention is to provide a kind of clouds that data safety De-weight method under environment is calculated using the mist
Storage platform.
In conclusion advantages of the present invention and good effect are as follows: the storage side of data safety duplicate removal in the case where mist calculates environment
Method, secure encryption scheme is broadly divided into two aspects, and on the one hand in the client of user, on the other hand in mist node, and duplicate removal is grasped
Work is then mainly on mist node and Cloud Server.The re-encryption update of the ciphertext of data is completed by mist node.And it combines
MerkleTree and data ownership prove technology, prevent malicious user from carrying out side-channel attack to server.
The present invention realizes a data safety machining system in the case where mist calculates environment.Storage system is deployed in mist node
On, alleviate the pressure of Cloud Server, while also overcome on Cloud Server such as the disadvantages of delay is high, network congestion.Meanwhile
The present invention using data are first encrypted upload afterwards by the way of save data, effectively resisted because server data leakage due to cause
Privacy of user loss of data the problem of.In addition to this, the re-encryption scheme that the present invention is updated on mist node using support, can
To prevent the user for having cancelled permission from obtaining clear data again.The present invention uses the scheme of client duplicate removal on mist node,
That is, user first sends file label, if inquiring server has the data, user is without uploading, using such mode pole
Big saves communication overhead.The present invention additionally uses the mode that MerkleTree generates data label, prevents some malice from using
Family carries out side-channel attack to server.
1 present invention of table and the comparison of scheme before
Detailed description of the invention
Fig. 1 is that mist provided in an embodiment of the present invention calculates data safety De-weight method flow chart under environment.
Fig. 2 is that mist provided in an embodiment of the present invention calculates data safety machining system structural schematic diagram under environment;
Fig. 3 is the structural schematic diagram provided in an embodiment of the present invention to data encrypting and deciphering.
Fig. 4 is the schematic illustration of message lock encryption (MLE) provided in an embodiment of the present invention.
Fig. 5 is the structural schematic diagram provided in an embodiment of the present invention generated to data ownership label.
Fig. 6 is the structural schematic diagram provided in an embodiment of the present invention being updated on mist node to ciphertext data.
Fig. 7 is the structural schematic diagram of distribution re-encrypted private key provided in an embodiment of the present invention.
Fig. 8 is the structural schematic diagram of data directory on mist node provided in an embodiment of the present invention.
Fig. 9 is the structural schematic diagram of data directory on Cloud Server provided in an embodiment of the present invention.
Figure 10 is the operation chart of Cloud Server deleting duplicated data provided in an embodiment of the present invention.
Time Figure 11 required when being Trimmed Package Partial encryption.
Time Figure 12 required when being Stub Partial encryption.
Figure 13 is the time required when ciphertext data update.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
Data deduplication of the invention aiming at the mass data stored in server, some data be it is identical,
And data deduplication is exactly to delete these identical data, only retains a data backup.The fine granularity executed from duplicate removal is distinguished,
Data safety duplicate removal can be divided into two kinds: file-level (File Level) duplicate removal and block grade (Block Level) duplicate removal: file-level
Duplicate removal refers to that file is the smallest unit of duplicate removal, i.e. server carries out re-detection according to file label, and only retains only
One duplicate of the document.Block grade duplicate removal then refers to that data block is the minimum unit of duplicate removal, i.e., server carries out duplicate removal according to block label
Detection, and only retain unique data block copy.According to partitioned mode difference, block grade duplicate removal can be divided into based on fixed length piecemeal
Data deduplication and the data deduplication based on elongated piecemeal.It is distinguished from duplicate removal frame, data safety duplicate removal can be divided into: server end
(Server-Side) duplicate removal, client (Client-Side) duplicate removal:
Server end duplicate removal refers to that data are all uploaded to server by user, and whether the data after server detection upload
There is repetition, only retains a copy of it backup after deleting the data of redundancy, in the process, user does not know that uploaded data are
It is no by duplicate removal.Client duplicate removal refers to that the label of file is sent to server by user, and server detects the data by label
Whether have existed, if for user without uploading again, server is that user adds data power there are the data on server
It limits, in whole process, whether user knows the data of oneself by duplicate removal.
The present invention on mist node by the way of client duplicate removal, on Cloud Server using server end duplicate removal
Mode.
Message lock encryption, traditional cipher mode is in data deduplication and is not suitable for, because identical clear text file will
Different cryptograph files are encrypted to, this is because the encryption key that user's different user is chosen is different.2002, Douceur
The concept of convergent encryption (Convergent Encryption, CE) is proposed, it is identical to ensure that identical plaintext can be generated
Key;Bellare in 2013 proposes message lock encryption (Message Locked on the basis of convergent encryption
Encryption, MLE), the encryption key of MLE is generated by the cryptographic Hash of clear text file, ensure that identical plaintext can be generated
Therefore identical ciphertext can guarantee that data are able to carry out deduplication operation under the conditions of ciphertext using message lock encryption.
The concept of encryption attribute (Attribute Based Encryption, ABE) is mentioned by Sahai and Waters earliest
Out.Encryption attribute is a kind of public key cryptography scheme, and public key is the property set of user, greatly simplifies the management of public key.It
Be broadly divided into two kinds: Ciphertext policy is based on encryption attribute (Ciphertext Policy Attribute Based
Encryption, CP-ABE) and key strategy be based on encryption attribute (Key Policy Attribute Based
Encryption,KP-ABE).Two ways is just the opposite, wherein in CP-ABE, ciphertext is access strategy, and key is user's
Property set.In KP-ABE, key is access strategy, and ciphertext is the property set of user.Two schemes are compared, and CP-ABE is more clever
It is living.The present invention is mainly encrypted using CP-ABE.
MerkleTree is a kind of Hash binary tree, by a root node, multiple intermediate nodes and multiple leaf nodes
It constitutes, the integrity verification of user data and the proof of ownership of user.The leaf node of MerkleTree is by data information structure
At remaining non-leaf nodes is successively calculated from bottom to up, finally obtained by asking cryptographic Hash to obtain after the cascade of its child nodes value
Unique root node.
Application principle of the invention is explained in detail with reference to the accompanying drawing.
As shown in Figure 1, mist provided in an embodiment of the present invention calculate data safety De-weight method under environment the following steps are included:
S101: user is encrypted data using MLE in client, and the label t of file is generated using Merkle tree, and will
Encrypted file and file label t are uploaded to mist node;
S102: mist node receives data label, and detects it whether in data directory;If so, mist node will be used
Data directory is added in the ownership at family, otherwise, into next step;
S103: mist node arbitrarily chosen from MLE ciphertext 256 bits carry out re-encryption, and by 256 than selected from position
Other mist nodes are distributed to the key of re-encryption, data label and user's ownership are added to data directory by mist node,
And by after re-encryption data and data label be sent to Cloud Server;
S104: Cloud Server receives the data that different mist nodes are sent, according to the data label that mist node uploads, judgement
Whether duplicate data are had;If so, only retaining a copy of it backup, remaining redundant data is deleted.
Mist provided in an embodiment of the present invention calculates the user of data safety De-weight method under environment in client executing, is responsible for
First step encryption is carried out to file, and generates corresponding file label.Encryption is encrypted using MLE, guarantees identical clear text file
Identical cryptograph files can be generated.S102 mist node execute, for judge active user upload file whether by
It is uploaded to Cloud Server, if being transmitted through this document in the discovery of mist querying node, user, only need to be by user's without uploading
Data ownership is added in data directory as shown in Figure 7, jumps to S103 if mist node is to inquire this file.
S103 is also to execute on mist node, and mist node needs to carry out a re-encryption to the MLE ciphertext data that user uploads, and adds
The file of re-encryption is uploaded to Cloud Server later into data directory shown in Fig. 7 by the data ownership of user.And it jumps
Go to S104.S104 is executed on Cloud Server, and it is duplicate whether the data that cloud service detects different mist nodes uploads have, if
Have, Cloud Server deletes the data of redundancy, only retains a copy of it, and add data in data directory shown in Fig. 8;
If there is no duplicate data, Cloud Server saves the data, and adds data in data directory shown in Fig. 8.
As shown in Fig. 2, data safety machining system includes: under mist calculating environment provided in an embodiment of the present invention
Client, user are encrypted data using MLE in client;It is broadly divided into following steps:
(1) generation of key: input plaintext m is calculated the cryptographic Hash of plaintext using SHA256, obtains MLE key, i.e. hash
(m)→k;
(2) AES encryption is carried out using MLE key pair plaintext m, obtains ciphertext c, i.e. Enc (m)k→c;
(3) user generates cryptographic Hash using MerkleTree to ciphertext c, is denoted as label t;
(4) user retains MLE key k, and ciphertext c and label t are uploaded to mist node.Mist node, mist node are mainly held
Row four operations: the detection of user data ownership, the re-encryption of ciphertext data, the update and re-encrypted private key of ciphertext data
Distribution;Specific step is as follows:
The detection of user data ownership:
Mist node by label t that user uploads compared with the data in the data directory oneself established, if t is in number
According in concordance list, mist node is not necessarily to receive the ciphertext c of user's upload, and directly the permission of user is added in data directory;
If t, not in concordance list, mist node needs to execute data re-encryption operation.
The re-encryption of ciphertext data:
(1) key generates: input security parameter obtains a random encryption key, referred to as FileKey:Gen (1λ)→
fk;
(2) re-encryption: 256 bits are chosen from MLE ciphertext c, are denoted as c1, remainder is denoted as c2, and using AES to c1
Encryption, obtains stub, it may be assumed that Encfk(c1)→stub;
(3) update of data directory: the ownership user of user data label t and t are added to data by mist node
Concordance list;
(4) data upload: mist node is by c2It is packaged into trimmedpackage, and by trimmedpackage, stub, with
And user tag t is uploaded to Cloud Server.Mist node retains random encryption key fk;
The update of ciphertext data:
(1) stub is decrypted: mist node receives the update request of server, is decrypted using the fk retained before to stub
To c1, i.e. Decfk(stub)→c1;
(2) MLE ciphertext is restored: by ciphertext c1With trimmedpackage (i.e. c2) splicing, obtain MLE ciphertext c;
(3) generation of new FileKey: input security parameter obtains random encryption key: Gen (1λ)→fk′;
(4) ciphertext re-encryption: 256 bits are chosen again from ciphertext c, are denoted as c '1, remaining part is denoted as c '2, by c '1
Using fk ' encryption, new stub, i.e. Enc are obtainedfk′(c′1)→stub;
(5) data upload: by c '2Be packaged into new trimmedpackage, and by new stub and
Trimmedpackage is uploaded to Cloud Server.
Re-encrypted private key distribution:
After mist node carries out re-encryption to ciphertext, need the key and c ' of re-encryption1The position of selection is shared with
Other mist nodes facilitate other mist node decryptions.In the present invention, mist node is by the way of encryption attribute (ABE) by key
It is distributed to other nodes, the specific steps are as follows:
(1) key generates: input security parameter 1λ, obtain public key PK and master key MK.That is, Setup (1λ) → PK,
MK;
(2) private key generates: input public key PK, the property set of master key MK and mist node export the private key of mist node.
That is, KenGen (PK, MK, S) → SK;
(3) encrypt: mist node is by c '1Selection position and encryption key as message M, input other mist nodes
Public key PK, message M and access strategy T, export ciphertext CT, be sent to Cloud Server, then be distributed to CT by Cloud Server
Other mist nodes.That is, Enc (PK, M, T) → CT;
(4) decrypt: remaining mist node receives ciphertext CT from Cloud Server, is solved using public key and the private key SK of oneself
Close, the corresponding access strategy T of each ciphertext can be just if the property set S of the mist node meets access strategy T
Really decryption, otherwise decryption failure.That is, Dec (PK, SK, CT) → M iffS ∈ T.
Cloud Server, the data deduplication and data at Cloud Server charge server end store, and delete the data of redundancy, only
Retain a data in server end;Detailed process is as follows:
(1) after Cloud Server receives the data and data label t that mist node is sent, these data are judged by detecting t
Whether have identical;
(2) it if it is not, then file label is stored in data directory, and places the data in Cloud Server, with
The data directory of mist node is different, and the data directory of Cloud Server only saves data label, and does not store gathering around for the data
The person of having.
(3) if so, identical data are deleted in cloud service, only retain a copy of it backup, delete remaining redundant data, and
Data label is added in data directory.
Mist provided in an embodiment of the present invention calculates data safety machining system under environment and is broadly divided into three-decker, client
End, mist node and Cloud Server.User is to operations such as the block encryptions of data in client executing, and mist node then manages certain
The multiple client in one region, since the client location managed under the same mist node is close, what these users uploaded
Data have very big similarity, therefore higher using such mode deduplicated efficiency.Moreover, user and server are separated by by mist node
From therefore, some malicious users are difficult directly to dispose the application program of oneself on the server.For each user, mist
Node is exactly a small-sized Cloud Server.The function of server is similar to traditional Cloud Server, is responsible for the duplicate number of detection
It is uniquely backed up according to simultaneously only saving.In the present invention, Cloud Server is not direct communicates with user, but is connected with mist node, because
This, server does not need the data ownership of management user, but only saves data, this greatly reduces the storage of server
Expense simplifies the memory module of server.
Application principle of the invention is further described with reference to the accompanying drawing.
As shown in figure 3, being encryption and decryption schematic diagram of the invention, wherein the step for MLE is encrypted carries out in client, uses
When family needs to be implemented upload operation, need first to encrypt data using MLE, guarantee clear data is not leaked, and then by data
It is uploaded to mist node.Mist node needs that data are first divided into two parts, and a portion only has 256 bits, then to this 256 ratio
Spy carries out re-encryption, ensure that the dynamic of ciphertext data.Why it is not to be encrypted to entire ciphertext, is because existing every time
When update, require to carry out all contents encryption and decryption operation, expense is larger.When user needs to download file, use
Family first sends to mist node and requests, and whether mist nodal test user data ownership is in data directory, if so, mist node
Data are first downloaded from a server, first time decryption is carried out to data, and the data after decryption are spliced, obtains MLE ciphertext, it will
MLE ciphertext is sent to user, and user obtains original plaintext data in local side decryption MLE ciphertext.
As shown in figure 4, being message lock encryption, i.e. the encryption principle schematic diagram of MLE.Wherein encryption key K by plaintext M Kazakhstan
Uncommon value generates, while generating data label T with clear text file, and the generating process of data label is as shown in Figure 5.Using encryption key
K carries out AES encryption to plaintext M, obtains ciphertext C, is encrypted using such mode, it is identical to ensure that identical plaintext can be encrypted to
Ciphertext, storage overhead is saved while guaranteeing data security.
Mainly include the following steps as shown in figure 5, being the schematic diagram that data label T is generated:
(1) encrypted deblocking is denoted as b by user first1, b2, b3, b4;
(2) b is sought1, b2, b3, b4Successively cryptographic Hash is asked to obtain h1, h2, h3, h4;
(3) by h1With h2Cascade, h3With h4Cascade;
(4) Hash will be sought respectively after cascade, obtains S1And S2;
(5) finally by S1With S2Cryptographic Hash is cascaded and asked, is obtained final as a result, as data label T.
If the user of a malice, it is desirable to judge to deposit in server using the method for data label is sent to server
There is which data, then the user must be the owner of these data.Even if the owner of data wants in detection Cloud Server
Whether have these data, but be only able to detect the region mist node whether on be transmitted through this data, other can not be detected
Whether mist node has these data, has effectively resisted side-channel attack using such mode.
As shown in fig. 6, being the schematic diagram that ciphertext data update.When some user's rights of rescission are prescribed a time limit, it is necessary to ciphertext data
It is updated, otherwise, if these users conspire with some malice opponents, these opponents can limit the use of family by the rights of rescission
Data in key pair server are decrypted, this is very dangerous for server, and therefore, it is necessary to ciphertext data
Periodically it is updated.Update is broadly divided into the following steps:
(1) stub is decrypted: mist node receives the update request of server, decrypts to obtain c to stub1, i.e. Decfk
(stub)→c1;
(2) MLE ciphertext is restored: by ciphertext c2With trimmedpackage (i.e. c1) splicing, obtain MLE ciphertext c;
(3) generation of new FileKey: input security parameter obtains random encryption key: Gen (1λ)→fk′;
(4) ciphertext re-encryption: 256 bits are chosen again from ciphertext c, are denoted as c '2, remaining part is denoted as c '11With c
′12, by c '2Using fk ' encryption, new stub, i.e. Enc are obtainedfk′(c′2)→stub;
(5) data upload: by c '11With c '12Be packaged into new trimmedpackage, and by new stub and
Trimmedpackage is uploaded to Cloud Server.
As shown in fig. 7, being that the schematic diagram distributed again of key will be new after data are updated by mist node after updating
The position and encryption key that stub chooses are sent to server in such a way that ABE is encrypted, and server is then by ABE ciphertext,
It is sent to other mist nodes.If data need to update again, chooses one of mist node and need to continue to execute above-mentioned behaviour
Make.
As shown in figure 8, being the structural schematic diagram of data directory on mist node.The concordance list is divided into two columns, right column record
Be data label, indicate which data to Cloud Server the mist node has uploaded in, and left column is the conjunction of these data
Method owner, when user issue downloading request when, mist node need first to detect the user whether be data lawful owner, such as
Fruit is that mist node uses and downloads data from Cloud Server, and is sent to the user, and otherwise, mist node directly refuses the use
The request at family.As shown in figure 8, the owner of data a68a791667344340 is user A and user B, if the Shen user A or B
The data please be download, mist node then sends the data to user, if the data are downloaded in user's C application, mist node if is directly refused
The request of exhausted user C.
As shown in figure 9, being the structural schematic diagram of data directory on Cloud Server.The concordance list is also divided into two columns, but
Different with the concordance list on mist node, which does not need the owner of record data, and left column record is data
Label, right column record is the corresponding data of the data label, data content be divided into two part TrimmedPackage and
Stub.When mist node receives the downloading request of user, need to search the corresponding data of the data label on Cloud Server,
And data are first decrypted, splices and obtains MLE ciphertext, and MLE ciphertext is sent to user.For example, user A wants downloading number
According to a68a791667344340, mist nodal test to user A is the lawful owner of the data, and mist node sends data label
To Cloud Server, cloud service detects that the corresponding data of data label a68a791667344340 are TrimmedPackage 05
With stub 05, and the two data are sent to mist node, mist node is decrypted stub 05 and spelled with TrimmedPackage
It connects, and spliced MLE ciphertext is sent to user.
It as shown in Figure 10, is to detect the schematic diagram of simultaneously deleting duplicated data in server end.As shown, Cloud Server connects
Receive the data uploaded from different mist nodes, data A, data B, data C, in which:
ta=bcdf0a4058a8943d;
tb=bcdf0a4058a8943d;
tc=bcdf0a4058a8943d;
It is detected through server, ta, tb, tcIt is identical, it was demonstrated that data A, data B, data C is identical, at this point, service
Device deletes data B and C, only saves data A, and by data A and corresponding data label taIt is added to data directory shown in Fig. 9
In table.
Figure 11 is the time needed for Trimmed Package encryption, and Figure 12 is time needed for Stub encryption data, horizontal seat
It is designated as the size of each data block after dividing, ordinate is the time needed for the entire file of encryption, and the size of entire file is
10MB。
Figure 13 is the time required when data re-encryption updates, and abscissa is the size of each data block, and ordinate is more
Time needed for new entire file, the size of entire file are 10MB.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (7)
1. a kind of mist calculates data safety De-weight method under environment, which is characterized in that the mist calculates data safety under environment and goes
Weighing method the following steps are included:
The first step, user is encrypted data using MLE in client, and the label t of file is generated using Merkle tree, and will be added
File and file label t after close are uploaded to mist node;
Second step, mist node receives data label, and detects it whether in data directory;If so, mist node is by user
Ownership be added data directory, otherwise, into next step;
Third step, mist node arbitrarily chosen from MLE ciphertext 256 bits carry out re-encryption, and by 256 than selected from position with
The key of re-encryption is distributed to other mist nodes, and data label and user's ownership are added to data directory by mist node, and
By after re-encryption data and data label be sent to Cloud Server;
4th step, Cloud Server receive the data that different mist nodes are sent, and according to the data label that mist node uploads, judgement is
It is no to have duplicate data;If so, only retaining a copy of it backup, remaining redundant data is deleted.
2. mist as described in claim 1 calculates data safety De-weight method under environment, which is characterized in that user is in client pair
Data are encrypted using MLE
(1) generation of key: input plaintext m is calculated the cryptographic Hash of plaintext using SHA256 hash algorithm, obtains MLE key, i.e.,
hash(m)→k;
(2) AES encryption is carried out using MLE key pair plaintext m, obtains ciphertext c, i.e. Enc (m)k→c;
(3) user generates cryptographic Hash using MerkleTree to ciphertext c, is denoted as label t;
(4) user retains MLE key k, and ciphertext c and label t are uploaded to mist node.
3. mist as described in claim 1 calculates data safety De-weight method under environment, which is characterized in that user data ownership
Detection:
Mist node by label t that user uploads compared with the data in the data directory oneself established, if t is in data rope
Draw in table, mist node is not necessarily to receive the ciphertext c of user's upload, and directly the permission of user is added in data directory;If t
Not in concordance list, mist node needs to execute data re-encryption operation;
The re-encryption of ciphertext data:
(1) key generates: input security parameter obtains a random encryption key, referred to as FileKey:Gen (1λ)→fk;
(2) re-encryption: 256 bits are chosen from MLE ciphertext c, are denoted as c1, remainder is denoted as c2, and using AES to c1Encryption,
Obtain stub, it may be assumed that Encfk(c1)→stub;
(3) update of data directory: the ownership user of user data label t and t are added to data directory by mist node
In table;
(4) data upload: mist node is by c2It is packaged into trimmedpackage, and by trimmedpackage, stub, Yi Jiyong
Family label t is uploaded to Cloud Server;Mist node retains random encryption key fk;
The update of ciphertext data:
(1) stub is decrypted: mist node receives the update request of server, decrypts to obtain c to stub using the fk retained before1,
That is Decfk(stub)→c1;
(2) MLE ciphertext is restored: by ciphertext c1With trimmedpackage (i.e. c2) splicing, obtain MLE ciphertext c;
(3) generation of new FileKey: input security parameter obtains random encryption key: Gen (1λ)→fk′;
(4) ciphertext re-encryption: 256 bits are chosen again from ciphertext c, are denoted as c '1, remaining part is denoted as c '2, by c '1Using
Fk ' encryption obtains new stub, i.e. Encfk′(c′1)→stub;
(5) data upload: by c '2It is packaged into new trimmedpackage, and new stub and trimmedpackage is uploaded
To Cloud Server;
Re-encrypted private key distribution:
After mist node carries out re-encryption to ciphertext, by the key and c ' of re-encryption1The position of selection is shared with other mist sections
Point;Key is distributed to other nodes by the way of encryption attribute ABE by mist node, the specific steps are as follows:
(1) key generates: input security parameter 1λ, obtain public key PK and master key MK;That is, Setup (1λ)→PK,MK;
(2) private key generates: input public key PK, the property set of master key MK and mist node export the private key of mist node;That is,
KenGen(PK,MK,S)→SK;
(3) encrypt: mist node is by c '1Selection position and encryption key as message M, input the public key of other mist nodes
PK, message M and access strategy T export ciphertext CT, are sent to Cloud Server, then CT is distributed to other mists by Cloud Server
Node;That is, Enc (PK, M, T) → CT;
(4) decrypt: remaining mist node receives ciphertext CT from Cloud Server, is decrypted using public key and the private key SK of oneself, often
The corresponding access strategy T of one ciphertext can be solved correctly if the property set S of the mist node meets access strategy T
It is close, otherwise decryption failure;That is, Dec (PK, SK, CT) → M iff S ∈ T.
4. mist as described in claim 1 calculates data safety De-weight method under environment, which is characterized in that the data of server end
Duplicate removal and data store, and delete the data of redundancy, retain a data specific method in server end and include:
(1) after Cloud Server receives the data and data label t that mist node is sent, by detecting whether t judges these data
There are identical data;
(2) it if it is not, then file label is stored in data directory, and places the data in Cloud Server, with mist section
The data directory of point is different, and the data directory of Cloud Server only saves data label, and does not store the owner of the data;
(3) if so, identical data are deleted in cloud service, only retain a copy of it backup, delete remaining redundant data, and will count
It is added in data directory according to label.
5. mist as claimed in claim 4 calculates data safety De-weight method under environment, which is characterized in that user sends data
Cryptographic Hash, that is, can determine whether Cloud Server stores the data, and the user of certain malice may take the method, judge cloud
Which data is housed on server, it was demonstrated that the File Ownership POW concrete operations of user include:
(1) by ciphertext deblocking, it is denoted as b1,b2,...,bn;
(2) b is sought1,b2,...,bnSuccessively cryptographic Hash is asked to obtain h1,h2,…,hn;
(3) by h1With h2Cascade, h3With h4Cascade, and so on, by hn-1With hnCascade;
(4) Hash will be sought respectively after cascade, obtains hs1...hsn/2;
(5) again by hs1With hs2Cascade, hs3With hs4Cascade, and so on;
(6) it will continue to seek cryptographic Hash after cascade, constantly recycle, obtain final result, as data label t.
6. a kind of mist for realizing data safety De-weight method under the calculating environment of mist described in claim 1 calculates data safety under environment
Machining system, which is characterized in that the mist calculates data safety machining system under environment and includes:
Client, user are encrypted data using MLE in client;
Mist node, mist node mainly execute four operations: the detection of user data ownership, the re-encryption of ciphertext data, ciphertext
The update of data and the distribution of re-encrypted private key;
Cloud Server, the data deduplication and data at Cloud Server charge server end store, and delete the data of redundancy, are only taking
Business device end retains a data.
7. a kind of cloud storage for calculating data safety De-weight method under environment using mist described in Claims 1 to 5 any one is flat
Platform.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910171496.1A CN109995505B (en) | 2019-03-07 | 2019-03-07 | Data security duplicate removal system and method in fog computing environment and cloud storage platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910171496.1A CN109995505B (en) | 2019-03-07 | 2019-03-07 | Data security duplicate removal system and method in fog computing environment and cloud storage platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109995505A true CN109995505A (en) | 2019-07-09 |
CN109995505B CN109995505B (en) | 2021-08-10 |
Family
ID=67130493
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910171496.1A Active CN109995505B (en) | 2019-03-07 | 2019-03-07 | Data security duplicate removal system and method in fog computing environment and cloud storage platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109995505B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110311946A (en) * | 2019-05-10 | 2019-10-08 | 国网浙江省电力有限公司宁波供电公司 | Business datum security processing, the apparatus and system calculated based on cloud and mist |
CN110618790A (en) * | 2019-09-06 | 2019-12-27 | 上海电力大学 | Mist storage data redundancy removing method based on repeated data deletion |
CN111211903A (en) * | 2019-12-02 | 2020-05-29 | 中国矿业大学 | Mobile group perception data report duplication removing method based on fog calculation and privacy protection |
CN111212084A (en) * | 2020-01-15 | 2020-05-29 | 广西师范大学 | Attribute encryption access control method facing edge calculation |
CN112087422A (en) * | 2020-07-28 | 2020-12-15 | 南京航空航天大学 | Outsourcing access control method based on attribute encryption in edge calculation |
CN112231309A (en) * | 2020-10-14 | 2021-01-15 | 深圳前海微众银行股份有限公司 | Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics |
CN112671809A (en) * | 2021-03-17 | 2021-04-16 | 北京红云融通技术有限公司 | Data transmission method, signal source end and receiving end |
CN112866299A (en) * | 2021-04-12 | 2021-05-28 | 南京大学 | Encrypted data deduplication and sharing device and method for mobile edge computing network |
WO2021232193A1 (en) * | 2020-05-18 | 2021-11-25 | 深圳技术大学 | Cp-abe-based ciphertext search method, apparatus and device in fog computing, and storage medium |
WO2021248665A1 (en) * | 2020-06-08 | 2021-12-16 | 西安电子科技大学 | Sgx side channel attack defense method and system, and medium, program and application |
CN113806071A (en) * | 2021-08-10 | 2021-12-17 | 中标慧安信息技术股份有限公司 | Data synchronization method and system for edge computing application |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170161336A1 (en) * | 2015-12-06 | 2017-06-08 | Xeeva, Inc. | Systems and/or methods for automatically classifying and enriching data records imported from big data and/or other sources to help ensure data integrity and consistency |
CN108182367A (en) * | 2017-12-15 | 2018-06-19 | 西安电子科技大学 | A kind of encrypted data chunk client De-weight method for supporting data update |
CN108776758A (en) * | 2018-04-13 | 2018-11-09 | 西安电子科技大学 | The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist |
CN109379182A (en) * | 2018-09-04 | 2019-02-22 | 西安电子科技大学 | Support efficient data re-encryption method and system, the cloud storage system of data deduplication |
-
2019
- 2019-03-07 CN CN201910171496.1A patent/CN109995505B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170161336A1 (en) * | 2015-12-06 | 2017-06-08 | Xeeva, Inc. | Systems and/or methods for automatically classifying and enriching data records imported from big data and/or other sources to help ensure data integrity and consistency |
CN108182367A (en) * | 2017-12-15 | 2018-06-19 | 西安电子科技大学 | A kind of encrypted data chunk client De-weight method for supporting data update |
CN108776758A (en) * | 2018-04-13 | 2018-11-09 | 西安电子科技大学 | The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist |
CN109379182A (en) * | 2018-09-04 | 2019-02-22 | 西安电子科技大学 | Support efficient data re-encryption method and system, the cloud storage system of data deduplication |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110311946A (en) * | 2019-05-10 | 2019-10-08 | 国网浙江省电力有限公司宁波供电公司 | Business datum security processing, the apparatus and system calculated based on cloud and mist |
CN110618790A (en) * | 2019-09-06 | 2019-12-27 | 上海电力大学 | Mist storage data redundancy removing method based on repeated data deletion |
CN110618790B (en) * | 2019-09-06 | 2023-04-28 | 上海电力大学 | Mist storage data redundancy elimination method based on repeated data deletion |
CN111211903B (en) * | 2019-12-02 | 2021-06-11 | 中国矿业大学 | Mobile group perception data report duplication removing method based on fog calculation and privacy protection |
CN111211903A (en) * | 2019-12-02 | 2020-05-29 | 中国矿业大学 | Mobile group perception data report duplication removing method based on fog calculation and privacy protection |
CN111212084A (en) * | 2020-01-15 | 2020-05-29 | 广西师范大学 | Attribute encryption access control method facing edge calculation |
CN111212084B (en) * | 2020-01-15 | 2021-04-23 | 广西师范大学 | Attribute encryption access control method facing edge calculation |
WO2021232193A1 (en) * | 2020-05-18 | 2021-11-25 | 深圳技术大学 | Cp-abe-based ciphertext search method, apparatus and device in fog computing, and storage medium |
WO2021248665A1 (en) * | 2020-06-08 | 2021-12-16 | 西安电子科技大学 | Sgx side channel attack defense method and system, and medium, program and application |
CN112087422A (en) * | 2020-07-28 | 2020-12-15 | 南京航空航天大学 | Outsourcing access control method based on attribute encryption in edge calculation |
CN112231309A (en) * | 2020-10-14 | 2021-01-15 | 深圳前海微众银行股份有限公司 | Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics |
CN112231309B (en) * | 2020-10-14 | 2024-05-07 | 深圳前海微众银行股份有限公司 | Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics |
CN112671809B (en) * | 2021-03-17 | 2021-06-15 | 北京红云融通技术有限公司 | Data transmission method, signal source end and receiving end |
CN112671809A (en) * | 2021-03-17 | 2021-04-16 | 北京红云融通技术有限公司 | Data transmission method, signal source end and receiving end |
CN112866299A (en) * | 2021-04-12 | 2021-05-28 | 南京大学 | Encrypted data deduplication and sharing device and method for mobile edge computing network |
CN113806071A (en) * | 2021-08-10 | 2021-12-17 | 中标慧安信息技术股份有限公司 | Data synchronization method and system for edge computing application |
CN113806071B (en) * | 2021-08-10 | 2022-08-19 | 中标慧安信息技术股份有限公司 | Data synchronization method and system for edge computing application |
Also Published As
Publication number | Publication date |
---|---|
CN109995505B (en) | 2021-08-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109995505A (en) | A kind of mist calculates data safety machining system and method, cloud storage platform under environment | |
Li et al. | A hybrid cloud approach for secure authorized deduplication | |
Kumar et al. | Data integrity proofs in cloud storage | |
Yan et al. | A scheme to manage encrypted data storage with deduplication in cloud | |
Akhila et al. | A study on deduplication techniques over encrypted data | |
KR101285281B1 (en) | Security system and its security method for self-organization storage | |
Liu et al. | Policy-based de-duplication in secure cloud storage | |
US20150026474A1 (en) | Managed authentication on a distributed network | |
Mo et al. | Two-party fine-grained assured deletion of outsourced data in cloud systems | |
Virvilis et al. | A cloud provider-agnostic secure storage protocol | |
CN112532650A (en) | Block chain-based multi-backup safe deletion method and system | |
CN117459230A (en) | Key hosting method based on blockchain and key sharing | |
Andavan et al. | Cloud computing based deduplication using high-performance grade byte check and fuzzy search technique | |
Paul et al. | Data storage security issues in cloud computing | |
Shu et al. | Secure storage system and key technologies | |
Kadu et al. | A Hybrid Cloud Approach for Secure Authorized Deduplication | |
Ali et al. | Distributed File Sharing and Retrieval Model for Cloud Virtual Environment | |
Nandini et al. | Implementation of hybrid cloud approach for secure authorized deduplication | |
Reddy et al. | Performance evaluation of various data deduplication schemes in cloud storage | |
Supriya et al. | STUDY ON DATA DEDUPLICATION IN CLOUD COMPUTING. | |
Anitha et al. | Security Aware High Scalable paradigm for Data Deduplication in Big Data cloud computing Environments | |
Aldar et al. | A survey on secure deduplication of data in cloud storage | |
Venkatesh et al. | Secure authorised deduplication by using hybrid cloud approach | |
Khudaier et al. | A Review of Assured Data Deletion Security Techniques in Cloud Storage | |
Andola et al. | A new lightweight Approach for multiuser searchable encryption in the cloud |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |