CN109995505A - A kind of mist calculates data safety machining system and method, cloud storage platform under environment - Google Patents

A kind of mist calculates data safety machining system and method, cloud storage platform under environment Download PDF

Info

Publication number
CN109995505A
CN109995505A CN201910171496.1A CN201910171496A CN109995505A CN 109995505 A CN109995505 A CN 109995505A CN 201910171496 A CN201910171496 A CN 201910171496A CN 109995505 A CN109995505 A CN 109995505A
Authority
CN
China
Prior art keywords
data
mist
user
ciphertext
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910171496.1A
Other languages
Chinese (zh)
Other versions
CN109995505B (en
Inventor
齐赛宇
张夫猷
袁浩然
陈晓峰
张萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201910171496.1A priority Critical patent/CN109995505B/en
Publication of CN109995505A publication Critical patent/CN109995505A/en
Application granted granted Critical
Publication of CN109995505B publication Critical patent/CN109995505B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention belongs to cloud storage technical field, discloses a kind of mist and calculate data safety machining system and method, cloud storage platform under environment, be efficiently stored on Cloud Server and mist node using supporting that the encipherment scheme of duplicate removal guarantees data security;Use the data ownership of encryption attribute project management user and mist node;Data label is generated using MerkleTree, prevents malicious user from carrying out side-channel attack to server;The present invention can also support the dynamic of user right to update, i.e., prevent the user for having cancelled permission from reacquiring the data by the way of re-encryption, it is ensured that the safety of server data.In addition, the present invention has also carried out detailed safety analysis.It proves that the present invention can achieve expected security objectives, while can be realized efficient data storage and deduplication operation.

Description

A kind of mist calculates data safety machining system and method, cloud storage platform under environment
Technical field
The invention belongs to cloud storage technical fields more particularly to a kind of mist to calculate data safety machining system and side under environment Method, cloud storage platform.
Background technique
Currently, the prior art commonly used in the trade is such that more to favor with the development of cloud computing, more and more users In placing the data on Cloud Server rather than in local side, International Data Center (IDC) (International Data Center, IDC) a report point out that 2013, the 1 year newly generated data volume in the whole world was 4.4ZB, and 2017, the whole world 1 year newly generated data volume is increased sharply to 15.2ZB, it is contemplated that and to 2020, the annual newly generated data volume in the whole world is up to 40ZB, This undoubtedly brings great burden to Cloud Server.And another report of IDC is pointed out, the data volume that the whole world generates every year In, 75% data be it is duplicate, this seriously compromises the storage efficiency and communication overhead of Cloud Server, and it is superfluous to delete these Remainder is according to the storage efficiency that can be greatly optimization cloud computing.In addition to this, the safety caused every year by leaking data is asked Topic also emerges one after another.Shown according to cloud security alliance (Cloud Security Alliance, CSA) newest research achievement In all security threats that cloud computing is subjected to, leaking data ranks first.2011, Google's mailbox was compromised, 15 general-purpose families Impaired, the data of many users are permanently deleted, and certain customers' account is reset.2013, Yahoo user data persistently by Leakage, until 2016, which was just solved, and was counted according to Yahoo, and about 1,000,000,000 users are by different degrees of influence. 2018, facebook fell into the ugly door event of leaking data, and Cambridge analysis company (Cambridge Analytica) passes through a Application program obtains the personal data of 50,000,000 user of facebook, and facebook is declared, the user being actually damaged is far not Only 50,000,000.It shows according to incompletely statistics, some large enterprises are every year on average because the loss of leaking data is up to 3,800,000 dollars. Therefore, problem of data safety needs us to give the attention of height.Although the development of cloud computing greatly alleviates local device Storage overhead and calculate pressure.However, on Cloud Server number of users sharply increase, Cloud Server centralization service Some disadvantages also gradually reveal.Firstly, since Cloud Server is far from user, therefore postpone higher;Secondly, in cloud service The peak period that device uses is easy to happen network congestion event, this makes user experience extremely bad;Finally, due to cloud computing collection The failure of middle processing data, Cloud Server is likely to result in the paralysis of whole network.These problems become cloud computing development Bottleneck.2011, Cisco for cloud computing presently, there are some problems, in thin cloud (Cloudlets) and edge calculations On the basis of (Edge Computing), a kind of novel network query function normal form is proposed --- mist calculates (Fog Computing).Mist, which calculates, mainly uses the technologies such as distributed system, virtualization, web2.0, has merged network, has calculated, deposits Storage, using etc. abilities.By connecting physically discrete node, data and application program are dispersed in positioned at network In the equipment at edge, corresponding service is provided for user nearby.Compared with cloud computing, mist calculating is distributed in network edge, therefore, Postpone lower and mutually indepedent between each mist node, the damage of some node has no effect on the use of other nodes.Mist Coming into being for calculating greatly alleviates some problems that cloud computing occurs.
In order to solve the problems, such as data safety, most cloud service providers, which use, allows user in client first by data Encryption, then be uploaded to the mode of Cloud Server and solve problem of data safety, still, the key as selected by each user is not Together, different ciphertexts can be encrypted to identical data, therefore, repeated data can not be deleted under ciphertext data. Message lock encryption (Message-Locked Encryption, MLE), the cipher mode ensure that identical plaintext can be added Close is identical ciphertext.However, MLE and do not have dynamic, if the permission of a user is revoked, but his MLE is close Key remains in local side, can be by using protecting before if stealing after ciphertext if the user colludes with some hackers The MLE key decryption stayed obtains clear data, this is absolutely unsafe for Cloud Server.
In conclusion problem of the existing technology is: encryption data duplicate removal and data update and incompatible and existing Encryption data be only applicable to Cloud Server, therefore, existing mode there is no alleviate data growth brings Cloud Server The data-privacy of user is not effectively protected yet in pressure.
Solve the difficulty of above-mentioned technical problem:
Due to the randomness of user key selection, cause identical clear text file that may be encrypted as different ciphertext texts Part, in addition to this, after certain user's permission is revoked, these users still can be with ciphertext data in order to prevent, and needing will be close Literary data are updated, and traditional update mode uses Re-encryption Technology, however, to complete data carry out re-encryption expense compared with Greatly.
Solve the meaning of above-mentioned technical problem:
Not only it can guarantee being stored in Cloud Server for encryption data safety, but also can be realized efficient data re-encryption, It can also guarantee that the user for being revoked permission can not correct ciphertext data simultaneously.
Summary of the invention
In view of the problems of the existing technology, the present invention provides a kind of mist calculate environment under data safety machining system and Method, cloud storage platform.
The invention is realized in this way a kind of mist calculates data safety De-weight method under environment, the mist is calculated under environment Data safety De-weight method the following steps are included:
The first step, user is encrypted data using MLE in client, and the label t of file is generated using Merkle tree, and Encrypted file and file label t are uploaded to mist node;
Second step, mist node receives data label, and detects it whether in data directory;If so, mist node will Data directory is added in the ownership of user, otherwise, into next step;
Third step, mist node arbitrarily chosen from MLE ciphertext 256 bits carry out re-encryption, and by 256 than selected from position It sets and is distributed to other mist nodes with the key of re-encryption, data label and user's ownership are added to data directory by mist node Table, and by after re-encryption data and data label be sent to Cloud Server;
4th step, Cloud Server receive the data that different mist nodes are sent, and according to the data label that mist node uploads, sentence It is disconnected whether to have duplicate data;If so, only retaining a copy of it backup, remaining redundant data is deleted.
Further, user includes: using MLE encryption to data in client
(1) generation of key: input plaintext m is calculated the cryptographic Hash of plaintext using SHA256, obtains MLE key, i.e. hash (m)→k;
(2) AES encryption is carried out using MLE key pair plaintext m generated in (1), obtains ciphertext c, i.e. Enc (m)k→c;
(3) user generates cryptographic Hash using MerkleTree to ciphertext c, is denoted as label t;
(4) user retains MLE key k, and ciphertext c and label t are uploaded to mist node.
Further, user data ownership detects:
Mist node by label t that user uploads compared with the data in the data directory oneself established, if t is in number According in concordance list, mist node is not necessarily to receive the ciphertext c of user's upload, and directly the permission of user is added in data directory; If t, not in concordance list, mist node needs to execute data re-encryption operation;
The re-encryption of ciphertext data:
(1) key generates: input security parameter obtains a random encryption key, referred to as FileKey:Gen (1λ)→ fk;
(2) re-encryption: 256 bits are chosen from MLE ciphertext c, are denoted as c1, remainder is denoted as c2, and using AES to c1 Encryption, obtains stub, it may be assumed that Encfk(c1)→stub;
(3) update of data directory: the ownership user of user data label t and t are added to data by mist node Concordance list;
(4) data upload: mist node is by c2It is packaged into trimmedpackage, and by trimmedpackage, stub, with And user tag t is uploaded to Cloud Server.Mist node retains random encryption key fk;
The update of ciphertext data:
(1) stub is decrypted: mist node receives the update request of server, is decrypted using the fk retained before to stub To c1, i.e. Decfk(stub)→c1
(2) MLE ciphertext is restored: by ciphertext c1With trimmedpackage (i.e. c2) splicing, obtain MLE ciphertext c;
(3) generation of new FileKey: input security parameter obtains random encryption key: Gen (1λ)→fk′;
(4) ciphertext re-encryption: 256 bits are chosen again from ciphertext c, are denoted as c '1, remaining part is denoted as c '2, by c '1 Using fk ' encryption, new stub, i.e. Enc are obtainedfk′(c′1)→stub;
(5) data upload: by c '2Be packaged into new trimmedpackage, and by new stub and Trimmedpackage is uploaded to Cloud Server;
Re-encrypted private key distribution:
After mist node carries out re-encryption to ciphertext, by the key and c ' of re-encryption1The position of selection is shared with other Mist node;Key is distributed to other nodes by the way of encryption attribute ABE by mist node, the specific steps are as follows:
(1) key generates: input security parameter 1λ, obtain public key PK and master key MK;That is, Setup (1λ) → PK, MK;
(2) private key generates: input public key PK, the property set of master key MK and mist node export the private key of mist node; That is, KenGen (PK, MK, S) → SK;
(3) encrypt: mist node is by c '1Selection position and encryption key as message M, input other mist nodes Public key PK, message M and access strategy T, export ciphertext CT, be sent to Cloud Server, then be distributed to CT by Cloud Server Other mist nodes;That is, Enc (PK, M, T) → CT;
(4) decrypt: remaining mist node receives ciphertext CT from Cloud Server, is solved using public key and the private key SK of oneself Close, the corresponding access strategy T of each ciphertext can be just if the property set S of the mist node meets access strategy T Really decryption, otherwise decryption failure;That is, Dec (PK, SK, CT) → MiffS ∈ T.
Further, data deduplication Yu the data storage of server end, and the data of redundancy are deleted, retain one in server end Part data specific method includes:
(1) after Cloud Server receives the data and data label t that mist node is sent, these data are judged by detecting t Whether have identical;
(2) it if it is not, then file label is stored in data directory, and places the data in Cloud Server, with The data directory of mist node is different, and the data directory of Cloud Server only saves data label, and does not store gathering around for the data The person of having;
(3) if so, identical data are deleted in cloud service, only retain a copy of it backup, delete remaining redundant data, and Data label is added in data directory.
Further, user sends the cryptographic Hash of data, that is, can determine whether Cloud Server stores the data, certain malice User may take the method, judge which data is housed on Cloud Server, it was demonstrated that the File Ownership POW of user has Gymnastics is made
(1) by ciphertext deblocking, it is denoted as b1, b2..., bn
(2) b is sought1, b2..., bnSuccessively cryptographic Hash is asked to obtain h1, h2..., hn
(3) by h1With h2Cascade, h3With h4Cascade, and so on, by hn-1With hnCascade;
(4) Hash will be sought respectively after cascade, obtains hs1...hsn/2
(5) again by hs1With hs2Cascade, hs3With hs4Cascade, and so on;
(6) it will continue to seek cryptographic Hash after cascade, constantly recycle, obtain final result, as data label t.
Another object of the present invention is to provide a kind of mists realized the mist and calculate data safety De-weight method under environment Data safety machining system under environment is calculated, the mist calculates data safety machining system under environment and includes:
Client, user are encrypted data using MLE in client;
Mist node, mist node mainly execute four operations: the detection of user data ownership, the re-encryption of ciphertext data, The update of ciphertext data and the distribution of re-encrypted private key;
Cloud Server, the data deduplication and data at Cloud Server charge server end store, and delete the data of redundancy, only Retain a data in server end.
Another object of the present invention is to provide a kind of clouds that data safety De-weight method under environment is calculated using the mist Storage platform.
In conclusion advantages of the present invention and good effect are as follows: the storage side of data safety duplicate removal in the case where mist calculates environment Method, secure encryption scheme is broadly divided into two aspects, and on the one hand in the client of user, on the other hand in mist node, and duplicate removal is grasped Work is then mainly on mist node and Cloud Server.The re-encryption update of the ciphertext of data is completed by mist node.And it combines MerkleTree and data ownership prove technology, prevent malicious user from carrying out side-channel attack to server.
The present invention realizes a data safety machining system in the case where mist calculates environment.Storage system is deployed in mist node On, alleviate the pressure of Cloud Server, while also overcome on Cloud Server such as the disadvantages of delay is high, network congestion.Meanwhile The present invention using data are first encrypted upload afterwards by the way of save data, effectively resisted because server data leakage due to cause Privacy of user loss of data the problem of.In addition to this, the re-encryption scheme that the present invention is updated on mist node using support, can To prevent the user for having cancelled permission from obtaining clear data again.The present invention uses the scheme of client duplicate removal on mist node, That is, user first sends file label, if inquiring server has the data, user is without uploading, using such mode pole Big saves communication overhead.The present invention additionally uses the mode that MerkleTree generates data label, prevents some malice from using Family carries out side-channel attack to server.
1 present invention of table and the comparison of scheme before
Detailed description of the invention
Fig. 1 is that mist provided in an embodiment of the present invention calculates data safety De-weight method flow chart under environment.
Fig. 2 is that mist provided in an embodiment of the present invention calculates data safety machining system structural schematic diagram under environment;
Fig. 3 is the structural schematic diagram provided in an embodiment of the present invention to data encrypting and deciphering.
Fig. 4 is the schematic illustration of message lock encryption (MLE) provided in an embodiment of the present invention.
Fig. 5 is the structural schematic diagram provided in an embodiment of the present invention generated to data ownership label.
Fig. 6 is the structural schematic diagram provided in an embodiment of the present invention being updated on mist node to ciphertext data.
Fig. 7 is the structural schematic diagram of distribution re-encrypted private key provided in an embodiment of the present invention.
Fig. 8 is the structural schematic diagram of data directory on mist node provided in an embodiment of the present invention.
Fig. 9 is the structural schematic diagram of data directory on Cloud Server provided in an embodiment of the present invention.
Figure 10 is the operation chart of Cloud Server deleting duplicated data provided in an embodiment of the present invention.
Time Figure 11 required when being Trimmed Package Partial encryption.
Time Figure 12 required when being Stub Partial encryption.
Figure 13 is the time required when ciphertext data update.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
Data deduplication of the invention aiming at the mass data stored in server, some data be it is identical, And data deduplication is exactly to delete these identical data, only retains a data backup.The fine granularity executed from duplicate removal is distinguished, Data safety duplicate removal can be divided into two kinds: file-level (File Level) duplicate removal and block grade (Block Level) duplicate removal: file-level Duplicate removal refers to that file is the smallest unit of duplicate removal, i.e. server carries out re-detection according to file label, and only retains only One duplicate of the document.Block grade duplicate removal then refers to that data block is the minimum unit of duplicate removal, i.e., server carries out duplicate removal according to block label Detection, and only retain unique data block copy.According to partitioned mode difference, block grade duplicate removal can be divided into based on fixed length piecemeal Data deduplication and the data deduplication based on elongated piecemeal.It is distinguished from duplicate removal frame, data safety duplicate removal can be divided into: server end (Server-Side) duplicate removal, client (Client-Side) duplicate removal:
Server end duplicate removal refers to that data are all uploaded to server by user, and whether the data after server detection upload There is repetition, only retains a copy of it backup after deleting the data of redundancy, in the process, user does not know that uploaded data are It is no by duplicate removal.Client duplicate removal refers to that the label of file is sent to server by user, and server detects the data by label Whether have existed, if for user without uploading again, server is that user adds data power there are the data on server It limits, in whole process, whether user knows the data of oneself by duplicate removal.
The present invention on mist node by the way of client duplicate removal, on Cloud Server using server end duplicate removal Mode.
Message lock encryption, traditional cipher mode is in data deduplication and is not suitable for, because identical clear text file will Different cryptograph files are encrypted to, this is because the encryption key that user's different user is chosen is different.2002, Douceur The concept of convergent encryption (Convergent Encryption, CE) is proposed, it is identical to ensure that identical plaintext can be generated Key;Bellare in 2013 proposes message lock encryption (Message Locked on the basis of convergent encryption Encryption, MLE), the encryption key of MLE is generated by the cryptographic Hash of clear text file, ensure that identical plaintext can be generated Therefore identical ciphertext can guarantee that data are able to carry out deduplication operation under the conditions of ciphertext using message lock encryption.
The concept of encryption attribute (Attribute Based Encryption, ABE) is mentioned by Sahai and Waters earliest Out.Encryption attribute is a kind of public key cryptography scheme, and public key is the property set of user, greatly simplifies the management of public key.It Be broadly divided into two kinds: Ciphertext policy is based on encryption attribute (Ciphertext Policy Attribute Based Encryption, CP-ABE) and key strategy be based on encryption attribute (Key Policy Attribute Based Encryption,KP-ABE).Two ways is just the opposite, wherein in CP-ABE, ciphertext is access strategy, and key is user's Property set.In KP-ABE, key is access strategy, and ciphertext is the property set of user.Two schemes are compared, and CP-ABE is more clever It is living.The present invention is mainly encrypted using CP-ABE.
MerkleTree is a kind of Hash binary tree, by a root node, multiple intermediate nodes and multiple leaf nodes It constitutes, the integrity verification of user data and the proof of ownership of user.The leaf node of MerkleTree is by data information structure At remaining non-leaf nodes is successively calculated from bottom to up, finally obtained by asking cryptographic Hash to obtain after the cascade of its child nodes value Unique root node.
Application principle of the invention is explained in detail with reference to the accompanying drawing.
As shown in Figure 1, mist provided in an embodiment of the present invention calculate data safety De-weight method under environment the following steps are included:
S101: user is encrypted data using MLE in client, and the label t of file is generated using Merkle tree, and will Encrypted file and file label t are uploaded to mist node;
S102: mist node receives data label, and detects it whether in data directory;If so, mist node will be used Data directory is added in the ownership at family, otherwise, into next step;
S103: mist node arbitrarily chosen from MLE ciphertext 256 bits carry out re-encryption, and by 256 than selected from position Other mist nodes are distributed to the key of re-encryption, data label and user's ownership are added to data directory by mist node, And by after re-encryption data and data label be sent to Cloud Server;
S104: Cloud Server receives the data that different mist nodes are sent, according to the data label that mist node uploads, judgement Whether duplicate data are had;If so, only retaining a copy of it backup, remaining redundant data is deleted.
Mist provided in an embodiment of the present invention calculates the user of data safety De-weight method under environment in client executing, is responsible for First step encryption is carried out to file, and generates corresponding file label.Encryption is encrypted using MLE, guarantees identical clear text file Identical cryptograph files can be generated.S102 mist node execute, for judge active user upload file whether by It is uploaded to Cloud Server, if being transmitted through this document in the discovery of mist querying node, user, only need to be by user's without uploading Data ownership is added in data directory as shown in Figure 7, jumps to S103 if mist node is to inquire this file. S103 is also to execute on mist node, and mist node needs to carry out a re-encryption to the MLE ciphertext data that user uploads, and adds The file of re-encryption is uploaded to Cloud Server later into data directory shown in Fig. 7 by the data ownership of user.And it jumps Go to S104.S104 is executed on Cloud Server, and it is duplicate whether the data that cloud service detects different mist nodes uploads have, if Have, Cloud Server deletes the data of redundancy, only retains a copy of it, and add data in data directory shown in Fig. 8; If there is no duplicate data, Cloud Server saves the data, and adds data in data directory shown in Fig. 8.
As shown in Fig. 2, data safety machining system includes: under mist calculating environment provided in an embodiment of the present invention
Client, user are encrypted data using MLE in client;It is broadly divided into following steps:
(1) generation of key: input plaintext m is calculated the cryptographic Hash of plaintext using SHA256, obtains MLE key, i.e. hash (m)→k;
(2) AES encryption is carried out using MLE key pair plaintext m, obtains ciphertext c, i.e. Enc (m)k→c;
(3) user generates cryptographic Hash using MerkleTree to ciphertext c, is denoted as label t;
(4) user retains MLE key k, and ciphertext c and label t are uploaded to mist node.Mist node, mist node are mainly held Row four operations: the detection of user data ownership, the re-encryption of ciphertext data, the update and re-encrypted private key of ciphertext data Distribution;Specific step is as follows:
The detection of user data ownership:
Mist node by label t that user uploads compared with the data in the data directory oneself established, if t is in number According in concordance list, mist node is not necessarily to receive the ciphertext c of user's upload, and directly the permission of user is added in data directory; If t, not in concordance list, mist node needs to execute data re-encryption operation.
The re-encryption of ciphertext data:
(1) key generates: input security parameter obtains a random encryption key, referred to as FileKey:Gen (1λ)→ fk;
(2) re-encryption: 256 bits are chosen from MLE ciphertext c, are denoted as c1, remainder is denoted as c2, and using AES to c1 Encryption, obtains stub, it may be assumed that Encfk(c1)→stub;
(3) update of data directory: the ownership user of user data label t and t are added to data by mist node Concordance list;
(4) data upload: mist node is by c2It is packaged into trimmedpackage, and by trimmedpackage, stub, with And user tag t is uploaded to Cloud Server.Mist node retains random encryption key fk;
The update of ciphertext data:
(1) stub is decrypted: mist node receives the update request of server, is decrypted using the fk retained before to stub To c1, i.e. Decfk(stub)→c1
(2) MLE ciphertext is restored: by ciphertext c1With trimmedpackage (i.e. c2) splicing, obtain MLE ciphertext c;
(3) generation of new FileKey: input security parameter obtains random encryption key: Gen (1λ)→fk′;
(4) ciphertext re-encryption: 256 bits are chosen again from ciphertext c, are denoted as c '1, remaining part is denoted as c '2, by c '1 Using fk ' encryption, new stub, i.e. Enc are obtainedfk′(c′1)→stub;
(5) data upload: by c '2Be packaged into new trimmedpackage, and by new stub and Trimmedpackage is uploaded to Cloud Server.
Re-encrypted private key distribution:
After mist node carries out re-encryption to ciphertext, need the key and c ' of re-encryption1The position of selection is shared with Other mist nodes facilitate other mist node decryptions.In the present invention, mist node is by the way of encryption attribute (ABE) by key It is distributed to other nodes, the specific steps are as follows:
(1) key generates: input security parameter 1λ, obtain public key PK and master key MK.That is, Setup (1λ) → PK, MK;
(2) private key generates: input public key PK, the property set of master key MK and mist node export the private key of mist node. That is, KenGen (PK, MK, S) → SK;
(3) encrypt: mist node is by c '1Selection position and encryption key as message M, input other mist nodes Public key PK, message M and access strategy T, export ciphertext CT, be sent to Cloud Server, then be distributed to CT by Cloud Server Other mist nodes.That is, Enc (PK, M, T) → CT;
(4) decrypt: remaining mist node receives ciphertext CT from Cloud Server, is solved using public key and the private key SK of oneself Close, the corresponding access strategy T of each ciphertext can be just if the property set S of the mist node meets access strategy T Really decryption, otherwise decryption failure.That is, Dec (PK, SK, CT) → M iffS ∈ T.
Cloud Server, the data deduplication and data at Cloud Server charge server end store, and delete the data of redundancy, only Retain a data in server end;Detailed process is as follows:
(1) after Cloud Server receives the data and data label t that mist node is sent, these data are judged by detecting t Whether have identical;
(2) it if it is not, then file label is stored in data directory, and places the data in Cloud Server, with The data directory of mist node is different, and the data directory of Cloud Server only saves data label, and does not store gathering around for the data The person of having.
(3) if so, identical data are deleted in cloud service, only retain a copy of it backup, delete remaining redundant data, and Data label is added in data directory.
Mist provided in an embodiment of the present invention calculates data safety machining system under environment and is broadly divided into three-decker, client End, mist node and Cloud Server.User is to operations such as the block encryptions of data in client executing, and mist node then manages certain The multiple client in one region, since the client location managed under the same mist node is close, what these users uploaded Data have very big similarity, therefore higher using such mode deduplicated efficiency.Moreover, user and server are separated by by mist node From therefore, some malicious users are difficult directly to dispose the application program of oneself on the server.For each user, mist Node is exactly a small-sized Cloud Server.The function of server is similar to traditional Cloud Server, is responsible for the duplicate number of detection It is uniquely backed up according to simultaneously only saving.In the present invention, Cloud Server is not direct communicates with user, but is connected with mist node, because This, server does not need the data ownership of management user, but only saves data, this greatly reduces the storage of server Expense simplifies the memory module of server.
Application principle of the invention is further described with reference to the accompanying drawing.
As shown in figure 3, being encryption and decryption schematic diagram of the invention, wherein the step for MLE is encrypted carries out in client, uses When family needs to be implemented upload operation, need first to encrypt data using MLE, guarantee clear data is not leaked, and then by data It is uploaded to mist node.Mist node needs that data are first divided into two parts, and a portion only has 256 bits, then to this 256 ratio Spy carries out re-encryption, ensure that the dynamic of ciphertext data.Why it is not to be encrypted to entire ciphertext, is because existing every time When update, require to carry out all contents encryption and decryption operation, expense is larger.When user needs to download file, use Family first sends to mist node and requests, and whether mist nodal test user data ownership is in data directory, if so, mist node Data are first downloaded from a server, first time decryption is carried out to data, and the data after decryption are spliced, obtains MLE ciphertext, it will MLE ciphertext is sent to user, and user obtains original plaintext data in local side decryption MLE ciphertext.
As shown in figure 4, being message lock encryption, i.e. the encryption principle schematic diagram of MLE.Wherein encryption key K by plaintext M Kazakhstan Uncommon value generates, while generating data label T with clear text file, and the generating process of data label is as shown in Figure 5.Using encryption key K carries out AES encryption to plaintext M, obtains ciphertext C, is encrypted using such mode, it is identical to ensure that identical plaintext can be encrypted to Ciphertext, storage overhead is saved while guaranteeing data security.
Mainly include the following steps as shown in figure 5, being the schematic diagram that data label T is generated:
(1) encrypted deblocking is denoted as b by user first1, b2, b3, b4
(2) b is sought1, b2, b3, b4Successively cryptographic Hash is asked to obtain h1, h2, h3, h4
(3) by h1With h2Cascade, h3With h4Cascade;
(4) Hash will be sought respectively after cascade, obtains S1And S2
(5) finally by S1With S2Cryptographic Hash is cascaded and asked, is obtained final as a result, as data label T.
If the user of a malice, it is desirable to judge to deposit in server using the method for data label is sent to server There is which data, then the user must be the owner of these data.Even if the owner of data wants in detection Cloud Server Whether have these data, but be only able to detect the region mist node whether on be transmitted through this data, other can not be detected Whether mist node has these data, has effectively resisted side-channel attack using such mode.
As shown in fig. 6, being the schematic diagram that ciphertext data update.When some user's rights of rescission are prescribed a time limit, it is necessary to ciphertext data It is updated, otherwise, if these users conspire with some malice opponents, these opponents can limit the use of family by the rights of rescission Data in key pair server are decrypted, this is very dangerous for server, and therefore, it is necessary to ciphertext data Periodically it is updated.Update is broadly divided into the following steps:
(1) stub is decrypted: mist node receives the update request of server, decrypts to obtain c to stub1, i.e. Decfk (stub)→c1
(2) MLE ciphertext is restored: by ciphertext c2With trimmedpackage (i.e. c1) splicing, obtain MLE ciphertext c;
(3) generation of new FileKey: input security parameter obtains random encryption key: Gen (1λ)→fk′;
(4) ciphertext re-encryption: 256 bits are chosen again from ciphertext c, are denoted as c '2, remaining part is denoted as c '11With c ′12, by c '2Using fk ' encryption, new stub, i.e. Enc are obtainedfk′(c′2)→stub;
(5) data upload: by c '11With c '12Be packaged into new trimmedpackage, and by new stub and Trimmedpackage is uploaded to Cloud Server.
As shown in fig. 7, being that the schematic diagram distributed again of key will be new after data are updated by mist node after updating The position and encryption key that stub chooses are sent to server in such a way that ABE is encrypted, and server is then by ABE ciphertext, It is sent to other mist nodes.If data need to update again, chooses one of mist node and need to continue to execute above-mentioned behaviour Make.
As shown in figure 8, being the structural schematic diagram of data directory on mist node.The concordance list is divided into two columns, right column record Be data label, indicate which data to Cloud Server the mist node has uploaded in, and left column is the conjunction of these data Method owner, when user issue downloading request when, mist node need first to detect the user whether be data lawful owner, such as Fruit is that mist node uses and downloads data from Cloud Server, and is sent to the user, and otherwise, mist node directly refuses the use The request at family.As shown in figure 8, the owner of data a68a791667344340 is user A and user B, if the Shen user A or B The data please be download, mist node then sends the data to user, if the data are downloaded in user's C application, mist node if is directly refused The request of exhausted user C.
As shown in figure 9, being the structural schematic diagram of data directory on Cloud Server.The concordance list is also divided into two columns, but Different with the concordance list on mist node, which does not need the owner of record data, and left column record is data Label, right column record is the corresponding data of the data label, data content be divided into two part TrimmedPackage and Stub.When mist node receives the downloading request of user, need to search the corresponding data of the data label on Cloud Server, And data are first decrypted, splices and obtains MLE ciphertext, and MLE ciphertext is sent to user.For example, user A wants downloading number According to a68a791667344340, mist nodal test to user A is the lawful owner of the data, and mist node sends data label To Cloud Server, cloud service detects that the corresponding data of data label a68a791667344340 are TrimmedPackage 05 With stub 05, and the two data are sent to mist node, mist node is decrypted stub 05 and spelled with TrimmedPackage It connects, and spliced MLE ciphertext is sent to user.
It as shown in Figure 10, is to detect the schematic diagram of simultaneously deleting duplicated data in server end.As shown, Cloud Server connects Receive the data uploaded from different mist nodes, data A, data B, data C, in which:
ta=bcdf0a4058a8943d;
tb=bcdf0a4058a8943d;
tc=bcdf0a4058a8943d;
It is detected through server, ta, tb, tcIt is identical, it was demonstrated that data A, data B, data C is identical, at this point, service Device deletes data B and C, only saves data A, and by data A and corresponding data label taIt is added to data directory shown in Fig. 9 In table.
Figure 11 is the time needed for Trimmed Package encryption, and Figure 12 is time needed for Stub encryption data, horizontal seat It is designated as the size of each data block after dividing, ordinate is the time needed for the entire file of encryption, and the size of entire file is 10MB。
Figure 13 is the time required when data re-encryption updates, and abscissa is the size of each data block, and ordinate is more Time needed for new entire file, the size of entire file are 10MB.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.

Claims (7)

1. a kind of mist calculates data safety De-weight method under environment, which is characterized in that the mist calculates data safety under environment and goes Weighing method the following steps are included:
The first step, user is encrypted data using MLE in client, and the label t of file is generated using Merkle tree, and will be added File and file label t after close are uploaded to mist node;
Second step, mist node receives data label, and detects it whether in data directory;If so, mist node is by user Ownership be added data directory, otherwise, into next step;
Third step, mist node arbitrarily chosen from MLE ciphertext 256 bits carry out re-encryption, and by 256 than selected from position with The key of re-encryption is distributed to other mist nodes, and data label and user's ownership are added to data directory by mist node, and By after re-encryption data and data label be sent to Cloud Server;
4th step, Cloud Server receive the data that different mist nodes are sent, and according to the data label that mist node uploads, judgement is It is no to have duplicate data;If so, only retaining a copy of it backup, remaining redundant data is deleted.
2. mist as described in claim 1 calculates data safety De-weight method under environment, which is characterized in that user is in client pair Data are encrypted using MLE
(1) generation of key: input plaintext m is calculated the cryptographic Hash of plaintext using SHA256 hash algorithm, obtains MLE key, i.e., hash(m)→k;
(2) AES encryption is carried out using MLE key pair plaintext m, obtains ciphertext c, i.e. Enc (m)k→c;
(3) user generates cryptographic Hash using MerkleTree to ciphertext c, is denoted as label t;
(4) user retains MLE key k, and ciphertext c and label t are uploaded to mist node.
3. mist as described in claim 1 calculates data safety De-weight method under environment, which is characterized in that user data ownership Detection:
Mist node by label t that user uploads compared with the data in the data directory oneself established, if t is in data rope Draw in table, mist node is not necessarily to receive the ciphertext c of user's upload, and directly the permission of user is added in data directory;If t Not in concordance list, mist node needs to execute data re-encryption operation;
The re-encryption of ciphertext data:
(1) key generates: input security parameter obtains a random encryption key, referred to as FileKey:Gen (1λ)→fk;
(2) re-encryption: 256 bits are chosen from MLE ciphertext c, are denoted as c1, remainder is denoted as c2, and using AES to c1Encryption, Obtain stub, it may be assumed that Encfk(c1)→stub;
(3) update of data directory: the ownership user of user data label t and t are added to data directory by mist node In table;
(4) data upload: mist node is by c2It is packaged into trimmedpackage, and by trimmedpackage, stub, Yi Jiyong Family label t is uploaded to Cloud Server;Mist node retains random encryption key fk;
The update of ciphertext data:
(1) stub is decrypted: mist node receives the update request of server, decrypts to obtain c to stub using the fk retained before1, That is Decfk(stub)→c1
(2) MLE ciphertext is restored: by ciphertext c1With trimmedpackage (i.e. c2) splicing, obtain MLE ciphertext c;
(3) generation of new FileKey: input security parameter obtains random encryption key: Gen (1λ)→fk′;
(4) ciphertext re-encryption: 256 bits are chosen again from ciphertext c, are denoted as c '1, remaining part is denoted as c '2, by c '1Using Fk ' encryption obtains new stub, i.e. Encfk′(c′1)→stub;
(5) data upload: by c '2It is packaged into new trimmedpackage, and new stub and trimmedpackage is uploaded To Cloud Server;
Re-encrypted private key distribution:
After mist node carries out re-encryption to ciphertext, by the key and c ' of re-encryption1The position of selection is shared with other mist sections Point;Key is distributed to other nodes by the way of encryption attribute ABE by mist node, the specific steps are as follows:
(1) key generates: input security parameter 1λ, obtain public key PK and master key MK;That is, Setup (1λ)→PK,MK;
(2) private key generates: input public key PK, the property set of master key MK and mist node export the private key of mist node;That is, KenGen(PK,MK,S)→SK;
(3) encrypt: mist node is by c '1Selection position and encryption key as message M, input the public key of other mist nodes PK, message M and access strategy T export ciphertext CT, are sent to Cloud Server, then CT is distributed to other mists by Cloud Server Node;That is, Enc (PK, M, T) → CT;
(4) decrypt: remaining mist node receives ciphertext CT from Cloud Server, is decrypted using public key and the private key SK of oneself, often The corresponding access strategy T of one ciphertext can be solved correctly if the property set S of the mist node meets access strategy T It is close, otherwise decryption failure;That is, Dec (PK, SK, CT) → M iff S ∈ T.
4. mist as described in claim 1 calculates data safety De-weight method under environment, which is characterized in that the data of server end Duplicate removal and data store, and delete the data of redundancy, retain a data specific method in server end and include:
(1) after Cloud Server receives the data and data label t that mist node is sent, by detecting whether t judges these data There are identical data;
(2) it if it is not, then file label is stored in data directory, and places the data in Cloud Server, with mist section The data directory of point is different, and the data directory of Cloud Server only saves data label, and does not store the owner of the data;
(3) if so, identical data are deleted in cloud service, only retain a copy of it backup, delete remaining redundant data, and will count It is added in data directory according to label.
5. mist as claimed in claim 4 calculates data safety De-weight method under environment, which is characterized in that user sends data Cryptographic Hash, that is, can determine whether Cloud Server stores the data, and the user of certain malice may take the method, judge cloud Which data is housed on server, it was demonstrated that the File Ownership POW concrete operations of user include:
(1) by ciphertext deblocking, it is denoted as b1,b2,...,bn
(2) b is sought1,b2,...,bnSuccessively cryptographic Hash is asked to obtain h1,h2,…,hn
(3) by h1With h2Cascade, h3With h4Cascade, and so on, by hn-1With hnCascade;
(4) Hash will be sought respectively after cascade, obtains hs1...hsn/2
(5) again by hs1With hs2Cascade, hs3With hs4Cascade, and so on;
(6) it will continue to seek cryptographic Hash after cascade, constantly recycle, obtain final result, as data label t.
6. a kind of mist for realizing data safety De-weight method under the calculating environment of mist described in claim 1 calculates data safety under environment Machining system, which is characterized in that the mist calculates data safety machining system under environment and includes:
Client, user are encrypted data using MLE in client;
Mist node, mist node mainly execute four operations: the detection of user data ownership, the re-encryption of ciphertext data, ciphertext The update of data and the distribution of re-encrypted private key;
Cloud Server, the data deduplication and data at Cloud Server charge server end store, and delete the data of redundancy, are only taking Business device end retains a data.
7. a kind of cloud storage for calculating data safety De-weight method under environment using mist described in Claims 1 to 5 any one is flat Platform.
CN201910171496.1A 2019-03-07 2019-03-07 Data security duplicate removal system and method in fog computing environment and cloud storage platform Active CN109995505B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910171496.1A CN109995505B (en) 2019-03-07 2019-03-07 Data security duplicate removal system and method in fog computing environment and cloud storage platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910171496.1A CN109995505B (en) 2019-03-07 2019-03-07 Data security duplicate removal system and method in fog computing environment and cloud storage platform

Publications (2)

Publication Number Publication Date
CN109995505A true CN109995505A (en) 2019-07-09
CN109995505B CN109995505B (en) 2021-08-10

Family

ID=67130493

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910171496.1A Active CN109995505B (en) 2019-03-07 2019-03-07 Data security duplicate removal system and method in fog computing environment and cloud storage platform

Country Status (1)

Country Link
CN (1) CN109995505B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110311946A (en) * 2019-05-10 2019-10-08 国网浙江省电力有限公司宁波供电公司 Business datum security processing, the apparatus and system calculated based on cloud and mist
CN110618790A (en) * 2019-09-06 2019-12-27 上海电力大学 Mist storage data redundancy removing method based on repeated data deletion
CN111211903A (en) * 2019-12-02 2020-05-29 中国矿业大学 Mobile group perception data report duplication removing method based on fog calculation and privacy protection
CN111212084A (en) * 2020-01-15 2020-05-29 广西师范大学 Attribute encryption access control method facing edge calculation
CN112087422A (en) * 2020-07-28 2020-12-15 南京航空航天大学 Outsourcing access control method based on attribute encryption in edge calculation
CN112231309A (en) * 2020-10-14 2021-01-15 深圳前海微众银行股份有限公司 Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics
CN112671809A (en) * 2021-03-17 2021-04-16 北京红云融通技术有限公司 Data transmission method, signal source end and receiving end
CN112866299A (en) * 2021-04-12 2021-05-28 南京大学 Encrypted data deduplication and sharing device and method for mobile edge computing network
WO2021232193A1 (en) * 2020-05-18 2021-11-25 深圳技术大学 Cp-abe-based ciphertext search method, apparatus and device in fog computing, and storage medium
WO2021248665A1 (en) * 2020-06-08 2021-12-16 西安电子科技大学 Sgx side channel attack defense method and system, and medium, program and application
CN113806071A (en) * 2021-08-10 2021-12-17 中标慧安信息技术股份有限公司 Data synchronization method and system for edge computing application

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170161336A1 (en) * 2015-12-06 2017-06-08 Xeeva, Inc. Systems and/or methods for automatically classifying and enriching data records imported from big data and/or other sources to help ensure data integrity and consistency
CN108182367A (en) * 2017-12-15 2018-06-19 西安电子科技大学 A kind of encrypted data chunk client De-weight method for supporting data update
CN108776758A (en) * 2018-04-13 2018-11-09 西安电子科技大学 The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist
CN109379182A (en) * 2018-09-04 2019-02-22 西安电子科技大学 Support efficient data re-encryption method and system, the cloud storage system of data deduplication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170161336A1 (en) * 2015-12-06 2017-06-08 Xeeva, Inc. Systems and/or methods for automatically classifying and enriching data records imported from big data and/or other sources to help ensure data integrity and consistency
CN108182367A (en) * 2017-12-15 2018-06-19 西安电子科技大学 A kind of encrypted data chunk client De-weight method for supporting data update
CN108776758A (en) * 2018-04-13 2018-11-09 西安电子科技大学 The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist
CN109379182A (en) * 2018-09-04 2019-02-22 西安电子科技大学 Support efficient data re-encryption method and system, the cloud storage system of data deduplication

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110311946A (en) * 2019-05-10 2019-10-08 国网浙江省电力有限公司宁波供电公司 Business datum security processing, the apparatus and system calculated based on cloud and mist
CN110618790A (en) * 2019-09-06 2019-12-27 上海电力大学 Mist storage data redundancy removing method based on repeated data deletion
CN110618790B (en) * 2019-09-06 2023-04-28 上海电力大学 Mist storage data redundancy elimination method based on repeated data deletion
CN111211903B (en) * 2019-12-02 2021-06-11 中国矿业大学 Mobile group perception data report duplication removing method based on fog calculation and privacy protection
CN111211903A (en) * 2019-12-02 2020-05-29 中国矿业大学 Mobile group perception data report duplication removing method based on fog calculation and privacy protection
CN111212084A (en) * 2020-01-15 2020-05-29 广西师范大学 Attribute encryption access control method facing edge calculation
CN111212084B (en) * 2020-01-15 2021-04-23 广西师范大学 Attribute encryption access control method facing edge calculation
WO2021232193A1 (en) * 2020-05-18 2021-11-25 深圳技术大学 Cp-abe-based ciphertext search method, apparatus and device in fog computing, and storage medium
WO2021248665A1 (en) * 2020-06-08 2021-12-16 西安电子科技大学 Sgx side channel attack defense method and system, and medium, program and application
CN112087422A (en) * 2020-07-28 2020-12-15 南京航空航天大学 Outsourcing access control method based on attribute encryption in edge calculation
CN112231309A (en) * 2020-10-14 2021-01-15 深圳前海微众银行股份有限公司 Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics
CN112231309B (en) * 2020-10-14 2024-05-07 深圳前海微众银行股份有限公司 Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics
CN112671809B (en) * 2021-03-17 2021-06-15 北京红云融通技术有限公司 Data transmission method, signal source end and receiving end
CN112671809A (en) * 2021-03-17 2021-04-16 北京红云融通技术有限公司 Data transmission method, signal source end and receiving end
CN112866299A (en) * 2021-04-12 2021-05-28 南京大学 Encrypted data deduplication and sharing device and method for mobile edge computing network
CN113806071A (en) * 2021-08-10 2021-12-17 中标慧安信息技术股份有限公司 Data synchronization method and system for edge computing application
CN113806071B (en) * 2021-08-10 2022-08-19 中标慧安信息技术股份有限公司 Data synchronization method and system for edge computing application

Also Published As

Publication number Publication date
CN109995505B (en) 2021-08-10

Similar Documents

Publication Publication Date Title
CN109995505A (en) A kind of mist calculates data safety machining system and method, cloud storage platform under environment
Li et al. A hybrid cloud approach for secure authorized deduplication
Kumar et al. Data integrity proofs in cloud storage
Yan et al. A scheme to manage encrypted data storage with deduplication in cloud
Akhila et al. A study on deduplication techniques over encrypted data
KR101285281B1 (en) Security system and its security method for self-organization storage
Liu et al. Policy-based de-duplication in secure cloud storage
US20150026474A1 (en) Managed authentication on a distributed network
Mo et al. Two-party fine-grained assured deletion of outsourced data in cloud systems
Virvilis et al. A cloud provider-agnostic secure storage protocol
CN112532650A (en) Block chain-based multi-backup safe deletion method and system
CN117459230A (en) Key hosting method based on blockchain and key sharing
Andavan et al. Cloud computing based deduplication using high-performance grade byte check and fuzzy search technique
Paul et al. Data storage security issues in cloud computing
Shu et al. Secure storage system and key technologies
Kadu et al. A Hybrid Cloud Approach for Secure Authorized Deduplication
Ali et al. Distributed File Sharing and Retrieval Model for Cloud Virtual Environment
Nandini et al. Implementation of hybrid cloud approach for secure authorized deduplication
Reddy et al. Performance evaluation of various data deduplication schemes in cloud storage
Supriya et al. STUDY ON DATA DEDUPLICATION IN CLOUD COMPUTING.
Anitha et al. Security Aware High Scalable paradigm for Data Deduplication in Big Data cloud computing Environments
Aldar et al. A survey on secure deduplication of data in cloud storage
Venkatesh et al. Secure authorised deduplication by using hybrid cloud approach
Khudaier et al. A Review of Assured Data Deletion Security Techniques in Cloud Storage
Andola et al. A new lightweight Approach for multiuser searchable encryption in the cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant