CN113204774B - Rapid data security protection method based on multi-cloud environment - Google Patents
Rapid data security protection method based on multi-cloud environment Download PDFInfo
- Publication number
- CN113204774B CN113204774B CN202110475887.XA CN202110475887A CN113204774B CN 113204774 B CN113204774 B CN 113204774B CN 202110475887 A CN202110475887 A CN 202110475887A CN 113204774 B CN113204774 B CN 113204774B
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted
- fragments
- encrypted data
- blocks
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/064—Management of blocks
Abstract
The invention provides a rapid data security protection algorithm based on a multi-cloud environment, which comprises the following steps: dividing data to be processed according to a division rule to obtain data fragments; randomly generating a plurality of permutation arrays; splitting the permutation array into permutation dispersion arrays according to an exclusive or mode; encrypting the data fragments by replacing the scattered array to obtain an encrypted data block; respectively dispersing the replacement dispersed arrays into the data fragments to form encrypted data fragments together with the encrypted data blocks; and storing the encrypted data fragments to a cloud storage point according to an average storage rule. The invention provides a rapid data security protection algorithm based on a multi-cloud environment, realizes a data storage function in the multi-cloud environment by combining a replacement algorithm and a perfect dispersion algorithm, effectively solves the problems in the prior art, and has the advantages of high security performance, large storage capacity, high speed and low cost.
Description
Technical Field
The invention relates to the technical field of data security storage, in particular to a rapid data security protection method based on a multi-cloud environment.
Background
The existing safe distributed cloud storage is mainly realized by an information dispersion technology, and the information dispersion technology comprises the following steps: the perfect information dispersion scheme (SSS) of Shamir, the Information Dispersion Algorithm (IDA) of Rabin, the short message dispersion algorithm (SSMS) of Krawczyk, the Aont algorithm (AONT-RS) of Rivest, truncated storage, storage point adding storage and the like; however, the information dispersion technologies have obvious defects, and the SSS, although achieving theoretical security, has low efficiency on big data, has applicability only to small data, has few application scenarios, and is not actually suitable for cloud storage; the original data can be restored by adding a small amount of redundancy to the IDA, but the safety is low; the security and the performance of the SSMS are completely dependent on the encryption and information dispersion algorithms it uses, and a lot of cost is consumed in key management; the AONT-RS is an encoding mode, but the security is much weaker than that of an encryption algorithm; the truncated storage mode usually directly exposes partial data information, which causes a security problem; the storage points stored by the storage points are increased, so that the expense is high; therefore, the invention provides a rapid data security protection method based on a multi-cloud environment, realizes the storage function of data in the multi-cloud environment by combining a replacement algorithm and a perfect dispersion algorithm, effectively solves the problems in the prior art, and has the advantages of high security, large storage capacity, high speed and low cost.
Disclosure of Invention
The invention provides a rapid data security protection method based on a multi-cloud environment, which combines a replacement algorithm and a perfect dispersion algorithm to realize a data storage function in the multi-cloud environment, effectively solves the problems in the prior art, and has the advantages of high security, large storage capacity, high speed and low cost.
The invention provides a rapid data security protection method based on a multi-cloud environment, which comprises the following steps:
dividing data to be processed according to a division rule to obtain data fragments;
randomly generating a plurality of permutation arrays;
splitting the permutation array into permutation dispersion arrays in an exclusive-or mode;
encrypting the data fragments by replacing the scattered array to obtain encrypted data blocks;
respectively dispersing the permutation dispersion array into data fragments, and forming encrypted data fragments together with the encrypted data blocks;
and storing the encrypted data fragments to a cloud storage point according to an average storage rule.
Further, the process of dividing the data to be processed according to the division rule to obtain the data fragments includes:
performing primary division on data to be processed to obtain a plurality of primary division data blocks;
dividing each preliminarily divided data block into a plurality of small data blocks;
and averagely dividing the data to be processed into a plurality of data fragments by taking the preliminarily divided data blocks as a unit according to a division rule, so that each data fragment is composed of the same number of small data blocks.
Further, the number of the data fragments is a multiple of the number of cloud storage points, and the ratio between the preliminarily divided data block and the small data block is just equal to the number value of the data fragments.
Further, in the process of encrypting the data fragments by replacing the scattered array, firstly, encryption processing is respectively performed on first primarily divided data blocks in all the data fragments, when the first primarily divided data blocks in all the data fragments are subjected to data encryption, encryption processing is respectively performed on second primarily divided data blocks in all the data fragments, and when the second primarily divided data blocks in all the data fragments are subjected to data encryption, encryption processing is respectively performed on third primarily divided data blocks in all the data fragments until all the primarily divided data blocks in the data fragments are subjected to encryption processing.
Further, the step of performing encryption processing on the first preliminarily divided data blocks in all the data fragments respectively includes:
a1, respectively encrypting the small data blocks of the first preliminary division data block in the data fragments in the corresponding order by using the scattered data in the scattered array according to the order to obtain a first encrypted data block of the data fragments;
and A2, performing position sequence transformation on the first encrypted data blocks of the data fragments in the corresponding sequence according to the sequence through the permutation array, and obtaining a first updating permutation dispersion array of each data fragment.
Further, the method for respectively encrypting the second primarily divided data blocks in all the data fragments comprises the following steps:
b1, encrypting the small and medium data blocks in the second primarily divided data block of the data fragment according to the first updating displacement dispersion number of the adjacent data fragment to obtain a second encrypted data block of the data fragment;
b2, matching corresponding permutation arrays in the plurality of permutation arrays;
b3, carrying out position sequence transformation on the second encrypted data blocks of the data fragments through the matched permutation array to obtain a second updated permutation dispersion array of each data fragment;
and B1-B3 are carried out on the primarily divided data blocks after the second primarily divided data block in the data fragment until the encryption of all the primarily divided data blocks in the data fragment is finished, so that the encrypted data block is obtained.
Further, the process of respectively dispersing the permutation dispersion arrays into the data fragments and jointly forming the encrypted data fragments with the encrypted data blocks includes:
a displacement dispersion array adopted in the encryption processing process is dispersed and matched with data fragments by a perfect key dispersion method;
and the encrypted data block corresponding to the data fragment and the dispersed data group which is dispersedly matched form the encrypted data fragment.
Further, when the encrypted data fragments are stored in the cloud storage point according to the average storage rule, the encrypted data fragments of adjacent data fragments are not stored in the same cloud storage point.
Further, the process of storing the formed encrypted data fragments to a cloud storage point according to an average storage rule includes:
determining the encrypted data fragment; summarizing all encrypted data fragments, and disordering the sequence of the encrypted data fragments to obtain encrypted data fragments in a random arrangement sequence;
partitioning the encrypted data fragments in the random arrangement sequence according to an average rule to obtain a plurality of encrypted data fragment unit blocks; partitioning the encrypted data fragments in the random arrangement sequence according to the number of cloud storage points, so that the number of the encrypted data fragments in each encrypted data fragment unit block is consistent;
checking each encrypted data fragmentation cell block; whether continuous data to be processed exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks is checked in each encrypted data fragment unit block, if the continuous data to be processed do not exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks, the original data are checked to be qualified, otherwise, the original data are checked again after being adjusted for the encrypted data fragment unit blocks with the continuous data to be processed until the original data are checked to be qualified;
storing the qualified encrypted data fragment unit block into a cloud storage point; and matching the encrypted data fragment unit blocks with the cloud storage points through random permutation and combination, and storing data according to matching results.
Further, the step of verifying for each block of fragmented encrypted data comprises:
s1, obtaining the information of the encrypted data fragmentation cell block, and marking the encrypted data fragmentation cell block as AiThen, it is expressed as:
Ai={aij}
wherein, aijRepresenting a jth encrypted data fragment in an ith encrypted data fragment unit block;
s2, combining and connecting the encrypted data fragments according to the following formula;
Hikl=ARA(F(aik),F(ail)),k≠l
in the above formula, HiklRepresenting combined data of a kth encrypted data fragment and a l encrypted data fragment in an ith encrypted data fragment unit block, F representing a mapping function between the encrypted data fragments and data to be processed, ARA representing an arbitrary function in the encrypted data fragment unit block, aikRepresenting the kth encrypted data fragment in the ith block of encrypted data fragmentation, ailIndicating the ith encrypted data fragment in the ith encrypted data fragment unit block;
s3, obtaining a test result according to the following formula;
in the above formula, GiThe method comprises the steps of representing a detection result of an ith encrypted data fragment unit block, wherein m represents unqualified detection, n represents qualified detection, W represents data to be processed, and LEN represents a data length function;
and when the verification result is that the verification is unqualified, adjusting the encrypted data fragments in the encrypted data fragment unit block and the encrypted data fragments in other encrypted data fragment unit blocks, and then performing the steps S1 to S3 again until the verification is qualified.
The invention has at least the following beneficial effects:
(1) according to the rapid data security protection method based on the cloud environment, the key in the encryption process does not need to be managed, and the cost is effectively reduced; when encryption processing is carried out, the security of data is improved by combining a replacement algorithm, so that the security of the encrypted data is higher; in addition, during encryption processing, the data encrypted by the same encryption method in different data fragments can be encrypted simultaneously, so that the encryption processing speed is increased, the efficiency of the rapid data security protection method is improved, in addition, the data are stored through a plurality of cloud storage points in a multi-cloud environment, the storage capacity is larger, and the data storage capacity is improved.
(2) According to the rapid data security protection method based on the cloud environment, the scattered array and the encrypted data block jointly form the encrypted data, so that the scattered array and the encrypted data block are jointly stored when being used as the key in the encryption process, a special key management unit is avoided, and the management cost is effectively reduced.
(3) According to the rapid data security protection method based on the multi-cloud environment, when the data is stored, the encrypted data fragments of the adjacent data fragments are not stored in the same cloud storage point, so that if decryption is needed, all the encrypted data fragments in all the cloud storage points are required to be collected to be decrypted, the data is prevented from being acquired or stolen through a single cloud storage point, and the data security is improved.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow chart illustrating the steps of a method for fast data security protection according to the present invention;
FIG. 2 is a schematic diagram of a first step in a fast data security protection method based on a cloud environment according to the present invention;
FIG. 3 is a flowchart of a first preliminary data block partitioning encryption procedure in data fragments according to a fast data security protection method under a cloud environment;
fig. 4 is a flowchart of a high-order preliminary data block division encryption step in data fragmentation according to a fast data security protection method in a cloud-based environment of the present invention;
fig. 5 is a schematic diagram illustrating high-order preliminary data block division encryption in data fragments according to a fast data security protection method in a cloud environment;
fig. 6 is a schematic diagram of step six in the fast data security protection method based on the cloud environment according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
As shown in fig. 1, an embodiment of the present invention provides a fast data security protection method based on a multi-cloud environment, including:
the method comprises the following steps that firstly, data to be processed are divided according to a division rule to obtain data fragments;
step two, randomly generating a plurality of permutation arrays;
step three, splitting the permutation array into a permutation dispersion array according to an exclusive-or mode;
fourthly, encrypting the data fragments through the permutation and dispersion array to obtain encrypted data blocks;
fifthly, respectively dispersing the replacement dispersed arrays into data fragments to form encrypted data fragments together with the encrypted data blocks;
and step six, storing the encrypted data fragments to a cloud storage point according to an average storage rule.
In the technical scheme, when data is safely stored, data to be processed is firstly divided according to a division rule to obtain data fragments; secondly, randomly generating a plurality of permutation arrays; and splitting the permutation array into permutation dispersion arrays in an exclusive or manner; then, carrying out encryption processing on the data fragments through the permutation and dispersion array to obtain an encrypted data block; then, respectively dispersing the replacement scattered arrays into data fragments to form encrypted data fragments together with the encrypted data blocks; and finally, storing the encrypted data fragments to a cloud storage point according to an average storage rule. In addition, in the second step, when a plurality of permutation arrays are randomly generated, the number of the permutation arrays is the same as the number of the storage points, for example: if 3 storage points exist, three random permutation arrays are generated, and the elements in each permutation array are randomly arranged in a range from 1 to 16. By the technical scheme, the key in the encryption process does not need to be managed, so that the cost is effectively reduced; when encryption processing is carried out, the security of data is improved by combining a replacement algorithm, so that the security of the encrypted data is higher; in addition, during encryption processing, the data encrypted by the same encryption method in different data fragments can be encrypted simultaneously, so that the encryption processing speed is increased, the efficiency of the rapid data security protection method is improved, in addition, the data are stored through a plurality of cloud storage points in a multi-cloud environment, the storage capacity is larger, and the data storage capacity is improved.
In an embodiment provided by the present invention, the process of dividing the data to be processed according to the division rule to obtain the data fragments includes:
performing primary division on data to be processed to obtain a plurality of primary division data blocks;
dividing each preliminarily divided data block into a plurality of small data blocks;
and averagely dividing the data to be processed into a plurality of data fragments by taking the preliminarily divided data blocks as a unit according to a division rule, so that each data fragment is composed of the same number of small data blocks.
In the technical scheme, in the process of obtaining the data fragments, firstly, the data to be processed is primarily divided to obtain a plurality of primarily divided data blocks; then, each preliminarily divided data block is divided again, and the preliminarily divided data block is divided into a plurality of small data blocks; and finally, averagely dividing the data to be processed into a plurality of data fragments by taking the preliminary division data block as a unit according to a division rule, so that the number of the preliminary division data blocks in each data fragment and the number of the small data blocks are equal, and the small data blocks are the minimum unit in the data to be processed and have the size of 1 bit. Through the technical scheme, the data to be processed can be divided, so that the encryption processing is facilitated, the safety of the encrypted data block is improved, the data processing and storage speed can be increased, the efficiency of a data security protection algorithm is improved, the data balance can be effectively ensured by the preliminarily divided data blocks or small data blocks with the same number in each data fragment, and the safety of the data is improved.
According to the technical scheme, in the data d to be processed, the data d to be processed is firstly divided into k times of preliminary division data blocks, and then the preliminary division data blocks biDividing again to obtain multiple small data blocks, and recording the small data blocks as mbjFinally, pressing the data d to be processedDividing into k pieces of data f according to division rulei. When k is 3, the above steps are as shown in fig. 2, and each preliminary division data block biMiddle and small data block mbjThe number of (2) is 3.
In an embodiment provided by the present invention, the number of the data fragments is a multiple of the number of cloud storage points, and the ratio between the preliminarily divided data block and the small data block is just equal to the number of the data fragments.
Among the above-mentioned technical scheme, when carrying out preliminary partition to pending data, the figure of the data piece that will divide sets the multiple of the number of cloud memory point into, make can follow average rule when storing the cloud memory point, keep the storage balance of cloud memory point, and when dividing preliminary data once more, the figure of the small-size data piece that every preliminary division data piece divided into is kept unanimous with the figure of data piece, make the difference between the data after carrying out the encryption processing reduce, thereby improve the security of data.
In an embodiment of the present invention, in the process of performing encryption processing on the data fragments by replacing the scattered array, first primarily divided data blocks in all the data fragments are respectively encrypted, when the first primarily divided data blocks in all the data fragments are completely encrypted, second primarily divided data blocks in all the data fragments are respectively encrypted, and when the second primarily divided data blocks in all the data fragments are completely encrypted, third primarily divided data blocks in all the data fragments are respectively encrypted until all the primarily divided data blocks in the data fragments are completely encrypted.
In the technical scheme, when the data fragments are encrypted through the permutation dispersion array, the first primary division data in each data fragment is encrypted and then the second primary division data in the data fragment is encrypted, when the second primary division data in each data fragment is encrypted, the third primary division data in the data fragment is encrypted, and so on until all the primary division data blocks in the data fragment are completely encrypted. Through the technical scheme, different data fragments can be simultaneously encrypted when the data blocks are preliminarily divided according to the same sequence, so that the encryption time is effectively saved, and the encryption processing efficiency is improved.
As shown in fig. 3, in an embodiment provided by the present invention, the step of performing encryption processing on the first preliminarily divided data blocks in all the data fragments respectively includes:
a1, respectively encrypting the small data blocks of the first preliminary division data block in the data fragments in the corresponding order by using the scattered data in the scattered array according to the order to obtain a first encrypted data block of the data fragments;
and A2, performing position sequence transformation on the first encrypted data blocks of the data fragments in the corresponding sequence according to the sequence through the permutation array, and obtaining a first updating permutation dispersion array of each data fragment.
In the above technical solution, when encrypting the first preliminarily divided data block in the data fragment, the scattered data of the scattered data group is usedPartitioning the first preliminary block of data b of a data fragment0Medium smaller block mbjSequentially encrypting to generate a first encrypted data block of the data fragment, and randomly replacing 16 bits in the small data block of the first encrypted data block of the data fragment in the corresponding sequence through the replacing array contrast sequence to obtain a first updating replacing dispersed array s of each data fragment1 0,s1 1,……s1 k-1(k represents the number of data fragments). The technical scheme is adopted to encrypt the first primarily divided data block in the data fragment, so that the data security is improved, and the permutation array is randomly generated, so that the original data of the encrypted data is difficult to obtain through an abnormal way, and the data security is improved.
As shown in fig. 4, in an embodiment of the present invention, the method for separately encrypting the second preliminary divided data blocks in all the data fragments includes the following steps:
b1, encrypting the small and medium data blocks in the second primarily divided data block of the data fragment according to the first updating displacement dispersion number of the adjacent data fragment to obtain a second encrypted data block of the data fragment;
b2, matching corresponding permutation arrays in the plurality of permutation arrays;
b3, carrying out position sequence transformation on the second encrypted data blocks of the data fragments through the matched permutation array to obtain a second updated permutation dispersion array of each data fragment;
and B1-B3 are carried out on the primarily divided data blocks after the second primarily divided data block in the data fragment until the encryption of all the primarily divided data blocks in the data fragment is finished, so that the encrypted data block is obtained.
In the above technical solution, when encrypting the second initially-divided data block in the data fragment, as shown in fig. 5, the small-sized data block mb in the second initially-divided data block of the data fragment is sequentially replaced by the first update permutation and dispersion array s1 in the adjacent data fragmentjEncrypting to generate new data block, and using relative permutation number to encrypt mb in the data blockjAnd (3) transforming the position sequence to generate a second updating replacement dispersed array of the data fragments, and repeating the steps until the second preliminary division data block in each data fragment is encrypted, and similarly, encrypting other high-order preliminary division data blocks such as a third preliminary division data block, a fourth preliminary division data block and the like in the data fragments according to the method. By the technical scheme, the secret key adopted in encryption can be sourced from adjacent data fragments instead of self data, and the safety of the data is ensured and the safety of the data is improved by combining a permutation algorithm.
In an embodiment provided by the present invention, the process of respectively dispersing the permutation and dispersion arrays into the data fragments and forming the encrypted data fragments together with the encrypted data blocks includes:
a displacement dispersion array adopted in the encryption processing process is dispersed and matched with data fragments by a perfect key dispersion method;
and the encrypted data block corresponding to the data fragment and the dispersed data group which is dispersedly matched form the encrypted data fragment.
In the technical scheme, the perfect dispersion algorithm is divided into the replacement dispersion arrays with the same number as the fragments, and the replacement dispersion arrays are evenly dispersed into each fragment, so that the encrypted data fragments are jointly formed by the dispersion arrays and the encrypted data blocks, the dispersion arrays are used as keys in the encryption process and are jointly stored with the encrypted data blocks, a special key management unit is avoided, and the management cost is effectively reduced.
In an embodiment provided by the present invention, when the encrypted data fragments are stored in the cloud storage point according to the average storage rule, the encrypted data fragments of adjacent data fragments are not stored in the same cloud storage point.
In the above technical scheme, when the data is stored, the number of the encrypted data fragments stored in each cloud storage point is equal, and as shown in fig. 6, the encrypted data fragments of adjacent data fragments are not stored in the same cloud storage point, so that if decryption is desired, all the encrypted data fragments in all the cloud storage points must be collected together to be decrypted, data acquisition or data stealing through a single cloud storage point is avoided, and the data security is improved.
In an embodiment provided by the present invention, the storing the formed encrypted data fragments to the cloud storage point according to the average storage rule includes:
determining the encrypted data fragment; summarizing all encrypted data fragments, and disordering the sequence of the encrypted data fragments to obtain encrypted data fragments in a random arrangement sequence;
partitioning the encrypted data fragments in the random arrangement sequence according to an average rule to obtain a plurality of encrypted data fragment unit blocks; partitioning the encrypted data fragments in the random arrangement sequence according to the number of cloud storage points, so that the number of the encrypted data fragments in each encrypted data fragment unit block is consistent;
checking each encrypted data fragmentation cell block; whether continuous data to be processed exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks is checked in each encrypted data fragment unit block, if the continuous data to be processed do not exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks, the original data are checked to be qualified, otherwise, the original data are checked again after being adjusted for the encrypted data fragment unit blocks with the continuous data to be processed until the original data are checked to be qualified;
storing the qualified encrypted data fragment unit block into a cloud storage point; and matching the encrypted data fragment unit blocks with the cloud storage points through random permutation and combination, and storing data according to matching results.
In the technical scheme, when the encrypted data fragments are stored in the cloud storage point according to the average storage rule, firstly, the encrypted data fragments are determined; summarizing all encrypted data fragments, and disordering the sequence of the encrypted data fragments to obtain encrypted data fragments in a random arrangement sequence; then, partitioning the encrypted data fragments in the random arrangement sequence according to an average rule to obtain a plurality of encrypted data fragment unit blocks; then, checking each encrypted data fragment unit block; and finally, storing the qualified encrypted data fragment unit block into a cloud storage point. According to the technical scheme, the original to-be-processed data corresponding to the encrypted data fragments in each cloud storage point are not continuous, the situation that the adjacent encrypted data blocks are decrypted through data information in the adjacent encrypted data blocks is avoided, the data are exposed, and the data safety is further improved.
In one embodiment of the present invention, the step of verifying each encrypted data fragmentation cell block includes:
s1, obtaining the information of the encrypted data fragmentation cell block, and marking the encrypted data fragmentation cell block as AiThen, it is expressed as:
Ai={aij}
wherein, aijRepresenting a jth encrypted data fragment in an ith encrypted data fragment unit block;
s2, combining and connecting the encrypted data fragments according to the following formula;
Hikl=ARA(F(aik),F(ail)),k≠l
in the above formula, HiklRepresenting combined data of a kth encrypted data fragment and a l encrypted data fragment in an ith encrypted data fragment unit block, F representing a mapping function between the encrypted data fragments and data to be processed, ARA representing an arbitrary function in the encrypted data fragment unit block, aikRepresenting the kth encrypted data fragment in the ith block of encrypted data fragmentation, ailIndicating the ith encrypted data fragment in the ith encrypted data fragment unit block;
s3, obtaining a test result according to the following formula;
in the above formula, GiThe method comprises the steps of representing a detection result of an ith encrypted data fragment unit block, wherein m represents unqualified detection, n represents qualified detection, W represents data to be processed, and LEN represents a data length function;
and when the verification result is that the verification is unqualified, adjusting the encrypted data fragments in the encrypted data fragment unit block and the encrypted data fragments in other encrypted data fragment unit blocks, and then performing the steps S1 to S3 again until the verification is qualified.
According to the technical scheme, the encrypted data fragments in the encrypted data fragment unit blocks are detected by acquiring the information of the encrypted data fragment unit blocks, performing combined connection on the encrypted data fragments and acquiring a detection result, so that the adjacent encrypted data fragments existing in the encrypted data fragment unit blocks which are partitioned according to an average rule are detected, the adjacent encrypted data fragments do not exist in each encrypted data fragment unit block, the safety of data stored in a cloud storage point is improved, the calculation formula of the detection result enables the detection to be more sensitive through existence and any condition, and the judgment accuracy of the detection result is improved.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (9)
1. A rapid data security protection method based on a multi-cloud environment is characterized by comprising the following steps:
dividing data to be processed according to a division rule to obtain data fragments;
randomly generating a plurality of permutation arrays;
splitting the permutation array into permutation dispersion arrays in an exclusive-or mode;
encrypting the data fragments by replacing the scattered array to obtain encrypted data blocks;
respectively dispersing the permutation dispersion array into data fragments, and forming encrypted data fragments together with the encrypted data blocks;
storing the encrypted data fragments to a cloud storage point according to an average storage rule, wherein the method comprises the following steps:
determining the encrypted data fragment; summarizing all encrypted data fragments, and disordering the sequence of the encrypted data fragments to obtain encrypted data fragments in a random arrangement sequence;
partitioning the encrypted data fragments in the random arrangement sequence according to an average rule to obtain a plurality of encrypted data fragment unit blocks; partitioning the encrypted data fragments in the random arrangement sequence according to the number of cloud storage points, so that the number of the encrypted data fragments in each encrypted data fragment unit block is consistent;
checking each encrypted data fragmentation cell block; whether continuous data to be processed exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks is checked in each encrypted data fragment unit block, if the continuous data to be processed do not exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks, the original data are checked to be qualified, otherwise, the original data are checked again after being adjusted for the encrypted data fragment unit blocks with the continuous data to be processed until the original data are checked to be qualified;
storing the qualified encrypted data fragment unit block into a cloud storage point; and matching the encrypted data fragment unit blocks with the cloud storage points through random permutation and combination, and storing data according to matching results.
2. The fast data security protection method according to claim 1, wherein the process of performing data partitioning on the data to be processed according to the partitioning rule to obtain the data fragments comprises:
performing primary division on data to be processed to obtain a plurality of primary division data blocks;
dividing each preliminarily divided data block into a plurality of small data blocks;
and averagely dividing the data to be processed into a plurality of data fragments by taking the preliminarily divided data blocks as a unit according to a division rule, so that each data fragment is composed of the same number of small data blocks.
3. The fast data security protection method of claim 2, wherein the number of the data fragments is a multiple of the number of cloud storage points, and a ratio between the preliminarily partitioned data block and the small data block is just equal to the number of the data fragments.
4. The fast data security protection method according to claim 3, wherein in the process of performing encryption processing on the data fragments by replacing the scattered array, first encryption processing is performed on first primarily divided data blocks in all the data fragments, when the first primarily divided data blocks in all the data fragments are completely encrypted, second primarily divided data blocks in all the data fragments are respectively encrypted, and when the second primarily divided data blocks in all the data fragments are completely encrypted, third primarily divided data blocks in all the data fragments are respectively encrypted until all the primarily divided data blocks in the data fragments are completely encrypted.
5. The fast data security protection method according to claim 4, wherein the step of separately performing encryption processing on the first preliminarily divided data blocks in all the data fragments comprises:
a1, respectively encrypting the small data blocks of the first preliminary division data block in the data fragments in the corresponding order by using the scattered data in the scattered array according to the order to obtain a first encrypted data block of the data fragments;
and A2, performing position sequence transformation on the first encrypted data blocks of the data fragments in the corresponding sequence according to the sequence through the permutation array, and obtaining a first updating permutation dispersion array of each data fragment.
6. The fast data security protection method according to claim 5, wherein the method for separately encrypting the second preliminary divided data blocks in all the data fragments comprises the following steps:
b1, encrypting the small and medium data blocks in the second primarily divided data block of the data fragment according to the first updating displacement dispersion number of the adjacent data fragment to obtain a second encrypted data block of the data fragment;
b2, matching corresponding permutation arrays in the plurality of permutation arrays;
b3, carrying out position sequence transformation on the second encrypted data blocks of the data fragments through the matched permutation array to obtain a second updated permutation dispersion array of each data fragment;
and B1-B3 are carried out on the primarily divided data blocks after the second primarily divided data block in the data fragment until the encryption of all the primarily divided data blocks in the data fragment is finished, so that the encrypted data block is obtained.
7. The fast data security protection method according to claim 1, wherein the process of dispersing the permutation dispersion arrays into the data fragments respectively to form the encrypted data fragments together with the encrypted data blocks comprises:
a displacement dispersion array adopted in the encryption processing process is dispersed and matched with data fragments by a perfect key dispersion method;
and the encrypted data block corresponding to the data fragment and the dispersed data group which is dispersedly matched form the encrypted data fragment.
8. The method according to claim 1, wherein when the constituent encrypted data fragments are stored in the cloud storage point according to the average storage rule, the encrypted data fragments of adjacent data fragments are not stored in the same cloud storage point.
9. The fast data security protection method of claim 1, wherein the step of verifying for each block of fragmented encrypted data units comprises:
s1, obtaining the information of the encrypted data fragmentation cell block, and marking the encrypted data fragmentation cell block as AiThen, it is expressed as:
Ai={aij}
wherein, aijRepresenting a jth encrypted data fragment in an ith encrypted data fragment unit block;
s2, combining and connecting the encrypted data fragments according to the following formula;
Hikl=ARA(F(aik),F(ail)),k≠l
in the above formula, HiklDenotes combined data of a kth encrypted data fragment and a l encrypted data fragment in an ith encrypted data fragment unit block, F denotes additionMapping function between the fragmentation of secret data and the data to be processed, ARA representing an arbitrary function in a block of blocks of fragments of secret data, aikRepresenting the kth encrypted data fragment in the ith block of encrypted data fragmentation, ailIndicating the ith encrypted data fragment in the ith encrypted data fragment unit block;
s3, obtaining a test result according to the following formula;
in the above formula, GiThe method comprises the steps of representing a detection result of an ith encrypted data fragment unit block, wherein m represents unqualified detection, n represents qualified detection, W represents data to be processed, and LEN represents a data length function;
and when the verification result is that the verification is unqualified, adjusting the encrypted data fragments in the encrypted data fragment unit block and the encrypted data fragments in other encrypted data fragment unit blocks, and then performing the steps S1 to S3 again until the verification is qualified.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110475887.XA CN113204774B (en) | 2021-04-29 | 2021-04-29 | Rapid data security protection method based on multi-cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110475887.XA CN113204774B (en) | 2021-04-29 | 2021-04-29 | Rapid data security protection method based on multi-cloud environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113204774A CN113204774A (en) | 2021-08-03 |
CN113204774B true CN113204774B (en) | 2021-11-26 |
Family
ID=77029441
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110475887.XA Active CN113204774B (en) | 2021-04-29 | 2021-04-29 | Rapid data security protection method based on multi-cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113204774B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114422112B (en) * | 2022-03-31 | 2022-07-05 | 杭州瀚陆海洋科技有限公司 | Communication method and system of underwater robot |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101147155A (en) * | 2005-03-25 | 2008-03-19 | 松下电器产业株式会社 | Program converting device, secure processing device, computer program, and recording medium |
CN104580236A (en) * | 2015-01-21 | 2015-04-29 | 深圳市创维群欣安防科技有限公司 | Streaming media encryption and decryption method and device |
CN104754055A (en) * | 2015-04-03 | 2015-07-01 | 易云捷讯科技(北京)有限公司 | Safety cloud storage method for use in multi-cloud environment |
CN108023724A (en) * | 2016-11-04 | 2018-05-11 | 北京展讯高科通信技术有限公司 | Data transmission method and device |
CN108230224A (en) * | 2017-12-29 | 2018-06-29 | 湖北工业大学 | A kind of Image Watermarking and extracting method for colour blindness image after correction |
US20200193035A1 (en) * | 2018-12-13 | 2020-06-18 | Andres De Jesus Andreu | Method and system for data security via entropy and disinformation based information dispersal |
CN111770115A (en) * | 2020-09-01 | 2020-10-13 | 北京连山科技股份有限公司 | Data security processing method with avalanche effect |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9122863B2 (en) * | 2011-12-19 | 2015-09-01 | International Business Machines Corporation | Configuring identity federation configuration |
CN103973676B (en) * | 2014-04-21 | 2017-05-24 | 蓝盾信息安全技术股份有限公司 | Cloud computing safety protection system and method based on SDN |
CN110602147B (en) * | 2019-10-09 | 2021-07-30 | 合肥中科深谷科技发展有限公司 | Data encryption safe storage method, system and storage medium based on cloud platform |
-
2021
- 2021-04-29 CN CN202110475887.XA patent/CN113204774B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101147155A (en) * | 2005-03-25 | 2008-03-19 | 松下电器产业株式会社 | Program converting device, secure processing device, computer program, and recording medium |
CN104580236A (en) * | 2015-01-21 | 2015-04-29 | 深圳市创维群欣安防科技有限公司 | Streaming media encryption and decryption method and device |
CN104754055A (en) * | 2015-04-03 | 2015-07-01 | 易云捷讯科技(北京)有限公司 | Safety cloud storage method for use in multi-cloud environment |
CN108023724A (en) * | 2016-11-04 | 2018-05-11 | 北京展讯高科通信技术有限公司 | Data transmission method and device |
CN108230224A (en) * | 2017-12-29 | 2018-06-29 | 湖北工业大学 | A kind of Image Watermarking and extracting method for colour blindness image after correction |
US20200193035A1 (en) * | 2018-12-13 | 2020-06-18 | Andres De Jesus Andreu | Method and system for data security via entropy and disinformation based information dispersal |
CN111770115A (en) * | 2020-09-01 | 2020-10-13 | 北京连山科技股份有限公司 | Data security processing method with avalanche effect |
Non-Patent Citations (3)
Title |
---|
Information Dispersion over Redundant Arrays of Optimal Cloud Storage for Desktop Users;Josef Spillner 等;《2011 Fourth IEEE International Conference on Utility and Cloud Computing》;20120109;全文 * |
可搜索加密技术研究综述;李经纬 等;《软件学报》;20150320;第26卷(第1期);全文 * |
基于离散余弦变换的自适应盲视频水印算法;任克强 等;《计算机安全》;20120717;第2012卷(第4期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113204774A (en) | 2021-08-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110334526B (en) | Forward security searchable encryption storage system and method supporting verification | |
US8468311B2 (en) | System, methods, and apparatus for subdividing data for storage in a dispersed data storage grid | |
US9483656B2 (en) | Efficient and secure data storage utilizing a dispersed data storage system | |
US10721062B2 (en) | Utilizing error correction for secure secret sharing | |
US20140281486A1 (en) | Community-based de-duplication for encrypted data | |
US9256499B2 (en) | Method and apparatus of securely processing data for file backup, de-duplication, and restoration | |
US20170193026A1 (en) | Customer vehicle data security method | |
US20100266119A1 (en) | Dispersed storage secure data decoding | |
US20140270153A1 (en) | System and Method for Content Encryption in a Key/Value Store | |
CN103141056A (en) | Secret distribution system, secret distribution device, secret distribution method, secret sorting method, secret distribution program | |
CN108197484B (en) | Method for realizing node data security in distributed storage environment | |
CN104704501B (en) | Securely generate and store in computer systems password | |
CN110602147A (en) | Data encryption safe storage method, system and storage medium based on cloud platform | |
JP2020519969A (en) | Secret calculation method, device, and program | |
CN102811212A (en) | Data encryption method with repetitive data deleting function and system thereof | |
EP3545642A1 (en) | Method and system for securely storing data using a secret sharing scheme | |
CN113204774B (en) | Rapid data security protection method based on multi-cloud environment | |
CN113254955A (en) | Forward security connection keyword symmetric searchable encryption method, system and application | |
CN107592298A (en) | A kind of sequence comparison algorithm based on single server model safely outsourced method, user terminal and server | |
CN112887077B (en) | SSD main control chip random cache confidentiality method and circuit | |
US8862893B2 (en) | Techniques for performing symmetric cryptography | |
JP2012154990A (en) | Confidential sort system, confidential sort apparatus, confidential sort method and confidential sort program | |
CN109462581B (en) | Ciphertext deduplication method capable of resisting continuous attack of violent dictionary adversary | |
Ha et al. | A secure deduplication scheme based on data popularity with fully random tags | |
Deryabin et al. | Secure verifiable secret short sharing scheme for multi-cloud storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |