CN113204774B - Rapid data security protection method based on multi-cloud environment - Google Patents

Rapid data security protection method based on multi-cloud environment Download PDF

Info

Publication number
CN113204774B
CN113204774B CN202110475887.XA CN202110475887A CN113204774B CN 113204774 B CN113204774 B CN 113204774B CN 202110475887 A CN202110475887 A CN 202110475887A CN 113204774 B CN113204774 B CN 113204774B
Authority
CN
China
Prior art keywords
data
encrypted
fragments
encrypted data
blocks
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110475887.XA
Other languages
Chinese (zh)
Other versions
CN113204774A (en
Inventor
张凯
郑应强
赵旭春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing LSSEC Technology Co Ltd
Original Assignee
Beijing LSSEC Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing LSSEC Technology Co Ltd filed Critical Beijing LSSEC Technology Co Ltd
Priority to CN202110475887.XA priority Critical patent/CN113204774B/en
Publication of CN113204774A publication Critical patent/CN113204774A/en
Application granted granted Critical
Publication of CN113204774B publication Critical patent/CN113204774B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/064Management of blocks

Abstract

The invention provides a rapid data security protection algorithm based on a multi-cloud environment, which comprises the following steps: dividing data to be processed according to a division rule to obtain data fragments; randomly generating a plurality of permutation arrays; splitting the permutation array into permutation dispersion arrays according to an exclusive or mode; encrypting the data fragments by replacing the scattered array to obtain an encrypted data block; respectively dispersing the replacement dispersed arrays into the data fragments to form encrypted data fragments together with the encrypted data blocks; and storing the encrypted data fragments to a cloud storage point according to an average storage rule. The invention provides a rapid data security protection algorithm based on a multi-cloud environment, realizes a data storage function in the multi-cloud environment by combining a replacement algorithm and a perfect dispersion algorithm, effectively solves the problems in the prior art, and has the advantages of high security performance, large storage capacity, high speed and low cost.

Description

Rapid data security protection method based on multi-cloud environment
Technical Field
The invention relates to the technical field of data security storage, in particular to a rapid data security protection method based on a multi-cloud environment.
Background
The existing safe distributed cloud storage is mainly realized by an information dispersion technology, and the information dispersion technology comprises the following steps: the perfect information dispersion scheme (SSS) of Shamir, the Information Dispersion Algorithm (IDA) of Rabin, the short message dispersion algorithm (SSMS) of Krawczyk, the Aont algorithm (AONT-RS) of Rivest, truncated storage, storage point adding storage and the like; however, the information dispersion technologies have obvious defects, and the SSS, although achieving theoretical security, has low efficiency on big data, has applicability only to small data, has few application scenarios, and is not actually suitable for cloud storage; the original data can be restored by adding a small amount of redundancy to the IDA, but the safety is low; the security and the performance of the SSMS are completely dependent on the encryption and information dispersion algorithms it uses, and a lot of cost is consumed in key management; the AONT-RS is an encoding mode, but the security is much weaker than that of an encryption algorithm; the truncated storage mode usually directly exposes partial data information, which causes a security problem; the storage points stored by the storage points are increased, so that the expense is high; therefore, the invention provides a rapid data security protection method based on a multi-cloud environment, realizes the storage function of data in the multi-cloud environment by combining a replacement algorithm and a perfect dispersion algorithm, effectively solves the problems in the prior art, and has the advantages of high security, large storage capacity, high speed and low cost.
Disclosure of Invention
The invention provides a rapid data security protection method based on a multi-cloud environment, which combines a replacement algorithm and a perfect dispersion algorithm to realize a data storage function in the multi-cloud environment, effectively solves the problems in the prior art, and has the advantages of high security, large storage capacity, high speed and low cost.
The invention provides a rapid data security protection method based on a multi-cloud environment, which comprises the following steps:
dividing data to be processed according to a division rule to obtain data fragments;
randomly generating a plurality of permutation arrays;
splitting the permutation array into permutation dispersion arrays in an exclusive-or mode;
encrypting the data fragments by replacing the scattered array to obtain encrypted data blocks;
respectively dispersing the permutation dispersion array into data fragments, and forming encrypted data fragments together with the encrypted data blocks;
and storing the encrypted data fragments to a cloud storage point according to an average storage rule.
Further, the process of dividing the data to be processed according to the division rule to obtain the data fragments includes:
performing primary division on data to be processed to obtain a plurality of primary division data blocks;
dividing each preliminarily divided data block into a plurality of small data blocks;
and averagely dividing the data to be processed into a plurality of data fragments by taking the preliminarily divided data blocks as a unit according to a division rule, so that each data fragment is composed of the same number of small data blocks.
Further, the number of the data fragments is a multiple of the number of cloud storage points, and the ratio between the preliminarily divided data block and the small data block is just equal to the number value of the data fragments.
Further, in the process of encrypting the data fragments by replacing the scattered array, firstly, encryption processing is respectively performed on first primarily divided data blocks in all the data fragments, when the first primarily divided data blocks in all the data fragments are subjected to data encryption, encryption processing is respectively performed on second primarily divided data blocks in all the data fragments, and when the second primarily divided data blocks in all the data fragments are subjected to data encryption, encryption processing is respectively performed on third primarily divided data blocks in all the data fragments until all the primarily divided data blocks in the data fragments are subjected to encryption processing.
Further, the step of performing encryption processing on the first preliminarily divided data blocks in all the data fragments respectively includes:
a1, respectively encrypting the small data blocks of the first preliminary division data block in the data fragments in the corresponding order by using the scattered data in the scattered array according to the order to obtain a first encrypted data block of the data fragments;
and A2, performing position sequence transformation on the first encrypted data blocks of the data fragments in the corresponding sequence according to the sequence through the permutation array, and obtaining a first updating permutation dispersion array of each data fragment.
Further, the method for respectively encrypting the second primarily divided data blocks in all the data fragments comprises the following steps:
b1, encrypting the small and medium data blocks in the second primarily divided data block of the data fragment according to the first updating displacement dispersion number of the adjacent data fragment to obtain a second encrypted data block of the data fragment;
b2, matching corresponding permutation arrays in the plurality of permutation arrays;
b3, carrying out position sequence transformation on the second encrypted data blocks of the data fragments through the matched permutation array to obtain a second updated permutation dispersion array of each data fragment;
and B1-B3 are carried out on the primarily divided data blocks after the second primarily divided data block in the data fragment until the encryption of all the primarily divided data blocks in the data fragment is finished, so that the encrypted data block is obtained.
Further, the process of respectively dispersing the permutation dispersion arrays into the data fragments and jointly forming the encrypted data fragments with the encrypted data blocks includes:
a displacement dispersion array adopted in the encryption processing process is dispersed and matched with data fragments by a perfect key dispersion method;
and the encrypted data block corresponding to the data fragment and the dispersed data group which is dispersedly matched form the encrypted data fragment.
Further, when the encrypted data fragments are stored in the cloud storage point according to the average storage rule, the encrypted data fragments of adjacent data fragments are not stored in the same cloud storage point.
Further, the process of storing the formed encrypted data fragments to a cloud storage point according to an average storage rule includes:
determining the encrypted data fragment; summarizing all encrypted data fragments, and disordering the sequence of the encrypted data fragments to obtain encrypted data fragments in a random arrangement sequence;
partitioning the encrypted data fragments in the random arrangement sequence according to an average rule to obtain a plurality of encrypted data fragment unit blocks; partitioning the encrypted data fragments in the random arrangement sequence according to the number of cloud storage points, so that the number of the encrypted data fragments in each encrypted data fragment unit block is consistent;
checking each encrypted data fragmentation cell block; whether continuous data to be processed exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks is checked in each encrypted data fragment unit block, if the continuous data to be processed do not exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks, the original data are checked to be qualified, otherwise, the original data are checked again after being adjusted for the encrypted data fragment unit blocks with the continuous data to be processed until the original data are checked to be qualified;
storing the qualified encrypted data fragment unit block into a cloud storage point; and matching the encrypted data fragment unit blocks with the cloud storage points through random permutation and combination, and storing data according to matching results.
Further, the step of verifying for each block of fragmented encrypted data comprises:
s1, obtaining the information of the encrypted data fragmentation cell block, and marking the encrypted data fragmentation cell block as AiThen, it is expressed as:
Ai={aij}
wherein, aijRepresenting a jth encrypted data fragment in an ith encrypted data fragment unit block;
s2, combining and connecting the encrypted data fragments according to the following formula;
Hikl=ARA(F(aik),F(ail)),k≠l
in the above formula, HiklRepresenting combined data of a kth encrypted data fragment and a l encrypted data fragment in an ith encrypted data fragment unit block, F representing a mapping function between the encrypted data fragments and data to be processed, ARA representing an arbitrary function in the encrypted data fragment unit block, aikRepresenting the kth encrypted data fragment in the ith block of encrypted data fragmentation, ailIndicating the ith encrypted data fragment in the ith encrypted data fragment unit block;
s3, obtaining a test result according to the following formula;
Figure GDA0003264096630000051
in the above formula, GiThe method comprises the steps of representing a detection result of an ith encrypted data fragment unit block, wherein m represents unqualified detection, n represents qualified detection, W represents data to be processed, and LEN represents a data length function;
and when the verification result is that the verification is unqualified, adjusting the encrypted data fragments in the encrypted data fragment unit block and the encrypted data fragments in other encrypted data fragment unit blocks, and then performing the steps S1 to S3 again until the verification is qualified.
The invention has at least the following beneficial effects:
(1) according to the rapid data security protection method based on the cloud environment, the key in the encryption process does not need to be managed, and the cost is effectively reduced; when encryption processing is carried out, the security of data is improved by combining a replacement algorithm, so that the security of the encrypted data is higher; in addition, during encryption processing, the data encrypted by the same encryption method in different data fragments can be encrypted simultaneously, so that the encryption processing speed is increased, the efficiency of the rapid data security protection method is improved, in addition, the data are stored through a plurality of cloud storage points in a multi-cloud environment, the storage capacity is larger, and the data storage capacity is improved.
(2) According to the rapid data security protection method based on the cloud environment, the scattered array and the encrypted data block jointly form the encrypted data, so that the scattered array and the encrypted data block are jointly stored when being used as the key in the encryption process, a special key management unit is avoided, and the management cost is effectively reduced.
(3) According to the rapid data security protection method based on the multi-cloud environment, when the data is stored, the encrypted data fragments of the adjacent data fragments are not stored in the same cloud storage point, so that if decryption is needed, all the encrypted data fragments in all the cloud storage points are required to be collected to be decrypted, the data is prevented from being acquired or stolen through a single cloud storage point, and the data security is improved.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow chart illustrating the steps of a method for fast data security protection according to the present invention;
FIG. 2 is a schematic diagram of a first step in a fast data security protection method based on a cloud environment according to the present invention;
FIG. 3 is a flowchart of a first preliminary data block partitioning encryption procedure in data fragments according to a fast data security protection method under a cloud environment;
fig. 4 is a flowchart of a high-order preliminary data block division encryption step in data fragmentation according to a fast data security protection method in a cloud-based environment of the present invention;
fig. 5 is a schematic diagram illustrating high-order preliminary data block division encryption in data fragments according to a fast data security protection method in a cloud environment;
fig. 6 is a schematic diagram of step six in the fast data security protection method based on the cloud environment according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
As shown in fig. 1, an embodiment of the present invention provides a fast data security protection method based on a multi-cloud environment, including:
the method comprises the following steps that firstly, data to be processed are divided according to a division rule to obtain data fragments;
step two, randomly generating a plurality of permutation arrays;
step three, splitting the permutation array into a permutation dispersion array according to an exclusive-or mode;
fourthly, encrypting the data fragments through the permutation and dispersion array to obtain encrypted data blocks;
fifthly, respectively dispersing the replacement dispersed arrays into data fragments to form encrypted data fragments together with the encrypted data blocks;
and step six, storing the encrypted data fragments to a cloud storage point according to an average storage rule.
In the technical scheme, when data is safely stored, data to be processed is firstly divided according to a division rule to obtain data fragments; secondly, randomly generating a plurality of permutation arrays; and splitting the permutation array into permutation dispersion arrays in an exclusive or manner; then, carrying out encryption processing on the data fragments through the permutation and dispersion array to obtain an encrypted data block; then, respectively dispersing the replacement scattered arrays into data fragments to form encrypted data fragments together with the encrypted data blocks; and finally, storing the encrypted data fragments to a cloud storage point according to an average storage rule. In addition, in the second step, when a plurality of permutation arrays are randomly generated, the number of the permutation arrays is the same as the number of the storage points, for example: if 3 storage points exist, three random permutation arrays are generated, and the elements in each permutation array are randomly arranged in a range from 1 to 16. By the technical scheme, the key in the encryption process does not need to be managed, so that the cost is effectively reduced; when encryption processing is carried out, the security of data is improved by combining a replacement algorithm, so that the security of the encrypted data is higher; in addition, during encryption processing, the data encrypted by the same encryption method in different data fragments can be encrypted simultaneously, so that the encryption processing speed is increased, the efficiency of the rapid data security protection method is improved, in addition, the data are stored through a plurality of cloud storage points in a multi-cloud environment, the storage capacity is larger, and the data storage capacity is improved.
In an embodiment provided by the present invention, the process of dividing the data to be processed according to the division rule to obtain the data fragments includes:
performing primary division on data to be processed to obtain a plurality of primary division data blocks;
dividing each preliminarily divided data block into a plurality of small data blocks;
and averagely dividing the data to be processed into a plurality of data fragments by taking the preliminarily divided data blocks as a unit according to a division rule, so that each data fragment is composed of the same number of small data blocks.
In the technical scheme, in the process of obtaining the data fragments, firstly, the data to be processed is primarily divided to obtain a plurality of primarily divided data blocks; then, each preliminarily divided data block is divided again, and the preliminarily divided data block is divided into a plurality of small data blocks; and finally, averagely dividing the data to be processed into a plurality of data fragments by taking the preliminary division data block as a unit according to a division rule, so that the number of the preliminary division data blocks in each data fragment and the number of the small data blocks are equal, and the small data blocks are the minimum unit in the data to be processed and have the size of 1 bit. Through the technical scheme, the data to be processed can be divided, so that the encryption processing is facilitated, the safety of the encrypted data block is improved, the data processing and storage speed can be increased, the efficiency of a data security protection algorithm is improved, the data balance can be effectively ensured by the preliminarily divided data blocks or small data blocks with the same number in each data fragment, and the safety of the data is improved.
According to the technical scheme, in the data d to be processed, the data d to be processed is firstly divided into k times of preliminary division data blocks, and then the preliminary division data blocks biDividing again to obtain multiple small data blocks, and recording the small data blocks as mbjFinally, pressing the data d to be processedDividing into k pieces of data f according to division rulei. When k is 3, the above steps are as shown in fig. 2, and each preliminary division data block biMiddle and small data block mbjThe number of (2) is 3.
In an embodiment provided by the present invention, the number of the data fragments is a multiple of the number of cloud storage points, and the ratio between the preliminarily divided data block and the small data block is just equal to the number of the data fragments.
Among the above-mentioned technical scheme, when carrying out preliminary partition to pending data, the figure of the data piece that will divide sets the multiple of the number of cloud memory point into, make can follow average rule when storing the cloud memory point, keep the storage balance of cloud memory point, and when dividing preliminary data once more, the figure of the small-size data piece that every preliminary division data piece divided into is kept unanimous with the figure of data piece, make the difference between the data after carrying out the encryption processing reduce, thereby improve the security of data.
In an embodiment of the present invention, in the process of performing encryption processing on the data fragments by replacing the scattered array, first primarily divided data blocks in all the data fragments are respectively encrypted, when the first primarily divided data blocks in all the data fragments are completely encrypted, second primarily divided data blocks in all the data fragments are respectively encrypted, and when the second primarily divided data blocks in all the data fragments are completely encrypted, third primarily divided data blocks in all the data fragments are respectively encrypted until all the primarily divided data blocks in the data fragments are completely encrypted.
In the technical scheme, when the data fragments are encrypted through the permutation dispersion array, the first primary division data in each data fragment is encrypted and then the second primary division data in the data fragment is encrypted, when the second primary division data in each data fragment is encrypted, the third primary division data in the data fragment is encrypted, and so on until all the primary division data blocks in the data fragment are completely encrypted. Through the technical scheme, different data fragments can be simultaneously encrypted when the data blocks are preliminarily divided according to the same sequence, so that the encryption time is effectively saved, and the encryption processing efficiency is improved.
As shown in fig. 3, in an embodiment provided by the present invention, the step of performing encryption processing on the first preliminarily divided data blocks in all the data fragments respectively includes:
a1, respectively encrypting the small data blocks of the first preliminary division data block in the data fragments in the corresponding order by using the scattered data in the scattered array according to the order to obtain a first encrypted data block of the data fragments;
and A2, performing position sequence transformation on the first encrypted data blocks of the data fragments in the corresponding sequence according to the sequence through the permutation array, and obtaining a first updating permutation dispersion array of each data fragment.
In the above technical solution, when encrypting the first preliminarily divided data block in the data fragment, the scattered data of the scattered data group is used
Figure GDA0003264096630000101
Partitioning the first preliminary block of data b of a data fragment0Medium smaller block mbjSequentially encrypting to generate a first encrypted data block of the data fragment, and randomly replacing 16 bits in the small data block of the first encrypted data block of the data fragment in the corresponding sequence through the replacing array contrast sequence to obtain a first updating replacing dispersed array s of each data fragment1 0,s1 1,……s1 k-1(k represents the number of data fragments). The technical scheme is adopted to encrypt the first primarily divided data block in the data fragment, so that the data security is improved, and the permutation array is randomly generated, so that the original data of the encrypted data is difficult to obtain through an abnormal way, and the data security is improved.
As shown in fig. 4, in an embodiment of the present invention, the method for separately encrypting the second preliminary divided data blocks in all the data fragments includes the following steps:
b1, encrypting the small and medium data blocks in the second primarily divided data block of the data fragment according to the first updating displacement dispersion number of the adjacent data fragment to obtain a second encrypted data block of the data fragment;
b2, matching corresponding permutation arrays in the plurality of permutation arrays;
b3, carrying out position sequence transformation on the second encrypted data blocks of the data fragments through the matched permutation array to obtain a second updated permutation dispersion array of each data fragment;
and B1-B3 are carried out on the primarily divided data blocks after the second primarily divided data block in the data fragment until the encryption of all the primarily divided data blocks in the data fragment is finished, so that the encrypted data block is obtained.
In the above technical solution, when encrypting the second initially-divided data block in the data fragment, as shown in fig. 5, the small-sized data block mb in the second initially-divided data block of the data fragment is sequentially replaced by the first update permutation and dispersion array s1 in the adjacent data fragmentjEncrypting to generate new data block, and using relative permutation number to encrypt mb in the data blockjAnd (3) transforming the position sequence to generate a second updating replacement dispersed array of the data fragments, and repeating the steps until the second preliminary division data block in each data fragment is encrypted, and similarly, encrypting other high-order preliminary division data blocks such as a third preliminary division data block, a fourth preliminary division data block and the like in the data fragments according to the method. By the technical scheme, the secret key adopted in encryption can be sourced from adjacent data fragments instead of self data, and the safety of the data is ensured and the safety of the data is improved by combining a permutation algorithm.
In an embodiment provided by the present invention, the process of respectively dispersing the permutation and dispersion arrays into the data fragments and forming the encrypted data fragments together with the encrypted data blocks includes:
a displacement dispersion array adopted in the encryption processing process is dispersed and matched with data fragments by a perfect key dispersion method;
and the encrypted data block corresponding to the data fragment and the dispersed data group which is dispersedly matched form the encrypted data fragment.
In the technical scheme, the perfect dispersion algorithm is divided into the replacement dispersion arrays with the same number as the fragments, and the replacement dispersion arrays are evenly dispersed into each fragment, so that the encrypted data fragments are jointly formed by the dispersion arrays and the encrypted data blocks, the dispersion arrays are used as keys in the encryption process and are jointly stored with the encrypted data blocks, a special key management unit is avoided, and the management cost is effectively reduced.
In an embodiment provided by the present invention, when the encrypted data fragments are stored in the cloud storage point according to the average storage rule, the encrypted data fragments of adjacent data fragments are not stored in the same cloud storage point.
In the above technical scheme, when the data is stored, the number of the encrypted data fragments stored in each cloud storage point is equal, and as shown in fig. 6, the encrypted data fragments of adjacent data fragments are not stored in the same cloud storage point, so that if decryption is desired, all the encrypted data fragments in all the cloud storage points must be collected together to be decrypted, data acquisition or data stealing through a single cloud storage point is avoided, and the data security is improved.
In an embodiment provided by the present invention, the storing the formed encrypted data fragments to the cloud storage point according to the average storage rule includes:
determining the encrypted data fragment; summarizing all encrypted data fragments, and disordering the sequence of the encrypted data fragments to obtain encrypted data fragments in a random arrangement sequence;
partitioning the encrypted data fragments in the random arrangement sequence according to an average rule to obtain a plurality of encrypted data fragment unit blocks; partitioning the encrypted data fragments in the random arrangement sequence according to the number of cloud storage points, so that the number of the encrypted data fragments in each encrypted data fragment unit block is consistent;
checking each encrypted data fragmentation cell block; whether continuous data to be processed exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks is checked in each encrypted data fragment unit block, if the continuous data to be processed do not exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks, the original data are checked to be qualified, otherwise, the original data are checked again after being adjusted for the encrypted data fragment unit blocks with the continuous data to be processed until the original data are checked to be qualified;
storing the qualified encrypted data fragment unit block into a cloud storage point; and matching the encrypted data fragment unit blocks with the cloud storage points through random permutation and combination, and storing data according to matching results.
In the technical scheme, when the encrypted data fragments are stored in the cloud storage point according to the average storage rule, firstly, the encrypted data fragments are determined; summarizing all encrypted data fragments, and disordering the sequence of the encrypted data fragments to obtain encrypted data fragments in a random arrangement sequence; then, partitioning the encrypted data fragments in the random arrangement sequence according to an average rule to obtain a plurality of encrypted data fragment unit blocks; then, checking each encrypted data fragment unit block; and finally, storing the qualified encrypted data fragment unit block into a cloud storage point. According to the technical scheme, the original to-be-processed data corresponding to the encrypted data fragments in each cloud storage point are not continuous, the situation that the adjacent encrypted data blocks are decrypted through data information in the adjacent encrypted data blocks is avoided, the data are exposed, and the data safety is further improved.
In one embodiment of the present invention, the step of verifying each encrypted data fragmentation cell block includes:
s1, obtaining the information of the encrypted data fragmentation cell block, and marking the encrypted data fragmentation cell block as AiThen, it is expressed as:
Ai={aij}
wherein, aijRepresenting a jth encrypted data fragment in an ith encrypted data fragment unit block;
s2, combining and connecting the encrypted data fragments according to the following formula;
Hikl=ARA(F(aik),F(ail)),k≠l
in the above formula, HiklRepresenting combined data of a kth encrypted data fragment and a l encrypted data fragment in an ith encrypted data fragment unit block, F representing a mapping function between the encrypted data fragments and data to be processed, ARA representing an arbitrary function in the encrypted data fragment unit block, aikRepresenting the kth encrypted data fragment in the ith block of encrypted data fragmentation, ailIndicating the ith encrypted data fragment in the ith encrypted data fragment unit block;
s3, obtaining a test result according to the following formula;
Figure GDA0003264096630000141
in the above formula, GiThe method comprises the steps of representing a detection result of an ith encrypted data fragment unit block, wherein m represents unqualified detection, n represents qualified detection, W represents data to be processed, and LEN represents a data length function;
and when the verification result is that the verification is unqualified, adjusting the encrypted data fragments in the encrypted data fragment unit block and the encrypted data fragments in other encrypted data fragment unit blocks, and then performing the steps S1 to S3 again until the verification is qualified.
According to the technical scheme, the encrypted data fragments in the encrypted data fragment unit blocks are detected by acquiring the information of the encrypted data fragment unit blocks, performing combined connection on the encrypted data fragments and acquiring a detection result, so that the adjacent encrypted data fragments existing in the encrypted data fragment unit blocks which are partitioned according to an average rule are detected, the adjacent encrypted data fragments do not exist in each encrypted data fragment unit block, the safety of data stored in a cloud storage point is improved, the calculation formula of the detection result enables the detection to be more sensitive through existence and any condition, and the judgment accuracy of the detection result is improved.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (9)

1. A rapid data security protection method based on a multi-cloud environment is characterized by comprising the following steps:
dividing data to be processed according to a division rule to obtain data fragments;
randomly generating a plurality of permutation arrays;
splitting the permutation array into permutation dispersion arrays in an exclusive-or mode;
encrypting the data fragments by replacing the scattered array to obtain encrypted data blocks;
respectively dispersing the permutation dispersion array into data fragments, and forming encrypted data fragments together with the encrypted data blocks;
storing the encrypted data fragments to a cloud storage point according to an average storage rule, wherein the method comprises the following steps:
determining the encrypted data fragment; summarizing all encrypted data fragments, and disordering the sequence of the encrypted data fragments to obtain encrypted data fragments in a random arrangement sequence;
partitioning the encrypted data fragments in the random arrangement sequence according to an average rule to obtain a plurality of encrypted data fragment unit blocks; partitioning the encrypted data fragments in the random arrangement sequence according to the number of cloud storage points, so that the number of the encrypted data fragments in each encrypted data fragment unit block is consistent;
checking each encrypted data fragmentation cell block; whether continuous data to be processed exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks is checked in each encrypted data fragment unit block, if the continuous data to be processed do not exist in the original data corresponding to the encrypted data fragments in the encrypted data fragment unit blocks, the original data are checked to be qualified, otherwise, the original data are checked again after being adjusted for the encrypted data fragment unit blocks with the continuous data to be processed until the original data are checked to be qualified;
storing the qualified encrypted data fragment unit block into a cloud storage point; and matching the encrypted data fragment unit blocks with the cloud storage points through random permutation and combination, and storing data according to matching results.
2. The fast data security protection method according to claim 1, wherein the process of performing data partitioning on the data to be processed according to the partitioning rule to obtain the data fragments comprises:
performing primary division on data to be processed to obtain a plurality of primary division data blocks;
dividing each preliminarily divided data block into a plurality of small data blocks;
and averagely dividing the data to be processed into a plurality of data fragments by taking the preliminarily divided data blocks as a unit according to a division rule, so that each data fragment is composed of the same number of small data blocks.
3. The fast data security protection method of claim 2, wherein the number of the data fragments is a multiple of the number of cloud storage points, and a ratio between the preliminarily partitioned data block and the small data block is just equal to the number of the data fragments.
4. The fast data security protection method according to claim 3, wherein in the process of performing encryption processing on the data fragments by replacing the scattered array, first encryption processing is performed on first primarily divided data blocks in all the data fragments, when the first primarily divided data blocks in all the data fragments are completely encrypted, second primarily divided data blocks in all the data fragments are respectively encrypted, and when the second primarily divided data blocks in all the data fragments are completely encrypted, third primarily divided data blocks in all the data fragments are respectively encrypted until all the primarily divided data blocks in the data fragments are completely encrypted.
5. The fast data security protection method according to claim 4, wherein the step of separately performing encryption processing on the first preliminarily divided data blocks in all the data fragments comprises:
a1, respectively encrypting the small data blocks of the first preliminary division data block in the data fragments in the corresponding order by using the scattered data in the scattered array according to the order to obtain a first encrypted data block of the data fragments;
and A2, performing position sequence transformation on the first encrypted data blocks of the data fragments in the corresponding sequence according to the sequence through the permutation array, and obtaining a first updating permutation dispersion array of each data fragment.
6. The fast data security protection method according to claim 5, wherein the method for separately encrypting the second preliminary divided data blocks in all the data fragments comprises the following steps:
b1, encrypting the small and medium data blocks in the second primarily divided data block of the data fragment according to the first updating displacement dispersion number of the adjacent data fragment to obtain a second encrypted data block of the data fragment;
b2, matching corresponding permutation arrays in the plurality of permutation arrays;
b3, carrying out position sequence transformation on the second encrypted data blocks of the data fragments through the matched permutation array to obtain a second updated permutation dispersion array of each data fragment;
and B1-B3 are carried out on the primarily divided data blocks after the second primarily divided data block in the data fragment until the encryption of all the primarily divided data blocks in the data fragment is finished, so that the encrypted data block is obtained.
7. The fast data security protection method according to claim 1, wherein the process of dispersing the permutation dispersion arrays into the data fragments respectively to form the encrypted data fragments together with the encrypted data blocks comprises:
a displacement dispersion array adopted in the encryption processing process is dispersed and matched with data fragments by a perfect key dispersion method;
and the encrypted data block corresponding to the data fragment and the dispersed data group which is dispersedly matched form the encrypted data fragment.
8. The method according to claim 1, wherein when the constituent encrypted data fragments are stored in the cloud storage point according to the average storage rule, the encrypted data fragments of adjacent data fragments are not stored in the same cloud storage point.
9. The fast data security protection method of claim 1, wherein the step of verifying for each block of fragmented encrypted data units comprises:
s1, obtaining the information of the encrypted data fragmentation cell block, and marking the encrypted data fragmentation cell block as AiThen, it is expressed as:
Ai={aij}
wherein, aijRepresenting a jth encrypted data fragment in an ith encrypted data fragment unit block;
s2, combining and connecting the encrypted data fragments according to the following formula;
Hikl=ARA(F(aik),F(ail)),k≠l
in the above formula, HiklDenotes combined data of a kth encrypted data fragment and a l encrypted data fragment in an ith encrypted data fragment unit block, F denotes additionMapping function between the fragmentation of secret data and the data to be processed, ARA representing an arbitrary function in a block of blocks of fragments of secret data, aikRepresenting the kth encrypted data fragment in the ith block of encrypted data fragmentation, ailIndicating the ith encrypted data fragment in the ith encrypted data fragment unit block;
s3, obtaining a test result according to the following formula;
Figure FDA0003274024370000041
in the above formula, GiThe method comprises the steps of representing a detection result of an ith encrypted data fragment unit block, wherein m represents unqualified detection, n represents qualified detection, W represents data to be processed, and LEN represents a data length function;
and when the verification result is that the verification is unqualified, adjusting the encrypted data fragments in the encrypted data fragment unit block and the encrypted data fragments in other encrypted data fragment unit blocks, and then performing the steps S1 to S3 again until the verification is qualified.
CN202110475887.XA 2021-04-29 2021-04-29 Rapid data security protection method based on multi-cloud environment Active CN113204774B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110475887.XA CN113204774B (en) 2021-04-29 2021-04-29 Rapid data security protection method based on multi-cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110475887.XA CN113204774B (en) 2021-04-29 2021-04-29 Rapid data security protection method based on multi-cloud environment

Publications (2)

Publication Number Publication Date
CN113204774A CN113204774A (en) 2021-08-03
CN113204774B true CN113204774B (en) 2021-11-26

Family

ID=77029441

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110475887.XA Active CN113204774B (en) 2021-04-29 2021-04-29 Rapid data security protection method based on multi-cloud environment

Country Status (1)

Country Link
CN (1) CN113204774B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114422112B (en) * 2022-03-31 2022-07-05 杭州瀚陆海洋科技有限公司 Communication method and system of underwater robot

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101147155A (en) * 2005-03-25 2008-03-19 松下电器产业株式会社 Program converting device, secure processing device, computer program, and recording medium
CN104580236A (en) * 2015-01-21 2015-04-29 深圳市创维群欣安防科技有限公司 Streaming media encryption and decryption method and device
CN104754055A (en) * 2015-04-03 2015-07-01 易云捷讯科技(北京)有限公司 Safety cloud storage method for use in multi-cloud environment
CN108023724A (en) * 2016-11-04 2018-05-11 北京展讯高科通信技术有限公司 Data transmission method and device
CN108230224A (en) * 2017-12-29 2018-06-29 湖北工业大学 A kind of Image Watermarking and extracting method for colour blindness image after correction
US20200193035A1 (en) * 2018-12-13 2020-06-18 Andres De Jesus Andreu Method and system for data security via entropy and disinformation based information dispersal
CN111770115A (en) * 2020-09-01 2020-10-13 北京连山科技股份有限公司 Data security processing method with avalanche effect

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9122863B2 (en) * 2011-12-19 2015-09-01 International Business Machines Corporation Configuring identity federation configuration
CN103973676B (en) * 2014-04-21 2017-05-24 蓝盾信息安全技术股份有限公司 Cloud computing safety protection system and method based on SDN
CN110602147B (en) * 2019-10-09 2021-07-30 合肥中科深谷科技发展有限公司 Data encryption safe storage method, system and storage medium based on cloud platform

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101147155A (en) * 2005-03-25 2008-03-19 松下电器产业株式会社 Program converting device, secure processing device, computer program, and recording medium
CN104580236A (en) * 2015-01-21 2015-04-29 深圳市创维群欣安防科技有限公司 Streaming media encryption and decryption method and device
CN104754055A (en) * 2015-04-03 2015-07-01 易云捷讯科技(北京)有限公司 Safety cloud storage method for use in multi-cloud environment
CN108023724A (en) * 2016-11-04 2018-05-11 北京展讯高科通信技术有限公司 Data transmission method and device
CN108230224A (en) * 2017-12-29 2018-06-29 湖北工业大学 A kind of Image Watermarking and extracting method for colour blindness image after correction
US20200193035A1 (en) * 2018-12-13 2020-06-18 Andres De Jesus Andreu Method and system for data security via entropy and disinformation based information dispersal
CN111770115A (en) * 2020-09-01 2020-10-13 北京连山科技股份有限公司 Data security processing method with avalanche effect

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Information Dispersion over Redundant Arrays of Optimal Cloud Storage for Desktop Users;Josef Spillner 等;《2011 Fourth IEEE International Conference on Utility and Cloud Computing》;20120109;全文 *
可搜索加密技术研究综述;李经纬 等;《软件学报》;20150320;第26卷(第1期);全文 *
基于离散余弦变换的自适应盲视频水印算法;任克强 等;《计算机安全》;20120717;第2012卷(第4期);全文 *

Also Published As

Publication number Publication date
CN113204774A (en) 2021-08-03

Similar Documents

Publication Publication Date Title
CN110334526B (en) Forward security searchable encryption storage system and method supporting verification
US8468311B2 (en) System, methods, and apparatus for subdividing data for storage in a dispersed data storage grid
US9483656B2 (en) Efficient and secure data storage utilizing a dispersed data storage system
US10721062B2 (en) Utilizing error correction for secure secret sharing
US20140281486A1 (en) Community-based de-duplication for encrypted data
US9256499B2 (en) Method and apparatus of securely processing data for file backup, de-duplication, and restoration
US20170193026A1 (en) Customer vehicle data security method
US20100266119A1 (en) Dispersed storage secure data decoding
US20140270153A1 (en) System and Method for Content Encryption in a Key/Value Store
CN103141056A (en) Secret distribution system, secret distribution device, secret distribution method, secret sorting method, secret distribution program
CN108197484B (en) Method for realizing node data security in distributed storage environment
CN104704501B (en) Securely generate and store in computer systems password
CN110602147A (en) Data encryption safe storage method, system and storage medium based on cloud platform
JP2020519969A (en) Secret calculation method, device, and program
CN102811212A (en) Data encryption method with repetitive data deleting function and system thereof
EP3545642A1 (en) Method and system for securely storing data using a secret sharing scheme
CN113204774B (en) Rapid data security protection method based on multi-cloud environment
CN113254955A (en) Forward security connection keyword symmetric searchable encryption method, system and application
CN107592298A (en) A kind of sequence comparison algorithm based on single server model safely outsourced method, user terminal and server
CN112887077B (en) SSD main control chip random cache confidentiality method and circuit
US8862893B2 (en) Techniques for performing symmetric cryptography
JP2012154990A (en) Confidential sort system, confidential sort apparatus, confidential sort method and confidential sort program
CN109462581B (en) Ciphertext deduplication method capable of resisting continuous attack of violent dictionary adversary
Ha et al. A secure deduplication scheme based on data popularity with fully random tags
Deryabin et al. Secure verifiable secret short sharing scheme for multi-cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant