CN114866235A - Method for encrypting cloud storage file data - Google Patents
Method for encrypting cloud storage file data Download PDFInfo
- Publication number
- CN114866235A CN114866235A CN202210486721.2A CN202210486721A CN114866235A CN 114866235 A CN114866235 A CN 114866235A CN 202210486721 A CN202210486721 A CN 202210486721A CN 114866235 A CN114866235 A CN 114866235A
- Authority
- CN
- China
- Prior art keywords
- data
- encrypting
- algorithm
- cloud storage
- storage file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims description 12
- 230000000875 corresponding Effects 0.000 claims description 6
- 238000005538 encapsulation Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000000926 separation method Methods 0.000 claims description 3
- 230000001131 transforming Effects 0.000 claims description 3
- 238000004220 aggregation Methods 0.000 description 3
- 230000002776 aggregation Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006011 modification reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
Abstract
The invention discloses a method for encrypting cloud storage file data, which comprises the following steps: s1, importing data into an algorithm system by means of a physical interface; s2, completing key authentication and shunting the data led into the algorithm system and the identified key information on data and password resources; s3, sequentially transmitting the branched data and password resources to an algorithm processing unit, and encrypting the data; s4, combining the data and the password resources; s5, sending the combined data and password resources through a physical interface; s6, exporting the successfully encrypted data; when the data is imported into the algorithm system by the aid of the physical interface, the data needing to be encrypted is imported into the algorithm system through the mobile storage medium, is encrypted through the algorithm, and is exported after being encrypted. The invention realizes ultra-high speed processing of super-large data scale by carrying out high-speed encryption algorithm on the cloud storage file data.
Description
Technical Field
The invention relates to the technical field of computer information data encryption, in particular to encryption for processing high-data uploading of super-large-scale data, and specifically relates to a method for encrypting cloud storage file data.
Background
Computers are now used in a variety of fields, and all industries use computers to store and process various data, and databases are the most common data storage facilities in the computer field, and are often used to store important data. However, it is well known that for various reasons, databases may fail or even be completely destroyed, resulting in data loss; therefore, when designing important database systems, backups of databases are generally considered, so that the database can be restored by using the backups after the database loses data.
Meanwhile, with the rapid development of technologies such as informatization, big data, internet and the like, the storage of data is increasingly important in various industries. For example, data storage relates to storage of confidential data in companies, storage of medical institution patient case information, storage of business office client information, storage of school information, and the like, and it can be said that data storage is ubiquitous. With the development of internet technology, the concurrency requirement on data storage is higher and higher, and the original centralized data storage cannot meet the requirement due to the price, performance and other reasons. The method is mainly characterized in that:
(1) the data value and the security risk are improved due to the high aggregation of cloud data, and the systematic password confidentiality defense capability is lacked;
(2) in the face of the safety risks of resource sharing, virtualization and flexible scheduling in the cloud environment, a targeted protection means is lacked;
(3) in the face of the requirement of ultra-large data scale ultra-high speed processing in a cloud environment, the capacity of the existing equipment is insufficient;
(4) in the face of the requirements of dynamic division and flexible deployment of user security domains, a unified, efficient and flexible security policy management and control means is lacked.
An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
Aiming at the problems in the related art, the invention provides a method for encrypting cloud storage file data, so as to overcome the technical problems in the prior related art.
Therefore, the invention adopts the following specific technical scheme:
the method for encrypting the cloud storage file data comprises the following steps:
s1, importing data into an algorithm system by means of a physical interface;
s2, completing key authentication and shunting the data led into the algorithm system and the identified key information on data and password resources;
s3, sequentially transmitting the branched data and password resources to an algorithm processing unit, and encrypting the data;
s4, combining the data and the password resources;
s5, sending the combined data and password resources through a physical interface;
s6, exporting the successfully encrypted data;
when the data is imported into the algorithm system by the aid of the physical interface, the data needing to be encrypted is imported into the algorithm system through the mobile storage medium, is encrypted through the algorithm, and is exported after being encrypted.
Further, the key is authenticated as the removable storage medium having the security authentication information in S2.
Further, in the step S2, when the data and the password resource are split between the data imported into the algorithm system and the identified key information, the identified data and the security authentication information are separated.
Furthermore, when the data is divided, the data is encrypted and decrypted in parallel through multiple paths of data.
Further, the parallel encryption and decryption by the multiple paths of data further comprises the following steps:
processing the data in sequence according to frames;
and adding the separated data into a corresponding algorithm processing unit in hardware.
Further, in S3, sequentially transmitting the split data and the password resource to the algorithm processing unit, and performing data encryption further includes the following steps:
a plurality of algorithm processing units simultaneously carry out encryption and decryption processing;
and integrating the processed data according to the corresponding sequence.
Further, the algorithm processing unit is used for adding an original data frame header, completing the conversion from data separation to data frame encapsulation, encapsulating the load, the encryption and decryption data and the password resource, and transmitting the encrypted data to the data frame encapsulation through the encryption module;
wherein the payload comprises an identifier, a subject, a message, a user name and a password in the security authentication information.
Further, the block length of the encryption module is 4 words, and the input is 4 words of plaintext (X) 1 ,X 2 ,X 3 ,X 4 ) The output obtained after encryption is 4-word cipher text (Y) 1 ,Y 2 ,Y 3 ,Y 4 ) Wherein X is i And Y i Each representing a 32-bit word;
the encryption process consists of 32 iterations and 1 reverse order transformation;
during the iteration, 4-word plaintext is iterated for 32 times, each iteration of the round needs a round key of 1 word, and the round keys are marked as (rk) 0 ,rk 1 ,…,rk 31 )。
Furthermore, the key of the encryption module is 128 bits, and in the 32-round iteration process, each round needs a round key with 1 word;
the original 4-word encryption key is MK = (MK) 1 ,MK 2 ,MK 3 ,MK 4 ) Each word MK of the original key i And system parameter FK i XOR to obtain 4 new words (K) 1 ,K 2 ,K 3 ,K 4 ) And in the 32-round iteration process, 32 round keys are generated;
wherein, the iterative process is to continuously use the round function F and calculate the next word later.
Further, the round function F is F (X) i ,X i+1 ,X i+2 ,X I+3 ,rk i ) Which receives 4 plaintext words of 1 and round keys words of 1 as parameters and finally produces a result of 1 word, i.e. X 4+i =F(X i ,X i+1 ,X i+2 ,X I+3 ,rk i ),i∈[0,31]And starts counting from 0;
after 32 rounds of execution, 36 words (X) are obtained 0 ,X 1 ,X 2 ,X 3 ,…,X 32 ,X 33 ,X 34 ,X 35 );
The last four words (X) obtained by iteration are used 32 ,X 33 ,X 34 ,X 35 ) Performing reverse order operation to obtain final ciphertext (Y) 0 ,Y 1 ,Y 2 ,Y 3 )=(X 35 ,X 34 ,X 33 ,X 32 )。
The invention has the beneficial effects that: the invention realizes ultra-high speed processing of super-large data scale by carrying out high-speed encryption algorithm on the cloud storage file data, and has strong equipment capacity. The invention can provide systematic password secrecy defense capability when improving data value and security risk caused by high aggregation of cloud data. The method has a targeted protection means for the safety risks of resource sharing, virtualization and flexible scheduling in the cloud environment. And for the requirements of dynamic division and flexible deployment of user security domains, a unified, efficient and flexible security policy control means is provided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a flowchart of a method of encrypting cloud storage file data according to an embodiment of the present invention;
fig. 2 is a block diagram of a specific system design in a method for encrypting cloud storage file data according to an embodiment of the present invention;
fig. 3 is an encryption/decryption flow chart of a high-speed encryption algorithm of a method of encrypting cloud storage file data according to an embodiment of the present invention;
fig. 4 is a schematic parallel encryption and decryption diagram of a method for encrypting cloud storage file data according to an embodiment of the present invention;
fig. 5 is a hardware design structure diagram of an encryption module of a method for encrypting cloud storage file data according to an embodiment of the present invention;
fig. 6 is an encryption flowchart of an encryption algorithm of a method of encrypting cloud storage file data according to an embodiment of the present invention;
fig. 7 is a key expansion flowchart of an encryption algorithm of a method of encrypting cloud storage file data according to an embodiment of the present invention.
Detailed Description
For further explanation of the various embodiments, the drawings which form a part of the disclosure and which are incorporated in and constitute a part of this specification, illustrate embodiments and, together with the description, serve to explain the principles of operation of the embodiments, and to enable others of ordinary skill in the art to understand the various embodiments and advantages of the invention, and, by reference to these figures, reference is made to the accompanying drawings, which are not to scale and wherein like reference numerals generally refer to like elements.
According to an embodiment of the invention, a method for encrypting cloud storage file data is provided.
Referring to the drawings and the detailed description, the invention will be further described, as shown in fig. 1 to 4, in an embodiment of the invention, a method for encrypting cloud storage file data, the method includes the following steps:
s1, importing data into an algorithm system by means of a physical interface;
s2, completing key authentication and shunting the data led into the algorithm system and the identified key information on data and password resources;
in S2, the key authentication is a removable storage medium with security authentication information, and the library importing and encryption can be completed only with the security authentication information.
In S2, when splitting the data and the password resource from the data imported into the algorithm system and the identified key information, the identified data and the security authentication information are separated.
And when the data is divided, the data is encrypted and decrypted in parallel through multiple paths of data.
The parallel encryption and decryption through the multi-path data further comprises the following steps:
processing the data in sequence according to frames;
and adding the separated data into a corresponding algorithm processing unit in hardware.
S3, sequentially transmitting the branched data and password resources to an algorithm processing unit, and encrypting the data;
wherein, in S3, the data and password resources after being split are sequentially transmitted to the algorithm processing unit, and the data encryption further includes the following steps:
a plurality of algorithm processing units simultaneously carry out encryption and decryption processing;
and integrating the processed data according to the corresponding sequence.
The algorithm processing unit is used for adding an original data frame header, completing the conversion from data separation to data frame encapsulation, encapsulating the load, the encryption and decryption data and the password resource, and transmitting the encrypted data to the data frame encapsulation through the encryption module;
wherein the payload comprises an identifier, a subject, a message, a user name and a password in the security authentication information.
As shown in fig. 5-7, the encryption module (SM 4) has a packet length of 4 words and its input is 4 words of plaintext (X) 1 ,X 2 ,X 3 ,X 4 ) The output obtained after encryption is 4-word cipher text (Y) 1 ,Y 2 ,Y 3 ,Y 4 ) Wherein X is i And Y i Each representing a 32-bit word;
the encryption process consists of 32 iterations and 1 reverse order transformation;
during the round of iteration, 32 rounds of iteration are carried out on the 4-word plaintext, and each round of iteration needs a round key of 1 word, and the total number of the round keys isA total of 32 round keys are required, all denoted as (rk) 0 ,rk 1 ,…,rk 31 ) With round keys at rk i The (i-1) th round (here starting from 0) is used iteratively and is 1 word long.
The key of the encryption module is 128 bits (4 words), and in the 32-round iteration process, each round needs a round key with 1 word;
the original 4-word encryption key is MK = (MK) 1 ,MK 2 ,MK 3 ,MK 4 ) In which MK i For 1 word, each word MK of the original key i And system parameter FK i XOR to obtain 4 new words (K) 1 ,K 2 ,K 3 ,K 4 ) After initializing the key we get 4 new words (K) 1 ,K 2 ,K 3 ,K 4 ) And in the 32-round iteration process, 32 round keys are generated;
wherein, the iterative process is to continuously use the round function F and calculate the next word later.
The round function F is F (X) i ,X i+1 ,X i+2 ,X I+3 ,rk i ) Which receives 4 plaintext words of 1 and round keys words of 1 as parameters and finally produces a result of 1 word, i.e. X 4+i =F(X i ,X i+1 ,X i+2 ,X I+3 ,rk i ),i∈[0,31]And starts counting from 0;
after 32 rounds of execution, 36 words (X) are obtained 0 ,X 1 ,X 2 ,X 3 ,…,X 32 ,X 33 ,X 34 ,X 35 );
The last four words (X) obtained by iteration are used 32 ,X 33 ,X 34 ,X 35 ) Performing reverse order operation to obtain final ciphertext (Y) 0 ,Y 1 ,Y 2 ,Y 3 )=(X 35 ,X 34 ,X 33 ,X 32 )。
S4, combining the data and the password resources to ensure the integrity of the data packet;
s5, sending the combined data and password resources through a physical interface;
s6, exporting the successfully encrypted data;
when the data is imported into the algorithm system by virtue of the physical interface, the data needing to be encrypted is imported into the algorithm system through the mobile storage medium, is encrypted by the algorithm, and is exported after being encrypted.
To facilitate an understanding of the embodiments of the invention, the following symbols and definitions are given:
KEY: a removable storage medium having secure authentication information.
SM 4: china publishes land mainly used for land block cipher algorithm in wireless local area network product
M1: packet data, typically 512 bytes.
C1: well-packed data is encrypted.
Head: a data head pointer.
Data: a data portion.
And S, box: the S-box is a fixed 8-bit input 8-bit output permutation.
In conclusion, the method and the device realize ultrahigh-speed processing of the ultra-large data scale through the algorithm of carrying out high-speed encryption on the cloud storage file data, and have strong equipment capacity. The invention can provide systematic password secrecy defense capability when improving data value and security risk caused by high aggregation of cloud data. The method has a targeted protection means for the safety risks of resource sharing, virtualization and flexible scheduling in the cloud environment. And for the requirements of dynamic division and flexible deployment of user security domains, a unified, efficient and flexible security policy control means is provided.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. The method for encrypting the cloud storage file data is characterized by comprising the following steps of:
s1, importing data into an algorithm system by means of a physical interface;
s2, completing key authentication and shunting the data led into the algorithm system and the identified key information on data and password resources;
s3, sequentially transmitting the branched data and password resources to an algorithm processing unit, and encrypting the data;
s4, combining the data and the password resources;
s5, sending the combined data and password resources through a physical interface;
s6, exporting the successfully encrypted data;
when the data is imported into the algorithm system by the aid of the physical interface, the data needing to be encrypted is imported into the algorithm system through the mobile storage medium, is encrypted through the algorithm, and is exported after being encrypted.
2. The method for encrypting the cloud storage file data according to claim 1, wherein the key authentication in S2 is a removable storage medium with security authentication information.
3. The method for encrypting the cloud storage file data according to claim 1, wherein in the step S2, when data and password resources are split between the data imported into the algorithm system and the identified key information, the identified data and the security authentication information are separated.
4. The method for encrypting the cloud storage file data according to claim 3, wherein the data is encrypted and decrypted in parallel through multiple paths of data during the splitting.
5. The method for encrypting the cloud storage file data according to claim 4, wherein the parallel encryption and decryption by the multiple paths of data further comprises the following steps:
processing the data in sequence according to frames;
and adding the separated data into a corresponding algorithm processing unit in hardware.
6. The method for encrypting the cloud storage file data according to claim 1, wherein in S3, the split data and the password resource are sequentially transmitted to an algorithm processing unit, and the data encryption further includes:
a plurality of algorithm processing units simultaneously carry out encryption and decryption processing;
and integrating the processed data according to the corresponding sequence.
7. The method for encrypting the cloud storage file data according to claim 6, wherein the algorithm processing unit is configured to add an original data frame header, complete conversion from data separation to data frame encapsulation, encapsulate the load, the encryption/decryption data and the password resource, and transmit the encrypted data to the data frame encapsulation through the encryption module;
wherein the payload comprises an identifier, a subject, a message, a user name and a password in the security authentication information.
8. The method for encrypting the cloud storage file data according to claim 7, wherein the packet length of the encryption module is 4 words, and the input of the encryption module is 4 words of plaintext (X) 1 ,X 2 ,X 3 ,X 4 ) The output obtained after encryption is 4-word cipher text (Y) 1 ,Y 2 ,Y 3 ,Y 4 ) Wherein X is i And Y i Each representing a 32-bit word;
the encryption process consists of 32 iterations and 1 reverse order transformation;
during the iteration, 4-word plaintext is iterated for 32 times, each iteration of the round needs a round key of 1 word, and the round keys are marked as (rk) 0 ,rk 1 ,…,rk 31 )。
9. The method for encrypting the cloud storage file data according to claim 8, wherein the key of the encryption module is 128 bits, and in 32 rounds of iteration, each round requires a round key of 1 word;
the original 4-word encryption key is MK = (MK) 1 ,MK 2 ,MK 3 ,MK 4 ) Each word MK of the original key i And system parameter FK i XOR to obtain 4 new words (K) 1 ,K 2 ,K 3 ,K 4 ) And in the 32-round iteration process, 32 round keys are generated;
wherein, the iterative process is to continuously use the round function F and calculate the next word later.
10. The method for encrypting the cloud storage file data of claim 9, wherein said round function F is F (X) i ,X i+1 ,X i+2 ,X I+3 ,rk i ) Which receives 4 plaintext words of 1 and round keys words of 1 as parameters and finally produces a result of 1 word, i.e. X 4+i =F(X i ,X i+1 ,X i+2 ,X I+3 ,rk i ),i∈[0,31]And starts counting from 0;
after 32 rounds of execution, 36 words (X) are obtained 0 ,X 1 ,X 2 ,X 3 ,…,X 32 ,X 33 ,X 34 ,X 35 );
The last four words (X) obtained by iteration are used 32 ,X 33 ,X 34 ,X 35 ) Performing reverse order operation to obtain final ciphertext (Y) 0 ,Y 1 ,Y 2 ,Y 3 )=(X 35 ,X 34 ,X 33 ,X 32 )。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210486721.2A CN114866235A (en) | 2022-05-06 | 2022-05-06 | Method for encrypting cloud storage file data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210486721.2A CN114866235A (en) | 2022-05-06 | 2022-05-06 | Method for encrypting cloud storage file data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114866235A true CN114866235A (en) | 2022-08-05 |
Family
ID=82635931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210486721.2A Pending CN114866235A (en) | 2022-05-06 | 2022-05-06 | Method for encrypting cloud storage file data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114866235A (en) |
-
2022
- 2022-05-06 CN CN202210486721.2A patent/CN114866235A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9158925B2 (en) | Server-aided private set intersection (PSI) with data transfer | |
| US8401186B2 (en) | Cloud storage data access method, apparatus and system based on OTP | |
| US10904231B2 (en) | Encryption using multi-level encryption key derivation | |
| US7978851B2 (en) | Keystream encryption device, method, and program | |
| US10608813B1 (en) | Layered encryption for long-lived data | |
| CN111523133A (en) | Block chain and cloud data collaborative sharing method | |
| Hoang et al. | A secure searchable encryption framework for privacy-critical cloud storage services | |
| CN109474616B (en) | Multi-platform data sharing method and device and computer readable storage medium | |
| US7894608B2 (en) | Secure approach to send data from one system to another | |
| US10476663B1 (en) | Layered encryption of short-lived data | |
| Banerjee et al. | Cloak: A stream cipher based encryption protocol for mobile cloud computing | |
| Rahim et al. | An application data security with lempel-ziv welch and blowfish | |
| Abdel-Kader et al. | Efficient two-stage cryptography scheme for secure distributed data storage in cloud computing. | |
| Gupta et al. | C 3 T: Cloud based cyclic cryptographic technique and it’s comparative analysis with classical cipher techniques | |
| CN114866235A (en) | Method for encrypting cloud storage file data | |
| US20050234655A1 (en) | System and method for securing genomic information | |
| Gaur et al. | Analyzing storage and time delay by hybrid blowfish-Md5 technique | |
| Jan et al. | Securing the Cloud Storage by Using Different Algorithms of Cryptography | |
| Kapoor et al. | Analysis of Symmetric and Asymmetric Key Algorithms | |
| Tripathy et al. | Hybrid Cryptography for Data Security in Wireless Sensor Network | |
| Gill et al. | Increase security of data with respect to both confidentiality and integrity over cloud | |
| CN115563638B (en) | Data processing method, system, device and storage medium | |
| CN112925853B (en) | Trusted data exchange method and device based on block chain, terminal equipment and medium | |
| Soni et al. | A Comparative Study of Various Traditional and Hybrid Cryptography Algorithm Models for Data Security | |
| DE MEL | Cryptography Techniques for Software Security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |