CN115134111A - Encryption algorithm method for mass data distributed storage - Google Patents

Encryption algorithm method for mass data distributed storage Download PDF

Info

Publication number
CN115134111A
CN115134111A CN202210509167.5A CN202210509167A CN115134111A CN 115134111 A CN115134111 A CN 115134111A CN 202210509167 A CN202210509167 A CN 202210509167A CN 115134111 A CN115134111 A CN 115134111A
Authority
CN
China
Prior art keywords
storage
data
server
storage bin
marker
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210509167.5A
Other languages
Chinese (zh)
Inventor
张刚峰
张红岩
张玉峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Kunjue Information Technology Co ltd
Original Assignee
Nanjing Kunjue Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Kunjue Information Technology Co ltd filed Critical Nanjing Kunjue Information Technology Co ltd
Priority to CN202210509167.5A priority Critical patent/CN115134111A/en
Publication of CN115134111A publication Critical patent/CN115134111A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of data security, and discloses a method for an encryption algorithm aiming at mass data distributed storage, which comprises the following steps: s1, acquiring and processing the mass data in a distributed mode; s1.1, acquiring group data and a mark list; s1.2, dividing a plurality of storage spaces according to the markers in the marker list; s1.3, copying the marker in the marker list; s1.4, dividing the storage space into three storage bins, namely a first storage bin, a second storage bin and a third storage bin; s1.5, storing the copied marker into a first storage bin; s1.6, according to the marker in the first storage bin, searching group data with the same marker from the temporary storage space, and storing the searched group data into a second storage bin; the invention realizes the safe transmission of the secret key and ensures the data to be safe.

Description

Encryption algorithm method for mass data distributed storage
Technical Field
The invention relates to the technical field of data security, in particular to an encryption algorithm method for mass data distributed storage.
Background
Under the background of everything interconnection, many enterprises face a lot of data storage and the test of the data security problem of storage along with the continuous expansion of business development data. The data is the core main body of a security protection object, and the core purpose of the data is to protect the data, including confidentiality, integrity and availability of the data, regardless of the construction of a defense system or the construction of other intelligent security forms. In the face of factors such as huge data volume and uncertain network attacks, the real data security can be ensured only by carrying out encryption processing aiming at the whole life cycle of the data.
Disclosure of Invention
The invention aims to provide a method for an encryption algorithm aiming at mass data distributed storage, which realizes the safe transmission of a secret key and ensures the safety of data.
In order to achieve the purpose, the invention provides the following technical scheme: a method for an encryption algorithm for mass data distributed storage comprises the following steps:
s1, acquiring and processing the mass data in a distributed mode;
s1.1, acquiring group data and a mark list;
s1.2, dividing a plurality of storage spaces according to the markers in the marker list;
s1.3, copying the marker in the marker list;
s1.4, dividing the storage space into three storage bins, namely a first storage bin, a second storage bin and a third storage bin;
s1.5, storing the copied marker into a first storage bin;
s1.6, according to the marker in the first storage bin, searching group data with the same marker from the temporary storage space, and storing the searched group data into a second storage bin;
s1.7, establishing a mapping relation between the storage address and the group data number, and making the mapping relation into a mapping table to be stored in a third storage bin;
s2: carrying out encryption transmission on the data;
s2.1, a server of a server generates an RSA key pair (N, e, d) and sends the N to a terminal of a client in a plaintext;
s2.2: the client generates two random numbers, and the two random numbers are both secret and not public;
s2.3; the root key of the client side is encrypted through one random number, and encrypted data are transmitted to the server;
s2.4: the server side encrypts the encrypted data after receiving the encrypted data and sends the encrypted data to the client side;
s2.5: the re-encrypted data of the client is decrypted through another random number and then sent to the server, and then the server performs decryption to obtain the root secret;
s2.6, the mode of P2P is used instead of uploading and downloading files on a centralized server using an HTTP protocol, and the bandwidth is saved by nearly 60%.
Preferably, the storage space comprises a database.
Preferably, the server at the server side generates an RSA key pair, where the key pair includes (N, e, d), where N is a plaintext, and sends the plaintext N to the terminal at the client side, that is, public N, and the key parameters e and d are kept secret and not public.
Preferably, the two random numbers are Rn1 and Rn 2; recording a root key of the terminal as Rk, requiring that the Rk is smaller than N, and carrying out calculation encryption by the terminal, namely Rk ^ Rn1mod N ═ Rk 1; (Rk + Rk ^ (Rn1 × Rn2)) mod N ═ P; the terminal transmits Rk1, P to the server.
Preferably, the RSA public key dynamically generated from the client is a DES key encryption to generate an RSA encryption ciphertext.
Preferably, the client decrypts the received RSA encrypted ciphertext to obtain the DES key.
Preferably, the public key encryption for digital signature uses RSA algorithm. In this method, the sender encrypts the entire data file (which is expensive), or a signature of the file, with a digest function using a private key. The main advantage of private key matching is that there is no key distribution problem. This method assumes you trust the source from which the public key is published. The recipient can then decrypt the signature or file using the public key and verify that its source and/or content only the correct public key is able to decrypt the information or digest due to the complexity of public key cryptography. Finally, if you want to send a message to a user with a known public key, you can encrypt the message or digest using the recipient's public key so that only the recipient can verify the content with their own private key.
Preferably, the authentication method includes one-way authentication, two-way authentication, and three-way authentication. One-way authentication: only the integrity and originality of the message is protected. One-way authentication is performed when someone signs the timestamp, nonce, and target identity using a user signature (private key). The recipient can verify the authenticity of the information by "reverse signing" the information using the sender's public key, which can be obtained from a certificate list. Since only the target is authenticated.
And (3) bidirectional authentication: allowing the sender or sender to authenticate the recipient or target. In addition to performing one-way authentication, the target sends a reply to the sender. The reply includes the new timestamp, the original nonce, and the new nonce. The reply is signed using the sender's public key. Recall that in public key cryptography, only the corresponding private key or the sender's private key can decrypt the reply. And the nonce must be the original nonce otherwise the message is not trusted.
Three-way authentication: when the target and sender do not have synchronized clocks or do not want to trust the clocks, then three-way authentication is used. In addition to performing mutual authentication, the sender resends a reply to the target, including the new nonce in the original reply, as shown. Here only the matching nonce needs to be verified and the timestamp no longer needs to be verified.
The invention provides a method for an encryption algorithm aiming at mass data distributed storage. The encryption algorithm method for mass data distributed storage has the following beneficial effects:
the transmission process only discloses the plaintext part of RSA, the keys of d, e of the server and the client are only in the respective process, and even if the keys are decomposed by N, an attacker cannot know the keys of the server and the client. All access connections verify REFER to prevent a hotlink and can be configured with related authorities, so that the file security is further ensured. By distributing the memory content to the network nodes, even if one node fails or is blocked, another node can easily replace it, and only the person running the IPFS node can download the inspected information from the other node
Meanwhile, the concept of a block chain system is also provided, and the method can be easily realized. It is continuously proven that nodes are storing the exact data they promise, which is verifiable without the problem of distrust of the miners (nodes) providing the data storage. The data producer can quickly maintain the data produced by the producer. The data lack of rights and the privacy storage of the data are solved.
Drawings
FIG. 1 is a diagram illustrating the steps of distributed acquisition processing of mass data according to the present invention;
fig. 2 is a diagram illustrating the steps of encrypting and transmitting the data according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," "clockwise," "counterclockwise," "axial," "radial," "circumferential," and the like are used in the orientations and positional relationships indicated in the drawings for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are not to be considered limiting of the invention.
In the present invention, unless otherwise explicitly stated or limited, the terms "mounted," "connected," "fixed," and the like are to be construed broadly, e.g., as being permanently connected, detachably connected, or integral; can be mechanically or electrically connected; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
As shown in fig. 1-2, the present invention provides a technical solution: a method for an encryption algorithm for mass data distributed storage comprises the following steps:
s1, acquiring and processing the mass data in a distributed mode;
s1.1, acquiring group data and a mark list;
s1.2, dividing a plurality of storage spaces according to the markers in the marker list;
s1.3 copying markers in a marker List
S1.4, dividing the storage space into three storage bins, namely a first storage bin, a second storage bin and a third storage bin;
s1.5, storing the copied marker into a first storage bin;
s1.6, searching group data with the same marker from the temporary storage space according to the marker in the first storage bin, and storing the searched group data into a second storage bin;
s1.7, establishing a mapping relation between the storage address and the group data number, and making the mapping relation into a mapping table to be stored in a third storage bin;
s2: carrying out encryption transmission on the data;
s2.1, the server of the server generates an RSA key pair (N, e, d) and sends the N to the terminal of the client in a plaintext;
s2.2: the client generates two random numbers, and the two random numbers are both secret and not public;
s2.3; the root key of the client side is encrypted through one random number, and encrypted data are transmitted to the server;
s2.4: the server side encrypts the encrypted data after receiving the encrypted data and sends the encrypted data to the client side;
s2.5: the re-encrypted data of the client is decrypted through another random number and then sent to the server, and the server performs decryption processing to obtain a root password;
s2.6, the mode of P2P is used instead of uploading and downloading files on a centralized server using an HTTP protocol, and the bandwidth is saved by nearly 60%.
The storage space includes a database.
And the server of the server generates an RSA key pair, wherein the key pair comprises (N, e, d), N is a plaintext, the plaintext N is sent to the terminal of the client, namely the plaintext N is disclosed, and the key parameters e and d are kept secret and are not disclosed.
Two random numbers are defined as Rn1 and Rn2 respectively; recording a root key of the terminal as Rk, requiring that the Rk is smaller than N, and carrying out calculation encryption by the terminal, namely Rk ^ Rn1mod N ═ Rk 1; (Rk + Rk ^ (Rn1 × Rn2)) mod N ═ P; the terminal transmits Rk1, P to the server.
And the RSA public key dynamically generated from the client side is used for DES secret key encryption to generate an RSA encryption ciphertext.
The client decrypts the received RSA encrypted ciphertext to obtain the DES key.
Public key encryption for digital signatures uses the RSA algorithm. In this method, the sender encrypts the entire data file (which is expensive), or the signature of the file, with a private key through a digest function. The main advantage of private key matching is that there is no key distribution problem. This approach assumes you trust the source from which the public key is published. The recipient can then decrypt the signature or file using the public key and verify that its source and/or content only the correct public key is able to decrypt the information or digest due to the complexity of public key cryptography. Finally, if you want to send a message to a user with a known public key, you can encrypt the message or digest using the recipient's public key so that only the recipient can verify the content with their own private key.
The authentication mode comprises one-way authentication, two-way authentication and three-way authentication. One-way authentication: only the integrity and originality of the message is protected. When someone signs the timestamp, nonce, and target identity using a user signature (private key), one-way authentication is performed. The recipient can verify the authenticity of the information by "reverse signing" the information using the sender's public key, which can be obtained from a certificate list. Since only the target is authenticated.
Bidirectional authentication: allowing the sender or sender to authenticate the recipient or target. In addition to performing one-way authentication, the target sends a reply to the sender. The reply includes the new timestamp, the original nonce, and the new nonce. The reply is signed using the sender's public key. Recall that in public key cryptography, only the corresponding private key or the sender's private key can decrypt the reply. And the nonce must be the original nonce otherwise the message is not trusted.
Three-way authentication: when the target and sender do not have synchronized clocks or do not want to trust the clocks, then three-way authentication is used. In addition to performing mutual authentication, the sender resends a reply to the target, including the new nonce in the original reply, as shown. Here only the matching nonce needs to be verified and the timestamp no longer needs to be verified.
The transmission process only discloses the plaintext part of RSA, the keys of d, e of the server and the client are only in the respective process, and even if the keys are decomposed by N, an attacker cannot know the keys of the server and the client. All access connections verify REFER to prevent a hotlink and can be configured with related authorities to further ensure the file security. By distributing the memory content to the network nodes, even if one node fails or is blocked, another node can easily replace it, and only the person running the IPFS node can download the inspected information from the other node
Meanwhile, the concept of a block chain system is also provided, so that the method can be easily realized. It is continuously proven that nodes are storing the exact data they promise, which is verifiable without the problem of distrust of the miners (nodes) that provide the data storage. The data producer can maintain the data produced by the producer fast. The data lack of rights and the privacy storage of the data are solved.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a reference structure" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (8)

1. A method for an encryption algorithm for mass data distributed storage comprises the following steps:
s1, acquiring and processing the mass data in a distributed mode;
s1.1, acquiring group data and a mark list;
s1.2, dividing a plurality of storage spaces according to the markers in the marker list;
s1.3 copying markers in the marker List
S1.4, dividing the storage space into three storage bins, namely a first storage bin, a second storage bin and a third storage bin;
s1.5, storing the copied marker into a first storage bin;
s1.6, according to the marker in the first storage bin, searching group data with the same marker from the temporary storage space, and storing the searched group data into a second storage bin;
s1.7, establishing a mapping relation between the storage address and the group data number, and making the mapping relation into a mapping table to be stored in a third storage bin;
s2: carrying out encryption transmission on the data;
s2.1, the server of the server generates an RSA key pair (N, e, d) and sends the N to the terminal of the client in a plaintext;
s2.2: the client generates two random numbers, and the two random numbers are both secret and not public;
s2.3; the root key of the client side is encrypted through one random number, and encrypted data are transmitted to the server;
s2.4: the server side encrypts the encrypted data after receiving the encrypted data and sends the encrypted data to the client side;
s2.5: the re-encrypted data of the client is decrypted through another random number and then sent to the server, and the server performs decryption processing to obtain a root key;
s2.6, the mode of P2P is used instead of uploading and downloading files on a centralized server using an HTTP protocol, and the bandwidth is saved by nearly 60%.
2. The method of claim 1, wherein the method comprises the following steps: the storage space includes a database.
3. The method of claim 1, wherein the method comprises the following steps: and the server of the server generates an RSA key pair, wherein the key pair comprises (N, e, d), N is a plaintext, the plaintext N is sent to the terminal of the client, namely the plaintext N is disclosed, and the key parameters e and d are kept secret and are not disclosed.
4. A method of encryption algorithm for distributed storage of mass data according to claim 1, characterized by: two random numbers are defined as Rn1 and Rn2 respectively; recording a root key of the terminal as Rk, requiring that the Rk is smaller than N, and carrying out calculation encryption by the terminal, namely Rk ^ Rn1mod N ═ Rk 1; (Rk + Rk ^ (Rn1 × Rn2)) mod N ═ P; the terminal transmits Rk1, P to the server.
5. A method of encryption algorithm for distributed storage of mass data according to claim 1, characterized by: and the RSA public key dynamically generated from the client side is used for DES secret key encryption to generate an RSA encryption ciphertext.
6. A method of encryption algorithm for distributed storage of mass data according to claim 1, characterized by: the client decrypts the received RSA encrypted ciphertext to obtain the DES key.
7. The method of claim 1, wherein the method comprises the following steps: public key encryption for digital signatures uses the RSA algorithm.
8. The method of claim 1, wherein the method comprises the following steps: the authentication mode comprises one-way authentication, two-way authentication and three-way authentication.
CN202210509167.5A 2022-05-11 2022-05-11 Encryption algorithm method for mass data distributed storage Pending CN115134111A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210509167.5A CN115134111A (en) 2022-05-11 2022-05-11 Encryption algorithm method for mass data distributed storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210509167.5A CN115134111A (en) 2022-05-11 2022-05-11 Encryption algorithm method for mass data distributed storage

Publications (1)

Publication Number Publication Date
CN115134111A true CN115134111A (en) 2022-09-30

Family

ID=83376705

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210509167.5A Pending CN115134111A (en) 2022-05-11 2022-05-11 Encryption algorithm method for mass data distributed storage

Country Status (1)

Country Link
CN (1) CN115134111A (en)

Similar Documents

Publication Publication Date Title
US8254581B2 (en) Lightweight key distribution and management method for sensor networks
US7688975B2 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
US8700894B2 (en) Method and system for securing routing information of a communication using identity-based encryption scheme
US20060206433A1 (en) Secure and authenticated delivery of data from an automated meter reading system
EP1748615A1 (en) Method and system for providing public key encryption security in insecure networks
US20030188012A1 (en) Access control system and method for a networked computer system
US11265154B2 (en) Network device and trusted third party device
KR20050065978A (en) Method for sending and receiving using encryption/decryption key
Xie et al. BEPHAP: A blockchain-based efficient privacy-preserving handover authentication protocol with key agreement for internet of vehicles
CN114760046A (en) Identity authentication method and device
CN115174277B (en) Data communication and file exchange method based on block chain
CN112019553B (en) Data sharing method based on IBE/IBBE
CN113569295B (en) Blacklist data sharing method and obtaining method
CN112069487B (en) Intelligent equipment network communication safety implementation method based on Internet of things
CN115134111A (en) Encryption algorithm method for mass data distributed storage
JP2002217890A (en) Method of finding replicated terminal
EP2289227B1 (en) Improvements related to the authentication of messages
WO2008065346A2 (en) Secure messaging and data sharing
CN113545025A (en) Method and system for information transmission
US20140208118A1 (en) System and Method for the Safe Spontaneous Transmission of Confidential Data Over Unsecure Connections and Switching Computers
Nirmala et al. Secure program update using broadcast encryption for clustered wireless sensor networks
US20240089240A1 (en) Cryptographic method for verifying data
Thant et al. Authentication Protocols and Authentication on the Base of PKI and ID-Based
Eya et al. New user authentication and key management scheme for secure data transmission in wireless mobile multicast
JP2005217665A (en) Communications system, transmitter, receiver and communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination