CN117610060A - Multi-core parallel-based multimedia file hybrid encryption and decryption method and system - Google Patents

Multi-core parallel-based multimedia file hybrid encryption and decryption method and system Download PDF

Info

Publication number
CN117610060A
CN117610060A CN202410084058.2A CN202410084058A CN117610060A CN 117610060 A CN117610060 A CN 117610060A CN 202410084058 A CN202410084058 A CN 202410084058A CN 117610060 A CN117610060 A CN 117610060A
Authority
CN
China
Prior art keywords
file
encryption
encrypted
multimedia file
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410084058.2A
Other languages
Chinese (zh)
Other versions
CN117610060B (en
Inventor
彭柯鑫
杜偲雨
牛佳一
熊子杰
鲁顺梅
付优
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Univeristy of Technology
Original Assignee
Chengdu Univeristy of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Univeristy of Technology filed Critical Chengdu Univeristy of Technology
Priority to CN202410084058.2A priority Critical patent/CN117610060B/en
Publication of CN117610060A publication Critical patent/CN117610060A/en
Application granted granted Critical
Publication of CN117610060B publication Critical patent/CN117610060B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/188Virtual file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/40Information retrieval; Database structures therefor; File system structures therefor of multimedia data, e.g. slideshows comprising image and additional audio data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Abstract

The invention discloses a multi-core parallel-based multimedia file hybrid encryption and decryption method and system, comprising the following steps: the virtual file system VFS mounted on the Linux operating system forwards the system call for calling the multimedia file to the block device in the kernel driver; when the reference file system Library FUSE Library monitors that the system call is in the FUSE kernel drive, a request is called from the block device/dev/FUSE, and an encryption file system ParallelFS is called to encrypt and decrypt the multimedia file; the encrypted file system ParallelFS responds to the call of the reference file system Library FUSE Library to acquire a public key PK and a private key PRK of a user, intercepts and captures a multimedia file written into an encrypted file system ParallelFS mount directory, randomly generates an encryption key k, and encrypts and decrypts the multimedia file by using a Blowfish algorithm, an RSA-2048 algorithm and a threading method; the invention realizes encryption and decryption operation on the multimedia file in a highly safe, transparent and efficient way, and realizes the lowest possible response time when the multimedia file is read or written.

Description

Multi-core parallel-based multimedia file hybrid encryption and decryption method and system
Technical Field
The invention relates to the technical field of encryption methods, in particular to a multi-core parallel-based multimedia file hybrid encryption and decryption method and system.
Background
Multimedia data such as images and videos currently play an important role in society, and massive multimedia files are stored on disk drives and mobile storage media. However, many potential threats and security attacks are directed to infringement of personal privacy, particularly multimedia file data, stored on these storage devices, which has attracted considerable attention from researchers. Storage encryption is the most effective solution to provide advanced protection against threats and to protect confidentiality and privacy of files stored on devices. However, designing cryptographic techniques for static multimedia data is complex because cryptography is a mathematically difficult part, especially for multimedia data, with unique properties such as large capacity data, high redundancy, strong correlation between data elements, and file storage using various formats during encryption and decryption, and long computation time and large processing power. This presents a significant challenge for multimedia cryptosystems, as it prevents real-time use of multimedia cryptosystems. Although existing user encryption applications are ubiquitous, they still have some inherent weaknesses in terms of security, flexibility, transparency, and performance efficiency. The manual nature of the encryption application and the overhead that the user incurs in performing the encryption operation are also cumbersome and time consuming. The use of such routine causes the user to be careless about the potential threat and leave the file in plain text format.
The current research trend of encrypted file systems addresses the limitations of encrypted applications by implementing dynamic mechanisms for managing, controlling and monitoring encryption, decryption and key management operations with the aid of an operating system file system. Furthermore, they can perform encryption and decryption operations in a highly secure, transparent and efficient manner.
Disclosure of Invention
The invention aims to provide a multi-core parallel-based multimedia file mixed encryption and decryption method and system, so as to realize encryption and decryption operations on multimedia files in a highly safe, transparent and efficient mode and realize the lowest possible response time when the multimedia files are read or written.
The first aspect of the embodiment of the invention provides a multi-core parallel-based multimedia file hybrid encryption and decryption method, which comprises the following steps:
the virtual file system VFS mounted on the Linux operating system forwards the system call for calling the multimedia file to the block device in the kernel driver;
when the reference file system Library FUSE Library monitors that the system call is in the FUSE kernel drive, a request is called from the block device/dev/FUSE, and an encryption file system ParallelFS is called to encrypt and decrypt the multimedia file;
And the encrypted file system ParallelFS responds to the call of the reference file system Library FUSE Library to acquire a public key PK and a private key PRK of a user, intercepts and captures the multimedia file written into the mounted catalog of the encrypted file system ParallelFS, randomly generates an encryption key k, and encrypts and decrypts the multimedia file by using a Blowfish algorithm, an RSA-2048 algorithm and a threading method.
Preferably, the encryption file system ParallelFS is used for encrypting and decrypting the multimedia file by using a Blowfish algorithm, an RSA-2048 algorithm and a threading method, and the method specifically comprises the following steps:
step S10: creating a task manager, and pushing the task into a task manager queue by using a fork method and an inter-process communication method;
step S20: constructing a thread pool, wherein the thread pool comprises a plurality of threads belonging to a parent process, and the threads share the same address space and parameters through global variables;
step S30: the creation thread encrypts and decrypts the multimedia file, each thread independently encrypts and decrypts the multimedia file, and all threads are encrypted and decrypted in parallel.
Preferably, the step S30 creates threads to encrypt the multimedia file, each thread encrypts independently, and all threads encrypt in parallel, which specifically includes the following steps:
Step S31: randomly generating an encryption key K and a global file salt FSalt;
step S32: dividing a multimedia file into a plurality of file blocks Bi;
step S33: dividing a file block Bi into a plurality of file sub-blocks SBi, wherein each file sub-block SBi generates a corresponding block encryption counter CTRI, all the file sub-blocks SBi share the same encryption key K, and each file sub-block SBi is associated with a thread;
step S34: exclusive-or-operating the global file salt FSalt with each corresponding block encryption counter CTRi to create a unique initial vector IVi associated with each file sub-block SBi;
step S35: the parallel encryption is carried out on a plurality of file sub-blocks SBi, specifically: symmetrically encrypting all the file sub-blocks SBi by adopting a Blowfish algorithm to obtain a plurality of encrypted sub-blocks CSBi;
step S36: combining all the encryption sub-blocks CSBi to obtain an encryption block CBi;
step S37: repeating the steps S33-S36 for all the file blocks Bi, and collecting all the generated encryption blocks CBi to obtain an encrypted multimedia file;
step S38: writing the encrypted multimedia file into a disk;
step S39: the encryption key K is asymmetrically encrypted by using an RSA-2048 algorithm, and the encrypted encryption key K is attached to the head of the multimedia file for storage.
Preferably, the step S30 creates threads to decrypt the multimedia file, each thread independently decrypts, and all threads decrypt in parallel, which specifically includes the following steps:
step S301: extracting an encryption key K and a global file salt FSalt from the encrypted multimedia file header, acquiring a private key PRK of a user, and decrypting the encryption key K and the global file salt FSalt by using an RSA-2048 algorithm and the private key PRK;
step S302: reconstructing all used initial vectors IVi, dividing each encryption block CSI into a plurality of encryption sub-blocks CSBi, and performing parallel decryption on the plurality of encryption sub-blocks CSBi by using a Blowfish algorithm;
step S303: steps S301 and S302 are repeated until all the encrypted blocks CBi are decrypted, and all the decrypted encrypted blocks CBi are combined to obtain the original plaintext of the multimedia file.
Preferably, the step S35: the parallel encryption is carried out on a plurality of file sub-blocks SBi, specifically: the method comprises the steps of symmetrically encrypting all file sub-blocks SBi by adopting a Blowfish algorithm to obtain a plurality of encrypted sub-blocks CSBi, and specifically comprises the following steps:
step S351: generating a subkey by using a key expansion algorithm, and taking the initial vector IVi as a starting point of encryption operation;
Step S352: initial replacement, namely rearranging the file sub-blocks CSBi by using an initial replacement function;
step S353: and processing the file sub-block CSBi by using the sub-key through a round function to obtain the encrypted file sub-block CSBi.
Preferably, in the step S353, the file sub-block CSBi is processed by using the sub-key through a round function, specifically:
performing exclusive-or operation, replacement operation and exchange operation on the file sub-block CSBi by using the sub-key through the round function;
repeating the steps, wherein the output of each round function is used as the input of the next round function, and the repetition times are the number of rounds customized in the encryption algorithm; in the last iteration, the permutation operation and the exchange operation are not performed, and only the exclusive-or operation is performed.
Preferably, the step S39 uses the RSA-2048 algorithm to asymmetrically encrypt the encryption key K, and appends the encrypted encryption key K to the header of the multimedia file for storage, and specifically includes:
generating a pair of RSA-2048 keys, including a private key and a public key;
dividing the encryption key K into a plurality of data blocks;
obtaining a public key PK of a user, and encrypting a plurality of data blocks by using the public key PK, wherein the method comprises the following steps:
data block conversion: converting each data block into an integer value, wherein the integer value is smaller than the modulus of the public key;
Encryption operation: for each data block, encrypting the data block into a ciphertext data block by using exponent operation and modulo operation in a public key of an RSA-2048 algorithm;
ciphertext combining: and combining the encrypted ciphertext data blocks into a final ciphertext. A second aspect of the embodiment of the present invention provides a multi-core parallel-based multimedia file hybrid encryption and decryption system, including:
the method comprises the steps of a virtual file system VFS, a FUSE kernel driver, a reference file system Library and an encrypted file system ParallelFS, wherein the FUSE kernel driver provides a communication interface for the FUSE virtual file system VFS, the FUSE kernel driver and the reference file system Library;
based on the communication interface, the virtual file system VFS, the FUSE kernel driver, the reference file system Library, and the encrypted file system ParallelFS are used to perform the method as described above.
The invention at least comprises the following beneficial effects:
the invention realizes a mode of encrypting and decrypting the multimedia file by using a Blowfish algorithm, an RSA-2048 algorithm and a threading method by constructing an encryption file system ParallelFS on a reference file system FUSE, and compared with encryption and decryption schemes on the reference file system FUSE, such as an ImgFS system, an EncFS system and the like, the mode is better in terms of safety, flexibility, transparency and performance efficiency, and the time used when the stored multimedia file is read or written is less.
The invention will be further described with reference to the drawings and the specific examples.
Drawings
FIG. 1 is a flow chart of a multi-core parallel-based multimedia file hybrid encryption and decryption method provided by the invention;
FIG. 2 is a diagram showing the structure of a multi-core parallel-based multimedia file hybrid encryption and decryption system;
FIG. 3 is a flowchart of encrypting and decrypting a multimedia file based on an encrypted file system ParallelFS using a Blowfish algorithm, an RSA-2048 algorithm, and a threading method in the present invention;
FIG. 4 is a block diagram of a thread scheduling on multiple CPU cores in accordance with the present invention;
figure 5 is a block diagram of two parallel encryption methods used in the present invention,
wherein (a) is an architecture diagram based on fork method parallel encryption, and (b) is an architecture diagram based on threading method parallel encryption;
FIG. 6 is a diagram showing the parallel reading and writing of files under different numbers of processes and threads using the fork method and the threading method according to the present invention;
FIG. 7 is a workflow diagram of multimedia file encryption and decryption based on a multi-core parallel multimedia file hybrid encryption and decryption method provided by the invention;
FIG. 8 is a workflow diagram of multimedia file encryption based on a multi-core parallel multimedia file hybrid encryption and decryption method provided by the invention;
FIG. 9 is a diagram of a parallel mixed encryption and decryption processing procedure of a multi-core parallel-based multimedia file mixed encryption and decryption method;
FIG. 10 is a flowchart of a multi-core parallel multi-media file hybrid encryption and decryption method based on the multi-core parallel multi-media file decryption;
FIG. 11 is a graph showing the write time of an ext4 system in Linux using an encrypted file system ParallelFS and a standard for multimedia files according to the present invention;
FIG. 12 is a graph showing the read time of an encrypted file system ParallelFS and an ext4 file system in standard Linux for a multimedia file according to the present invention;
FIG. 13 is a graph showing the comparison of read and write times of a multimedia file using an encrypted file system ParallelFS and an EncFS using a file encryption system ImgFS and an file encryption system EncFS in the present invention;
fig. 14 is a diagram showing the comparison of the writing time of reading and writing multimedia files using the encrypted file system ParallelFS and the writing time of using the file encryption system ImgFS and the file encryption system EncFS in the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments.
In the description of the present invention, it should be understood that the terms "upper," "lower," "front," "rear," "left," "right," "top," "bottom," "inner," "outer," and the like indicate or are based on the orientation or positional relationship shown in the drawings, merely to facilitate description of the present invention and to simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention.
Example 1: the present embodiment is described in connection with figures 1-14,
the embodiment is a multi-core parallel-based multimedia file hybrid encryption and decryption method, which comprises the following steps:
the virtual file system VFS mounted on the Linux operating system forwards the system call for calling the multimedia file to the block device in the kernel driver;
when the reference file system Library FUSE Library monitors that the system call is in the FUSE kernel drive, a request is called from the block device/dev/FUSE, and an encryption file system ParallelFS is called to encrypt and decrypt the multimedia file;
and the encrypted file system ParallelFS responds to the call of the reference file system Library FUSE Library to acquire a public key PK and a private key PRK of a user, intercepts and captures the multimedia file written into the mounted catalog of the encrypted file system ParallelFS, randomly generates an encryption key k, and encrypts and decrypts the multimedia file by using a Blowfish algorithm, an RSA-2048 algorithm and a threading method.
As shown in FIG. 2, the reference file system FUSE may be a file system implemented in user space by which a user may customize to implement his own file system. The complete benchmark file system FUSE functions include the user mode file system Customize filesystem, the user mode benchmark file system library FUSE library, and Kernel support Kernel support.
Firstly, the FUSE file system is mounted to a specific directory in the Linux operating system, and during the mounting process, the FUSE can create a virtual file system VFS which can be expressed as a root directory in a user space, and a user can access the content of the FUSE file system through the root directory.
When the reference file system FUSE is installed, one or more threads can be started to process requests from a user space, and the started threads are responsible for processing file system related operations such as reading and writing, deleting, renaming and the like.
The benchmark file system Library is a core Library of benchmark file system FUSEs that provides APIs for developers to use to implement custom file systems and handle requests from the FUSE kernel driver, and interfaces for accessing and controlling file systems, such as opening, reading and writing, closing files, etc.
In the benchmark file system Library FUSE workflow, requests from user space may be sent to a FUSE kernel driven request queue in kernel space, and the benchmark file system Library may fetch requests from the kernel queue by reading/dev/FUSE and commit operations to the underlying file system, such as EXT4.dev/FUSE is a block device in the FUSE kernel driver that provides a communication interface for the reference file system FUSE and user space. After processing the request, the daemon of the benchmark file system FUSE can write the reply back to the block device/dev/FUSE, and the FUSE kernel driver marks the request as completed at this time, and finally wakes up the user process.
Based on the FUSE architecture, the embodiment of the disclosure constructs a parallel encryption file system ParallelFS for large files, which is positioned at the back end file system layer of the user space. When a user mounts the encrypted file system ParallelFS on a root directory (e.g.,/multitir), the hierarchical tree of this root directory will become a mount point and automatically display the user-selected files in an unencrypted format, while all stored multimedia files are transparently encrypted on the corresponding source directory, which provides a suffix extension/multitir.sec to distinguish the encrypted multimedia files.
The following specifically describes the operation of the reference file system Library FUSE Library and the encrypted file system ParallelFS after the parallel encrypted file system ParallelFS is introduced:
first, after the parallel encryption file system ParallelFS is introduced, the background may continuously run the parallel file encryption system daemon ParallelFS Deamon, which is mainly responsible for providing services, performing tasks, or monitoring the state of the file system, ensuring the stability and reliability of the file system.
Specifically, when a user or application initiates a system call to a multimedia file, the system call may be dynamically intercepted by the VFS layer of the Linux kernel, which may forward the system call to the block device dev/fuse in the kernel driver when the VFS monitors the system call to the multimedia file stored in the parallel encrypted file system ParallelFS mount directory.
Further, when the reference file system Library detects that the system call is in the FUSE kernel driver, the reference file system Library can call a request from the block device dev/FUSE, process the request, execute an encryption function in a callback function required by an encrypted file system ParallelFS, divide a file into a plurality of file blocks with the size of 4KB, perform parallel symmetric encryption on each file block by adopting a Blowfish algorithm, and then perform asymmetric encryption on an encrypted key by adopting an RSA-2048 algorithm and store the encrypted key to the head of the file.
After the encryption function is executed, the primary file system Library FUSE Library can write the encrypted multimedia file ciphertext back to the block device dev/FUSE, and then write back to the FUSE kernel driver; finally, the FUSE kernel driver returns the response to the storage disk or the user application program sending the request.
In order to enable those skilled in the art to more easily understand the technical solution provided by the embodiments of the present disclosure, the encryption and decryption process of the encrypted file system ParallelFS is described in detail below.
As shown in fig. 3-5, the encryption and decryption method for the multimedia file based on the encrypted file system ParallelFS by using a Blowfish algorithm, an RSA-2048 algorithm and a threading method specifically comprises the following steps:
step S10: creating a task manager, and pushing the task into a task manager queue by using a fork method and an inter-process communication method;
the task manager is established to use a preforming technology, and an inter-process communication method is used to push the task into a task manager queue, so that an effective management mechanism can be provided for communication among a plurality of processes, bottleneck influence caused by process and thread allocation is reduced, and higher performance is further brought; in the task manager, push operations are given higher priority than pop operations; a lock is also designed in the task manager to block threads when the task manager is empty.
Step S20: constructing a thread pool, wherein the thread pool comprises a plurality of threads belonging to a parent process, and the threads share the same address space and parameters through global variables;
step S30: the creation thread encrypts and decrypts the multimedia file, each thread independently encrypts and decrypts the multimedia file, and all threads are encrypted and decrypted in parallel.
The method comprises the steps that CPU thread scheduling is utilized in an encrypted file system ParallelFS, CPU utilization rate of each thread is measured by measuring the time of execution of the thread on a kernel, when a request () request is received by file system management, a multimedia file is divided into a plurality of file blocks, and then the file blocks are pushed to a task manager; a thread pool is built in the parallel file encryption system daemon ParallelFS Deamon, the threads Chi La take tasks, and encryption and decryption operations are executed on each thread task through identity authentication, key management and OpenSSL. When encryption and decryption are executed, threads with different sizes are scheduled to cores with different utilization rates to be processed, namely, parallel encryption tasks of all threads running on a CPU core.
The thread scheduling in the parallel file system is a full fair scheduler CFS based on Linux, and periodically and dynamically measures the CPU utilization rate of the running thread so as to distribute less encryption and decryption processing tasks to cores with heavier loads, and schedule larger tasks to the cores with less data processing or in an idle state, so that the effect of load balancing is achieved as much as possible, and the efficiency of the encryption and decryption tasks is improved.
Parallel encryption based on a multi-core processor may be implemented using two different methods, the first method may be performed using a fork method by creating a plurality of sub-processes, each having a different process ID and a separate memory space in a virtual memory having a different address space, which are executed independently of each other; the second approach may use the threading approach by creating multiple threads that belong to a single parent process and share the same address space and parameters through global variables.
By experimental comparison, the second method is used in the present invention.
In experiments, parallel read-write time performance of multimedia files was measured by using a fork-based method and a threading-based parallel method. As shown in fig. 5 (a), in the fork-based method, a multi-process fork (): the method comprises the steps of performing parallel encryption on a plurality of file sub-blocks sb1, sb2 and sb3. As shown in fig. 5 (b), in the threading-based method: and (3) using a single process of a plurality of threads, wherein the plurality of file sub-blocks sb1, sb2 and sb3 are encrypted in parallel by using the thread 1, the thread 2 and the thread 3. In this experiment, using the first method, a state of three process pools was created, the first process pool having a process containing four threads, each thread handling data segments of the same size, each thread being controlled independently of the other in the process; two processes are arranged in the second process pool, and each process is provided with two threads; the third process pool has four processes, each with a thread. Using the second method, a pool of four related threads is created, sharing the same resources through global variables. As shown in fig. 6, comparing the time taken to write and read image files in the encrypted file system ParallelFS using the two processing method scenarios, it can be seen that the second method exhibits optimal performance, 14.8% for file read operations and 11% for write operations. Since the inter-communication overhead, the creation of virtual memory, and the associated management overhead between the plurality of processes is greater than the inter-communication overhead, the creation of virtual memory, and the associated management overhead between the plurality of threads, the context switch between threads in the second method appears to occur faster than the context switch between the plurality of processes in the first method.
Consider that an encrypted file system designed should have a higher level of security against malicious attacks and meet security requirements. Storage security is a long felt need because of the long time it takes for an attacker to analyze and break the security system; this is different from short transmissions, where security is required during data transmission. In the encrypted file system ParallelFS, legitimate user authentication is protected.
As shown in FIG. 7, the keys are managed by dynamic key management of the encrypted File System ParallelFS, during which authentication of the user is enforced, which is particularly important in this process because the reference File Library FUSE Library allows developers to handle file system operations (e.g., opening files, reading and writing files, creating directories, etc.) by defining callback functions and forwarding these operations to applications in the user space for processing as the virtual File System VFS interacts with the user.
When a user initiates a read request for an encrypted multimedia file, each user must first perform forced identity verification and then perform decryption and reading on the encrypted multimedia file, a system administrator configures an identity verification policy to allow a non-privileged user to mount a file system and enter a secure mount session when installing a ParallelFS file system, each user has a unique login password for entering the secure mount session, and the encrypted file system ParallelFS must verify the authenticity of the user before each file system is mounted. Each user also has a login authentication key for the mounting of the file system, which is hashed from the Linux login password using Shake-128. In addition, each user has a public key PK and a private key PRK for encryption and decryption, respectively. The keys in key management must be invoked after authentication whenever a user sends a read request.
When a user wants to write a file, a corresponding encryption key is generated according to the login password of Linux and inserted into the header of the file, and the encrypted file is transferred into a Virtual File System (VFS) through a callback layer.
As shown in fig. 8, the step S30 of creating a thread to encrypt the multimedia file, each thread independently encrypts, and all threads encrypt in parallel, specifically includes the following steps:
step S31: randomly generating an encryption key K and a global file salt FSalt;
step S32: dividing a multimedia file into a plurality of file blocks Bi;
step S33: dividing a file block Bi into a plurality of file sub-blocks SBi, wherein each file sub-block SBi generates a corresponding block encryption counter CTRI, all the file sub-blocks SBi share the same encryption key K, and each file sub-block SBi is associated with a thread;
step S34: exclusive-or-operating the global file salt FSalt with each corresponding block encryption counter CTRi to create a unique initial vector IVi associated with each file sub-block SBi;
step S35: the parallel encryption is carried out on a plurality of file sub-blocks SBi, specifically: symmetrically encrypting all the file sub-blocks SBi by adopting a Blowfish algorithm to obtain a plurality of encrypted sub-blocks CSBi;
Step S36: combining all the encryption sub-blocks CSBi to obtain an encryption block CBi;
step S37: repeating the steps S33-S36 for all the file blocks Bi, and collecting all the generated encryption blocks CBi to obtain an encrypted multimedia file;
step S38: writing the encrypted multimedia file into a disk;
step S39: the encryption key K is asymmetrically encrypted by using an RSA-2048 algorithm, and the encrypted encryption key K is attached to the head of the multimedia file for storage.
As shown in fig. 9, the encrypted file system ParallelFS encrypts or decrypts the multimedia file each time the user sends a request and before writing/reading, randomly generates an encryption key K and a global file salt FSalt when the multimedia file is first stored in a directory under the encrypted file system ParallelFS mount, and generates an encrypted file version in this secure source directory without user intervention; the multimedia file is divided into a plurality of file blocks (B1, B2,..once, B n), each file block Bi being a maximum of 4KB, and then the file blocks Bi are split into a plurality of file sub-blocks (SB 1, SB2,..once, SBm), each file sub-block SBi being a maximum of 1KB; for each file sub-block SBi, a corresponding block encryption counter CTRi is generated, and the file sub-blocks SBi belonging to the same file block Bi share the same encryption key K, and at this time, the block encryption counter CTRi is xored with the file salt FSalt to generate an initial vector IVi unique to each sub-block. The initial vector IVi and the encryption key K encrypt the sub-block SBi of the file in parallel under the Blowfish algorithm; since one thread is responsible for processing the encryption of one file sub-block SBi without involving the other file sub-blocks SBi and all threads are executed in parallel, this creates the encryption sub-blocks (CSB 1, CSB2, …, CSBm) which are finally combined into the encryption block CBi, all the created encryption blocks (CB 1, CB2,..cbn) are collected after repeating this operation for all the file blocks BiSBi, and written to disk as the final encrypted multimedia file, the encryption key K is asymmetrically encrypted again using the RSA-2048 algorithm, the encrypted key is returned, and the encrypted encryption key K is appended to the header of the multimedia file for storage.
As shown in fig. 10, the step S30 of creating a thread to decrypt the multimedia file, wherein each thread independently decrypts, and all threads decrypt in parallel, specifically includes the following steps:
step S301: extracting an encryption key K and a global file salt FSalt from the encrypted multimedia file header, acquiring a private key PRK of a user, and decrypting the encryption key K and the global file salt FSalt by using an RSA-2048 algorithm and the private key PRK;
step S302: reconstructing all used initial vectors IVi, dividing each encryption block CSI into a plurality of encryption sub-blocks CSBi, and performing parallel decryption on the plurality of encryption sub-blocks CSBi by using a Blowfish algorithm;
step S303: steps S301 and S302 are repeated until all the encrypted blocks CBi are decrypted, and all the decrypted encrypted blocks CBi are combined to obtain the original plaintext of the multimedia file.
Firstly, the encryption is carried out by using an RSA-2048 algorithm, meanwhile, the encryption key K and the FSalt are extracted from the head of the encrypted multimedia file, the private key of a user is used for decrypting the encryption key K and the FSalt, then the file salt FSalt and the encryption counter CTri are exclusive-or to obtain a unique initial vector IVi of the file sub-block SBi, a plurality of file sub-blocks CSBi can be obtained by processing one file sub-block SBi by one thread, and then the file sub-block CSBi, the encryption key K and the unique initial vector IV i are decrypted by using a Blowfish algorithm. These operations are repeated to reconstruct all the used initial vectors IVi until all the encrypted blocks CBi have been decrypted, thus breaking the original plaintext of the multimedia file.
The step S35: the parallel encryption is carried out on a plurality of file sub-blocks SBi, specifically: the method for symmetrically encrypting all the file sub-blocks SBi by adopting a Blowfish algorithm to obtain a plurality of encrypted sub-blocks CSBi specifically comprises the following steps:
step S351: generating a subkey by using a key expansion algorithm, and taking the initial vector IVi as a starting point of encryption operation;
step S352: initial replacement, namely rearranging the file sub-blocks CSBi by using an initial replacement function;
step S353: and processing the file sub-block CSBi by using the sub-key through a round function to obtain the encrypted file sub-block CSBi.
The step S353 processes the file sub-block CSBi by using the sub-key through a round function, specifically:
performing exclusive-or operation, replacement operation and exchange operation on the file sub-block CSBi by using the sub-key through the round function;
repeating the steps, wherein the output of each round function is used as the input of the next round function, and the repetition times are the number of rounds customized in the encryption algorithm; in the last iteration, the permutation operation and the exchange operation are not performed, and only the exclusive-or operation is performed.
The Blowfish algorithm is a symmetric key encryption algorithm that uses a fixed length key to encrypt and decrypt data. Generating a series of subkeys by a key expansion algorithm, wherein the Blowfish uses the subkeys to perform encryption and decryption operations; then dividing the data to be encrypted into file blocks Bi with fixed sizes, and dividing the data into 4KB blocks by using a Blowfish algorithm for processing; then selecting an initial vector IVi as a starting point of encryption operation, wherein the initial vector IVi is a random number with a fixed length and is used for an encryption algorithm together with a key length of 128 bits; for each file block Bi, the Blowfish algorithm uses a series of round functions to perform encryption operations, each round function containing a series of subkeys, as well as some basic logical operations and permutation operations; firstly, rearranging file blocks Bi through an initial replacement function to increase the randomness of encryption; next, the file block Bi is processed through a series of round functions, each round function using subkeys to perform some basic logical operations, such as exclusive or, permutation, substitution, etc.; the previous operation is repeated, the number of repetitions depending on the number of rounds defined in the encryption algorithm, the input of each round function being the output of the last round function, and in the last round, no permutation operation and no exchange operation are performed, and only an exclusive or operation is performed.
After the round of function processing, the encrypted file block CSBi, namely the ciphertext is obtained.
The step S39 uses the RSA-2048 algorithm to asymmetrically encrypt the encryption key K, and attaches the encrypted encryption key K to the header of the multimedia file for storage, and specifically includes:
generating a pair of RSA-2048 keys, including a private key and a public key;
dividing the encryption key K into a plurality of data blocks;
obtaining a public key PK of a user, and encrypting a plurality of data blocks by using the public key PK, wherein the method comprises the following steps:
data block conversion: converting each data block into an integer value, wherein the integer value is smaller than the modulus of the public key;
encryption operation: for each data block, encrypting the data block into a ciphertext data block by using exponent operation and modulo operation in a public key of an RSA-2048 algorithm;
ciphertext combining: and combining the encrypted ciphertext data blocks into a final ciphertext.
In the Blowfish algorithm, the same information is encrypted and decrypted, and the selected key keys can cause different ciphertext. Thus, the key of the Blowfish algorithm is the choice of key and confidentiality. Because the Blowfish algorithm adopts a variable-length key, the method brings great convenience to users and has hidden danger. The key is selected and kept secret, but in practical application, a few weak keys are often used for encrypting information resources, so that a great potential safety hazard exists. Therefore, after the Blowfish symmetric encryption is performed on the file body, the encryption key k needs to be asymmetrically encrypted by adopting an RSA-2048 algorithm.
First, a pair of secret keys of RSA-2048 is generated, comprising a private key and a public key, wherein the public key is used for encryption and signature operation, and the private key is used for decryption and verification of signature operation; then, the encryption key k to be encrypted is divided into a plurality of data blocks of appropriate size, each block being regarded as an integer, and for each data block, an encryption operation is performed using the public key PK of the user; converting each data block into an integer, ensuring that the value of the integer is smaller than the modulus of the public key PK, encrypting the data block into ciphertext data by using exponent operation and modulo operation in the public key of RSA-2048 algorithm for each data block to obtain the public key PK of a user, and encrypting a plurality of data blocks by using the public key PK, wherein the method comprises the following steps:
data block conversion: converting each data block into an integer value, wherein the integer value is smaller than the modulus of the public key;
encryption operation: for each data block, encrypting the data block into a ciphertext data block by using exponent operation and modulo operation in a public key of an RSA-2048 algorithm;
ciphertext combining: and combining the encrypted ciphertext data blocks into a final ciphertext.
In the Blowfish algorithm, the same information is encrypted and decrypted, and the selected key keys can cause different ciphertext. Thus, the key of the Blowfish algorithm is the choice of key and confidentiality. Because the Blowfish algorithm adopts a variable-length key, the method brings great convenience to users and has hidden danger. The key is selected and kept secret, but in practical application, a few weak keys are often used for encrypting information resources, so that a great potential safety hazard exists. Therefore, after the Blowfish symmetric encryption is performed on the file body, the encryption key k needs to be asymmetrically encrypted by adopting an RSA-2048 algorithm.
First, a pair of secret keys of RSA-2048 is generated, comprising a private key and a public key, wherein the public key is used for encryption and signature operation, and the private key is used for decryption and verification of signature operation; then, the encryption key k to be encrypted is divided into a plurality of data blocks of appropriate size, each block being regarded as an integer, and for each data block, an encryption operation is performed using the public key PK of the user; each data block is converted into an integer, the value of which is ensured to be smaller than the modulus of the public key PK, and for each data block, the exponent operation and the modulus operation in the public key of the RSA-2048 algorithm are used for encrypting the data block into a ciphertext data block, and the encrypted ciphertext data blocks are combined into a final ciphertext.
The RSA-2048 encryption algorithm can also be used for digital signature to carry out identity card authentication, and the security of the encryption algorithm is based on the assumption of difficulty in large number decomposition, and is widely used in the fields of data encryption, digital signature, key exchange and the like.
Example 2:
the embodiment of the invention also provides a multi-core parallel-based multimedia file hybrid encryption and decryption system, which comprises:
the method comprises the steps of a virtual file system VFS, a FUSE kernel driver, a reference file system Library and an encrypted file system ParallelFS, wherein the FUSE kernel driver provides a communication interface for the FUSE virtual file system VFS, the FUSE kernel driver and the reference file system Library;
Based on the communication interface, the virtual file system VFS, the FUSE kernel driver, the reference file system Library, and the encrypted file system ParallelFS are used to perform the method as described above.
Evaluation of the encrypted file system ParallelFS performance is discussed in terms of read and write operations for multimedia files. The purpose is to evaluate the impact of parallel processing on cryptographic performance and to evaluate the complexity of the parallel file system required to improve response time. In experiments, the performance of the encrypted file system ParallelFS using cryptographic operations of different file sizes in reading and writing multimedia files was first evaluated. Then, comparing the execution time with normal read-write operation with the same file size on a standard ext4 file system; next, the performance of the parallel file system and the encrypted file system that performs the sequential encryption processing are compared.
As shown in fig. 11, the time spent in normal read-write process for both of the case of using the encrypted file system ParallelFS encryption service in the Linux system and the case of using the FUSE system-based ext4 system encryption and decryption in the Linux system is compared. Experiments were started by writing and reading a 5MB file and periodically repeating the test, increasing the file size gradually to 50MB. In addition, the file cache for each test is refreshed; thus, the elapsed time of all read and write operations is recorded, the blocks can be seen, and the encrypted ciphertext data blocks are combined into the final ciphertext.
The RSA-2048 encryption algorithm can also be used for digital signature to carry out identity card authentication, and the security of the encryption algorithm is based on the assumption of difficulty in large number decomposition, and is widely used in the fields of data encryption, digital signature, key exchange and the like.
Example 2:
the embodiment of the invention also provides a multi-core parallel-based multimedia file hybrid encryption and decryption system, which comprises:
the method comprises the steps of a virtual file system VFS, a FUSE kernel driver, a reference file system Library and an encrypted file system ParallelFS, wherein the FUSE kernel driver provides a communication interface for the FUSE virtual file system VFS, the FUSE kernel driver and the reference file system Library;
based on the communication interface, the virtual file system VFS, the FUSE kernel driver, the reference file system Library, and the encrypted file system ParallelFS are used to perform the method as described above.
Evaluation of the encrypted file system ParallelFS performance is discussed in terms of read and write operations for multimedia files. The purpose is to evaluate the impact of parallel processing on cryptographic performance and to evaluate the complexity of the parallel file system required to improve response time. In experiments, the performance of the encrypted file system ParallelFS using cryptographic operations of different file sizes in reading and writing multimedia files was first evaluated. Then, comparing the execution time with normal read-write operation with the same file size on a standard ext4 file system; next, the performance of the parallel file system and the encrypted file system that performs the sequential encryption processing are compared.
As shown in fig. 11, the time spent in normal read-write process for both of the case of using the encrypted file system ParallelFS encryption service in the Linux system and the case of using the FUSE system-based ext4 system encryption and decryption in the Linux system is compared. Experiments were started by writing and reading a 5MB file and periodically repeating the test, increasing the file size gradually to 50MB. In addition, the file cache for each test is refreshed; thus, the elapsed time of all read and write operations is recorded, and it can be seen that the read and write performance is significantly better than using the ext4 system based on the FUSE system in the case of using the encrypted file system ParallelFS encryption service.
As shown in fig. 12, the total time measured for writing and reading multimedia files using the encrypted file system ParallelFS and ext4 systems is compared. The average throughput of the encrypted file system ParallelFS with encryption protection when reading and writing files reaches 19.2MB/s and 37.1MB/s respectively. In contrast, the average throughput of normal processes using standard ext4 system to read and write files of the same size is 123.2MB/s and 155.1 MB/s, respectively. In addition, the execution time required for performing the read-write operation of the multimedia file in the parallel file system is also calculated. These times include the time of the actual encryption and decryption operations, as well as the time of other required file system processes executing at the kernel and user level, the associated read/write times of other executed processes including the time taken to find a write/read block of file data, the I/O time taken to write/read a block of data to a local buffer to perform an encryption/decryption task, the workload time taken to encrypt or decrypt a symmetric key, and the time taken to save or extract a key from a file header. The actual encryption process accounts for about 70% of the actual write time on the encrypted file system ParallelFS when calculating the time taken for the main execution process. Other relevant writing processes on the encrypted file system ParallelFS require 30% of the actual writing time, as follows: the I/O write process is 21.7%, the write seek process is 7.4%, and the load public key and save header processes are slightly less than 1%. In addition, the actual decryption process on the encrypted file system ParallelFS requires an average of 75% of the actual read time, and other related read processes account for 25% of the actual read time, divided as follows: the I/O read process is 21.6%, the read seek process is 2.5%, and the time to load the user private key and parse the header is slightly less than 1%.
EncFS and ImgFS are FUSE-based file encryption systems. Wherein EncFS uses powerful encryption algorithms to protect the confidentiality of data, including AES and Blowfish, in sequential processing mode. The encryption key is provided by the user and is stored in memory at run-time to perform real-time encryption and decryption operations on the file. But at the same time, the method has a plurality of defects, such as high read-write expense when processing large files in terms of performance, the security of the EncFS depends on the strength and custody of encryption keys provided by users, and if the keys are leaked or weak passwords are used, the danger of cracking or unauthorized access of data is likely to be caused. In contrast, the encryption file system ParallelFS in the invention adopts the encryption mode of parallel processing, has higher efficiency and safety, can effectively resist attack and is convenient for users to use.
As shown in fig. 13 and 14, the encrypted user space file system using the encryption operation was tested using the FUSE-based file encryption systems ImgFS and EncFS, and the multimedia file write response time of the encrypted file system ParallelFS was improved by 33.3% and 41.2% compared to ImgFS and EncFS, respectively, and the read efficiency was improved by 26.4% and 17.6% compared to ImgFS and EncFS, respectively, when the average performance was calculated. The test result shows that the encrypted file system ParallelFS has high security, can effectively resist attack, and is superior to an ImgFS encryption system and an EncFS encryption system in the aspects of security and read-write operation.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element. The terms first, second, etc. are used to denote a name, but not any particular order. The foregoing has been described schematically the invention and embodiments thereof, which are not limiting, but are capable of other specific forms of implementing the invention without departing from its spirit or essential characteristics. The drawings are also intended to depict only one embodiment of the invention, and therefore the actual construction is not intended to limit the claims, any reference number in the claims not being intended to limit the claims. Therefore, if one of ordinary skill in the art is informed by this disclosure, a structural manner and an embodiment similar to the technical scheme are not creatively designed without departing from the gist of the present invention, and all the structural manners and the embodiment are considered to be within the protection scope of the present patent.

Claims (8)

1. The multi-core parallel-based multimedia file mixed encryption and decryption method is characterized by comprising the following steps of:
the virtual file system VFS mounted on the Linux operating system forwards the system call for calling the multimedia file to the block device in the kernel driver;
when the reference file system Library FUSE Library monitors that the system call is in the FUSE kernel drive, a request is called from the block device/dev/FUSE, and an encryption file system ParallelFS is called to encrypt and decrypt the multimedia file;
and the encrypted file system ParallelFS responds to the call of the reference file system Library FUSE Library to acquire a public key PK and a private key PRK of a user, intercepts and captures the multimedia file written into the mounted catalog of the encrypted file system ParallelFS, randomly generates an encryption key k, and encrypts and decrypts the multimedia file by using a Blowfish algorithm, an RSA-2048 algorithm and a threading method.
2. The multi-core parallel-based multimedia file mixed encryption and decryption method according to claim 1, wherein the encryption and decryption method for the multimedia file based on the encrypted file system ParallelFS uses a Blowfish algorithm, an RSA-2048 algorithm and a threading method, and specifically comprises the following steps:
step S10: creating a task manager, and pushing the task into a task manager queue by using a fork method and an inter-process communication method;
Step S20: constructing a thread pool, wherein the thread pool comprises a plurality of threads belonging to a parent process, and the threads share the same address space and parameters through global variables;
step S30: the creation thread encrypts and decrypts the multimedia file, each thread independently encrypts and decrypts the multimedia file, and all threads are encrypted and decrypted in parallel.
3. The multi-core parallel-based multimedia file hybrid encryption and decryption method according to claim 2, wherein the step S30 of creating a thread encrypts the multimedia file, each thread independently encrypts the multimedia file, and the parallel encryption between all threads specifically comprises the following steps:
step S31: randomly generating an encryption key K and a global file salt FSalt;
step S32: dividing a multimedia file into a plurality of file blocks Bi;
step S33: dividing a file block Bi into a plurality of file sub-blocks SBi, wherein each file sub-block SBi generates a corresponding block encryption counter CTRI, all the file sub-blocks SBi share the same encryption key K, and each file sub-block SBi is associated with a thread;
step S34: exclusive-or-operating the global file salt FSalt with each corresponding block encryption counter CTRi to create a unique initial vector IVi associated with each file sub-block SBi;
Step S35: the parallel encryption is carried out on a plurality of file sub-blocks SBi, specifically: symmetrically encrypting all the file sub-blocks SBi by adopting a Blowfish algorithm to obtain a plurality of encrypted sub-blocks CSBi;
step S36: combining all the encryption sub-blocks CSBi to obtain an encryption block CBi;
step S37: repeating the steps S33-S36 for all the file blocks Bi, and collecting all the generated encryption blocks CBi to obtain an encrypted multimedia file;
step S38: writing the encrypted multimedia file into a disk;
step S39: the encryption key K is asymmetrically encrypted by using an RSA-2048 algorithm, and the encrypted encryption key K is attached to the head of the multimedia file for storage.
4. The multi-core parallel-based multimedia file hybrid encryption and decryption method according to claim 2, wherein the step S30 creates threads to decrypt the multimedia file, each thread independently decrypts, and all threads decrypt in parallel, and specifically comprises the following steps:
step S301: extracting an encryption key K and a global file salt FSalt from the encrypted multimedia file header, acquiring a private key PRK of a user, and decrypting the encryption key K and the global file salt FSalt by using an RSA-2048 algorithm and the private key PRK;
Step S302: reconstructing all used initial vectors IVi, dividing each encryption block CSI into a plurality of encryption sub-blocks CSBi, and performing parallel decryption on the plurality of encryption sub-blocks CSBi by using a Blowfish algorithm;
step S303: steps S301 and S302 are repeated until all the encrypted blocks CBi are decrypted, and all the decrypted encrypted blocks CBi are combined to obtain the original plaintext of the multimedia file.
5. The multi-core parallel-based multimedia file hybrid encryption and decryption method according to claim 3, wherein the step S35: the parallel encryption is carried out on a plurality of file sub-blocks SBi, specifically: the method comprises the steps of symmetrically encrypting all file sub-blocks SBi by adopting a Blowfish algorithm to obtain a plurality of encrypted sub-blocks CSBi, and specifically comprises the following steps:
step S351: generating a subkey by using a key expansion algorithm, and taking the initial vector IVi as a starting point of encryption operation;
step S352: initial replacement, namely rearranging the file sub-blocks CSBi by using an initial replacement function;
step S353: and processing the file sub-block CSBi by using the sub-key through a round function to obtain the encrypted file sub-block CSBi.
6. The multi-core parallel-based multimedia file hybrid encryption and decryption method according to claim 5, wherein the step S353 processes the file sub-block CSBi by using the sub-key through round functions, specifically:
Performing exclusive-or operation, replacement operation and exchange operation on the file sub-block CSBi by using the sub-key through the round function;
repeating the steps, wherein the output of each round function is used as the input of the next round function, and the repetition times are the number of rounds customized in the encryption algorithm; in the last iteration, the permutation operation and the exchange operation are not performed, and only the exclusive-or operation is performed.
7. The multi-core parallel-based multimedia file hybrid encryption and decryption method according to claim 3, wherein the step S39 uses RSA-2048 algorithm to asymmetrically encrypt the encryption key K, and attaches the encrypted encryption key K to the header of the multimedia file for storage, and specifically comprises the steps of:
generating a pair of RSA-2048 keys, including a private key and a public key;
dividing the encryption key K into a plurality of data blocks;
obtaining a public key PK of a user, and encrypting a plurality of data blocks by using the public key PK, wherein the method comprises the following steps:
data block conversion: converting each data block into an integer value, wherein the integer value is smaller than the modulus of the public key;
encryption operation: for each data block, encrypting the data block into a ciphertext data block by using exponent operation and modulo operation in a public key of an RSA-2048 algorithm;
Ciphertext combining: and combining the encrypted ciphertext data blocks into a final ciphertext.
8. The multi-core parallel-based multimedia file hybrid encryption and decryption system is characterized by comprising:
the method comprises the steps of a virtual file system VFS, a FUSE kernel driver, a reference file system Library and an encrypted file system ParallelFS, wherein the FUSE kernel driver provides a communication interface for the FUSE virtual file system VFS, the FUSE kernel driver and the reference file system Library;
based on the communication interface, the virtual file system VFS, the FUSE kernel driver, the reference file system Library and the encrypted file system ParallelFS are used to perform the method of any of claims 1 to 7.
CN202410084058.2A 2024-01-19 2024-01-19 Multi-core parallel-based multimedia file hybrid encryption and decryption method and system Active CN117610060B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410084058.2A CN117610060B (en) 2024-01-19 2024-01-19 Multi-core parallel-based multimedia file hybrid encryption and decryption method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410084058.2A CN117610060B (en) 2024-01-19 2024-01-19 Multi-core parallel-based multimedia file hybrid encryption and decryption method and system

Publications (2)

Publication Number Publication Date
CN117610060A true CN117610060A (en) 2024-02-27
CN117610060B CN117610060B (en) 2024-03-29

Family

ID=89956452

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410084058.2A Active CN117610060B (en) 2024-01-19 2024-01-19 Multi-core parallel-based multimedia file hybrid encryption and decryption method and system

Country Status (1)

Country Link
CN (1) CN117610060B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101834717A (en) * 2010-04-22 2010-09-15 哈尔滨理工大学 Parallel computing method capable of expanding precision Logistic chaotic sequence
US20110311042A1 (en) * 2008-10-23 2011-12-22 University Of Ulster Encryption method
CN102831359A (en) * 2012-07-02 2012-12-19 华南理工大学 Encryption file system of portable mobile storage device
CN105791853A (en) * 2016-03-04 2016-07-20 广东工业大学 Encrypted embedded video chaotic secret communication method after H.264 coding
CN105808977A (en) * 2014-12-30 2016-07-27 Tcl集团股份有限公司 Processing methods and apparatuses for file reading and writing operations
CN108462566A (en) * 2017-02-20 2018-08-28 沪江教育科技(上海)股份有限公司 A kind of multimedia file encryption method and system
CN109325355A (en) * 2018-01-11 2019-02-12 白令海 Mobile terminal data method for secure storing based on virtual disk
CN111901301A (en) * 2020-06-24 2020-11-06 乾讯信息技术(无锡)有限公司 Safety protection system and method based on network multimedia equipment data transmission
CN113094756A (en) * 2021-05-13 2021-07-09 统信软件技术有限公司 Data encryption method and computing device
CN113672960A (en) * 2021-08-26 2021-11-19 北京中安星云软件技术有限公司 Database transparent encryption and decryption implementation method and system based on user mode file system
CN114756509A (en) * 2022-05-19 2022-07-15 北京百度网讯科技有限公司 Operation method, system, device and storage medium of file system
CN115913560A (en) * 2022-09-08 2023-04-04 北京中宏立达科技发展有限公司 Confidential paper authorization and use system
CN116961958A (en) * 2022-08-19 2023-10-27 中移(杭州)信息技术有限公司 Data encryption method and device, electronic equipment and storage medium

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110311042A1 (en) * 2008-10-23 2011-12-22 University Of Ulster Encryption method
CN101834717A (en) * 2010-04-22 2010-09-15 哈尔滨理工大学 Parallel computing method capable of expanding precision Logistic chaotic sequence
CN102831359A (en) * 2012-07-02 2012-12-19 华南理工大学 Encryption file system of portable mobile storage device
CN105808977A (en) * 2014-12-30 2016-07-27 Tcl集团股份有限公司 Processing methods and apparatuses for file reading and writing operations
CN105791853A (en) * 2016-03-04 2016-07-20 广东工业大学 Encrypted embedded video chaotic secret communication method after H.264 coding
CN108462566A (en) * 2017-02-20 2018-08-28 沪江教育科技(上海)股份有限公司 A kind of multimedia file encryption method and system
CN109325355A (en) * 2018-01-11 2019-02-12 白令海 Mobile terminal data method for secure storing based on virtual disk
CN111901301A (en) * 2020-06-24 2020-11-06 乾讯信息技术(无锡)有限公司 Safety protection system and method based on network multimedia equipment data transmission
CN113094756A (en) * 2021-05-13 2021-07-09 统信软件技术有限公司 Data encryption method and computing device
CN113672960A (en) * 2021-08-26 2021-11-19 北京中安星云软件技术有限公司 Database transparent encryption and decryption implementation method and system based on user mode file system
CN114756509A (en) * 2022-05-19 2022-07-15 北京百度网讯科技有限公司 Operation method, system, device and storage medium of file system
CN116961958A (en) * 2022-08-19 2023-10-27 中移(杭州)信息技术有限公司 Data encryption method and device, electronic equipment and storage medium
CN115913560A (en) * 2022-09-08 2023-04-04 北京中宏立达科技发展有限公司 Confidential paper authorization and use system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
胡辉辉 等: "基于整数混沌和DNA编码的并行图像加密算法", 计算机工程与设计, vol. 39, no. 08, 16 August 2018 (2018-08-16), pages 2401 - 2406 *

Also Published As

Publication number Publication date
CN117610060B (en) 2024-03-29

Similar Documents

Publication Publication Date Title
Garmany et al. PRIME: private RSA infrastructure for memory-less encryption
US9215067B2 (en) Achieving storage efficiency in presence of end-to-end encryption using downstream decrypters
Xia et al. TinMan: Eliminating confidential mobile data exposure with security oriented offloading
Varalakshmi et al. Integrity checking for cloud environment using encryption algorithm
Bossi et al. What users should know about full disk encryption based on LUKS
Che Fauzi et al. On cloud computing security issues
Kumaresan et al. Time-variant attribute-based multitype encryption algorithm for improved cloud data security using user profile
Zibouh et al. Cloud computing security through parallelizing fully homomorphic encryption applied to multi-cloud approach
Dowdeswell et al. The CryptoGraphic Disk Driver.
Shah et al. Data-at-rest security for spark
McGregor et al. Protecting cryptographic keys and computations via virtual secure coprocessing
Hu Study of file encryption and decryption system using security key
CN117610060B (en) Multi-core parallel-based multimedia file hybrid encryption and decryption method and system
da Rocha et al. Secure cloud storage with client-side encryption using a trusted execution environment
Cunsolo et al. Achieving information security in network computing systems
Priya et al. Design and implementation of an algorithm to enhance cloud security
CN113158210A (en) Database encryption method and device
Sharma Transcrypt: Design of a secure and transparent encrypting file system
Shrivastava et al. Hybrid Confidentiality Framework for Secured Cloud Computing
Karnakanti Reduction of spatial overhead in decentralized cloud storage using IDA
Vliegen et al. Hardware strengthening a distributed logging scheme
Kayem et al. Efficient enforcement of dynamic cryptographic access control policies for outsourced data
Soliman Big Data SAVE: Secure Anonymous Vault Environment
Li The Application of Encryption Algorithm in Information Security Reflected
Jianzhong et al. Research and implement of an encrypted file system used to nas

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant