CN102624708A - Efficient data encryption, updating and access control method for cloud storage - Google Patents

Efficient data encryption, updating and access control method for cloud storage Download PDF

Info

Publication number
CN102624708A
CN102624708A CN2012100425924A CN201210042592A CN102624708A CN 102624708 A CN102624708 A CN 102624708A CN 2012100425924 A CN2012100425924 A CN 2012100425924A CN 201210042592 A CN201210042592 A CN 201210042592A CN 102624708 A CN102624708 A CN 102624708A
Authority
CN
China
Prior art keywords
data
plaintext block
block
plaintext
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012100425924A
Other languages
Chinese (zh)
Inventor
蒋晓宁
余斌霄
刘君强
甘志刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN2012100425924A priority Critical patent/CN102624708A/en
Publication of CN102624708A publication Critical patent/CN102624708A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses an efficient data encryption, updating and access control method for cloud storage, which belongs to the technical field of network information safety and computer software. The method can realize quick block encryption replacement for plaintext data, so that data confidentiality is guaranteed while abuse of user data by a cloud server can be prevented. The method can realize efficient updating for ciphertext data without re-encrypting and uploading a whole data file, so that system transmission and storage efficiency is improved. The method can realize dual permission control for the data file, ciphertext access rights are formulated by data owners but executed by the cloud server, and secret key materials for decrypting ciphertexts are controlled by the data owners, so that data file control is enhanced, and permission revocation can be flexibly realized. Encryption of the plaintext data and processing of the ciphertext data can be realized by the method at low cost, duel replacement for the plaintext data enables a data applicant to obtain completely different ciphertext results in each time of application and prevents the cloud server from abusing the user data, accordingly data confidentiality is further enhanced, and the method has bright application prospect in data cloud storage.

Description

A kind of efficient data encryption, renewal and access control method towards the cloud storage
Technical field
The present invention relates to a kind of efficient data encryption, renewal and access control method, can be used for the encrypt data that is stored on the Cloud Server is directly upgraded and access control, belong to the network information security and computer software technical field towards the cloud storage.
Background technology
Along with the arriving of information age, how to realize that the safe storage of mass data becomes a major issue that needs to be resolved hurrily.The appearing as to address this problem of cloud memory technology provides good opportunity; Adopt the cloud storage can reduce the carrying cost of enterprise; Evade security risks such as loss of data and damage; Improve data management efficiency and utilance, thereby be considered to the next important growth point of areas of information technology, have huge market prospects.But because the long-range strange land storage of data has also caused relating to comparatively thorny safety problems such as confidentiality, enciphered data renewal and control of authority.
The cloud stores service is generally provided by the incredible third party service provider; Therefore how to prevent service provider's leakage user privacy information; Perhaps user data is carried out statistical analysis and excavate, thereby the confidentiality that ensures data just becomes the matter of utmost importance that the cloud user is paid close attention to.A kind of comparatively simple solution is all data to be carried out routine encrypt the back storage, but will make troubles to the modification and the search operaqtion of data like this, therefore less being used.Concentrated message current control (DIFC) and difference secret protection technology can be used for preventing the privacy information leakage of cloud computing process, also support removing automatically of result of calculation close simultaneously.The privacy management instrument that is the basis with the users to trust model also helps the sensitive information of user's control store on Cloud Server, but is mainly used in storage and operational phase.Do not find storage and data ciphering method that can take into account confidentiality, efficient and operability so far as yet towards cloud.
How to carry out associative operation be the another one problem that the cloud stores service faces to being stored in enciphered data on the Cloud Server.On the one hand, consider and to trust third party's Cloud Server that in order to guarantee data confidentiality, the general requirement encrypted storage to data; But then, also operation brings big difficulty to the ciphertext file layout to related data.If upload storage after directly amended clear data being encrypted again, but corresponding clear data change is very little again, can bring bigger time and bandwidth lose so undoubtedly, and then reduce system effectiveness.The research of at present ciphertext being handled mainly concentrates in the design of privacy homomorphism AES.Early stage homomorphism algorithm is proved to be fail safe and has defective, so correlative study once had been absorbed in pause.People such as recent IBM researcher Gentry utilize mathematic(al) object structure privacy homomorphism (privacy homomorphism) algorithm of " ideal lattice (ideal lattice) ", make people can operate the data of encrypted state fully.Though correlative study has obtained certain breakthrough in theory, and obtain researcher's concern again, still have big distance with the practicability stage.
Distrust to third party's Cloud Server has also caused the access control problem to the storage data.Owing to can't trust cloud stores service merchant and carry out user-defined access control policy, through non-traditional access control class means particularly the cryptological technique access control of implementing data object become the main flow research direction that addresses this problem.Present main achievement in research comprises based on generation of level key and allocation strategy to be implemented the method for access control, embeds the method for access control tree etc. based on the AES of attribute, based on the method for acting on behalf of re-encryption and in user key or ciphertext.A subject matter of these class methods is can't solve authority to cancel, therefore need be to authorizing the additional period constraint or introducing third party's trust authority and realize empowerment management, and it is to be solved still to exist more problem to have at present.
In sum; The long-range long-distance storage mode of clear data requires data ciphering method to take into account confidentiality and operability simultaneously in the cloud stores service; Distrust to third party's stores service merchant also makes encrypt data renewal and data access control face than big difficulty, so the high efficiency method that needs proposition to address the above problem.
Summary of the invention
In order to address the above problem; The present invention has designed " a kind of efficient data encryption, renewal and access control method towards the cloud storage "; Can realize that efficient encryption, ciphertext to data upgraded and target such as access control with less relatively cost, specifically comprise three technology: the block encryption replacement technique of clear data, the direct renewal technology of encrypt data and the access control technology of high in the clouds data.
For realizing one of target of the present invention, the technical scheme of employing is summarized as follows:
A kind of deblocking towards the cloud storage is encrypted replacement technique; The main target of this AES is the block of plaintext data of regular length to be carried out fast encrypt handle; Make any encryption of blocks of data result except that first data block depend on random key and previous data block simultaneously, obscure the ordinal relation of each encrypted data chunk again through the random permutation operation.Its step comprises:
1) the clear data M Plaintext block M that to be split into N length be the L byte 1, M 2..., M N, if M NNot enough L byte then is filled to the L byte.
2) generating length is the binary system pseudo-random bits string K of L byte eAs initial plain text encryption key, calculate each Plaintext block corresponding ciphertext piece subsequently:
Figure BSA00000674231500021
Figure BSA00000674231500022
I=2,3 ..., N.Wherein
Figure BSA00000674231500023
is binary system xor operation by turn; H (m) is safe hash function; (k is the AES of L byte for output length m) to E.
3) structure random permutation P C, former ciphertext blocks sequence C under this random permutation effect 1, C 2, C 3..., C NChange into new ciphertext blocks sequence C ' 1, C ' 2, C ' 3..., C ' N
4) construct the access control list ACL of this data file, sent to Cloud Server through data owner's private key signature back successively together with new ciphertext blocks sequence and store, server stores success back is fed back a unique data file to the data owner and is identified ID.
The key point of one of content of the present invention is that clear data is carried out dividing processing; Each Plaintext block is encrypted separately rather than to clear data bulk encryption; This divide-and-conquer strategy has been eliminated correlation and the dependence between each Plaintext block in the conventional cryptography method, makes that under the situation of not changing other ciphertext blocks, revising certain ciphertext blocks becomes possibility.The fail safe of enciphered data on insincere cloud storage server then further protected in the introducing of random permutation operation.
For realizing two of target of the present invention, the technical scheme of employing is summarized as follows:
A kind of encrypt data renewal technology towards cloud storage, this method allow when expressly changing, directly corresponding ciphertext to be made amendment, rather than encrypt whole clear data again and upload.Based on the different situations to expressly operating, the ciphertext update mode can be divided into three kinds of situation: Plaintext block is inserted, Plaintext block is revised and the Plaintext block deletion.Its step comprises:
A. insert new Plaintext block M ' i position 1:
1) if i=1 is then new New
Figure BSA00000674231500025
The C that all the other are new 1Be original C J-1, j=3,4 ..., N+1 sends new C to server 1, C 2, upgrade random permutation P simultaneously C=[L 1, L 2, L 3..., L N] be [L N+1, L 1, L 2, L 3..., L N];
2) if i=N+1 is then new
Figure BSA00000674231500026
The C that all the other are new jBe original C j, j=1,2 ..., N sends new C to server N+1, upgrade random permutation P simultaneously C=[L 1, L 2, L 3..., L N] be [L 1, L 2, L 3..., L N, L N+1];
3) except that above-mentioned two kinds of situation, new
Figure BSA00000674231500027
New The C that all the other are new jOr be original C j(j<i) or be original C J-1(j>i+1), send new C to server i, C I+1, upgrade random permutation P simultaneously C=[L 1, L 2..., L I-1, L 1, L I+1... L N] be [L 1, L 2..., L I-1, L N+1, L 1, L I+1... L N].
B. revise the Plaintext block M of i position 1Be M ' 1
1) if i=1 is then new
Figure BSA00000674231500031
New
Figure BSA00000674231500032
The C that all the other are new jBe original C j, j=3,4 ..., N sends new C to server 1, C 2
2) if i=N is then new
Figure BSA00000674231500033
The C that all the other are new jBe original C j, j=1,2 ..., N-1 sends new C to server N
3) except that above-mentioned two kinds of situation, new New
Figure BSA00000674231500035
The C that all the other are new jOr be original C j, j=1,2 ..., N, j ≠ i and j ≠ i+1 simultaneously; Send new C to server i, C I+1Random permutation P when revising Plaintext block CRemain unchanged.
C. delete the Plaintext block M of i position i:
1) if i=1 is then new
Figure BSA00000674231500036
New
Figure BSA00000674231500037
The C that all the other are new jBe original C J+1, j=3,4 ..., N-1, command server deletion original C 1, and with original C 2, C 3Replace with the C of new transmission 1, C 2, upgrade random permutation P simultaneously C=[L 1, L 2, L 3..., L N] be [L 2, L 3..., L N];
2) as if i=N, command server deletion original C N, the C that all the other are new jBe original C j, j=1,2 ..., N-1 upgrades random permutation P simultaneously C=[L 1, L 2...., L N-1, L N] be [L 2, L 3..., L N-1];
3) except that above-mentioned two kinds of situation, new The C that all the other are new jOr be original C j(j<i) or be original C J+1(j>i), command server deletion original C i, and with original C I+1Replace with the C of new transmission i, upgrade random permutation P simultaneously C=[L 1, L 2..., L I-1, L i, L I+1... L N] be [L 1, L 2..., L I-1, L I+1... L N].
Two key point of content of the present invention is to regard the pairing ciphertext blocks of each Plaintext block as relatively independent individuality; The corresponding ciphertext result of variations is restricted when the Plaintext block part changes like this; Coverage can not surpass two continuous ciphertext blocks, thereby conveniently directly the encrypt data of being stored is upgraded.Because the existence of random permutation operation, server also has no way of learning the concrete plaintext position that changes.
For realizing three of target of the present invention, the technical scheme of employing is summarized as follows:
A kind of data access control technology towards the cloud storage; If other user applies are used this enciphered data; Then at first whether possess corresponding access rights by this user of server inspection; Issue the applicant after then enciphered data being handled once more, and the notification data owner in the person of asking provide data decryption needed material, finally by obtain clear data according to key material deciphering.Its step comprises:
1) user is to server application access encrypted data file, server comparison user identity and data file access list: as if the then refusing user's application and finish this process of no corresponding authority; Otherwise continuation following steps.
2) server generation length is the binary system pseudo-random bits string K of L byte s, for each the ciphertext blocks C ' that is stored iCalculate
Figure BSA00000674231500039
I=1,2 ..., N.
3) server constructs pseudo-random permutation P S, sequence C under this metathesis " 1, C " 2, C " 3..., C " NChange sequence C into " ' 1, C " ' 2, C " ' 3..., C " ' N, this new ciphertext blocks sequence is sent to user side successively subsequently and is stored.
4) the server key K of sending the ID of request for data, the data file ID that is applied for, generating at random to the data owner s, and pseudo-random permutation P S, above-mentioned data send to the data owner after through privacy key signature and with data owner's public key encryption.
5) data owner checks once more whether data applicant authority matees, if coupling is then calculated the ciphertext blocks sequence C " ' 1, C " ' 2, C " ' 3..., C " ' NWith respect to the ciphertext blocks sequence C 1, C 2, C 3..., C NFinal displacement P F=P -1C ⊙ P -1 S, wherein ⊙ representes the cascade operation of two displacements.
6) data owner is with key Final displacement P FThe signature and with sending to the data applicant behind the data applicant public key encryption.
The ciphering process of clear data is as shown in Figure 1.The clear data file at first is split into the Plaintext block of N regular length; The Hash Value of other Plaintext block of calculating except that last Plaintext block; Each Hash Value is all as in order to encrypting the encryption key of next Plaintext block, thereby obtains first Plaintext block and all the other N-1 ciphertext blocks.The result who through selected pseudo-random bits string a last step was obtained subsequently carries out binary bits XOR by turn, and obtains N ciphertext blocks through the random permutation operation, but is upset with the corresponding order between Plaintext block.These ciphertext blocks are sent to the Cloud Server storage, but pseudo-random bits string and replacement operator that data owner's need to be keep secret is adopted.
It is as shown in Figure 2 to insert the pairing ciphertext renewal process of Plaintext block in first position.This moment, clear data became N+1 Plaintext block by N Plaintext block, and new Plaintext block becomes first Plaintext block, and former i Plaintext block becomes i+1 Plaintext block.The binary bits xor operation obtains first new ciphertext blocks at first to use selected pseudo-random bits string to carry out by turn to new Plaintext block, uses the Hash Value of new Plaintext block and pseudo-random bits string that former first Plaintext block encryption is obtained second new ciphertext blocks.Upgrade replacement operator then, and through replacing first ciphertext blocks of updated stored and upgrading second ciphertext blocks.
In the end the position pairing ciphertext renewal process of insertion Plaintext block is as shown in Figure 3.This moment, clear data became N+1 Plaintext block by N Plaintext block, and new Plaintext block becomes last Plaintext block, and other Plaintext block tagmeme is constant.At first calculate the Hash Value of former last Plaintext block, use this Hash Value and pseudo-random bits string that last Plaintext block is encrypted and obtain last new ciphertext blocks.Upgrade replacement operator then, and through last ciphertext blocks of displacement updated stored.
Insert in the centre position Plaintext block as shown in Figure 4 to the ciphertext renewal process of preface.This moment, clear data became N+1 Plaintext block by N Plaintext block, and new Plaintext block becomes i Plaintext block, and i to N Plaintext block becomes i+1 to N+1 Plaintext block successively, and other Plaintext block tagmeme is constant.At first calculate the Hash Value of former i Plaintext block, use i+1 and i Hash Value and pseudo-random bits string respectively i and i+1 Plaintext block to be encrypted and obtain two new ciphertext blocks.Upgrade replacement operator then, and through replacing i ciphertext blocks of updated stored and upgrading i+1 ciphertext blocks.
It is as shown in Figure 5 to revise the pairing ciphertext renewal process of first position Plaintext block.The binary bits xor operation obtains first ciphertext blocks at first to use selected pseudo-random bits string to carry out by turn to first Plaintext block again, uses Hash Value and the pseudo-random bits string of first Plaintext block that second Plaintext block encrypted again and obtains second ciphertext blocks.Upgrade replacement operator then, and upgrade replacement through displacement and store first and second ciphertext blocks.
It is as shown in Figure 6 to revise the pairing ciphertext renewal process of other position Plaintext block.At first calculate the Hash Value of former i Plaintext block, use i-1 and i Hash Value and pseudo-random bits string respectively i and i+1 Plaintext block to be encrypted and obtain two new ciphertext blocks.Upgrade replacement operator then, and upgrade i of replacement storage and i+1 ciphertext blocks through replacing.
It is as shown in Figure 7 to delete the pairing ciphertext renewal process of first position Plaintext block.This moment, clear data became N-1 Plaintext block by N Plaintext block, and former second Plaintext block becomes first Plaintext block, and former i Plaintext block becomes i-1 Plaintext block.The binary bits xor operation obtains first ciphertext blocks at first to use selected pseudo-random bits string to carry out by turn to first Plaintext block, uses the Hash Value of first Plaintext block and pseudo-random bits string that former the 3rd Plaintext block encryption is obtained second ciphertext blocks.Upgrade replacement operator then, and upgrade former first ciphertext blocks of deletion and upgrade first new ciphertext blocks through displacement.
The pairing ciphertext renewal process of deletion centre position Plaintext block is as shown in Figure 8.This moment, clear data became N-1 Plaintext block by N Plaintext block, and former i+1 to a N Plaintext block becomes i to a N-1 Plaintext block, and i is the delete position, and other Plaintext block tagmeme is constant.At first use the Hash Value and the pseudo-random bits string of i-1 Plaintext block that former i+1 Plaintext block encryption is obtained i ciphertext blocks.Upgrade replacement operator then, and upgrade former i the ciphertext blocks of deletion and upgrade i new ciphertext blocks through displacement.
The decrypting process of encrypt data is as shown in Figure 9.As precondition, data applicant should obtain the data ciphertext through server, and obtains the key material (XOR that comprises two pseudo-random bits strings through the data owner
Figure BSA00000674231500041
With combination displacement P -1 Cο P -1 S).At first use combination to put
7) the data applicant is according to final displacement P FFind out the first cryptographic block C earlier " ' 1 ', utilize key
Figure BSA00000674231500051
Calculate expressly corresponding: M 1 = C ′ ′ ′ 1 ′ ⊕ K e ⊕ K s = C ′ ′ 1 ′ ⊕ K s ⊕ K e ⊕ K s = K e ⊕ M 1 ⊕ K s ⊕ K e ⊕ K s = M 1 , Calculate H (M simultaneously 1).
8) the data applicant is according to final displacement P FFind out i cryptographic block C earlier " ' I '(i=2,3 ..., N), utilize H (M I-1) and key
Figure BSA00000674231500054
Figure BSA00000674231500055
Calculate expressly corresponding: M i = D ( H ( M i - 1 ) , C ′ ′ ′ i ′ ⊕ K e ⊕ K s ) = D ( H ( M i - 1 ) , C ′ ′ 1 ′ ⊕ K s ⊕ K e ⊕ K s ) = D ( H ( M i - 1 ) , K e ⊕ E ( H ( M i - 1 ) , M i ) ⊕ K s ⊕ K e ⊕ K s ) = D ( H ( M i - 1 ) , E ( H ( M i - 1 ) , M i ) ) = M i , M = M 1 | | M 2 | | . . . . . . | | M N , Wherein D (k, c) for output length be the decipherment algorithm of L byte, || be the cascade operation of data block.
Three key point of content of the present invention is to have adopted dual XOR and replacement operator; Make the deciphering reliance server not only of data; More also depend on the data owner, thereby the latter grasps more initiative, can realize the flexible mandate except that ACL.This method has guaranteed that also each visit application to identical data always obtains the different encrypted feedback result, and its corresponding decruption key also is unique with the combination displacement.
Compare with existing result, the present invention has following characteristics:
1) the block encryption replacement technique is divided into data the Bit String of regular length; And then encrypt separately successively and displacement series; Thereby eliminated the spatial correlation of different pieces of information interblock, strengthened the confidentiality of data, also helped data are carried out local modification.
2) the ciphertext renewal technology can direct modification the pairing ciphertext blocks of plaintext of change, avoided encrypting again whole data file and be uploaded to the Cloud Server end, improved bandwidth usage and storage efficiency.
3) access control technology of Cloud Server end data has been strengthened the control ability of data owner for the high in the clouds data through double-encryption computing and twice replaced operation; Anyly finally all need obtain data owner's permission, also alleviate the risk of Cloud Server abuse user data simultaneously largely the visit of clear data.
4) access control of data is participated in by Cloud Server and data owner simultaneously; The ACL decision user that the former formulates according to the latter is to the access rights of ciphertext, and whether the latter then final decision user that obtained ciphertext finally obtains the corresponding plaintext data result.Because the key material volume of transmitted data is less relatively, this grading control pattern helps catching the efficiency of transmission of high system, and the control of authority mode is also more flexible.
Description of drawings
Fig. 1 clear data AES flow process
Fig. 2 inserts the ciphertext of Plaintext block and upgrades in first position
Fig. 3 is the ciphertext renewal that Plaintext block is inserted in the position in the end
Fig. 4 inserts the ciphertext of Plaintext block and upgrades in the centre position
Fig. 5 revises the ciphertext of first position Plaintext block and upgrades
Fig. 6 revises the ciphertext of other position Plaintext block and upgrades
Fig. 7 deletes the ciphertext of first position Plaintext block and upgrades
Fig. 8 deletes the ciphertext of centre position Plaintext block and upgrades
Fig. 9 encrypt data decipherment algorithm flow process
Embodiment
Below in conjunction with accompanying drawing the present invention is done further detailed explanation, but the scope that does not limit the present invention in any way.Change and obtain and N N the ciphertext blocks that the corresponding order of Plaintext block is consistent operating from the ciphertext of server acquisition; Use
Figure BSA00000674231500061
then and carry out by turn that the binary bits xor operation obtains first Plaintext block and N-1 subsequent ciphertext piece, use the Hash Value of previous Plaintext block that a back ciphertext blocks is just deciphered successively at last and can obtain complete clear data N ciphertext blocks.

Claims (6)

1. efficient data encryption, renewal and access control method towards a cloud storage, step comprises:
1) data owner carries out piecemeal, encryption and replacement Treatment to data, then ciphertext blocks is stored to Cloud Server;
2) data owner is according to the modification of the clear data relevant ciphertext blocks on the direct modification Cloud Server as a result;
3) data consumer then obtains corresponding ciphertext blocks to the visit of Cloud Server application to data if possess corresponding authority;
4) data consumer then obtains corresponding deciphering parameter to the deciphering of data owner's application to ciphertext if possess corresponding authority;
5) data consumer deciphers and replaces ciphertext with deciphering parameter, thereby obtains the original plaintext data.
2. the method for claim 1 is characterized in that, said step 1) may further comprise the steps the ciphering process of data:
1-1) the clear data file is divided into isometric block of plaintext data, last Plaintext block is done suitable filling as required.
1-2) except that first data block, as key current data block is carried out block encryption with the Hash Value of last data piece.
1-3) generate binary pseudo-random sequence, in order to carry out the binary system XOR with first Plaintext block and other ciphertext blocks.
1-4) setting data ACL. select replacement operator, each ciphertext blocks is sent to Cloud Server by random order store.
3. the method for claim 1 is characterized in that, said step 2) renewal of ciphertext is comprised following several kinds of situation:
Ciphertext update mode when 2-1) Plaintext block is inserted:
2-1-1) if the Plaintext block of inserting is positioned at first position of clear data;
2-1-1-1) with new Plaintext block as first Plaintext block, use the binary pseudo-random sequence that is generated that it is carried out the binary system XOR:
2-1-1-2) with former first Plaintext block as the second plaintext piece, with the Hash Value of new Plaintext block it is carried out block encryption;
2-1-1-3) use the binary pseudo-random sequence that generated that the block encryption result of second plaintext piece is carried out the binary system XOR;
2-1-1-4) upgrade former random permutation, upload two new ciphertext blocks and corresponding displacement position;
2-1-1-5) Cloud Server is replaced former first ciphertext blocks based on corresponding displacement position, and increases the storage of the first new ciphertext blocks.
2-1-2) if the Plaintext block of inserting is positioned at last position of clear data:
2-1-2-1) with former new Plaintext block as last Plaintext block, with the Hash Value of the civilian piece of former last usefulness it is carried out block encryption;
2-1-2-2) use the binary pseudo-random sequence that generated that the block encryption result of new Plaintext block is carried out the binary system XOR:
2-1-2-3) upgrade former random permutation, upload new ciphertext blocks and correspondence position;
2-1-2-4) Cloud Server increases the storage of new last ciphertext blocks according to corresponding displacement position replacement.
2-1-3) if the Plaintext block of inserting is positioned at the centre position of clear data:
2-1-3-1) with the current location Plaintext block as next Plaintext block, new Plaintext block is as the current location Plaintext block;
2-1-3-2) Hash Value with last Plaintext block carries out block encryption to current Plaintext block, and the Hash Value with current Plaintext block carries out block encryption to next Plaintext block again:
2-1-3-3) the block encryption result of current Plaintext block and next Plaintext block is carried out the binary system XOR with binary pseudo-random sequence;
2-1-3-4) upgrade former random permutation, upload two new ciphertext blocks and corresponding displacement position;
2-1-3-5) Cloud Server is replaced two ciphertext blocks based on corresponding displacement position.
Ciphertext update mode when 2-2) Plaintext block is revised:
If the Plaintext block that 2-2-1) is modified is first Plaintext block:
2-2-1-1) use the binary pseudo-random sequence that is generated to carry out the binary system XOR to revising Plaintext block;
2-2-1-2) second Plaintext block carried out block encryption, carry out the binary system XOR then with the Hash Value of revising Plaintext block;
2-2-1-3) upload new ciphertext blocks and corresponding displacement position;
2-2-1-4) Cloud Server is based on two original ciphertext blocks of corresponding displacement position replacement.
If the Plaintext block that 2-2-2) is modified is other position Plaintext block:
2-2-2-1) encrypt the modification Plaintext block, encrypt next Plaintext block with the Hash Value of revising Plaintext block with the Hash Value of last Plaintext block;
2-2-2-2) use the binary pseudo-random sequence that generated that the block encryption result of two Plaintext block is carried out the binary system XOR;
2-2-2-3) upload new ciphertext blocks and corresponding displacement position, Cloud Server is based on two new ciphertext blocks of corresponding displacement position replacement.
Ciphertext update mode when 2-3) Plaintext block is deleted;
If the Plaintext block of 2-3-1) being deleted is first Plaintext block:
2-3-1-1) first Plaintext block is updated to first Plaintext block, with binary pseudo-random sequence former second plaintext piece is carried out the binary system XOR;
2-3-1-2) upgrade former random permutation, upload first new ciphertext blocks and corresponding displacement position;
2-3-1-3) Cloud Server is deleted former first ciphertext blocks and is replaced former second ciphertext blocks according to corresponding displacement position.
If the Plaintext block of 2-3-2) being deleted is positioned at last position of clear data:
2-3-2-1) upgrade former random permutation, delete last ciphertext blocks and provide corresponding displacement position;
2-3-2-2) Cloud Server is based on the original last ciphertext blocks of corresponding displacement position deletion.
If the Plaintext block of 2-3-3) being deleted is other position Plaintext block:
2-3-3-1) with next Plaintext block of Hash Value block encryption of last Plaintext block;
2-3-3-2) use the binary pseudo-random sequence that generated that the block encryption result of next Plaintext block is carried out the binary system XOR;
2-3-3-3) upgrade former random permutation, upload next new ciphertext blocks, the current ciphertext blocks of deletion and provide corresponding displacement position;
2-3-3-4) Cloud Server is deleted current ciphertext blocks based on corresponding displacement position, and replaces next new ciphertext blocks.
4. the method for claim 1 is characterized in that, said step 3) may further comprise the steps the acquisition process of ciphertext:
3-1) applicant proposes data access request to Cloud Server, and whether server inspection applicant possesses the appointment access rights;
3-2) server generates binary pseudo-random sequence, in order to all ciphertext blocks are carried out the binary system XOR;
3-3) server is selected random permutation, once more ciphertext block data is sent to the applicant with random order.
5. the method for claim 1 is characterized in that, said step 4) may further comprise the steps the acquisition process of decrypted material:
4-1) server sends relevant informations such as applicant ID, used binary system random sequence and replacement operator to the data owner;
4-2) data owner checks applicant's access rights, to the applicant decruption key and final displacement is provided according to server feedback information.
6. the method for claim 1 is characterized in that, said step 5) may further comprise the steps the decrypting process of ciphertext:
5-1) the data applicant finds out first cryptographic block earlier according to final displacement, and it is expressly corresponding to utilize decruption key to calculate, and calculates Hash Value simultaneously.
5-2) the data applicant finds out each cryptographic block according to final displacement, utilizes the Hash Value of last Plaintext block and decruption key to calculate expressly corresponding.
CN2012100425924A 2012-02-23 2012-02-23 Efficient data encryption, updating and access control method for cloud storage Pending CN102624708A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012100425924A CN102624708A (en) 2012-02-23 2012-02-23 Efficient data encryption, updating and access control method for cloud storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012100425924A CN102624708A (en) 2012-02-23 2012-02-23 Efficient data encryption, updating and access control method for cloud storage

Publications (1)

Publication Number Publication Date
CN102624708A true CN102624708A (en) 2012-08-01

Family

ID=46564393

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012100425924A Pending CN102624708A (en) 2012-02-23 2012-02-23 Efficient data encryption, updating and access control method for cloud storage

Country Status (1)

Country Link
CN (1) CN102624708A (en)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103414690A (en) * 2013-07-15 2013-11-27 北京航空航天大学 Publicly-verifiable cloud data possession checking method
WO2014032538A1 (en) * 2012-08-31 2014-03-06 Tencent Technology (Shenzhen) Company Limited Cloud-based resource sharing method and system
CN104065651A (en) * 2014-06-09 2014-09-24 上海交通大学 Information flow dependability guarantee mechanism for cloud computation
CN104836656A (en) * 2015-05-08 2015-08-12 厦门大学 Method for storing and transmitting video file
CN104967518A (en) * 2015-07-31 2015-10-07 中国人民解放军71777部队 Method for improving information transmission security
CN104980273A (en) * 2014-04-04 2015-10-14 华为技术有限公司 Encryption method, encryption device, decryption method and decryption device
CN105100248A (en) * 2015-07-30 2015-11-25 国家电网公司 Cloud storage security realization method based on data encryption and access control
CN105612529A (en) * 2013-08-19 2016-05-25 汤姆逊许可公司 Method and apparatus for utility-aware privacy preserving mapping in view of collusion and composition
CN106453248A (en) * 2016-08-30 2017-02-22 孟玲 Home object information data management system
CN106576039A (en) * 2014-09-30 2017-04-19 Nec欧洲有限公司 Method and system for at least partially updating data encrypted with an all-or-nothing encryption scheme
CN106603549A (en) * 2016-12-28 2017-04-26 上海优刻得信息科技有限公司 Data exchange method and system based on cryptograph
CN106611128A (en) * 2016-07-19 2017-05-03 四川用联信息技术有限公司 Secondary encryption-based data validation and data recovery algorithm in cloud storage
CN106713508A (en) * 2017-02-24 2017-05-24 重庆第二师范学院 Data access method and system based on cloud server
CN106936763A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 Data encryption and the method and apparatus of decryption
CN107018132A (en) * 2017-03-29 2017-08-04 宁夏煜隆科技有限公司 Cloud platform encrypting and decrypting method and system based on open network environment
CN107070637A (en) * 2017-01-13 2017-08-18 广东技术师范学院天河学院 A kind of data encryption/decryption method of overlapping packet
CN107318045A (en) * 2016-04-27 2017-11-03 阿里巴巴集团控股有限公司 The method and device of playing video data stream
CN107659569A (en) * 2017-09-28 2018-02-02 韩洪慧 A kind of control method and its system that user profile is obtained based on online mandate
WO2018032374A1 (en) * 2016-08-13 2018-02-22 深圳市樊溪电子有限公司 Encrypted storage system for block chain and method using same
CN108028754A (en) * 2016-04-28 2018-05-11 华为技术有限公司 Encryption and decryption method and device
CN108777803A (en) * 2018-06-05 2018-11-09 四川师范大学 Broadcasting and TV cloud platform video stream processing method, device, equipment and medium
CN109495426A (en) * 2017-09-12 2019-03-19 腾讯科技(深圳)有限公司 A kind of data access method, device and electronic equipment
CN109586894A (en) * 2018-11-16 2019-04-05 重庆邮电大学 The encryption method of data in OPC UA edge calculations is realized based on pseudo-random permutation
CN109818923A (en) * 2018-12-18 2019-05-28 北京九州云腾科技有限公司 A kind of attribute base cloud service access control method based on attribute ciphertext re-encryption
CN113162763A (en) * 2021-04-20 2021-07-23 平安消费金融有限公司 Data encryption and storage method and device, electronic equipment and storage medium
CN115085983A (en) * 2022-06-02 2022-09-20 度小满科技(北京)有限公司 Data processing method and device, computer readable storage medium and electronic equipment
CN115883052A (en) * 2022-10-24 2023-03-31 鼎铉商用密码测评技术(深圳)有限公司 Data encryption method, data decryption method, device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030002665A1 (en) * 2000-11-06 2003-01-02 Yoichiro Sako Encrypting apparatus, encrypting method, decrypting apparatus, decrypting method, and storage medium
CN1852088A (en) * 2005-10-13 2006-10-25 华为技术有限公司 Enciphering-deciphering method for flow medium transmission code flow and module
CN101529798A (en) * 2006-10-23 2009-09-09 朗讯科技公司 Processing method for message integrity with tolerance for non-sequential arrival of message data
CN101977190A (en) * 2010-10-25 2011-02-16 北京中科联众科技有限公司 Digital content encryption transmission method and server side
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030002665A1 (en) * 2000-11-06 2003-01-02 Yoichiro Sako Encrypting apparatus, encrypting method, decrypting apparatus, decrypting method, and storage medium
CN1852088A (en) * 2005-10-13 2006-10-25 华为技术有限公司 Enciphering-deciphering method for flow medium transmission code flow and module
CN101529798A (en) * 2006-10-23 2009-09-09 朗讯科技公司 Processing method for message integrity with tolerance for non-sequential arrival of message data
CN101977190A (en) * 2010-10-25 2011-02-16 北京中科联众科技有限公司 Digital content encryption transmission method and server side
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
程涛 等: "抗物理攻击存储安全技术研究综述", 《计算机应用研究》, vol. 27, no. 5, 31 May 2010 (2010-05-31) *

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685140B (en) * 2012-08-31 2018-05-22 腾讯科技(深圳)有限公司 Resource share method and system based on cloud storage
WO2014032538A1 (en) * 2012-08-31 2014-03-06 Tencent Technology (Shenzhen) Company Limited Cloud-based resource sharing method and system
CN103685140A (en) * 2012-08-31 2014-03-26 腾讯科技(深圳)有限公司 Resource sharing method and system based on cloud storage
CN103414690A (en) * 2013-07-15 2013-11-27 北京航空航天大学 Publicly-verifiable cloud data possession checking method
CN103414690B (en) * 2013-07-15 2016-05-11 北京航空航天大学 One can openly be verified the high in the clouds data property held method of calibration
CN105612529A (en) * 2013-08-19 2016-05-25 汤姆逊许可公司 Method and apparatus for utility-aware privacy preserving mapping in view of collusion and composition
CN104980273A (en) * 2014-04-04 2015-10-14 华为技术有限公司 Encryption method, encryption device, decryption method and decryption device
CN104065651A (en) * 2014-06-09 2014-09-24 上海交通大学 Information flow dependability guarantee mechanism for cloud computation
CN104065651B (en) * 2014-06-09 2017-10-31 上海交通大学 A kind of information flow credible security method towards cloud computing
CN106576039A (en) * 2014-09-30 2017-04-19 Nec欧洲有限公司 Method and system for at least partially updating data encrypted with an all-or-nothing encryption scheme
CN104836656A (en) * 2015-05-08 2015-08-12 厦门大学 Method for storing and transmitting video file
CN104836656B (en) * 2015-05-08 2018-04-10 厦门大学 A kind of storage of video file and transmission method
CN105100248A (en) * 2015-07-30 2015-11-25 国家电网公司 Cloud storage security realization method based on data encryption and access control
CN104967518A (en) * 2015-07-31 2015-10-07 中国人民解放军71777部队 Method for improving information transmission security
CN106936763A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 Data encryption and the method and apparatus of decryption
CN107318045A (en) * 2016-04-27 2017-11-03 阿里巴巴集团控股有限公司 The method and device of playing video data stream
CN108028754A (en) * 2016-04-28 2018-05-11 华为技术有限公司 Encryption and decryption method and device
CN106611128A (en) * 2016-07-19 2017-05-03 四川用联信息技术有限公司 Secondary encryption-based data validation and data recovery algorithm in cloud storage
WO2018032374A1 (en) * 2016-08-13 2018-02-22 深圳市樊溪电子有限公司 Encrypted storage system for block chain and method using same
CN106453248A (en) * 2016-08-30 2017-02-22 孟玲 Home object information data management system
CN106603549A (en) * 2016-12-28 2017-04-26 上海优刻得信息科技有限公司 Data exchange method and system based on cryptograph
CN107070637A (en) * 2017-01-13 2017-08-18 广东技术师范学院天河学院 A kind of data encryption/decryption method of overlapping packet
CN106713508B (en) * 2017-02-24 2017-09-19 重庆第二师范学院 A kind of data access method and system based on Cloud Server
CN106713508A (en) * 2017-02-24 2017-05-24 重庆第二师范学院 Data access method and system based on cloud server
CN107018132A (en) * 2017-03-29 2017-08-04 宁夏煜隆科技有限公司 Cloud platform encrypting and decrypting method and system based on open network environment
CN109495426A (en) * 2017-09-12 2019-03-19 腾讯科技(深圳)有限公司 A kind of data access method, device and electronic equipment
CN107659569A (en) * 2017-09-28 2018-02-02 韩洪慧 A kind of control method and its system that user profile is obtained based on online mandate
CN108777803A (en) * 2018-06-05 2018-11-09 四川师范大学 Broadcasting and TV cloud platform video stream processing method, device, equipment and medium
CN109586894A (en) * 2018-11-16 2019-04-05 重庆邮电大学 The encryption method of data in OPC UA edge calculations is realized based on pseudo-random permutation
CN109818923A (en) * 2018-12-18 2019-05-28 北京九州云腾科技有限公司 A kind of attribute base cloud service access control method based on attribute ciphertext re-encryption
CN113162763A (en) * 2021-04-20 2021-07-23 平安消费金融有限公司 Data encryption and storage method and device, electronic equipment and storage medium
CN115085983A (en) * 2022-06-02 2022-09-20 度小满科技(北京)有限公司 Data processing method and device, computer readable storage medium and electronic equipment
CN115085983B (en) * 2022-06-02 2024-03-12 度小满科技(北京)有限公司 Data processing method, data processing device, computer readable storage medium and electronic equipment
CN115883052A (en) * 2022-10-24 2023-03-31 鼎铉商用密码测评技术(深圳)有限公司 Data encryption method, data decryption method, device and storage medium

Similar Documents

Publication Publication Date Title
CN102624708A (en) Efficient data encryption, updating and access control method for cloud storage
Hur et al. Secure data deduplication with dynamic ownership management in cloud storage
CN108259169B (en) File secure sharing method and system based on block chain cloud storage
CN104486315B (en) A kind of revocable key outsourcing decryption method based on contents attribute
CN108418796B (en) Cloud data multi-copy integrity verification and association deletion method and cloud storage system
CN1910848B (en) Efficient management of cryptographic key generations
CN103944711B (en) Cloud storage ciphertext retrieval method and system
CN104717297A (en) Safety cloud storage method and system
CN104063334A (en) Encryption method and system based on data attributions
CN111523133A (en) Block chain and cloud data collaborative sharing method
CN111274599A (en) Data sharing method based on block chain and related device
CN104994068A (en) Multimedia content protection and safe distribution method in cloud environment
CN104660590A (en) Cloud storage scheme for file encryption security
Xiong et al. A secure document self-destruction scheme: an ABE approach
CN105721146B (en) A kind of big data sharing method towards cloud storage based on SMC
Kaci et al. Access control reinforcement over searchable encryption
CN103607273A (en) Data file encryption and decryption method based on time limit control
CN112307508B (en) Revocable data sharing system based on SGX, CP-ABE and block chain
Qi et al. Secure data deduplication with dynamic access control for mobile cloud storage
Gong [Retracted] Application Research of Data Encryption Algorithm in Computer Security Management
CN104618419A (en) Scheme based on content sharing policy in cloud
CN114490551A (en) File security outsourcing and sharing method based on alliance chain
Thushara et al. A survey on secured data sharing using ciphertext policy attribute based encryption in cloud
Xie et al. Assured Deletion: A Scheme Based on Strong Nonseparability
Passricha et al. A secure deduplication scheme for encrypted data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120801