CN109245881A - A kind of photograph video cloud encryption storage method - Google Patents
A kind of photograph video cloud encryption storage method Download PDFInfo
- Publication number
- CN109245881A CN109245881A CN201811079446.2A CN201811079446A CN109245881A CN 109245881 A CN109245881 A CN 109245881A CN 201811079446 A CN201811079446 A CN 201811079446A CN 109245881 A CN109245881 A CN 109245881A
- Authority
- CN
- China
- Prior art keywords
- data
- box
- encryption
- blen
- byte
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of photograph video clouds to encrypt storage method, and using improved AES encryption algorithm, which includes: one, cipher key spreading;Two, the displacement of S box and inverse S box are replaced;Three, shiftrows and reverse shiftrows;Four, mixcolumns and inverse mixcolumns;Five, InvAddRoundKey.The present invention is based on the data flow encryption and decryption technology of file, user resources are transmitted to cloud again after client is encrypted, when user accesses data resource, and are decrypted in client.That is cloud storage is the data file encrypted, and there is no the leakages of data clear text in transmission process.By data encryption, the safety of personal data is effectively guaranteed, and the content on communication line is not leaked.Simultaneity factor while encryption to resource, also encrypts the data item in database, double-encryption more ensure that the security transmissions of resource using symmetric cryptosystem is improved.
Description
Technical field
The present invention relates to cloud data safe storage, the especially encryption technology of photograph video, specifically a kind of photo view
Frequency cloud encrypts storage method.
Background technique
Cloud storage is the hot spot of industry and academia's research in recent years, and safety problem therein receives attractes attention in many ways.
Cloud storage becomes numerous tissues as a kind of emerging service form with its elasticity configuration, on-demand the advantages that buying, is easy to maintain
Storage selection.However under cloud storage mode, for data departing from the control range of user, which results in users can to server
By property and the worry of Information Security.
Cloud storage service provided by Most current product, subscriber data file are substantially stored in clear, and data exist
There is the possibility being stolen in transmission process at any time, this, which is undoubtedly, is exposed to the external world for the privacy of user, to cause user quick
Feel the leakage of information.Most effective technological means is protected to file security so carrying out safety encryption to file and obviously having become.
Summary of the invention
In order to solve the above technical problems existing in the prior art, the present invention provides a kind of encryptions of photograph video cloud
Storage method, using improved AES encryption algorithm, which includes: one, cipher key spreading;Two, S box is replaced
It is replaced with inverse S box;Three, shiftrows and reverse shiftrows;Four, mixcolumns and inverse mixcolumns;Five, it takes turns close
Key adds.
Further, the cipher key spreading includes:
Seed key is arranged in 4*4 matrix according to preferential mode is arranged, each column of matrix are known as the word of a 32bit,
By seed key from 4 byte expansions at 44 words, each round encryption needs 4 words;Assuming that first character be w [0], second
Word is that w [1], and the last character is w [43];
Preceding 4 words are initialized with seed key, then, expand 40 new words to array w;Recursive fashion:
If (1) i is not 4 multiple, then w [i]=w [i-4] ^w [i-1];
If (2) i is 4 multiple, then w [i]=w [i-4] ^T (w [i-1]);Wherein T is a function.
Function T is made of 3 parts: word circulation, byte substitution and wheel constant exclusive or;
(3) word recycles: 4 bytes in a word are moved to the left a byte respectively;I.e. [x0, x1, x2, x3] is converted
For [x1, x2, x3, x0];
(4) byte substitution: i.e. S box is replaced;
(5) take turns constant exclusive or: the result of first two steps and wheel constant Rcon [j] are subjected to exclusive or.
Further, the S box displacement and inverse S box are replaced specific as follows:
Positive S box (Sbox), inverse S box (InvSbox) are calculated be stored in code in advance, and byte substitution is simplified to one simply
Table lookup operation;Corresponding value is taken out come map operation by subscript, and the displacement of S box uses positive S box, and inverse S box displacement uses inverse S
Box.
Further, the shiftrows and reverse shiftrows are specific as follows:
Byte matrix is passed through simple left circulative shift operation by row displacement;As a length of 128bit of key, state matrix
I-th row moves to left i byte;Retrograde transposition is reduction row displacement, and cyclic shift, the i-th row of state matrix are right to the right for state matrix
Move i byte.
Further, the mixcolumns and inverse mixcolumns are specific as follows:
Column hybrid algorithm is substituted using GF () domain arithmetic characteristic
According to multiplication of matrices it is found that in column process of obfuscation, the corresponding value of each byte is only related with 4 values of the column
System;Multiplication and addition herein is all defined in GF (28) finite field:
(1) the value of some byte is multiplied 2, i.e. the binary digit of the value moves to left one, if the highest order of the value is 1, also
Result exclusive or 00011011 after needing to shift;
(2) multiplication meets apportionment ratio to addition;
(3) each value uses nodulo-2 addition when being added;
Inverse column hybrid manipulation equally uses arithmetic characteristic on GF () domain to replace.
Further, the InvAddRoundKey specifically:
Data in 128 round key and state matrix are subjected to xor operation.
Further, when needing to handle pending data not is the integral multiple of packet data, the side of ciphertext peculation is taken
Method, if block length is blen;The data of to be encrypted/decryption processing are d, length dlen;Remaining data to be processed are rd,
Length is rdlen, has handled data s;Ciphering process is as follows:
Step (1) works as rdlen >=blen, i.e. remaining data is greater than block length, goes to step (2);Otherwise, it goes to step
(3);
It is that the data of blen make cryptographic operation that step (2), which takes size from the head of rd, and the data obtained is spliced to the tail portion s, turns
Step (1);
Step (3) is if rdlen > 0, i.e. the inadequate grouping of remaining data.Size is taken out at the end encrypted data s
It is spliced to form the packet data block that a length is blen for the data and rd of blen-rdlen, it is encrypted and splices result
To after encrypted data, (4) are gone to step;
Step (4) if rdlen==0, complete by all data encryptions, terminates encryption.
Further, decrypting process is as follows:
Step1: working as rdlen > 2*blen, turns Step 2;Otherwise, turn Step 3.
The data that blen long is taken out on the head of Step2:rd make decryption oprerations, are as a result spliced to the tail portion s, turn Step1.
Step3: working as rdlen=2*blen, turns Step 4;Otherwise, turn Step 5.
Step4: rdlen data deciphering is taken out.Until rdlen==0;As a result it is spliced to the tail portion s, turns Step 6.
Step5: it takes out the data block of the end remaining data rd blen size and makees decryption oprerations, remaining rd-blen is big
Small data block is denoted as rd ', obtains data block data2;To the head blen-rd ' len of remaining data rd ' to be decrypted and data2
Data spliced, decrypted, obtain data3;End rd ' the len bit data of sequential concatenation s, data3, data2, obtain
Complete ciphertext data turns Step 6;
Step6: all ciphertexts are decrypted into original text, terminate decryption.
Further, system host process realizes encrypting and decrypting operation, reads file operation by file and reads process realization, written document
Operation is realized by file write process;Pending data and file data buffer area to be written realized using round-robin queue, host process
Data directly are read in buffer area, and data are stored in writing buffer.
10. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that: further include to data
Library encryption, using the cipher mode based on field.
The present invention is based on the data flow encryption and decryption technology of file, and user resources are transmitted to again after client is encrypted
Cloud when user accesses data resource, and is decrypted in client.That is cloud storage is the data text encrypted
Part, there is no the leakages of data clear text in transmission process.By data encryption, the safety of personal data is effectively guaranteed, with
And the content on communication line is not leaked.Simultaneity factor encrypts resource same using symmetric cryptosystem is improved
When, the data item in database is also encrypted, double-encryption more ensure that the security transmissions of resource.
Detailed description of the invention
Fig. 1 is encryption and decryption schematic diagram;
Fig. 2 is AES encryption algorithm for encryption flow chart;
Fig. 3 is byte substitution schematic diagram;
Fig. 4 is row displacement schematic diagram;
Fig. 5 is that process schematic is realized in encryption;
Fig. 6 is that process schematic is realized in decryption;
Fig. 7 is file handling procedure schematic diagram;
Fig. 8 is that basic security service schematic diagram is provided for upper-layer protocol in protocol layer;
Fig. 9 is ES encryption and decryption flow chart;
Figure 10 is S box schematic diagram;
Figure 11 is S-1 schematic diagram;
Figure 12 is positive row displacement schematic diagram;
Figure 13 is that positive nematic obscures schematic diagram;
Figure 14 is that reverse column obscure schematic diagram;
Figure 15 is seed key array format schematic diagram;
Figure 16 is the flow chart of function g.
Specific embodiment
The present invention will be further explained below with reference to the attached drawings.
The present invention guarantees data security to file encryption and decryption.Information or data becomes plaintext after enciphering transformation
It at ciphertext form, can not be identified on surface, only those grasp exclusive privacy key, ability by the legitimate user authorized
Ciphertext is reduced into plain text by decipherment algorithm;And the user of unauthorized can not then obtain in plain text.The present invention uses following measure:
1, information is encrypted.Encryption is carried out to information using Encryption Algorithm to store and transmit, and illegal user is made to be difficult to crack, it is unlikely
In leakage secure content.2, database is encrypted.
Block cipher technology: for file encryption, Encryption Algorithm is the core of whole system, the foundation half root of selection
It is determined according to the security requirement of system, under the premise of meeting security requirement, is used as much as possible fireballing encryption and calculates
Method.Encryption Algorithm experienced the Advanced Encryption Standard AES that RSA, DES, 3DES develop to the publication of American National Standard Technical Board.
AES will become the most important symmetric cryptographic algorithm of the following many decades as the replacer of DES algorithm, be a symmetric block ciphers
Algorithm, block length and key length can be respectively designated 128,192 or 256.The algorithm has characteristics that
There is immunity to all known attacks;On a variety of platforms, execution speed is fast and code is compact.
In cryptography, need to be known as in plain text by the way that the former message converted is protected.In plain text by becoming
It changes into and not directly distinguishes that the hidden form of reading is known as ciphertext for one kind.
The relationship of plaintext and ciphertext:
C=EK (M),
M=DK (C).
Wherein: C is ciphertext, and M is that in plain text, parameter K is called key.
E is encryption or ciphering process: completing the conversion process for arriving ciphertext in plain text.
D is decryption or decrypting process: being the inverse process of encryption, i.e., recovers the process of plaintext by ciphertext.
Encryption Algorithm is referred to as to mapping function used when encrypting in plain text or transformation rule.
Used (inverse) mapping function or (inverse) transformation rule are referred to as decipherment algorithm when ciphertext is decrypted.Encryption
It is usually carried out under the control of the key with decryption oprerations, encryption key and decruption key can be difference in modern age cryptosystem
's.Its principle is as shown in Figure 1.
Symmetric cryptosystem, also referred to as block cipher technology are exactly that encryption key can be calculated from decruption key,
Decruption key can also be calculated from encryption key simultaneously, and in most of symmetry algorithm, encryption key and decryption
Key is identical.
This technical requirements sender user and recipient user decide through consultation a key before secure communication.It sends out in this way
The side of sending user and recipient user are encrypted and decrypted using identical cipher key pair information.
Symmetric cryptosystem since both sides possess identical key have the advantages that be easily achieved with it is fireballing, so extensively
Encryption and decryption applied to communication and storing data.In addition, how safely key used in encrypting and decrypting to be sent to
The problem of other side and one must be taken into consideration.Therefore, the safety of symmetric cryptosystem depends on key, and leakage key is just anticipated
Taste anyone message that they send or receive can be decrypted, so the confidentiality of key is to communication security to closing weight
It wants.Common symmetric encipherment algorithm in e-commerce of first stage has Data Encryption Standard DES (Data Encryption
) and Advanced Encryption Standard AES (Adcanced Encryption Standard) Standard.
Block cipher system have the characteristics that it is simple and direct, quick, and be easy standardization, become software and hardware encryption standard
Mainstream.Present invention is generally directed to the encryption and decryption of file-level, therefore use the AES of block encryption technology is advanced to add in view of above-mentioned advantage
Close algorithm.
AES advanced encryption algorithm process:
The processing unit of AES encryption algorithm is grouping, and the 128bit data (16 byte) of grouping can copy in sequence
In the state matrix (stat) of 4*4, all transformation are all based on state matrix completion.AES transformation is that the wheel of more wheel iteration becomes
Realization is changed, the number of iterations is related with key length.Round transformation is converted including 4 steps, including byte transformation, row transformation, column mixing
With key plus.It is converted by nonlinear transformation, mixed function, the Nonlinear Diffusion that byte substitution operation is generated reaches repetition
Mixing, so that the grouping diffusion after the completion of encryption is more evenly.Original password is extended to 11 groups by round key extension, and every wheel iteration makes
With different keys.Encryption flow is as shown in Figure 2.
Algorithm is realized:
1. cipher key spreading
Seed key is arranged in 4*4 matrix according to the mode for arranging preferential, each column of matrix can be known as a 32bit
Word.Seed key is exactly had 4 byte expansions at 44 words by the purpose of cipher key spreading, and each round encryption needs 4 words.It is false
If first character is w [0], second word is that w [1], and the last character is w [43].
Preceding 4 words can be initialized with seed key, then, expand 40 new words to array w.Recursive fashion:
If (1) i is not 4 multiple, then w [i]=w [i-4] ^w [i-1].
If (2) i is 4 multiple, then w [i]=w [i-4] ^T (w [i-1]);Wherein T is a function.
Function T is made of 3 parts: word circulation, byte substitution and wheel constant exclusive or.
(3) word recycles: 4 bytes in a word are moved to the left a byte respectively.I.e. [x0, x1, x2, x3] is converted
For [x1, x2, x3, x0]
(4) byte substitution: i.e. S box is replaced.
(5) take turns constant exclusive or: the result of first two steps and wheel constant Rcon [j] are subjected to exclusive or.
2. the displacement of S box and inverse S box are replaced
As shown in figure 3, the displacement of S box is also known as byte substitution.Positive S box (Sbox), inverse S box (InvSbox) calculate storage in advance
In code, byte substitution can simplify into a simple table lookup operation.Taking out corresponding value by subscript is exactly that this is reflected
Operation is penetrated, as shown in the figure.The displacement of S box uses positive S box, and inverse S box displacement uses inverse S box.
3. shiftrows and reverse shiftrows are as shown in figure 4, the function of row displacement is that byte matrix is passed through letter
Single left circulative shift operation.When the i-th row of a length of 128bit of key, state matrix move to left i byte.Retrograde transposition is exactly also
Former row displacement, cyclic shift, the i-th row of state matrix move to right i byte to state matrix to the right.
4. mixcolumns and inverse mixcolumns column hybrid algorithm: being substituted using GF () domain arithmetic characteristic
According to multiplication of matrices it is found that in column process of obfuscation, the corresponding value of each byte is only related with 4 values of the column
System.Multiplication and addition herein is all defined in GF (28) finite field.It should be noted that following several points:
(1) the value of some byte is multiplied 2, i.e. the binary digit of the value moves to left one, if the highest order of the value (i.e. should for 1
128) numerical value is not less than, then the result exclusive or 00011011 after also needing to shift.
(2) multiplication meets apportionment ratio to addition, such as:
(3) matrix multiplication is different from multiplication of matrices herein, and each value uses nodulo-2 addition (to be equivalent to different when being added
Or operation).
Inverse column hybrid manipulation equally uses arithmetic characteristic on GF () domain to replace, and only multinomial c (x) is different.
5. InvAddRoundKey
Data in 128 round key and state matrix are subjected to xor operation.Because the inverse operation of xor operation is
Itself, so decryption InvAddRoundKey is also itself.
Optimization design:
1. ciphertext is diverted
Aes algorithm is block encryption algorithm, so needing to handle pending data not and being asking for the integral multiple of packet data
Topic.If not handling this partial data, the raw information obtained after encrypting and decrypting will have more one in the last one grouping
Partial error information, the data without being assigned often are exactly the rubbish in memory, to influence the readability of correct information.
The method for taking " ciphertext peculation ", if block length is blen;The data of (encryption/decryption) to be processed are d, length dlen;
Remaining data to be processed are rd, length rdlen.Data s is handled.It is as shown in Figure 5 to encrypt realization process.
Step (1) works as rdlen >=blen, i.e. remaining data is greater than block length, goes to step (2);Otherwise, it goes to step
(3)。
It is that the data of blen make cryptographic operation that step (2), which takes size from the head of rd, and the data obtained is spliced to the tail portion s, turns
Step (1).
Step (3) is if rdlen > 0, i.e. the inadequate grouping of remaining data.Size is taken out at the end encrypted data s
It is spliced to form the packet data block that a length is blen for the data and rd of blen-rdlen, it is encrypted and splices result
To after encrypted data (except the data for the blen-rdlen being removed), (4) are gone to step.
Step (4) if rdlen==0, complete by all data encryptions, terminates encryption.S is ciphertext.
Original text is divided into n group, less than one block length of n-th of grouping.The grouping of front n-2 directly encrypts,
N grouping is lent after (n-1)th block encryption then to n block encryption.It is as shown in Figure 6 to decrypt realization process.
Step1: working as rdlen > 2*blen, turns Step 2;Otherwise, turn Step 3.
The data that blen long is taken out on the head of Step2:rd make decryption oprerations, are as a result spliced to the tail portion s, turn Step1.
Step3: working as rdlen=2*blen, turns Step 4;Otherwise, turn Step 5.
Step4: rdlen data deciphering is taken out.Until rdlen==0;As a result it is spliced to the tail portion s, turns Step 6.
Step5: (remaining rd-blen size data block is denoted as the data block of the taking-up end remaining data rd blen size
Rd ') and make decryption oprerations, obtain data block data2;To the head blen-rd ' of remaining data rd ' to be decrypted and data2
The data of len are spliced, are decrypted, and data3 is obtained.Sequential concatenation s, data3, data2, end rd ' len bit data,
Complete ciphertext data is obtained, Step 6 is turned.
Step6: all ciphertexts are decrypted into original text.Terminate decryption.
Illustrate: ciphertext is divided into n grouping, and preceding n-2 grouping is directly decrypted.Latter one grouping is first taken out in ending,
Then the previous section that n-1 is grouped and has decrypted forms a packet deciphering, is then stitched together.
2. multi-threaded I/O optimization
File read and encryption and decryption processing speed be it is unmatched, as one per treatment grouping is primary with regard to reading and writing of files
The states such as sky will obviously be in, and repeatedly either on or off file fairly time consuming, and file to be encrypted is also changeable
, it may be possible to the text of several K, it is also possible to which the image/video etc. for encountering several G, it is also impossible for being all read into memory
's.In view of problem above, buffer area is set.
File handling procedure as shown in fig. 7, system host process realize encrypting and decrypting operation, read file operation by file read into
Cheng Shixian, operating writing-file are realized by file write process.Pending data and file data buffer area to be written use circulation team
Column realize that host process directly reads data in buffer area, and data are stored in writing buffer.Two, encrypting database technology.
Digital economy epoch, the most important resource of file encryption system do not comprise only the data of value, further include storage
Place-database of these critical datas.Database security protection refers to the data in protection database, prevents irrelevant personnel
Or unauthorized personnel steals, distorts and destroys to data in database.The outstanding feature of database is leaving concentratedly for data
With it is shared, protect these data not to be stolen, destroy and be very important.Existing Database Systems have had taken up relevant
Safety measure, such as user management and password controls, storage control, View Mechanism, storing process, trigger mechanism guarantee number
According to safety and integrality.Therefore, in cipher mode problem, wiser way is only to field where key message
Encryption, i.e. data item encryption, and to nonessential field, then continue to retain its original plaintext version.It is according to the present invention
Data base encryption mechanism is just built upon on this cipher mode based on field.
One field uniquely carries out encrypting and decrypting by a data key, and similarly, a data key can only also be used
To be encrypted to the data of a field.Such cipher mode is just referred to as the cipher mode based on field.To in table
After data in certain field are encrypted, to obtaining data by SQL Server server and browsing file, it is necessary to
Field could be decrypted by key.
Material is thus formed in terms of internal layer, database, the field of storage file is encrypted, just in case file leakage, external
Personnel are also unable to get valuable information in the case where no key;In outer layer, All Files all pass through superencipherment
Algorithm is being stored in cloud database after making encryption, and the legitimate user for only possessing decruption key can use relative key
Successful decryption ciphertext data obtain useful file.
AES encryption data block block length is necessary for 128 bits, and key length can be 128 bits, 192 bits, 256
Any one (if when data block and key length deficiency, meeting polishing) in bit.
AES shares five kinds of modes of ECB, CBC, CFB, OFB, CTR.
1, AES is the cipher mode based on data block, that is to say, that data per treatment are one piece (16 bytes), when
Filling when data are not the multiples of 16 bytes, here it is so-called block cipher (being different from the stream cipher based on bit), 16
Byte is block length.
2, the several ways of block encryption
ECB: being a kind of cipher mode on basis, and ciphertext is divided into the equal block of block length (insufficient polishing), then
It individually encrypts one by one, one by one output composition ciphertext.
CBC: being a kind of circulation pattern, re-encrypt after the ciphertext of previous grouping and the plaintext xor operation of current group,
The purpose for the arrangement is that enhancing cracks difficulty.
CFB/OFB is actually a kind of feedback model, and purpose is also the difficulty that enhancing cracks.
The encrypted result of ECB and CBC is different, the mode difference of the two, and CBC can be transported in first cryptographic block
An initialization vector is added when calculation.
Embodiment
As shown in figure 8, providing basic security service for upper-layer protocol in protocol layer, SSL notes down agreement and assists for HTTP
View has carried out special design, and the transport protocol HTTP of hypertext is run in SSL.The various high-rise associations of record encapsulation
Compressed and decompressed, encrypting and decrypting, calculating and verification MAC etc. and security-related operation is embodied in view, dual to ensure that transmission
Safety.
AES encryption algorithm is related to 4 kinds of operations: byte substitution (SubBytes), row displacement (ShiftRows), column are obscured
(MixColumns) and InvAddRoundKey (AddRoundKey).Fig. 9 gives the process of AES encryption and decryption, as can be seen from the figure:
1) each step of decipherment algorithm respectively corresponds the inverse operation of Encryption Algorithm, 2) sequence of all operations of encryption and decryption is exactly opposite
's.It ensure that the correctness of algorithm just because of this several points (along with the operation of Encryption Algorithm and the every step of decipherment algorithm is reciprocal).
The key of every wheel is obtained by seed key by key schedule respectively in encryption and decryption.The plaintext of 16 bytes, ciphertext in algorithm
It is all indicated with respective loops with the matrix of a 4x4.
The major function that byte replaces is that the mapping of a byte to another byte is completed by S box.Here directly
Provide having constructed as a result, Figure 10 is S box, Figure 11 is S-1 (S box inverse).S box is for providing the confusion of cryptographic algorithm.
S and S-1 is respectively the matrix of 16x16, completes the mapping that 8 bits are input to the output of 8 bits, the high 4- of input
The corresponding value of bit is used as rower, and the corresponding value of low 4-bit is marked as column.Assuming that the value of input byte is a=
A7a6a5a4a3a2a1a0, then output valve is S [a7a6a5a4] [a3a2a1a0], and the transformation of S-1 is also similarly.
Such as: the replaced value of byte 00000000B is (S [0] [0]=) 63H, then before replacement can be obtained by S-1
Value, (S-1 [6] [3]=) 00H.
Row displacement is the displacement between the internal matrix byte of a 4x4, for providing the diffusivity of algorithm.
1) positive row shifts positive row displacement for encrypting, and principle is as shown in figure 12.Wherein: the first row remains unchanged,
Second row ring shift left, 8 bit, 16 bit of the third line ring shift left, 24 bit of fourth line ring shift left.
Assuming that the name of matrix is state, it is formulated as follows: state ' [i] [j]=state [i] [(j+i) %
4];Wherein i, j belong to [0,3].
2) reverse row displacement
Reverse row displacement is opposite operation, it may be assumed that the first row remains unchanged, 8 bit of the second row ring shift right, the third line
16 bit of ring shift right, 24 bit of fourth line ring shift right.
It is formulated as follows: state ' [i] [j]=state [i] [(4+j-i) %4];Wherein i, j belong to [0,3].Column
Obscure: using a replacement of arithmetic characteristic on GF (28) domain, being equally used for providing the diffusivity of algorithm.
1) it is as shown in figure 13 to obscure the principle that positive nematic is obscured for positive nematic:
According to multiplication of matrices it is found that during column are obscured, the corresponding value of each byte only has with 4 values of the column
Relationship.Multiplication and addition herein is all defined on GF (28), it should be noted that following several points:
(1) by value corresponding to some byte multiplied by 2, result be exactly the binary digit of the value is moved to left one, if
The highest order of original value is 1, then the result exclusive or 00011011 after also needing to shift;[1];
(2) multiplication meets apportionment ratio to addition, such as: 07S0,0=(01 ⊕, 02 ⊕ 04) S0,0=S0,0 ⊕
(02·S0,0)(04·S0,0);
(3) matrix multiplication herein and multiplication of matrices in general sense are different, what each value was used when being added
It is 28 addition of mould (XOR operation).
It gives one example below, it is assumed that the value of a certain column is as follows:
Calculating process is as follows:
Wherein:
0146=01000110B
01A6=10100110B
Then:
It is 1 since C9 corresponds to leftmost bit, it is therefore desirable to after C9 is moved to left one when calculating 02 product with C9
Value and (00011011) seek exclusive or.Other several values can similarly be found out.
2) it is as shown in figure 14 to obscure the principle for inversely arranging and obscuring for reverse column.
Cipher key spreading procedure declaration: 1) by seed key by Figure 15 format arrange, wherein k0, k1 ..., k15 successively
Indicate a byte of seed key;It is indicated after arrangement with the word of 4 32 bits, is denoted as w [0], w [1], w [2], w respectively
[3];)
2) w [j] successively as follows, is solved, wherein j is integer and belongs to [4,43];)
If 3) j%4=0, then w [j]=w [j-4] ⊕ g (w [j-1]), otherwise w [j]=w [j-4] ⊕ w [j-1];)
The process of function g is as shown in figure 16.
A) by 8 bit of w ring shift left;)
B) displacement of S box is done to each byte respectively;)
C) exclusive or is carried out with the constant of 32 bits (RC [j/4], 0,0,0), RC is an one-dimension array, and value is as follows:
RC={ 0x00,0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,0x1B, 0x36 }).
The value of RC only needs 10, and has used 11 herein, and actually RC [0] is not used in operation, increases RC
It [0] is for the ease of using array representation in program.Since the minimum value that the minimum value of j is 4, j/4 is then 1, therefore will not
Generate mistake.
Claims (10)
1. a kind of photograph video cloud encrypts storage method, using improved AES encryption algorithm, it is characterised in that: this is improved
AES encryption algorithm includes: one, cipher key spreading;Two, the displacement of S box and inverse S box are replaced;Three, shiftrows and the displacement of reverse row become
It changes;Four, mixcolumns and inverse mixcolumns;Five, InvAddRoundKey.
2. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The cipher key spreading includes:
Seed key is arranged in 4*4 matrix according to preferential mode is arranged, each column of matrix are known as the word of a 32bit, will plant
For sub-key from 4 byte expansions at 44 words, each round encryption needs 4 words;Assuming that first character is w [0], second word is
W [1], and the last character is w [43];
Preceding 4 words are initialized with seed key, then, expand 40 new words to array w;Recursive fashion:
If (1) i is not 4 multiple, then w [i]=w [i-4] ^w [i-1];
If (2) i is 4 multiple, then w [i]=w [i-4] ^T (w [i-1]);Wherein T is a function.
Function T is made of 3 parts: word circulation, byte substitution and wheel constant exclusive or;
(3) word recycles: 4 bytes in a word are moved to the left a byte respectively;I.e. [x0, x1, x2, x3] is transformed to
[x1,x2,x3,x0];
(4) byte substitution: i.e. S box is replaced;
(5) take turns constant exclusive or: the result of first two steps and wheel constant Rcon [j] are subjected to exclusive or.
3. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The S box displacement and inverse S box are replaced specific as follows:
Positive S box (Sbox), inverse S box (InvSbox) are calculated be stored in code in advance, and byte substitution is simplified to one and simply looks into
Table handling;Corresponding value is taken out come map operation by subscript, and the displacement of S box uses positive S box, and inverse S box displacement uses inverse S box.
4. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The shiftrows and reverse shiftrows are specific as follows:
Byte matrix is passed through simple left circulative shift operation by row displacement;When a length of 128bit of key, the i-th row of state matrix
Move to left i byte;Retrograde transposition is reduction row displacement, and cyclic shift, the i-th row of state matrix move to right i to state matrix to the right
Byte.
5. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The mixcolumns and inverse mixcolumns are specific as follows:
Column hybrid algorithm is substituted using GF () domain arithmetic characteristic
According to multiplication of matrices it is found that in column process of obfuscation, the corresponding value of each byte only has relationship with 4 values of the column;
Multiplication and addition herein is all defined in GF (28) finite field:
(1) the value of some byte is multiplied 2, i.e. the binary digit of the value moves to left one, if the highest order of the value is 1, also needs
By the result exclusive or 00011011 after displacement;
(2) multiplication meets apportionment ratio to addition;
(3) each value uses nodulo-2 addition when being added;
Inverse column hybrid manipulation equally uses arithmetic characteristic on GF () domain to replace.
6. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
The InvAddRoundKey specifically:
Data in 128 round key and state matrix are subjected to xor operation.
7. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that: when needing to handle number to be processed
When according to not being the integral multiple of packet data, the method for taking ciphertext to divert, if block length is blen;To be encrypted/decryption processing
Data be d, length dlen;Remaining data to be processed are rd, and length rdlen has handled data s;Ciphering process
It is as follows:
Step (1) works as rdlen >=blen, i.e. remaining data is greater than block length, goes to step (2);Otherwise, (3) are gone to step;
It is that the data of blen make cryptographic operation that step (2), which takes size from the head of rd, and the data obtained is spliced to the tail portion s, goes to step
(1);
Step (3) is if rdlen > 0, i.e. the inadequate grouping of remaining data.Taking out size at the end encrypted data s is
The data and rd of blen-rdlen are spliced to form the packet data block that a length is blen, encrypt to it and are spliced to result
After encrypted data, (4) are gone to step;
Step (4) if rdlen==0, complete by all data encryptions, terminates encryption.
8. photograph video cloud as claimed in claim 7 encrypts storage method, it is characterised in that: decrypting process is as follows:
Step1: working as rdlen > 2*blen, turns Step 2;Otherwise, turn Step 3.
The data that blen long is taken out on the head of Step2:rd make decryption oprerations, are as a result spliced to the tail portion s, turn Step 1.
Step3: working as rdlen=2*blen, turns Step 4;Otherwise, turn Step 5.
Step4: rdlen data deciphering is taken out.Until rdlen==0;As a result it is spliced to the tail portion s, turns Step 6.
Step5: taking out the data block of the end remaining data rd blen size and make decryption oprerations, the remaining big decimal of rd-blen
It is denoted as rd ' according to block, obtains data block data2;To the number of remaining data rd ' to be decrypted and the head blen-rd ' len of data2
According to being spliced, being decrypted, data3 is obtained;End rd ' the len bit data of sequential concatenation s, data3, data2 obtain complete
Ciphertext data turns Step 6;
Step6: all ciphertexts are decrypted into original text, terminate decryption.
9. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that:
System host process realizes encrypting and decrypting operation, reads file operation by file and reads process realization, operating writing-file is write by file
Process is realized;Pending data and file data buffer area to be written realize that host process is directly in buffer area using round-robin queue
Data are read, and data are stored in writing buffer.
10. photograph video cloud as described in claim 1 encrypts storage method, it is characterised in that: further include adding to database
It is close, using the cipher mode based on field.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811079446.2A CN109245881A (en) | 2018-09-14 | 2018-09-14 | A kind of photograph video cloud encryption storage method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811079446.2A CN109245881A (en) | 2018-09-14 | 2018-09-14 | A kind of photograph video cloud encryption storage method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109245881A true CN109245881A (en) | 2019-01-18 |
Family
ID=65059475
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811079446.2A Withdrawn CN109245881A (en) | 2018-09-14 | 2018-09-14 | A kind of photograph video cloud encryption storage method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109245881A (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110162989A (en) * | 2019-05-28 | 2019-08-23 | 上海海洋大学 | Polymorphic type file encryption based on CBC mode is shared and access control method |
CN111064562A (en) * | 2019-12-12 | 2020-04-24 | 北京计算机技术及应用研究所 | Implementation method of AES algorithm on FPGA |
CN112100698A (en) * | 2020-09-23 | 2020-12-18 | 北京万协通信息技术有限公司 | System and method for realizing NorFlash security access |
CN113591117A (en) * | 2021-08-04 | 2021-11-02 | 中国人民大学 | Social platform daily conversation encryption method and system, storage medium and computing device |
CN114143576A (en) * | 2021-11-26 | 2022-03-04 | 广东爱视文化发展有限公司 | Audio and video encryption protection on-demand method and device and electronic equipment |
CN114286129A (en) * | 2021-12-02 | 2022-04-05 | 赛轮集团股份有限公司 | Audio and video data encryption and decryption method and device |
CN114374817A (en) * | 2021-12-31 | 2022-04-19 | 北京视通科技有限公司 | Multi-party-based multimedia conference emergency command system |
CN115208626A (en) * | 2022-06-02 | 2022-10-18 | 北京交大微联科技有限公司 | Communication method and device based on secure communication ciphertext transmission in railway signal system |
CN115242548A (en) * | 2022-09-20 | 2022-10-25 | 广州万协通信息技术有限公司 | Privacy data directional encryption method and device, electronic equipment and storage medium |
CN115801321A (en) * | 2022-10-20 | 2023-03-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
CN116506560A (en) * | 2023-06-27 | 2023-07-28 | 天津开发区中环***电子工程股份有限公司 | Video image real-time acquisition system and acquisition method |
CN116523722A (en) * | 2023-06-30 | 2023-08-01 | 江西云绿科技有限公司 | Environment monitoring analysis system with machine learning capability |
CN117407906A (en) * | 2023-12-15 | 2024-01-16 | 莱芜职业技术学院 | Software development data security encryption method based on DES algorithm |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801693A (en) * | 2005-06-28 | 2006-07-12 | 华为技术有限公司 | Short block processing method in block encryption algorithm |
US20170033921A1 (en) * | 2015-07-30 | 2017-02-02 | Nxp, B.V. | Encoding Values by Pseudo-Random Mask |
-
2018
- 2018-09-14 CN CN201811079446.2A patent/CN109245881A/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801693A (en) * | 2005-06-28 | 2006-07-12 | 华为技术有限公司 | Short block processing method in block encryption algorithm |
US20170033921A1 (en) * | 2015-07-30 | 2017-02-02 | Nxp, B.V. | Encoding Values by Pseudo-Random Mask |
Non-Patent Citations (1)
Title |
---|
张文锦,周荣,高燕,汪金虎: "基于AES算法的文件加密", 《张文锦,周荣,高燕,汪金虎》 * |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110162989A (en) * | 2019-05-28 | 2019-08-23 | 上海海洋大学 | Polymorphic type file encryption based on CBC mode is shared and access control method |
CN111064562A (en) * | 2019-12-12 | 2020-04-24 | 北京计算机技术及应用研究所 | Implementation method of AES algorithm on FPGA |
CN112100698B (en) * | 2020-09-23 | 2023-10-31 | 北京万协通信息技术有限公司 | System and method for realizing NorFlash secure access |
CN112100698A (en) * | 2020-09-23 | 2020-12-18 | 北京万协通信息技术有限公司 | System and method for realizing NorFlash security access |
CN113591117A (en) * | 2021-08-04 | 2021-11-02 | 中国人民大学 | Social platform daily conversation encryption method and system, storage medium and computing device |
CN114143576A (en) * | 2021-11-26 | 2022-03-04 | 广东爱视文化发展有限公司 | Audio and video encryption protection on-demand method and device and electronic equipment |
CN114143576B (en) * | 2021-11-26 | 2024-04-09 | 广东爱视文化发展有限公司 | Video-audio encryption protection on-demand method and device and electronic equipment |
CN114286129A (en) * | 2021-12-02 | 2022-04-05 | 赛轮集团股份有限公司 | Audio and video data encryption and decryption method and device |
CN114286129B (en) * | 2021-12-02 | 2023-07-25 | 赛轮集团股份有限公司 | Audio and video data encryption and decryption method and device |
CN114374817A (en) * | 2021-12-31 | 2022-04-19 | 北京视通科技有限公司 | Multi-party-based multimedia conference emergency command system |
CN115208626B (en) * | 2022-06-02 | 2023-12-01 | 北京交大微联科技有限公司 | Communication method and device based on secure communication ciphertext transmission in railway signal system |
CN115208626A (en) * | 2022-06-02 | 2022-10-18 | 北京交大微联科技有限公司 | Communication method and device based on secure communication ciphertext transmission in railway signal system |
CN115242548A (en) * | 2022-09-20 | 2022-10-25 | 广州万协通信息技术有限公司 | Privacy data directional encryption method and device, electronic equipment and storage medium |
CN115242548B (en) * | 2022-09-20 | 2022-12-20 | 广州万协通信息技术有限公司 | Private data directional encryption method and device, electronic equipment and storage medium |
CN115801321A (en) * | 2022-10-20 | 2023-03-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
CN115801321B (en) * | 2022-10-20 | 2023-11-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
CN116506560A (en) * | 2023-06-27 | 2023-07-28 | 天津开发区中环***电子工程股份有限公司 | Video image real-time acquisition system and acquisition method |
CN116506560B (en) * | 2023-06-27 | 2023-09-29 | 天津开发区中环***电子工程股份有限公司 | Video image real-time acquisition system and acquisition method |
CN116523722A (en) * | 2023-06-30 | 2023-08-01 | 江西云绿科技有限公司 | Environment monitoring analysis system with machine learning capability |
CN117407906A (en) * | 2023-12-15 | 2024-01-16 | 莱芜职业技术学院 | Software development data security encryption method based on DES algorithm |
CN117407906B (en) * | 2023-12-15 | 2024-03-12 | 莱芜职业技术学院 | Software development data security encryption method based on DES algorithm |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109245881A (en) | A kind of photograph video cloud encryption storage method | |
US8127130B2 (en) | Method and system for securing data utilizing reconfigurable logic | |
US8416947B2 (en) | Block cipher using multiplication over a finite field of even characteristic | |
CN101447870B (en) | Safe storage method of private key based on technology of distributed password | |
Debnath et al. | Brief review on journey of secured hash algorithms | |
US20090220083A1 (en) | Stream cipher using multiplication over a finite field of even characteristic | |
US20170346622A1 (en) | System And Method For Secure Communications And Data Storage Using Multidimensional Encryption | |
Chaitra et al. | A survey on various lightweight cryptographic algorithms on FPGA | |
Joshy et al. | Text to image encryption technique using RGB substitution and AES | |
Widiasari | Combining advanced encryption standard (AES) and one time pad (OTP) encryption for data security | |
Rawal | Advanced encryption standard (AES) and it’s working | |
Mattsson | Format controlling encryption using datatype preserving encryption | |
Gaur et al. | Comparative Study on Different Encryption and Decryption Algorithm | |
Pethe et al. | A survey on different secret key cryptographic algorithms | |
Chaloop et al. | Enhancing Hybrid Security Approach Using AES And RSA Algorithms | |
Sachdeva et al. | Implementation of AES-128 using multiple cipher keys | |
Tarawneh | Cryptography: Recent Advances and Research Perspectives | |
CN107317667A (en) | Method for early warning and prior-warning device that a kind of identity document is lost | |
CN113408013A (en) | Encryption and decryption chip framework with multiple algorithm rules mixed | |
Al-Kareem et al. | A review of the most effective cryptography techniques based on conventional block cipher and lightweight | |
Haryono | Comparison encryption of how to work caesar cipher, hill cipher, blowfish and twofish | |
Cherukupalli et al. | STUDY AND ANALYSIS OF AN EFFICIENT AES ALGORITHM FOR IOT-BASED APPLICATIONS | |
Bhowmika et al. | A Symmetric Key-Based Cryptographic Transaction on Cryptocurrency Data | |
Tarawneh | Perspective Chapter: Cryptography–Recent Advances and Research Perspectives | |
Alenezi et al. | On the performance of AES algorithm variants |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20190118 |