[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112486412A - Information dispersion method and system based on distributed object storage system security - Google Patents

Information dispersion method and system based on distributed object storage system security Download PDF

Info

Publication number
CN112486412A
CN112486412A CN202011341886.8A CN202011341886A CN112486412A CN 112486412 A CN112486412 A CN 112486412A CN 202011341886 A CN202011341886 A CN 202011341886A CN 112486412 A CN112486412 A CN 112486412A
Authority
CN
China
Prior art keywords
data
aont
algorithm
hash value
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011341886.8A
Other languages
Chinese (zh)
Inventor
李挥
马化军
赵天
于海洋
杨元元
王博辉
史梦楚
谢鑫
侯韩旭
张华宇
陈泽权
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Cestbon Technology Co ltd
Foshan Saisichen Technology Co ltd
Original Assignee
Shenzhen Cestbon Technology Co ltd
Foshan Saisichen Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Cestbon Technology Co ltd, Foshan Saisichen Technology Co ltd filed Critical Shenzhen Cestbon Technology Co ltd
Priority to CN202011341886.8A priority Critical patent/CN112486412A/en
Publication of CN112486412A publication Critical patent/CN112486412A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0614Improving the reliability of storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1004Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/064Management of blocks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention is suitable for the technical improvement field of data information distribution, and provides an information dispersion method based on the safety of a distributed object storage system, which comprises S1, calculating the hash value of a data block in a salt adding mode to resist the collision attack of a hash function and improve the confidentiality of data; s2, using SHA2-512 hash algorithm to improve the calculation efficiency, and using the hash value of the original data to replace the random key; and S3, enabling the data blocks generated after the data input with the same content is encoded by the AONT-NZZD algorithm to have the same content, and realizing data deduplication. The AONT-NZZD algorithm additionally selects the length of the data block as a salt value of hash operation when calculating the hash value of the data block so as to resist the attack of an attacker on the hash function. The AONT-NZZD algorithm adopts an NZZD code based on binary shift and XOR operation, and has relatively good coding and decoding speed.

Description

Information dispersion method and system based on distributed object storage system security
Technical Field
The invention belongs to the field of improvement of data information distribution technology, and particularly relates to an information dispersion method and system based on distributed object storage system safety.
Background
With the rapid development of global economy and continuous innovation of science and technology, information industries such as cloud computing and internet of things are developed vigorously, and the global data volume and storage scale are increased exponentially. With the advent of the big data age, to alleviate the cost pressure of local data storage and maintenance, more and more individuals and organizations migrate data from local to cloud storage platforms provided by cloud service providers.
Among the growing internet data, the growth of unstructured data is particularly significant. The unstructured data has huge potential value, but the unstructured data has the characteristics of non-uniform storage mode, numerous data formats, various business processes, difficult standardization, huge information quantity and the like, and thus the unstructured data is not fully utilized and mined. How to solve the storage, management and analysis of large-scale unstructured data in the internet is one of the major challenges facing cloud storage systems. In addition, as the network space security problem becomes more and more prominent, accidents such as data leakage, data tampering and data loss in the cloud storage system frequently occur, and loss which is difficult to measure is caused to individuals and cloud service providers.
The cloud storage is derived and developed on the basis of cloud computing, a large number of heterogeneous storage devices are integrated into an easily-extensible, elastic and transparent virtualized storage resource pool through a network by adopting a software defined storage technology, and the storage resource pool is distributed to authorized users as required. Authorized users can complete access and management of storage resources on a cloud storage platform through the Internet without considering the technical details of complex large-scale distributed storage systems such as data distribution, automatic fault tolerance, system expandability and the like, so that the working efficiency is improved, and the storage cost is reduced. In short, cloud storage is a cloud computing system with data storage and management as a core. Cloud storage has several characteristics:
1. and (4) super-large scale. The cloud storage cluster is large in scale, thousands of nodes needing to be managed are needed, and the stored data volume reaches PB level.
2. And (4) expandability. The cloud storage system can dynamically scale according to the change of the data scale, and along with the increase of the cluster scale, the overall performance of the system is linearly increased without increasing excessive operation and maintenance cost.
3. Low cost. The automatic fault tolerance and load balancing mechanism of the cloud storage system enables the cloud storage system to be constructed on a common computer without purchasing a high-performance special server. In addition, the cloud storage data center can be established in an area with abundant power resources and proper temperature, so that the energy cost is greatly reduced.
4. High performance. The cloud storage system has excellent data read-write performance, and a user has good storage experience.
5. On-demand services, transparent services. The cloud storage provides a uniform storage space for users, and the users can purchase and use the cloud storage as required. In addition, the cloud storage system provides a uniform storage interface for users, and the change of the cluster storage nodes is transparent to the users.
6. High data security. The cloud storage system can ensure that user data is not lost, tampered and leaked through data security storage technologies such as a copy strategy, an erasure code technology and an information dispersion algorithm.
The cloud storage can be divided into three storage modes, namely file storage, block storage, object storage and the like. The File storage provides a Network File System (NFS) for a user, and the user can access the NFS and CIFS through protocols such as NFS and Common Internet File System. The block store provides a virtual disk to the user, which can be accessed via an iSCSI (Small Computer System interface) protocol or the like. The object storage takes flexible and customizable objects as storage units, provides a uniform storage space for users, and the users can access the objects through an object storage interface.
In recent years, distributed object storage systems, which are distributed object-based storage, have become the mainstream solution for storage on the cloud. The most prominent advantage of object storage is that it is suitable for storage of unstructured data. Many applications in the internet require storage of large amounts of unstructured data, such as pictures, audio, video, etc., which are usually organized in the form of objects without any association with each other. The object storage can be directly positioned to the storage position of the object through index methods such as one-way hashing and the like, and layer-by-layer searching is not needed, so that the read-write performance of the system is accelerated. In addition, the object storage externally provides a REST or SOAP storage interface, and the storage mode based on the object interface enables a high-performance, cross-platform and easily-shared storage structure to be possible.
Object storage generally adopts a flat data organization mode, and the basic storage unit is an object. An object generally consists of four parts, an object identifier, object data, object attributes, and object metadata. The object identification is used for global indexing of objects, each object having a unique object identification. The object data may be any type of picture, audio, video, text file, binary file, etc. The object attribute is data for describing the attribute of the object itself, and is stored in the form of a Key-Value pair (K-V) in the extended attribute of the file. The object metadata includes key information such as object name, object identification, object storage location, etc., and is usually centrally stored in a metadata server or a distributed database in a structured manner.
Distributed object storage systems typically store metadata separately from object data, thereby separating the control flow from the data flow of the system, resulting in high throughput and scalability of the system. The object-based distributed storage architecture has the advantages that the NAS architecture is easy to share data, and the advantage that the SAN architecture has high-speed direct access. FIG. 1 is a classic object-based distributed storage architecture.
The distributed Object Storage system in fig. 1 is composed of a Client (Client), an Object-based Storage Device (OSD), a Metadata Server (MDS), and the like. The client provides a simple and easy-to-use storage service platform for users, and interacts with the metadata server and the object storage device. The metadata server is used for storing and managing object metadata and providing functions of access control, object positioning service and the like for the client. In addition, the metadata server plays a role in monitoring and coordinating the cluster nodes and is responsible for functions of system load balancing, fault migration and the like. The object storage device is the core of the distributed object storage architecture, has independent hardware resources such as a CPU, a memory, a network, and a storage medium, and is used to manage and persist objects. The object storage device provides an object read-write interface for the client, and the client can complete data read-write through the object identification and the offset. In addition, the object storage device can optimize data distribution by utilizing hardware resources of the object storage device, and accelerate the read-write speed of the object in a data prefetching mode.
The ZigZag-Decode code (ZZD code) is a maximum-distance separable code based on binary shift and XOR operation, has more efficient coding and decoding efficiency than CRS, and the generating matrix is a standard Van der Menu matrix.
The ZZD code has simple encoding process, and the original data is firstly cut into k data blocks with equal length after being filled, which are recorded as S0, S1, Sk-1, and then the data are cut into pairs by using formula 1The latter data blocks are coded, so as to obtain m check data blocks C0,C1,...,Cm-1Wherein the addition operations involved in the calculation are all treated as exclusive-or operations, and SSii → ii (jj +1) represents shifting the original data block SSii to the right by ii (jj +1) bits and filling in with a bit "0" on the left.
Figure BDA0002798819990000051
The decoding procedure of ZZD codes is more complex than the conventional RS and CRS codes, but has a faster decoding rate. ZZD code adopts high-efficiency ZigZag solution, and the main process of decoding is as follows:
1. eliminating the information elements in the original data block which is not lost from the check data block;
2. searching and obtaining an original information element from the check data block;
3. removing the known original information element from the check data block;
4. go to step 2 until all the needed original information elements are solved.
Code ZZD requires that information elements of the original data block that are not corrupted be eliminated from the check block before the original information elements are iteratively obtained. If r original data blocks are lost, the operation needs to select r check data blocks, and eliminate the information elements of (k-r) L original data blocks from the check data blocks, so that (k-r) r L exclusive or operations need to be executed. ZZD code can obtain 1 original information element per iteration, and r-1 exclusive OR operation is needed to eliminate 1 information element from check data block. Code ZZD requires r x L iterations to recover r missing original data blocks, so the iteration process uses (r-1) r x L exclusive or operations in total. In summary, code ZZD uses (k-r) × L + (r-1) × r ═ L ═ k-1) × L xor operations in the decoding process, and only k-1 xor operations are required for repairing an information element on average.
Through the analysis, compared with the RS code and the CRS code, the ZZD code has superior calculation performance in the encoding and decoding process, however, when calculating the check data block, the right shift complement "0" operation needs to be performed on the original data block, which inevitably increases the storage overhead, and requires an extra (k-1) × (1+2+ … + m) bit storage space in total. Furthermore, as can be seen from the ZZD decoding flow, although this code can decode all the lost original data blocks at the same time, it cannot repair only part of the specified lost data blocks like the RS code and CRS code.
The AONT-RS algorithm is used as an information dispersion algorithm for fusing the AONT algorithm and the erasure codes, and lays a foundation for the future proposal of optimization algorithms such as AONT-CRS, AONT-LT, RAONT-RS, SAONT-RS and the like. The algorithm can improve the data security with lower storage and calculation cost, and is suitable for storage scenes with high requirements on data security protection degree.
The data distribution stage of the AONT-RS algorithm is as shown in fig. 2, the algorithm first adds a public and fixed data segment Canary behind the original data, then performs AONT conversion on the plaintext using a randomly generated key K to obtain a ciphertext C, then calculates a hash value h of the ciphertext C using the SHA2-256 hash algorithm, performs xor operation with the random key K to obtain a data segment difference, adds the data segment to the tail of the ciphertext C to form an AONT packet, and finally encodes the AONT packet with RS codes to generate a plurality of data blocks and distributes the data blocks to different storage locations.
In the reconstruction stage of the AONT-RS algorithm, the algorithm firstly acquires enough data blocks from a storage system, decodes an original AONT packet by using an RS code, acquires a ciphertext C and a Difference data segment, calculates a hash value h of the ciphertext C by using a hash algorithm adopted in a distribution stage, performs exclusive OR operation with the Difference data segment to recover a random key K, decodes the original data and a Canary data segment from the ciphertext C by using the random key K through the AONT algorithm, and finally ensures the integrity of the data by checking the Canary data segment. If the Canary data segment recovered by the AONT-RS algorithm is wrong, the algorithm considers that the reconstruction stage of the data is abnormal, and the reconstructed original data is wrong.
The AONT-RS algorithm ensures confidentiality of data using the AONT algorithm with strong inseparability, availability of data using RS codes, and data integrity using an additionally added Canary data segment. In summary, the AONT-RS algorithm can protect the data security to a great extent.
The AONT-RS algorithm is used as the first information dispersion algorithm fusing the AONT algorithm and the erasure codes, and confidentiality, availability and integrity of data can be guaranteed to a great extent. However, although the AONT-RS algorithm can verify the integrity of the data through the Canary data segment, thereby ensuring the correctness of the reconstructed data, when a data block is tampered with, the AONT-RS algorithm cannot locate the wrong data block and correctly recover the original data. Furthermore, the AONT-RS algorithm risks two kinds of data leakage when the raw data is too short. In order to repair security holes existing in the AONT-RS algorithm, algorithms such as RAONT-RS and SAONT-RS are proposed in sequence. The raant-RS algorithm can effectively ensure the recoverability of data by combining the commitment scheme and the error correction code, but the computation complexity is high, and the method is not suitable for some scenarios with high computational efficiency. The SAONT-RS algorithm adopts an SHA3-512 hash algorithm to replace an SHA2-256 hash algorithm used for ciphertext hash value calculation in an AONT-RS algorithm so as to expand the length of an AONT packet, further reduce the risk of data leakage of a system when the original data is too short, and ensure the integrity of data blocks in storage equipment by adopting a mode of verifying hash values of the data blocks so as to ensure the recoverability of the original data. However, the SAONT-RS algorithm has a high overall computational complexity because it employs a lower SHA3-512 hashing algorithm encoding rate. In addition, an attacker can acquire the information of the data block by violently attacking the hash value of the data block in the SAONT-RS algorithm, so that data leakage of the system is caused.
In the selection of the erasure codes, RS codes based on polynomial operation on a finite field are adopted in algorithms such as AONT-RS, RAONT-RS and SAONT-RS, and CRS codes based on binary matrix exclusive OR operation are adopted in the AONT-CRS algorithm. The binary shift and exclusive-or based NZZD codes have higher coding and decoding rates than RS and CRS codes. Therefore, the erasure codes in the AONT-RS series algorithm are replaced by the NZZD codes, so that the overall calculation efficiency of the algorithm can be effectively improved. In addition, the symmetric encryption algorithm for AONT conversion in the AONT-RS series algorithm can be replaced by a hash algorithm with a better coding rate, so that the overall calculation efficiency of the algorithm is further improved.
The nature of the internet is shared, a large amount of repeated data is often stored in a Storage system, data deduplication is an efficient data compression technology, also called Single Instance Storage (SIS), and only one data unit with the same content is stored in the Storage system, so that the Storage utilization rate of the Storage system can be effectively improved, and the Storage cost is greatly saved. In addition, when an object is repeatedly uploaded, the storage system with the data deduplication function can automatically skip the storage process of the object, and therefore storage experience of a user is improved.
The AONT conversion processes in the AONT-RS series algorithms all adopt a random key encryption mode to ensure the confidentiality of data, which means that the same data input generates completely different data output under different random keys, and the AONT-RS series algorithms cannot support the data deduplication function.
Disclosure of Invention
The invention aims to provide an information dispersion method and system based on distributed object storage system security, and aims to solve the technical problem that security holes exist in AONT-RS series algorithms and meanwhile the calculation efficiency of the algorithms is improved.
The invention is realized in such a way that an information dispersion method based on the security of a distributed object storage system comprises the following steps:
s1, calculating the hash value of the data block in a salt adding mode to resist the collision attack of the hash function and improve the confidentiality of the data;
s2, using SHA2-512 hash algorithm to improve the calculation efficiency, and using the hash value of the original data to replace the random key;
and S3, enabling the data blocks generated after the data input with the same content is encoded by the AONT-NZZD algorithm to have the same content, and realizing data deduplication.
The further technical scheme of the invention is as follows: the S1 includes an encryption process, which includes the following steps: the input of the algorithm is original data M, and the output data is AONT packet P:
sjisa 1, calculating a hash value H of the original data M using the formula H ═ H (M, l), where H is the SHA2-512 hash algorithm, l is the length of the original data M and is added as a salt value after M;
SJAA 2, defining a generating function G, and when the input is the same, the output is definitely the same;
SJIA3 using formula MgGenerating a data segment M (h, l) ═ GgWherein l is the length;
SJIA4 using formula
Figure BDA0002798819990000091
Encrypting the original data M to obtain a ciphertext C;
SJIA5 using formula hcCalculating hash value H of ciphertext C (H, l)c
SJIA6 using formula
Figure BDA0002798819990000093
Calculating data segment CdAnd adds it to the ciphertext C to form an AONT packet P.
The further technical scheme of the invention is as follows: the S1 further includes a decryption process, which includes the following steps: the input of the algorithm is AONT packet P, and the output data is original data M:
SJIE1, and the method for splitting AONT packet P and obtaining ciphertext C and data segment C from the AONT packet PdIn which C isdIs fixed;
SJIE2, pass formula
Figure BDA0002798819990000094
Calculate hash value h of ciphertext CcAnd using the formula Mg=G(h,l)、
Figure BDA0002798819990000095
Calculating a hash value h of the original data;
SJIE3, obtains the length l of the ciphertext C, and passes through the formula M using the same generation function G as in the encryption flowgG (H, l), H (M, l) are calculatedData segment Mg
SJIE4, pass formula
Figure BDA0002798819990000101
The original data M is recovered.
The further technical scheme of the invention is as follows: the step S2 includes the following steps:
s21, inputting original data M to be distributed, and encrypting by using an AONT algorithm to generate an AONT packet P;
s22, generating n data blocks by using NZZD code coding to form a sequence Vm
S23, calculating the hash value of each data block, wherein the length of the data block is added as a salt value;
s24, outputting the data block sequence V generated by codingmAnd its hash value sequence Vh
The further technical scheme of the invention is as follows: the step S3 includes the following steps:
s31, acquiring a sufficient number of data blocks from different storage positions;
s32, calculating respective hash value and comparing the hash value with the hash value calculated in the metadata server in the data distribution stage to ensure the integrity of the data block;
s33, discarding the data blocks with the hash value failed to check, decoding the AONT packet by the remaining data blocks with the successful check and using the NZZD code;
and S34, restoring the original data by using the AONT algorithm.
Another object of the present invention is to provide an information distribution system based on distributed object storage system security, including:
the promotion module is used for resisting collision attack of a hash function by calculating the hash value of the data block in a salt adding mode to promote the confidentiality of the data;
the replacing module is used for improving the calculation efficiency by using the SHA2-512 hash algorithm and replacing the random key by using the hash value of the original data;
and the duplication removing module is used for enabling the data blocks generated after the data input with the same content is encoded by the AONT-NZZD algorithm to have the same content, and realizing data duplication removal. The further technical scheme of the invention is as follows: the promotion module comprises an encryption process, and comprises: the input of the algorithm is original data M, and the output data is AONT packet P:
a hash value calculation unit for calculating a hash value H of the original data M using the formula H (M, l), where H is the SHA2-512 hash algorithm, l is the length of the original data M and is added as a salt value after M;
the function generating unit is used for defining a generating function G, and when the input is the same, the output is the same;
a data segment generation unit for generating a data segment using the formula MgGenerating a data segment M (h, l) ═ GgWherein l is the length;
a ciphertext acquisition unit to utilize a formula
Figure BDA0002798819990000111
Encrypting the original data M to obtain a ciphertext C;
ciphertext hash value calculation unit for using formula hcCalculating hash value H of ciphertext C (H, l)c
AONT constituting unit for utilizing the formula
Figure BDA0002798819990000113
Calculating data segment CdAnd adds it to the ciphertext C to form an AONT packet P.
The further technical scheme of the invention is as follows: the promotion module includes a decryption process therein, and the promotion module includes: the input of the algorithm is AONT packet P, and the output data is original data M:
a slicing unit for slicing the AONT packet P and obtaining a ciphertext C and a data segment C therefromdIn which C isdIs fixed;
obtaining a hash value unit for passing a formula
Figure BDA0002798819990000121
Calculate hash value h of ciphertext CcAnd using the formula Mg=G(h,l)、
Figure BDA0002798819990000122
Calculating a hash value h of the original data;
a data segment acquisition unit for acquiring the length l of the ciphertext C and using the same generation function G as in the encryption process to pass through the formula MgThe data segment M is calculated as G (H, l) and H (M, l)g
Recovery data unit for passing formula
Figure BDA0002798819990000123
The original data M is recovered.
The further technical scheme of the invention is as follows: the replacement module comprises:
the input unit is used for inputting original data M to be distributed and generating an AONT (automatic optical network transport) packet P by using the AONT algorithm for encryption;
a sequence forming unit for forming a sequence V using the NZZD code encoding to generate n data blocksm
A calculation unit for calculating a hash value of each data block to which the length of the data block is added as a salt value;
an output unit for outputting the sequence of data blocks V generated by the encodingmAnd its hash value sequence Vh
The further technical scheme of the invention is as follows: the duplication removing unit comprises:
an acquisition unit for acquiring a sufficient number of data blocks from different storage locations;
the computing unit is used for computing respective hash values and comparing the hash values with the hash values computed in the metadata server in the data distribution stage so as to ensure the integrity of the data blocks;
the discarding unit is used for discarding the data blocks with the hash value verification failure, and decoding the AONT packet by using the NZZD code from the remaining data blocks with the verification success;
and the recovery unit is used for recovering the original data by utilizing the AONT algorithm.
The invention has the beneficial effects that: the AONT-NZZD algorithm adopts the SHA2-516 hash algorithm to replace the SHA2-256 algorithm in the AONT-RS algorithm, so that the Cd of the data section is expanded to 516 bits, the length of the AONT packet can be further expanded, the risk of data leakage when the plaintext is too short can be effectively reduced, and the data confidentiality of the algorithm is further improved. The AONT-NZZD algorithm additionally selects the length of the data block as a salt value of hash operation when calculating the hash value of the data block so as to resist the attack of an attacker on the hash function. The AONT-NZZD algorithm adopts an NZZD code based on binary shift and XOR operation, and has relatively good coding and decoding speed.
Drawings
Fig. 1 is a schematic diagram of an object-based distributed storage architecture according to an embodiment of the present invention.
FIG. 2 is a schematic diagram of a data distribution phase of the AONT-RS algorithm provided by the embodiment of the invention;
fig. 3 is a flow chart of the improved AONT algorithm encryption provided by the embodiment of the present invention.
Fig. 4 is a flowchart of the improved decryption process of the AONT algorithm according to the embodiment of the present invention.
FIG. 5 is a schematic diagram of the data distribution phase of the AONT-NZZD algorithm provided by the embodiment of the present invention.
FIG. 6 is a schematic diagram of the data reconstruction phase of the AONT-NZZD algorithm according to the embodiment of the present invention.
Detailed Description
As shown in fig. 1 to 5, the information dispersion method based on the security of the distributed object storage system provided by the present invention is detailed as follows:
in order to solve the security loophole existing in the AONT-RS series algorithm and improve the calculation efficiency of the algorithm, the invention improves the AONT algorithm and combines NZZD codes, and provides a safe and efficient information dispersion algorithm AONT-NZZD supporting data deduplication.
The AONT-NZZD algorithm references the idea of the SAONT-RS algorithm, the mode of verifying the hash value of the data block is adopted to ensure the recoverability of the original data, and the difference is that the AONT-NZZD algorithm resists the collision attack of a hash function in a salt adding mode when calculating the hash value of the data block to further improve the confidentiality of the data. In order to improve the calculation efficiency of the SAONT-RS algorithm, the AONT-NZZD algorithm adopts SHA2-512 hash functions to replace SHA3-512 hash algorithms in the SAONT-RS algorithm, and adopts NZZD codes with higher coding and decoding efficiency. In addition, the improved AONT algorithm uses an SHA2-512 hash algorithm to replace an AES-256 symmetric encryption algorithm used for encrypting original data in the original algorithm so as to further improve the calculation efficiency of the algorithm, and uses the hash value of the original data to replace a random key used for AONT conversion in the original algorithm, so that the contents of data blocks generated after data input with the same contents is encoded by the AONT-NZZD algorithm are completely the same, and therefore, a data deduplication function can be realized. The workflow of the AONT-NZZD algorithm will be described in detail in three sections, namely an improvement of the AONT algorithm, a distribution stage and a reconstruction stage of AONT-NZZD algorithm data.
AONT algorithm improvements
The working principle of the algorithm will be described in detail from the two parts of the improved AONT algorithm, such as the encryption flow and the decryption flow.
The modified AONT algorithm encryption flow is shown in fig. 3.
The specific algorithm steps are as follows, wherein the input of the algorithm is original data M, and the output data is AONT packet P:
the hash value H of the original data M is calculated using equation 2, where H is the SHA2-512 hash algorithm, l is the length of the original data M and added as a salt after M:
h ═ H (M, l); formula (2)
A generator function G is defined and its output must be the same when the inputs are the same, the pseudo code of the generator function G implemented herein is as follows:
Figure BDA0002798819990000151
data segment Mg (length l) is generated using equation 3:
Mgg (h, l); formula (3)
The original data M is encrypted using formula 4 to obtain a ciphertext C:
Figure BDA0002798819990000152
5. the hash value hc of the ciphertext C is calculated using equation 5:
hch (C, l); formula (5)
6. Calculating the data segment Cd by using formula 6 and adding the data segment Cd to the ciphertext C to form an AONT packet P:
Figure BDA0002798819990000153
the modified AONT algorithm decryption flow is shown in fig. 4.
The specific algorithm steps are as follows, wherein the input of the algorithm is an AONT packet P, and the output data is original data M:
slicing AONT packet P and obtaining ciphertext C and data segment C therefromd(CdIs fixed and only related to the hash algorithm H, and thus can be obtained directly from the AONT packet tail, with the remainder being the ciphertext C);
calculating the hash value hc of the ciphertext C according to formula 7, and calculating the hash value h of the original data by using formula 3.6:
Figure BDA0002798819990000161
obtaining the length l of the ciphertext C, and calculating a data segment Mg by using a generating function G which is the same as that in the encryption process through a formula 3.2;
4. original data M is recovered according to equation 8:
Figure BDA0002798819990000162
it can be seen from the above improved encryption and decryption process of the AONT algorithm that the algorithm replaces the random key used for encrypting data in the original AONT algorithm with the hash value of the original data, so that the same original data input will obtain the same AONT packet, and the algorithm supports the data deduplication function. Meanwhile, the algorithm replaces SHA2-256 in AONT and SHA3-512 in SAONT by SHA2-512 hash functions, so that the length of an AONT packet is expanded to resist short-plaintext attack, and good coding rate is kept. In addition, compared with the original algorithm, the improved AONT algorithm only adopts hash operation and exclusive-or operation, and does not adopt a symmetric encryption algorithm for encryption of original data, so that the calculation complexity of the algorithm can be effectively reduced.
Data distribution phase
The flow chart of the data distribution phase of the AONT-NZZD algorithm is shown in FIG. 5.
The algorithm pseudo code is as follows:
Figure BDA0002798819990000171
data reconstruction phase
The flow chart of the data reconstruction phase of the AONT-NZZD algorithm is shown in FIG. 6.
The algorithm pseudo code is as follows:
Figure BDA0002798819990000172
Figure BDA0002798819990000181
in the data reconstruction stage of the AONT-NZZD algorithm, a sufficient number of data blocks are firstly acquired from different storage positions, then respective hash values are calculated and compared with the hash values calculated in the data distribution stage in the metadata server to ensure the integrity of the data blocks, then the data blocks with failed hash value verification are discarded, the AONT packets are decoded from the remaining data blocks with successful verification by using NZZD codes, and finally the original data are recovered by the improved AONT algorithm.
The invention ensures confidentiality, integrity and availability of data, which will be explained separately below.
Data confidentiality
The data confidentiality means that data cannot be leaked in the transmission and storage processes, and an unauthorized user cannot acquire any valuable information from the system. The AONT-NZZD algorithm can be formally described as an (n, k, k-1) triplet. The AONT-NZZD algorithm encodes original data into n data blocks in a data distribution stage and stores the n data blocks into a system, and the original data can be reconstructed by acquiring any k data blocks in a data reconstruction stage, and useful information related to the original data cannot be acquired through any k-1 data blocks.
Assuming that an attacker can acquire k-1 data blocks from the storage device and knows the generating matrix of the NZZD code, the attacker cannot acquire the whole AONT packet although the attacker can steal partial information of the AONT packet by using the encoding and decoding principle of the NZZD code. According to the strong inseparable characteristic of the AONT algorithm, an attacker cannot acquire any information related to the original data if the attacker cannot acquire the complete AONT packet. The flow of the data reconstruction stage of the AONT-NZZD algorithm can find that when all the information of the ciphertext C and the data segment C are in usedWhen part of the information is leaked, an attacker can calculate the hash value h of the ciphertext CcThe hash value h of the original data M cannot be calculated by the xor operation, and the data segment M cannot be calculated by the generating function GgFinally, any information related to the original data M cannot be acquired; when partial information of ciphertext C and data segment CdWhen all the information of (1) is leaked, the attacker cannot calculate the hash value h of the ciphertext CcFurther, the hash value h of the original data M cannot be calculated by the xor operation, and finally, any information related to the original data M cannot be acquired. In addition, the AONT-NZZD algorithm replaces the SHA2-256 algorithm in the AONT-RS algorithm with the SHA2-516 hashing algorithm to combine the data segment CdThe length of the AONT packet can be further expanded when the length is expanded to 516 bits, so that the risk of data leakage when the plaintext is too short can be effectively reduced, and the data confidentiality of the algorithm is further improved.
Data integrity
Data integrity means that data is not tampered during transmission and storage of the data, or can be quickly discovered and correctly recovered after being tampered. As can be seen from the above, the AONT-NZZD algorithm discards the Canary data segment for integrity check in the AONT-RS algorithm and ensures the integrity of the data block by checking the hash value of the data block, thereby ensuring the integrity of the data in the data reconstruction stage.
Supposing that an attacker maliciously tampers with n-k data blocks in the storage device, the AONT-NZZD algorithm can abandon the data blocks with failed check through data block integrity check in the data reconstruction stage, use the remaining k data blocks with complete check, decode a complete AONT packet through an NZZD code, and then restore the original data through the AONT algorithm. In the method, the integrity check is carried out on the data at the initial stage of data reconstruction without waiting for the integrity check after the data is completely reconstructed, so that the execution efficiency of the algorithm is greatly improved. In addition, compared with the SAONT-RS algorithm, the AONT-NZZD algorithm additionally selects the length of the data block as a salt value of the hash operation when calculating the hash value of the data block so as to resist the attack of an attacker on the hash function.
Data availability
Data availability refers to the fact that when data is lost in a storage process or partial storage service fails due to invariance, hardware failure or malicious attack, a storage system can still provide reliable data access to authorized users. As can be seen from the above, although the AONT-NZZD algorithm supports the data deduplication function, and data units of the same content are stored in only one copy in the storage system, the algorithm can still effectively guarantee the availability of data by using the NZZD code as its data redundancy mechanism.
Assuming that an attacker maliciously deletes n-k data blocks from the storage device, the AONT-NZZD algorithm can still decode a complete AONT packet by using the NZZD code through the remaining k data blocks which are not lost, and then recover correct original data through the AONT algorithm. Compared with the AONT-RS series algorithm, the AONT-NZZD algorithm adopts an NZZD code based on binary shift and XOR operation, and has relatively better coding and decoding speed.
In order to solve the important challenge of how to ensure the data security in a cloud storage solution, the invention researches the data security storage technology in a distributed object storage system, improves the AONT algorithm and combines NZZD codes on the basis of deep analysis of the existing information dispersion algorithm, and provides a safe and efficient information dispersion algorithm AONT-NZZD supporting data deduplication.
The invention can effectively ensure the confidentiality, the integrity and the usability of the data and has good utilization rate of the storage space.
Another object of the present invention is to provide an information distribution system based on distributed object storage system security, including:
the promotion module is used for resisting collision attack of a hash function by calculating the hash value of the data block in a salt adding mode to promote the confidentiality of the data;
the replacing module is used for improving the calculation efficiency by using the SHA2-512 hash algorithm and replacing the random key by using the hash value of the original data;
and the duplication removing module is used for enabling the data blocks generated after the data input with the same content is encoded by the AONT-NZZD algorithm to have the same content, and realizing data duplication removal. The further technical scheme of the invention is as follows: the promotion module comprises an encryption process, and comprises: the input of the algorithm is original data M, and the output data is AONT packet P:
a hash value calculation unit for calculating a hash value H of the original data M using the formula H (M, l), where H is the SHA2-512 hash algorithm, l is the length of the original data M and is added as a salt value after M;
the function generating unit is used for defining a generating function G, and when the input is the same, the output is the same;
a data segment generation unit for generating a data segment using the formula MgGenerating a data segment M (h, l) ═ GgWherein l is the length;
a ciphertext acquisition unit to utilize a formula
Figure BDA0002798819990000221
Encrypting the original data M to obtain a ciphertext C;
ciphertext hash value calculation unit for using formula hcCalculating hash value H of ciphertext C (H, l)c
AONT constituting unit for utilizing the formula
Figure BDA0002798819990000222
Calculating data segment CdAnd adds it to the ciphertext C to form an AONT packet P.
The further technical scheme of the invention is as follows: the promotion module includes a decryption process therein, and the promotion module includes: the input of the algorithm is AONT packet P, and the output data is original data M:
a slicing unit for slicing the AONT packet P and obtaining a ciphertext C and a data segment C therefromdIn which C isdIs fixed;
obtaining a hash value unit for passing a formula
Figure BDA0002798819990000223
Calculate hash value h of ciphertext CcAnd using the formula Mg=G(h,l)、
Figure BDA0002798819990000224
Calculating a hash value h of the original data;
a data segment acquisition unit for acquiring the length l of the ciphertext C and using the same generation function G as in the encryption process to pass through the formula MgThe data segment M is calculated as G (H, l) and H (M, l)g
Recovery data unit for passing formula
Figure BDA0002798819990000231
The original data M is recovered.
The further technical scheme of the invention is as follows: the replacement module comprises:
the input unit is used for inputting original data M to be distributed and generating an AONT (automatic optical network transport) packet P by using the AONT algorithm for encryption;
a sequence forming unit for forming a sequence V using the NZZD code encoding to generate n data blocksm
A calculation unit for calculating a hash value of each data block to which the length of the data block is added as a salt value;
an output unit for outputting the sequence of data blocks V generated by the encodingmAnd its hash value sequence Vh
The further technical scheme of the invention is as follows: the duplication removing unit comprises:
an acquisition unit for acquiring a sufficient number of data blocks from different storage locations;
the computing unit is used for computing respective hash values and comparing the hash values with the hash values computed in the metadata server in the data distribution stage so as to ensure the integrity of the data blocks;
the discarding unit is used for discarding the data blocks with the hash value verification failure, and decoding the AONT packet by using the NZZD code from the remaining data blocks with the verification success;
and the recovery unit is used for recovering the original data by utilizing the AONT algorithm.
To evaluate the storage space utilization of the AONT-NZZD algorithm, this section calculates the storage space required by the AONT-NZZD algorithm to store 4KB of original data by using the AONT-RS algorithm as a comparison group, wherein the parameters of the erasure code are set to (n-16, k-10, and m-6), and the calculation results are shown in table 2.1.
As can be seen from the data distribution stage process of the AONT-NZZD algorithm, the length of the ciphertext C in the AONT-NZZD algorithm is the same as the length of the original data, so that the length of the ciphertext C in the example is 4 KB. The data segment Cd is obtained by xoring the hash value hc of the ciphertext C and the hash value h of the original data, and the AONT-NZZD algorithm adopts the SHA2-512 hash algorithm, so that the length of the data segment Cd in this example is 512 bits (64B). The AONT packet P is composed of ciphertext C and data segment Cd, so the length of AONT packet P in this example is the sum of the ciphertext C and data segment Cd, and is denoted as 4160B. As known from the encoding principle of the NZZD code of section 2.2.4, the check data block generated by storing the NZZD code needs to be additionally provided
Figure BDA0002798819990000242
Figure BDA0002798819990000241
The storage space of the bits, and therefore the extra storage space for storing the check data block in this example, is 108 bits (about 14B). The total length of the generated data block is calculated by multiplying the AONT packet length by n divided by k and adding the calculated value to the extra storage space required by the NZZD code storage check block, so that the total length of the generated data block is 6670B in this example. In the AONT-NZZD algorithm, the system needs to store not only the data blocks generated by encoding, but also the hash values of the data blocks, and the length of the hash values is 64B, so that 1024B of storage space is needed for storing the hash values of all the data blocks in this example. In summary, the AONT-NZZD algorithm requires 7694B of storage space in this example.
The length of the Canary data segment in the AONT-RS algorithm is 16B, so that the length of the ciphertext C generated by the symmetric encryption function in the example is the sum of the length of the plaintext and the length of the Canary data segment, and is marked as 4112B. The Difference field is generated by xoring the random key K of 16B with the hash value of the ciphertext C, so in this example the Difference field is 16B in length. The AONT packet is composed of the ciphertext C and the data field Difference, and the AONT packet needs padding bytes to be evenly sliced in the RS encoding process (the length of the padded AONT packet should be an integer multiple of k), so the length of the padding field in this example is 2B, and the total length of the AONT packet is 4130B. According to the RS code encoding principle, the total length of the data block generated by the AONT packet through RS code encoding in this example is 6608B. AONT-RS totals 6608B total storage system occupied in this example because no additional data block hash values need to be stored.
TABLE 2.1 storage space required for AONT-NZZD and AONT-RS algorithms
Figure BDA0002798819990000251
From the calculation result, although the total length of the data blocks generated by the two algorithms is basically the same, the AONT-NZZD algorithm requires more storage space than the AONT-RS algorithm, the difference is mainly that the AONT-NZZD algorithm needs to additionally store the hash value of the data block, and the storage space occupation of the part increases linearly with the increase of the parameter n. Further analysis can find that when the original data length is large, the storage space for storing the hash value of the data block can be ignored, and the storage utilization rate of the AONT-NZZD algorithm is similar to that of the AONT-RS algorithm. When the original data length is small, although the storage utilization of the AONT-NZZD algorithm is slightly worse than that of the AONT-RS algorithm, the AONT-NZZD algorithm can ensure the recoverability of data by additionally storing the hash value of the data block. In conclusion, the AONT-NZZD algorithm has good storage utilization rate and is suitable for a large-scale distributed object storage system.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. An information dispersion method based on the security of a distributed object storage system is characterized by comprising the following steps:
s1, calculating the hash value of the data block in a salt adding mode to resist the collision attack of the hash function and improve the confidentiality of the data;
s2, using SHA2-512 hash algorithm to improve the calculation efficiency, and using the hash value of the original data to replace the random key;
and S3, enabling the data blocks generated after the data input with the same content is encoded by the AONT-NZZD algorithm to have the same content, and realizing data deduplication.
2. The method for information dissemination based on distributed object storage system security according to claim 1, wherein said S1 comprises an encryption process, comprising the following steps: the input of the algorithm is original data M, and the output data is AONT packet P:
sjisa 1, calculating a hash value H of the original data M using the formula H ═ H (M, l), where H is the SHA2-512 hash algorithm, l is the length of the original data M and is added as a salt value after M;
SJAA 2, defining a generating function G, and when the input is the same, the output is definitely the same;
SJIA3 using formula MgGenerating a data segment M (h, l) ═ GgWherein l is the length;
SJIA4 using formula
Figure FDA0002798819980000011
Encrypting the original data M to obtain a ciphertext C;
SJIA5 using formula hcCalculating hash value H of ciphertext C (H, l)c
SJIA6 using formula
Figure FDA0002798819980000012
Calculating data segment CdAnd adds it to the ciphertext C to form an AONT packet P.
3. The method for information dissemination based on distributed object storage system security according to claim 2, wherein said S1 further comprises a decryption process, and the steps thereof are as follows: the input of the algorithm is AONT packet P, and the output data is original data M:
SJIE1, and the method for splitting AONT packet P and obtaining ciphertext C and data segment C from the AONT packet PdIn which C isdIs fixed;
SJIE2, pass formula
Figure FDA0002798819980000021
Calculate hash value h of ciphertext CcAnd using the formula Mg=G(h,l)、
Figure FDA0002798819980000022
Calculating a hash value h of the original data;
SJIE3, obtains the length l of the ciphertext C, and passes through the formula M using the same generation function G as in the encryption flowgThe data segment M is calculated as G (H, l) and H (M, l)g
SJIE4, pass formula
Figure FDA0002798819980000023
The original data M is recovered.
4. The method for information dissemination based on distributed object storage system security according to claim 1, wherein said step S2 comprises the following steps:
s21, inputting original data M to be distributed, and encrypting by using an AONT algorithm to generate an AONT packet P;
s22, generating n data blocks by using NZZD code coding to form a sequence Vm
S23, calculating the hash value of each data block, wherein the length of the data block is added as a salt value;
s24, outputting the data block sequence V generated by codingmAnd its hash value sequence Vh
5. The method for information dissemination based on distributed object storage system security according to claim 1, wherein said step S3 comprises the following steps:
s31, acquiring a sufficient number of data blocks from different storage positions;
s32, calculating respective hash value and comparing the hash value with the hash value calculated in the metadata server in the data distribution stage to ensure the integrity of the data block;
s33, discarding the data blocks with the hash value failed to check, decoding the AONT packet by the remaining data blocks with the successful check and using the NZZD code;
and S34, restoring the original data by using the AONT algorithm.
6. An information dispersal system based on distributed object storage system security, comprising:
the promotion module is used for resisting collision attack of a hash function by calculating the hash value of the data block in a salt adding mode to promote the confidentiality of the data;
the replacing module is used for improving the calculation efficiency by using the SHA2-512 hash algorithm and replacing the random key by using the hash value of the original data;
and the duplication removing module is used for enabling the data blocks generated after the data input with the same content is encoded by the AONT-NZZD algorithm to have the same content, and realizing data duplication removal.
7. The system of claim 6, wherein the promotion module comprises an encryption process, and the promotion module comprises: the input of the algorithm is original data M, and the output data is AONT packet P:
a hash value calculation unit for calculating a hash value H of the original data M using the formula H (M, l), where H is the SHA2-512 hash algorithm, l is the length of the original data M and is added as a salt value after M;
the function generating unit is used for defining a generating function G, and when the input is the same, the output is the same;
a data segment generation unit for generating a data segment using the formula MgGenerating a data segment M (h, l) ═ GgWherein l is the length;
a ciphertext acquisition unit to utilize a formula
Figure FDA0002798819980000045
Encrypting the original data M to obtain a ciphertext C;
ciphertext hash value calculation unit for using formula hcCalculating hash value H of ciphertext C (H, l)c
AONT constituting unit for utilizing the formula
Figure FDA0002798819980000041
Calculating data segment CdAnd adds it to the ciphertext C to form an AONT packet P.
8. The system of claim 7, wherein the promotion module comprises a decryption process, and the promotion module comprises: the input of the algorithm is AONT packet P, and the output data is original data M:
a slicing unit for slicing the AONT packet P and obtaining a ciphertext C and a data segment C therefromdIn which C isdIs fixed;
obtaining a hash value unit for passing a formula
Figure FDA0002798819980000042
Calculate hash value h of ciphertext CcAnd using the formula Mg=G(h,l)、
Figure FDA0002798819980000043
Calculating a hash value h of the original data;
a data segment acquisition unit for acquiring the length l of the ciphertext C and using the same generation function G as in the encryption process to pass through the formula MgThe data segment M is calculated as G (H, l) and H (M, l)g
Recovery data unit for passing formula
Figure FDA0002798819980000044
The original data M is recovered.
9. The system of claim 8, wherein the replacement module comprises:
the input unit is used for inputting original data M to be distributed and generating an AONT (automatic optical network transport) packet P by using the AONT algorithm for encryption;
a sequence forming unit for forming a sequence V using the NZZD code encoding to generate n data blocksm
A calculation unit for calculating a hash value of each data block to which the length of the data block is added as a salt value;
output sheetElement for outputting a sequence of encoded data blocks VmAnd its hash value sequence Vh
10. The system of claim 9, wherein the deduplication unit comprises:
an acquisition unit for acquiring a sufficient number of data blocks from different storage locations;
the computing unit is used for computing respective hash values and comparing the hash values with the hash values computed in the metadata server in the data distribution stage so as to ensure the integrity of the data blocks;
the discarding unit is used for discarding the data blocks with the hash value verification failure, and decoding the AONT packet by using the NZZD code from the remaining data blocks with the verification success;
and the recovery unit is used for recovering the original data by utilizing the AONT algorithm.
CN202011341886.8A 2020-11-25 2020-11-25 Information dispersion method and system based on distributed object storage system security Pending CN112486412A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011341886.8A CN112486412A (en) 2020-11-25 2020-11-25 Information dispersion method and system based on distributed object storage system security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011341886.8A CN112486412A (en) 2020-11-25 2020-11-25 Information dispersion method and system based on distributed object storage system security

Publications (1)

Publication Number Publication Date
CN112486412A true CN112486412A (en) 2021-03-12

Family

ID=74934538

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011341886.8A Pending CN112486412A (en) 2020-11-25 2020-11-25 Information dispersion method and system based on distributed object storage system security

Country Status (1)

Country Link
CN (1) CN112486412A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113014397A (en) * 2021-03-17 2021-06-22 杭州师范大学 Rapid and safe identity authentication method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110246433A1 (en) * 2010-03-31 2011-10-06 Xerox Corporation. Random number based data integrity verification method and system for distributed cloud storage
CN108197484A (en) * 2018-01-23 2018-06-22 中南民族大学 A kind of method that node data safety is realized under distributed storage environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110246433A1 (en) * 2010-03-31 2011-10-06 Xerox Corporation. Random number based data integrity verification method and system for distributed cloud storage
CN108197484A (en) * 2018-01-23 2018-06-22 中南民族大学 A kind of method that node data safety is realized under distributed storage environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PENGCHENG XIE, HUI LI,HAIYANG YU, ZEQUAN CHEN: "AONT-NZZD: A Secure and Efficient Dispersal Scheme in", 《2019 IEEE INTERNATIONAL CONFERENCE ON BIG DATA》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113014397A (en) * 2021-03-17 2021-06-22 杭州师范大学 Rapid and safe identity authentication method
CN113014397B (en) * 2021-03-17 2023-08-18 杭州师范大学 Quick and safe identity authentication method

Similar Documents

Publication Publication Date Title
US10613776B2 (en) Appyling multiple hash functions to generate multiple masked keys in a secure slice implementation
US11182247B2 (en) Encoding and storage node repairing method for minimum storage regenerating codes for distributed storage systems
US10735137B2 (en) Distributed storage system data management and security
US10951236B2 (en) Hierarchical data integrity verification of erasure coded data in a distributed computing system
CN108701197A (en) The safety slice of efficient secret key encryption
Li et al. Towards privacy-preserving storage and retrieval in multiple clouds
WO2015156786A1 (en) Redactable document signatures
CN108197484B (en) Method for realizing node data security in distributed storage environment
CN110008755B (en) Cloud storage revocable dynamic data integrity verification system and method
CN107689983B (en) Cloud storage system and method based on low repair bandwidth
JP2023531695A (en) secure secret recovery
CN110968452A (en) Data integrity verification method capable of safely removing duplicate in cloud storage of smart power grid
CN109101360B (en) Data integrity protection method based on bloom filter and cross coding
CN102843212A (en) Coding and decoding method and device
El Rouayheb et al. Synchronizing edits in distributed storage networks
Han et al. Efficient exact regenerating codes for byzantine fault tolerance in distributed networked storage
CN112764677B (en) Method for enhancing data migration security in cloud storage
CN112486412A (en) Information dispersion method and system based on distributed object storage system security
US9940195B2 (en) Encryption of slice partials
Balmany et al. Dynamic proof of retrievability based on public auditing for coded secure cloud storage
El Rouayheb et al. Synchronization and deduplication in coded distributed storage networks
CN111224747A (en) Coding method capable of reducing repair bandwidth and disk reading overhead and repair method thereof
Chan et al. Fault-tolerant and secure networked storage
Rashid et al. Proof of retrieval and ownership protocols for enterprise-level data deduplication
Rashid et al. Proof of retrieval and ownership protocols for images through spiht compression

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210312

RJ01 Rejection of invention patent application after publication