一种云存储环境下保障数据机密性的方法

为保证用户数据的机密性,业界普遍将数据加密后存储在云端。提出了一种云存储系统中保障数据机密性的方法,其特点有:(1)加解密系统部署于云存储服务器的前端,在客户端和云存储服务器之间对用户数据进行加解密;(2)对用户数据的加解密是实时进行的,在数据上传的传输过程中进行加密,在数据下载的传输过程中进行解密;(3)加解密系统对用户端和云服务器端是透明的。当前广泛使用的基于HTTP协议传输的云存储系统如Amazon S3、OpenStack Swift等可以直接使用该方法。测试结果表明:本方法在不降低数据传输吞吐率的基础上,能有效卸载云存储系统的数据加解密负担。

A method for ensuring data confidentiality in cloud storage

The most popular method to ensure confidentiality of users’data is to encrypt the data stored in the cloud. We propose a new method to ensure data confidentiality in cloud storage. Its properties include: (1) an encryption system which processes user data between clients and servers, is deployed on the front end of cloud storage servers; (2) real time encryption of user data: data is encrypted while being uploaded and decrypted while being downloaded; (3) the encryption system is transparent to both clients and cloud servers. Currently the widespread HTTP protocol based cloud storage systems, such as Amazon S3 and OpenStack Swift, can use this method directly. Test data show that: this method can effectively offload the burden of data encryption and decryption without reducing the throughput.