Shulou(Shulou.com)06/03 Report--

Cloud computing, big data and other information technology are profoundly changing people's way of thinking, production, life and learning, and deepening into people's daily life.

With the emergence of big data in various industries and fields, such as social media, e-commerce, health care, intelligent transportation, telecommunications operation, finance and smart city, big data's analytical technology and applied research make big data show unlimited economic and social value and scientific research significance, which has aroused an upsurge of research in academic and industrial circles at home and abroad. Governments of various countries also attach great importance to this and continue to rise to the height of national strategy.

The security problems of big data exposed by data and information in many links have become increasingly prominent, which has become a bottleneck restricting the development of big data's application.

Today, I would like to talk about cloud data security. After all, the development of cloud computing technology has led to increasingly serious security threats faced by big data in the process of collection, storage, sharing, and use. Big data's disclosure of corporate personal privacy information has brought huge losses to users.

Encryption and key management

Encryption is not a new technology at all, but in the past, encrypted data was stored on servers, which were placed within the company, and the company directly controlled them.

Because many of today's popular business applications are hosted in the cloud, executives either need to rely on the terms of the contract to protect assets, choose a cloud service provider that allows customers to encrypt data and then send it to the cloud for storage or processing, or work with software-as-a-service (SaaS) providers to manage the encryption and decryption of their enterprise data.

Client encryption mode

In fact, what is mainly done on the client side is the visibility of the data, and the main security problem is still placed on the server side. After all, all the data is on the server side, and the server side will verify the data when it is received, and it depends on whether the data is replayed.

All the client has to do is to prevent decompilation and transmission of data encryption.

Generally will do transmission data encryption, some companies app does not have sensitive information, only use post get mode.

The previous encryption uses DES and RSA encryption. Mr. DESKey then encrypts DESKey with RSA public key, then encrypts data with DESKey, and finally transmits the encrypted data and encrypted DESKey to the background.

The background first decrypts DESKey with the RSA private key, and then decrypts the data with the decrypted DESKey.

This is the whole encryption and decryption process, but because the background decryption speed can not meet the requirements (the background decryption pressure is too high, because RSA decryption is too time-consuming, the client may not feel anything), so it has been improved:

First exchange DESKey with the server (first transfer the encrypted DESKey to the background), return to the successful exchange, and then transfer the data encrypted with DESKey to the background. In this way, the server can use the transmission gap to decrypt it to relieve the pressure on the server.

Cloud server encryption method

Content-aware encryption and format-preserving encryption are common encryption methods for cloud computing:

Content-aware encryption: used in data disclosure prevention, content-aware software understands the data or format and sets encryption based on policy, such as automatic encryption when a credit card number is sent to law enforcement using email

Format-preserving encryption:

The result of encrypting a message is still like an input message, such as a 16-bit credit card number is still a 16-digit number after encryption, a phone number is still like a phone number after encryption, and an English word is still like an English word after encryption.

Cloud server encryption service is an encryption solution on the cloud. The bottom layer of the service uses a hardware password machine certified by × × detection to help users meet the regulatory compliance requirements of data security through virtualization technology, and protect the privacy requirements of business data on the cloud. With the help of encryption service, users can not only manage the key securely and reliably, but also use a variety of encryption algorithms to encrypt and decrypt data reliably.

Cloud password machine service

CVM cipher machine is a hardware cipher machine, which uses virtualization technology to generate multiple virtual cipher machines (hereinafter referred to as VSM) in one cipher machine. Each VSM provides key management and cryptographic operation services consistent with ordinary server cipher machines (supports SM1/SM2/SM3/SM4 algorithm). At the same time, the CVM password machine adopts security isolation technology to ensure the security isolation of keys between each VSM.

Key management service

Existing cloud service providers can provide basic encryption key schemes to protect cloud-based application development and services, or they can leave these protection measures to their users. As cloud service providers move towards solutions that support robust key management, more needs to be done to overcome barriers to adoption.

Data encryption (storage & transmission)

Encryption technology is used to protect the security of data in the process of storage and transmission (link encryption technology). For technicians who do storage, the encryption scheme and technology commonly encountered is to support encryption at the back end of the storage. such as encryption disk or storage encryption.

But from the data encryption location, encryption technology is generally divided into application layer encryption (such as backup software, database), gateway layer encryption (such as encryption server, encryption switch, etc.), storage system encryption and encryption hard disk technology.

The best compatibility is the application layer encryption technology (this kind of encryption is implemented in many office software), because this encryption scheme is imperceptible in the storage and network layer.

Personally, I think that the application layer encryption technology is more meaningful and practical, which can ensure the end-to-end security of the data, not just on the storage side or on the disk.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.