Secure storage method and system based on trusted embedded device and FTP (File Transfer Protocol)

Abstract

The invention discloses a secure storage method and system based on trusted embedded equipment and an FTP (File Transfer Protocol). The method comprises the following steps of: 1) using a trusted cryptographic module as a trusted root of the trusted embedded equipment, so that the trusted embedded equipment has a trusted computing environment; the trusted embedded device comprises a trusted password module, an FTP server and an encryption partition management subsystem; 2) connecting the external storage device with the trusted embedded device, initializing the external storage device into an encryption partition, associating the encryption partition with a randomly generated key file, and encrypting and storing the key file in the trusted embedded device by using a root of trust; binding a root directory of the FTP server with the encrypted partition; and 3) deploying the FTP client in a host environment, using the FTP client in the host environment to send a security operation request to the FTP server, and performing encrypted partition access authorization on the FTP client and responding to the received security operation request by the FTP server.

Description

technical field [0001] The invention belongs to the field of computer system security and trusted storage, in particular to a security storage method and system based on a trusted embedded device and FTP. Background technique [0002] With the development of Internet information technology, massive amounts of data are constantly being stored and used by various forms of computer systems and information equipment. For individuals, some data and documents may involve personal privacy; for enterprises, many data may involve intellectual property rights and trade secrets; even for countries, some data covers important information of the country, and leakage may be harmful to national security create a threat. Because these security-sensitive data are often of high value, they are easy targets for hackers and criminals to attack or steal. [0003] Secure storage is an important technology for the security protection of sensitive data, which usually contains two basic security a...

AI Technical Summary

Problems solved by technology

[0006] Although the above-mentioned secure storage technology has been applied to a certain extent, some shortcomings have been exposed with the deepening of research.

For the software-based disk encryption technology, encryption and decryption are completed in the host environment where the data is used, without any isolation protection mechanism, and the encryption and decryption keys are also located in the DRAM memory of the host environment, which is vulnerable to various memory attacks. If the key is leaked, all data stored on the disk will be threatened, and this method usually relies on complex configuration, and the performance overhead caused by encryption is unacceptable for many application scenarios

For TCG Opal, a hardware-based full-disk encryption technology, the key and encryption and decryption operations are placed in the hardware driver of the storage device, which can achieve isolation from the host memory environment to a certain extent, and the encryption is automatically performed by the hardware driver. Complete, completely transparent to the user, its disadvantage is that the key management ability of the hardware drive is limited, it is impossible to implement fine-grained secure storage, especially in the face of multi-user scenarios, the scalability is poor, and the hardware drive itself lacks Security protection mechanism, the corresponding password operation is also difficult to audit

Images