Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (11): 1061-.

Previous Articles     Next Articles

Research on Data Sharing Management Based on Attributebased Encryption#br#
#br#

Wang Sen1, Xu Tao1, and Li Jingui2   

  1. 1(Department of Information and Network Security, State Information Center, Beijing 100045)
    2(Department of Public Technical Service, State Information Center, Beijing 100045)
  • Online:2023-11-06 Published:2023-11-30

基于属性加密的数据共享管理研究

王森1许涛1李金贵2   

  1. 1(国家信息中心信息与网络安全部北京100045)
    2(国家信息中心公共技术服务部北京100045)
  • 通讯作者: 王森 硕士,高级工程师.主要研究方向为网络安全、数据安全、密码应用、电子政务. wangsen@sic.gov.cn
  • 作者简介:王森 硕士,高级工程师.主要研究方向为网络安全、数据安全、密码应用、电子政务. wangsen@sic.gov.cn 许涛 硕士,高级工程师.主要研究方向为电子政务、信息安全、商用密码. xutao@sic.gov.cn 李金贵 硕士,工程师.主要研究方向为政务信息化、数据治理. lijingui@sic.gov.cn

Abstract: Data sharing and applications are faced with malicious attacks, supply chain vulnerabilities, security product defects, technical personnel theft and other security threats. It can improve security by deploying a security authentication gateway and cryptographic server to authenticate user identity and protect data confidentiality and integrity. However, there are also internal threats. For example, the administrator being bought or the internal terminal is controlled by hackers, which will bypass these security protection mechanisms. In view of these threats, this paper proposes an attributebased encryption strategy to encapsulate the key based on SM9, so as to avoid the plaintext data in data sharing applications and effectively deal with internal threats such as theft by system administrators.

Key words: data security, commercial cryptography, identity authentication, access control, data encryption, attributebased encryption, SM9

摘要: 数据在共享和使用中面临着恶意攻击、供应链漏洞、安全产品缺陷、技术人员窃取等安全威胁.采用认证网关和密码机对用户身份进行认证,并对数据进行机密性完整性保护,能够增加安全性.但还存在内部威胁,如管理员被收买或内部终端被黑客控制,绕过安全防护机制.针对这些威胁,提出了基于SM9属性加密封装密钥,实现数据共享应用中不出现明文数据、有效应对系统管理员窃密等内部威胁.

关键词: 数据安全, 商用密码, 身份认证, 访问控制, 数据加密, 属性加密, SM9

CLC Number: