Research on Data Sharing Management Based on Attributebased Encryption#br#

	#br#

Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (11): 1061-.

Previous Articles Next Articles

Research on Data Sharing Management Based on Attributebased Encryption#br#
#br#

Wang Sen1, Xu Tao1, and Li Jingui2

1(Department of Information and Network Security, State Information Center, Beijing 100045)
2(Department of Public Technical Service, State Information Center, Beijing 100045)

Online:2023-11-06 Published:2023-11-30

基于属性加密的数据共享管理研究

王森1许涛1李金贵2

1(国家信息中心信息与网络安全部北京100045)
2(国家信息中心公共技术服务部北京100045)

通讯作者: 王森硕士，高级工程师.主要研究方向为网络安全、数据安全、密码应用、电子政务. wangsen@sic.gov.cn
作者简介:王森硕士，高级工程师.主要研究方向为网络安全、数据安全、密码应用、电子政务. wangsen@sic.gov.cn 许涛硕士，高级工程师.主要研究方向为电子政务、信息安全、商用密码. xutao@sic.gov.cn 李金贵硕士，工程师.主要研究方向为政务信息化、数据治理. lijingui@sic.gov.cn

Abstract

Abstract: Data sharing and applications are faced with malicious attacks, supply chain vulnerabilities, security product defects, technical personnel theft and other security threats. It can improve security by deploying a security authentication gateway and cryptographic server to authenticate user identity and protect data confidentiality and integrity. However, there are also internal threats. For example, the administrator being bought or the internal terminal is controlled by hackers, which will bypass these security protection mechanisms. In view of these threats, this paper proposes an attributebased encryption strategy to encapsulate the key based on SM9, so as to avoid the plaintext data in data sharing applications and effectively deal with internal threats such as theft by system administrators.

Key words: data security, commercial cryptography, identity authentication, access control, data encryption, attributebased encryption, SM9

摘要： 数据在共享和使用中面临着恶意攻击、供应链漏洞、安全产品缺陷、技术人员窃取等安全威胁.采用认证网关和密码机对用户身份进行认证，并对数据进行机密性完整性保护，能够增加安全性.但还存在内部威胁，如管理员被收买或内部终端被黑客控制，绕过安全防护机制.针对这些威胁，提出了基于SM9属性加密封装密钥，实现数据共享应用中不出现明文数据、有效应对系统管理员窃密等内部威胁.

关键词: 数据安全, 商用密码, 身份认证, 访问控制, 数据加密, 属性加密, SM9

CLC Number:

TP309

王森, 许涛, 李金贵, . 基于属性加密的数据共享管理研究[J]. 信息安全研究, 2023, 9(11): 1061-.

References

［1］新华社. 国家安全部公布三起危害重要数据安全案例［EBOL］. (20211101) ［20220105］. http:www.news.cn20211031c_1128014674.htm［2］国家互联网应急中心. 2020年中国互联网网络安全报告［EBOL］. (20210716) ［20220105］. http:www.cac.gov.cn20210721c_1628454189500041.htm［3］国家互联网应急中心. 关于Apache Log4j2存在远程代码执行漏洞的安全公告［EBOL］. (20211210) ［20220105］. https:www.cert.org.cnpublishmain820212021 121011055095854670820211210110550958546708_.html［4］国家互联网应急中心. 关于近期境外黑客组织攻击我国多个企业窃取源代码数据的通报［EBOL］. (20211121) ［20220105］. https:www.cert.org.cnpublishmain9202120211121170349483356572202111211703494833565 72_.html［5］百度百科. 心脏出血［EBOL］. 2014 ［20220105］. https:baike.baidu.comitemHeartbleed［6］崔伟. 从驻外机构受到黑客攻击谈新基建的方向［EBOL］. (20200421) ［20220105］. https:www.gelonghui.comp366403［7］央视网. 54亿条！江苏警方破获特大侵犯公民信息案［EBOL］. (20211025) ［20220105］. http:tv.cctv.com20211024VIDEAR5ThSDLxGuHvmfPGtqE211024.shtml［8］王森. 基于服务器密码机的数据加密保护技术研究［J］. 电子技术与软件工程, 2022 (13): 15 ［9］冯登国, 张敏, 李昊. 大数据安全与隐私保护［J］. 计算机学报, 2014, 37(1): 246258［10］李晖, 孙文海, 李凤华, 等. 公共云存储服务数据安全及隐私保护技术综述［J］. 计算机研究与发展, 2014, 51(7): 13971409［11］国家密码管理局. GMT 0026—2014安全认证网关产品规范［S］. 北京: 中国标准出版社, 2014［12］国家密码管理局. GMT 0002—2012 SM4分组密码算法［S］. 北京: 中国标准出版社, 2012［13］国家密码管理局. GMT 0004—2012 SM3密码杂凑算法［S］. 北京: 中国标准出版社, 2012［14］陈庄, 齐锋, 叶成荫. 一种基于国密算法的云数据加密方案研究［J］. 信息安全研究, 2018, 4(7): 646651［15］国家密码管理局. GMT 0024—2014 SSL VPN 技术规范［S］. 北京: 中国标准出版社, 2014［16］王琼霄, 王聪丽, 林璟锵, 等. PKI证书服务的安全增强技术［J］. 信息安全研究, 2019, 5(1): 5058［17］Wang L, Wijesekera D, Jajodia S. A logicbased framework for attribute based access control［C］ Proc of ACM Workshop on Formal Methods in Security Enginerring. New York: ACM, 2004: 4555［18］Goyal V, Pandey O, Sahai A, et al. A ttributebased encryption for finegrained access control of encrypted data［C］ Proc of the 13th ACM Conf on Computer and Communications Security(CCS 2006). New York: ACM, 2006: 8998［19］国家密码管理局. GMT 0044—2016 SM9标识密码算法［S］. 北京: 中国标准出版社, 2016［20］国家密码管理局. 我国SM9标识加密算法正式成为ISOIEC国际标准［EBOL］. (20210301) ［20220105］. https:www.oscca.gov.cnscaxwdt20210301content_1060851.shtml［21］Beimel A. Secure schemes for secret sharing and key distribution［D］. Haifa: Israel Institute of Technology Technion, 1996［22］Shamir A. How to share a secret［J］. Communications of the ACM, 1997, 22(11): 612613

[1]	. Face Recognition Privacy Protection Method Based on Homomorphic Encryption#br# [J]. Journal of Information Security Reserach, 2023, 9(9): 843-.
[2]	. Research on Commercial Cryptography Application to Industrial Internet [J]. Journal of Information Security Reserach, 2023, 9(9): 851-.
[3]	. Research and Practice of Government Data Security Governance System [J]. Journal of Information Security Reserach, 2023, 9(9): 900-.
[4]	. Research and Application of 5G Private Network Access Security Management and Control Scheme Based on DNAAA [J]. Journal of Information Security Reserach, 2023, 9(8): 784-.
[5]	. Classification and Grading Method of Transportation Government Data [J]. Journal of Information Security Reserach, 2023, 9(8): 808-.
[6]	. Research and Thinking on Data Classification and Grading of Important Information Systems#br# [J]. Journal of Information Security Reserach, 2023, 9(7): 631-.
[7]	. Research and Practice on Data Security Compliance Check Technology for Operators [J]. Journal of Information Security Reserach, 2023, 9(7): 643-.
[8]	. Study on Data Transparency Technologies [J]. Journal of Information Security Reserach, 2023, 9(7): 643-.
[9]	. Exploration and Research on Security Guarantee of Data Transaction and Circulation [J]. Journal of Information Security Reserach, 2023, 9(7): 662-.
[10]	. Consideration on Some Problems in the Development of GPT4 and Its Regulation Scheme [J]. Journal of Information Security Reserach, 2023, 9(6): 510-.
[11]	. ChatGPT’s Security Threaten Research [J]. Journal of Information Security Reserach, 2023, 9(6): 533-.
[12]	. Research on the Integration of Full Lifecycle Data Security Management and Artificial Intelligence Technology#br# [J]. Journal of Information Security Reserach, 2023, 9(6): 543-.
[13]	. Towards a Privacy-preserving Research for AI and Blockchain Integration [J]. Journal of Information Security Reserach, 2023, 9(6): 557-.
[14]	. Research on Security Risk Response for Internet of Body Applications [J]. Journal of Information Security Reserach, 2023, 9(5): 433-.
[15]	. Design and Implementation of Cryptography Intensive Platform for Government Information System [J]. Journal of Information Security Reserach, 2023, 9(5): 461-.

Research on Data Sharing Management Based on Attributebased Encryption#br#
#br#

基于属性加密的数据共享管理研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Research on Data Sharing Management Based on Attributebased Encryption#br# #br#

基于属性加密的数据共享管理研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Research on Data Sharing Management Based on Attributebased Encryption#br#
#br#