共查询到20条相似文献,搜索用时 114 毫秒
1.
2.
格式保留加密具有加密后数据格式和数据长度不变的特点,不会破坏数据格式约束,从而降低改造数据格式的成本。分析现有敏感信息格式保留加密方案,均基于对称加密体制,存在密钥传输安全性低和密钥管理成本较高等问题。提出了身份密码环境下基于格式保留的敏感信息加密方案,与现有的格式保留加密方案相比,通信双方不需要传递密钥,通过密钥派生函数来生成加密密钥和解密密钥,利用混合加密的方式提高了敏感信息传输的安全性。并且证明了该方案满足基于身份的伪随机置换安全,在适应性选择明文攻击下具有密文不可区分性。 相似文献
3.
以Shamir的门限秘密共享方案和对称密码算法为基础,基于椭圆曲线上的双线性变换提出了一个具有多个解密者的单方加密-多方解密公钥加密方案.在该方案中,消息发送者具有一个唯一的加密密钥,而每个消息接收者都具有不同的解密密钥.使用加密密钥所加密的密文可以被任意解密密钥所解密,得到同样的明文信息.分析发现,该加密方案不仅安全有效,同时,它还具备前向保密性,即使加密者的主密钥泄露,也不会影响之前加密信息的安全性.文中方案具有非常重要的应用价值,尤其可以用来实现安全广播/组播和会议密钥的安全分发. 相似文献
4.
多主密钥功能加密:基于LMSSS的M-KP-ABE方案 总被引:1,自引:0,他引:1
功能加密极大地拓宽了秘密信息的共享方式,但支持多主密钥功能性函数加密方案的构造问题仍未解决,多主密钥功能加密具有更强的表达能力和更广义的特性.在功能加密的一个子类密钥策略属性基加密上,首次提出了多主密钥形式的安全模型M-KP-ABE.利用线性多秘密共享方案,设计了该安全模型下的一个支持多主密钥功能性函数的加密方案.基于DBDH假设,在标准模型下证明方案在适应性选择挑战和自适应选择明文攻击下是安全的.该方案加密数据的访问策略更为灵活,可退化为单主密钥的加密方案,可构造具有精细访问树的方案,其计算量与单主密钥方案相等,具有较高的效率. 相似文献
5.
6.
《计算机应用与软件》2018,(2)
针对Android客户端密钥安全存储问题,利用门限法和拉格朗日插值多项式提出一种基于Android的密钥分存方案。该方案通过口令动态推导出密钥,利用AES对信息进行加密,加密完成后将口令分存在Android手机的多个位置并销毁原始口令和密钥。解密时利用部分分存信息重组口令并生成密钥从而完成解密工作。方案降低了密钥泄漏的风险,提高了鲁棒性,可以应用于一般的商用软件加密方案中。 相似文献
7.
近期实践表明密码系统容易受到各种攻击而泄漏密钥等相关秘密信息, 泄漏的秘密信息破坏了以前的已证明安全的方案, 因此设计抗泄漏的密码学方案是当前密码研究领域的一个热点研究方向。设计一个基于证书的加密方案, 总的设计思想是使用一个基于证书的哈希证明系统, 这个证明系统包含一个密钥封装算法, 用这个密钥封装算法结合一个提取器去加密一个对称加密所用的密钥, 那么得到的加密方案就是可以抵抗熵泄漏并且是安全的。对方案的安全性分析和抗泄漏性能分析, 表明本方案在抵抗一定量的密钥泄漏和熵泄漏时可以保持安全性。 相似文献
8.
9.
抗密钥泄露安全的加密系统保证在攻击者获得(主)密钥部分信息的情况下仍具有语义安全性.文中设计了一个抗密钥泄露的双态仿射函数加密方案,该方案中加密策略和解密角色定义为仿射空间,并且具有再次委托能力.在双系统加密模型下,实现了自适应安全的抗有界的主密钥泄露和用户密钥连续泄露的加密方案,在标准模型下基于静态子群判定假设证明了该方案的安全性.同时,分析了方案中的主密钥和用户密钥的泄露界和泄露率,通过参数调整可以达到接近73%的泄露率,具有较好的抗泄露性质. 相似文献
10.
传统的密码方案假定密钥对可能的攻击者来说是完全隐藏的(只有算法是公开的),敌手无法获得有关密钥的任何信息.但在实际系统中,攻击者可在噪声信道或由侧信道攻击获得有关密钥的部分信息.密钥弹性泄漏安全的加密方案通过改进密码算法达到在密钥存在可能部分泄漏情况下的语义安全性.设计了一个抗密钥弹性泄漏的可委托层次模板加密方案.在该方案中,用户身份关联到含有通配符的身份模板,并可以实现再次密钥委托.该方案是抗泄漏的层次身份加密方案(hierarchical identity-based encryption,简称HIBE)和隐藏向量加密方案(hidden vector encryption,简称HVE)的一般扩展,可有效地抵抗密钥弹性泄漏,并达到自适应语义安全性.同时给出该方案的安全性证明和系统抗泄漏性能,分析显示,该方案具有较好的密钥泄漏容忍性. 相似文献
11.
Transformation of XML data is an important task in data exchange, data publishing and data integration. Specifically in data
integration, data in XML sources is transformed to match the target schema. Some of these sources have XML keys defined. When
the data is transformed, the keys also need to be transformed for constraint comparisons, consistency checking and unification
in the target schema. Thus, how the keys are transformed, and whether the transformed keys are valid and preserved to the
target schema are important problems in XML data transformation and integration. Towards this problem, we firstly define XML
keys and their satisfactions. We then study how keys are transformed and whether transformed keys are valid when a source
schema is transformed to a target schema. Finally we show whether the transformed keys are satisfied by the transformed document. 相似文献
12.
针对密文数据库中数据项加密时会出现数据项密钥量大和安全需求高的问题,通过引入中国剩余定理来管理数据项密钥,提出了一种新的基于访问控制和中国剩余定理的密钥管理方案。当用户申请用户密钥时,密文数据库可以将用户u_i能够访问的大量数据项对应的密钥K_i"合成"用户密钥uki并保存;当用户ui提供用户密钥uk_i和密文查询请求CQR访问密文数据库时,系统会根据系统表和中国剩余定理将用户密钥uk_i再分解成数据项密钥K_i,用户就可以解密数据。该方案不仅实现了对用户访问权限的管理,还解决了大量数据项密钥带来的数据处理时间长、占用系统资源多等问题,提高了密文数据库中密钥管理的效率和安全性。论文最后实现了该密钥管理方案,并对比分析了该方案的安全性。 相似文献
13.
14.
Sharing your privileges securely: a key-insulated attribute based proxy re-encryption scheme for IoT
Attribute based proxy re-encryption (ABPRE) combines the merits of proxy re-encryption and attribute based encryption, which allows a delegator to re-encrypt the ciphertext according to the delegatees’ attributes. The theoretical foundations of ABPRE has been well studied, yet to date there are still issues in schemes of ABPRE, among which time-bounded security and key exposure protection for the re-encryption keys are the most concerning ones. Within the current ABPRE framework, the re-encryption keys are generated independently of the system time segments and the forward security protection is not guaranteed when the users’ access privileges are altered. In this paper, we present a key-insulated ABPRE scheme for IoT scenario. We realize secure and fine-grained data sharing by utilizing attribute based encryption over the encrypted data, as well as adopting key-insulation mechanism to provide forward security for re-encryption keys and private keys of users. In particular, the lifetime of the system is divided into several time slices, and when system enters into a new slice, the user’s private keys need are required to be refreshed. Therefore, the users’ access privileges in our system are time-bounded, and both re-encryption keys and private keys can be protected, which will enhance the security level during data re-encryption, especially in situations when key exposure or privilege alternation happens. Our scheme is proved to be secure under MDBDH hardness assumptions as well as against collusion attack. In addition, the public parameters do not have to be changed during the evolution of users’ private keys, which will require less computation resources brought by parameter synchronization in IoT. 相似文献
15.
基于可信计算平台的加密文件系统 总被引:1,自引:0,他引:1
普通的加密文件系统能够对文件内容进行安全保护,加密文件与密钥被绑定在一起。但是,密钥仅仅通过弱口令来进行安全保护,这对系统来说是一个安全隐患,因此密钥保护是迫切需要解决的问题.通过运用TPM密钥树对整个文件系统中的密钥进行加密保护,将加密密钥同TPM所在平台进行绑定,从而实现密钥的安全保护,增强了整个系统的安全性。通过采用基于HMAC的数据检验,在保证安全性的同时,又提高了完整性校验的性能。 相似文献
16.
17.
《国际计算机数学杂志》2012,89(16):2123-2142
The requirement of data security is an important parameter for all organizations for their survival in the world. Cryptography is the best method to avoid unauthorized access to data. It involves an encryption algorithm and the keys that are being used by the users. Multiple keys provide a more secure cryptographic model with a minimum number of overheads. There are various factors that affect the security pattern such as the number of keys and their length, encryption algorithm, latency, key shifting time, and users. In this paper, a new approach is proposed for generating keys from the available data. The analysis of various times, such as encryption, decryption, key setup, processing, and key shifting times, has been done. The model takes minimum time to replace the faulty keys with the fresh keys. In this paper, we consider all the above-mentioned factors and suggest an optimized way of using them. 相似文献
18.
In the context of Linked Data, different kinds of semantic links can be established between data. However when data sources are huge, detecting such links manually is not feasible. One of the most important types of links, the identity link, expresses that different identifiers refer to the same real world entity. Some automatic data linking approaches use keys to infer identity links, nevertheless this kind of knowledge is rarely available. In this work we propose KD2R, an approach which allows the automatic discovery of composite keys in RDF data sources that may conform to different schemas. We only consider data sources for which the Unique Name Assumption is fulfilled. The obtained keys are correct with respect to the RDF data sources in which they are discovered. The proposed algorithm is scalable since it allows the key discovery without having to scan all the data. KD2R has been tested on real datasets of the international contest OAEI 2010 and on datasets available on the web of data, and has obtained promising results. 相似文献
19.
20.
《Information Security Journal: A Global Perspective》2013,22(4):175-181
ABSTRACT In this paper, we show how our secured multiparty computation (SMC) protocols protect the data of an organization during the war from the cyberspace war when a large number of defense units interact with one another, while hiding the identity and computations done by them. SMC is a problem of information security when large organizations interact with one another for huge data sharing and data exchange. It is quite possible that during sharing and exchange, the private data also get hacked. In order to protect and secure the private data, the protocols of SMC need to be deployed in the large computer networks on which the organizations work. The protocols work at the micro-level in terms of cryptography with which the data are encrypted and then shared, while allowing the keys to be used for sharable data while also keeping the keys untouched for private data. At the macro level, multilevel architectures are used for different types of security to be achieved. The computation part of the secured multiparty computation is based on the algorithmic complexity theory. The algorithms realize the protocols in such a way that it is tedious to break (decrypt) the keys to hack the private data. 相似文献