• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2016, Vol. 38 ›› Issue (02): 277-283.

• 论文 • 上一篇    下一篇

基于社会网络特性的双混沌互反馈加密算法研究

易成岐1,姜京池2,薛一波3,4   

  1. (1.哈尔滨理工大学计算机科学与技术学院,黑龙江 哈尔滨 150080;
    2.哈尔滨工业大学计算机科学与技术学院,黑龙江 哈尔滨 150001;
    3.清华大学信息科学技术国家实验室(筹),北京 100084;4.清华大学信息技术研究院,北京 100084)
  • 收稿日期:2015-09-12 修回日期:2015-11-23 出版日期:2016-02-25 发布日期:2016-02-25
  • 基金资助:

    国家科技支撑计划(2012BAH46B04)

An encryption algorithm of double chaos with
mutual feedback based on the features of social networks    

YI Chengqi1,JIANG Jingchi2,XUE Yibo3,4   

  1. (1.School of Computer Science and Technology,Harbin University of Science and Technology,Harbin 150080;
    2.School of Computer Science and Technology,Harbin Institute of Technology,Harbin 150001;
    3.National Lab for Information Science and Technology,Tsinghua University,Beijing 100084;
    4.Research Institute of Information Technology,Tsinghua University,Beijing 100084,China)
  • Received:2015-09-12 Revised:2015-11-23 Online:2016-02-25 Published:2016-02-25

摘要:

社会网络的数据获取已经成为社会网络分析的重要基石,虽然大多数社会媒体提供给开发者官方接口以供数据获取,但是在调用频次、权限、内容等方面都有严格的限制,难以获取全面的数据。因此,基于用户模拟登录的数据获取方法显得尤为重要,然而目前大多数社会媒体的登录过程存在较大的安全隐患,其登录密码均采用明文传输,严重威胁到用户的隐私安全。详细分析了Twitter登录过程中客户端与服务器间的交互过程,并且在流量层面解析POST请求时,发现Twitter的登录密码采用明文传输。为此,提出一种基于社会网络特性的双混沌互反馈加密算法。该算法利用登录用户的ID、创建时间、关注数作为加密函数的初始值与参数,并通过Logistic映射和Tent映射两个混沌系统交互式运算,得出密钥序列。由于输入参数的特殊性,使得密文具有不可预测性。实验表明,该算法取得了较好的加密和解密效果,同时加密与解密均处于毫秒级,可以做到用户的无感操作。此外,该算法拥有初始条件极度敏感、密钥空间大、加密强度高等特点。该算法能有效地防止攻击者使用相图、穷举、统计等方法进行密码破解,具有广阔的应用前景。

关键词: 社会网络, 模拟登录, 混沌加密

Abstract:

Social network data acquisition has become a foundation of social network analysis. Although the majority of social media provides official APIs for the developers, there are always rigid limitations on frequency of calls, permissions and contents, which makes it difficult to acquire complete data. So data acquisition technologies based on user login simulation are particularly important. Nevertheless, the login process of the majority of social media has some inherent security risks. The login passwords are usually transmitted as clear text, and user privacy suffers serious threats. This paper gives a detailed analysis of the interactions between clients and servers during user login based on Twitter. When we parse POST requests on the network traffic level, we find that Twitter transmits login passwords as clear text. Hence, we propose an encryption algorithm of double chaos with mutual feedback based on the features of social networks. The algorithm utilizes users’ IDs, the creation time and the number of followings as the initial values of the encryption functions. By applying interactive operations between Logistic mapping and Tent mapping, the algorithm obtains a new sequence of secret keys. The particularity of input parameters leads to the unpredictability of the cipher text. Experimental results show that our algorithm obtains better encryption and decryption. Meanwhile, the speeds of encryption and decryption are on the time scale of milliseconds, thus users do not feel any waiting. Furthermore, the algorithm has the features of sensitivity to initial conditions, large key space and highstrength encryption. The algorithm can prevent attackers from breaking the codes via methods such as phase diagram, bruteforce computation and statistics, and has a wide application prospect.

Key words: social network;login simulation;chaotic encryption