• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学

• 计算机网络与信息安全 • 上一篇    下一篇

基于格式保留的敏感信息加密方案

张玉磊1,骆广萍1,张永洁2,张雪微1,刘祥震1,王彩芬3   

  1. (1.西北师范大学计算机科学与工程学院,甘肃 兰州 730070;2.甘肃卫生职业学院,甘肃 兰州 730000;
    3.深圳技术大学,广东 深圳 518000)
  • 收稿日期:2019-04-28 修回日期:2019-08-16 出版日期:2020-02-25 发布日期:2020-02-25
  • 基金资助:

    国家自然科学基金(61662069),甘肃省高等学校科研项目(2017A-003,2018A-207)

A format preserving encryption scheme
for sensitive information
 

ZHANG Yu-lei1,LUO Guang-ping1,ZHANG Yong-jie2,ZHANG Xue-wei1,LIU Xiang-zhen1,WANG Cai-fen3
  

  1. (1.College of Computer Science and Engineering,Northwest Normal University,Lanzhou 730070;
    2.Gansu Health Vocational College,Lanzhou 730000;
    3.Shenzhen Technology University,Shenzhen 518000,China)
     
  • Received:2019-04-28 Revised:2019-08-16 Online:2020-02-25 Published:2020-02-25

摘要:

格式保留加密具有加密后数据格式和数据长度不变的特点,不会破坏数据格式约束,从而降低改造数据格式的成本。分析现有敏感信息格式保留加密方案,均基于对称加密体制,存在密钥传输安全性低和密钥管理成本较高等问题。提出了身份密码环境下基于格式保留的敏感信息加密方案,与现有的格式保留加密方案相比,通信双方不需要传递密钥,通过密钥派生函数来生成加密密钥和解密密钥,利用混合加密的方式提高了敏感信息传输的安全性。并且证明了该方案满足基于身份的伪随机置换安全,在适应性选择明文攻击下具有密文不可区分性。
 

关键词: 格式保留加密, 敏感信息, 基于身份, 密钥派生, 混合加密

Abstract:

Format preserving encryption has the characteristics of unchanged data format and data length after encryption, and does not destroy the data format constraints, thereby reducing the cost of modifying the data format. The existing format preserving encryption schemes for sensitive information are based on the symmetric encryption system, which has problems such as low key transmission security and high key management cost. This paper proposes a format preserving encryption scheme for sensitive information in identity cryptosystems. Compared with the existing format preserving encryption schemes, the two parties do not need to transmit a key, and the key derivation function is used to generate an encryption key and a decryption key. The use of hybrid encryption improves the security of sensitive information transmission. It is proved that the scheme satisfies the security of identity-based pseudo-random permutation. At the same time, the scheme has cipher text indistinguishability under adaptive selective plaintext attack.

 

 

 

Key words: format preserving encryption, sensitive information, identity-based, key derivation, hybrid encryption