蜜罐加密技术在私密数据保护中的应用

doi:10.11772/j.issn.1001-9081.2017.12.3406

计算机应用 ›› 2017, Vol. 37 ›› Issue (12): 3406-3411.DOI: 10.11772/j.issn.1001-9081.2017.12.3406

蜜罐加密技术在私密数据保护中的应用

银伟, 周红建, 邢国强

95899部队, 北京 100085

收稿日期:2017-05-16 修回日期:2017-07-31 出版日期:2017-12-10 发布日期:2017-12-18
通讯作者: 银伟
作者简介:银伟(1982-),男,湖南邵阳人,工程师,博士,主要研究方向:网络安全、无线网络;周红建(1972-),男,湖北鄂州人,高级工程师,博士,主要研究方向:网络安全、大数据;邢国强(1981-),男,山西太原人,工程师,硕士,主要研究方向:网络安全。
基金资助:
国家自然科学基金资助项目（61702542）；中国博士后基金资助项目（2016M603017）。

Application of honey encryption mechanism in protection of private data

YIN Wei, ZHOU Hongjian, XING Guoqiang

95899 Unit, Beijing 100085, China

Received:2017-05-16 Revised:2017-07-31 Online:2017-12-10 Published:2017-12-18
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61702542), the China Postdoctoral Science Foundation (2016M603017).

摘要/Abstract

摘要： 针对传统加密技术脆弱性问题，将蜜罐加密技术应用到身份证号码、手机号码和银行卡密码的保护中以保证数据存储安全。首先，分析阐述了蜜罐加密技术原理，并设计了对蜜罐加密系统分布式转换加密器；然后，抽象了消息空间，对系统进行实现和性能评估，发现性能开销问题并提出增强型机制。在蜜罐加密设计与实现中，考虑到均衡分布和随机分布的消息空间，并将其运用到对称加密算法和公钥加密机制。通过所提设计、系统实现和实验结果得出以下结论：1）由于性能问题，蜜罐加密技术更适合小的消息空间；2）设计消息空间时需要考虑周全，不能带来指纹特征，否则不能解决暴力破解脆弱性问题；3）蜜罐加密的保护能力随应用的不同而不同；4）对于不同的应用，蜜罐加密技术的实现需要定制。

关键词: 蜜罐加密, 私密数据, 暴力破解, 消息空间, 分布式转换加密器

Abstract: In order to solve the vulnerability problem of the traditional encryption mechanisms, the honey encryption mechanism was applied to three types of private data including identity card numbers, mobile phone numbers and bank card passwords to protect data storage security. Firstly, the principle of honey encryption was analyzed and discussed, and a distributed-transforming encryptor for honey encryption system was designed. Then, the message space was abstracted, and the system was implemented and its performance was evaluated. The performance overhead problem was found and an enhanced mechanism was proposed. The message spaces with uniformly/non-uniformly distribution were taken into account and also used for symmetric encryption algorithm and public key encryption mechanism in the design and implementation of honey encryption. Through the proposed design, system implementation and experimental results of honey encryption, the following conclusions are drawn:1)due to the performance issue, honey encryption is more suitable for a small message space instead of a large one; 2)the design of message space needs to be considered comprehensively, which can not bring fingerprint characteristics, otherwise it can not solve the vulnerability problem of brute-force attack; 3)the protection ability of honey encryption is different with the application; 4) the implementation of honey encryption has to be customized for different applications.

Key words: honey encryption, private data, brute-force attack, message space, distributed-transforming encryptor

中图分类号:

TN915.08

银伟, 周红建, 邢国强. 蜜罐加密技术在私密数据保护中的应用[J]. 计算机应用, 2017, 37(12): 3406-3411.

YIN Wei, ZHOU Hongjian, XING Guoqiang. Application of honey encryption mechanism in protection of private data[J]. Journal of Computer Applications, 2017, 37(12): 3406-3411.

参考文献

[1] JUELS A, RISTENPART T. Honey encryption:security beyond the brute-force bound[C]//Proceedings of the 2014 Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 8441. Berlin:Springer, 2014:293-310.
[2] OWEZARSKI P. A near real-time algorithm for autonomous identification and characterization of honeypot attacks[C]//Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. Berlin:Springer, 2015:531-542.
[3] JUELS A, RIVEST R L. Honeywords:making password-cracking detectable[C]//CCS 2013:Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. New York:ACM, 2013:145-160.
[4] TYAGI N, WANG J, WEN K, et al. Honey encryption applications[EB/OL].[2017-04-16]. https://courses.csail.mit.edu/6.857/2016/files/tyagi-wang-wen-zuo.pdf.
[5] SPITZNER L. Honeytokens:the other honeypot[J]. Network Security, 2003, 12(2):12-14.
[6] KIM I S, KIM M H. Agent-based honeynet framework for protecting servers in campus networks[J]. IET Information Security, 2012, 6(3):202-211.
[7] JAIN P, SARDANA A. Defending against internet worms using honeyfarm[C]//Proceedings of the 2010 CUBE International Information Technology Conference. New York:ACM, 2012:795-800.
[8] 王力,万园春,邱卫东.基于蜜罐的Android恶意代码动态分析[J].微型电脑应用,2016,32(11):50-53.(WANG L, WAN Y C, QIU W D. Dynamic analysis of Android malware based on honeypot[J]. Microcomputer Applications, 2016, 32(11):50-53.)
[9] 陈翠云,梁华庆.基于蜜罐提升Snort检测能力的设计[J].电子设计工程,2016,24(4):48-51.(CHEN C Y, LIANG H Q. Design on enhancement of Snort detection capabilities based on honeypot technology[J]. Electronic Design Engineering, 2016, 24(4):48-51.)
[10] 郭军权,诸葛建伟,孙东红,等.Spampot:基于分布式蜜罐的垃圾邮件捕获系统[J].计算机研究与发展,2014,51(5):1071-1080.(GUO J Q, ZHUGE J W, SUN D H, et al. Spampot:a spam capture system based on distributed honeypots[J]. Journal of Computer Research and Development, 2014, 51(5):1071-1080.)
[11] BELLARE M, RISTENPART T, ROGAWAY P, et al. Format-preserving encryption[C]//Proceedings of the 2009 International Workshop on Selected Areas in Cryptography, LNCS 5867. Berlin:Springer, 2009:295-312.
[12] DYER K P, COULL S E, RISTENPART T, et al. Protocol misidentification made easy with formattransforming encryption[C]//CCS 2013:Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. New York:ACM, 2013:61-72.
[13] VINAYAK P P, NAHALA M A. Avoiding brute force attack in MANET using honey encryption[J]. International Journal of Science and Research, 2015, 4(3):83-85.
[14] HUANG Z C, AYDAY E, FELLAY J, et al. GenoGuard:protecting genomic data against brute-force attacks[C]//Proceedings of the 2015 IEEE Symposium on Security and Privacy. Piscataway, NJ:IEEE, 2015:447-462.
[15] YOON J W, KIM H, JO H J, et al. Visual honey encryption:application to steganography[C]//Proceedings of the 20153rd ACM Workshop on Information Hiding and Multimedia Security. New York:ACM, 2015:65-74.

蜜罐加密技术在私密数据保护中的应用

Application of honey encryption mechanism in protection of private data

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	陈晓楠, 胡建敏, 陈茜, 张威. 基于LightGBM算法的网络战仿真与效能评估[J]. 计算机应用, 2020, 40(7): 2003-2008.
[2]	吴志军, 王航. 基于订阅/发布服务的广域信息管理系统应急响应机制[J]. 计算机应用, 2020, 40(5): 1340-1347.
[3]	马兰, 崔博花, 刘轩, 岳猛, 吴志军. 基于隐半马尔可夫模型的SWIM应用层DDoS攻击的检测方法[J]. 计算机应用, 2019, 39(7): 1973-1978.
[4]	曹卫东, 许志香. 高效的半监督多层次入侵检测算法[J]. 计算机应用, 2019, 39(7): 1979-1984.
[5]	杨宏宇, 李博超. 基于逆向习得推理的网络异常行为检测模型[J]. 计算机应用, 2019, 39(7): 1967-1972.
[6]	邹承明, 刘攀文, 唐星. 动态主机配置协议泛洪攻击在软件定义网络中的实时防御[J]. 计算机应用, 2019, 39(4): 1066-1072.
[7]	戴成瑞, 陈伟. 浏览器缓存污染防御策略[J]. 计算机应用, 2018, 38(3): 693-698.
[8]	李伟范明钰王光卫袁建廷. 信任协商中基于环签名的协商证书匿名方案[J]. 计算机应用, 2011, 31(10): 2689-2691.
[9]	李鸿彬林浒吕昕杨雪华. 抵御SIP分布式洪泛攻击的入侵防御系统[J]. 计算机应用, 2011, 31(10): 2660-2664.
[10]	刘柱文李丽琳. 新的基于椭圆曲线的三方口令认证密钥协商协议[J]. 计算机应用, 2011, 31(10): 2687-2688.
[11]	何先波;李志蜀;唐宁九;等. 面向通信领域的主备倒换与数据同步技术[J]. 计算机应用, 2005, 25(10): 2312-2314.
[12]	张锦，沈亚敏，董婷，朱望斌. 传感器网络中一种双重安全路由算法[J]. 计算机应用, 2005, 25(08): 1722-1725.
[13]	吴振强，马建峰. 宽带无线IP网络安全体系结构模型[J]. 计算机应用, 2005, 25(08): 1730-1733.
[14]	欧阳星明，程剑. 使用JAINSIP开发基于SIP协议的应用[J]. 计算机应用, 2005, 25(03): 493-494.
[15]	银伟邢国强周红建. 蜜罐加密技术在私密数据的应用[J]. , , (): 0-0.