计算机应用 ›› 2013, Vol. 33 ›› Issue (11): 3235-3238.

• 信息安全 • 上一篇    下一篇

基于身份的受控文档透明加解密方案

金彪1,熊金波1,姚志强1,刘西蒙2   

  1. 1. 福建师范大学 软件学院,福州 350108
    2. 西安电子科技大学 通信工程学院,西安 710071
  • 收稿日期:2013-05-21 修回日期:2013-07-21 出版日期:2013-11-01 发布日期:2013-12-04
  • 通讯作者: 熊金波
  • 作者简介:金彪(1985-)男,安徽六安人,硕士,主要研究方向:文档安全;熊金波(1981-),男,湖南益阳人,讲师,博士研究生,CCF会员,主要研究方向:内容安全、隐私保护;姚志强(1967-),男,福建莆田人,教授,博士研究生,CCF高级会员,主要研究方向:信息安全;刘西蒙(1988-),男,陕西西安人,博士研究生,主要研究方向:密码学。
  • 基金资助:
    国家自然科学基金资助项目;福建省自然科学基金资助项目;福建省教育厅科研基金资助项目

Identity-based on-the-fly encryption and decryption scheme for controlled documents

JIN Biao1,XIONG Jinbo2,YAO Zhiqiang1,LIU Ximeng3   

  1. 1. Faculty of Software, Fujian Normal University, Fuzhou Fujian 350108, China
    2. Faculty of Software, Fujian Normal University, Fuzhou Fujian 350108, China;
    3. School of Telecommunication Engineering, Xidian University, Xi'an Shaanxi 710071, China
  • Received:2013-05-21 Revised:2013-07-21 Online:2013-12-04 Published:2013-11-01
  • Contact: XIONG Jinbo
  • Supported by:
    Provincial Natural Science Foundation of Fujian

摘要: 针对日益严峻的文档安全形势,为了更好地保护受控文档,将基于身份的加密机制与透明加密(OTFE)技术相结合,提出基于身份的受控文档透明加解密方案。采用文件系统过滤驱动技术监控程序对受控文档的操作,并使用基于身份的加密机制执行加解密操作。特别地,提出将原始密文耦合后分块存储的新算法,使得敌手不可能获取完整密文进而恢复出原始明文。从系统层面和算法层面对方案进行了详细描述,安全分析表明该方案能有效地保护受控文档。

关键词: 受控文档, 基于身份的加密, 透明加密, 文档安全, 访问控制

Abstract: To deal with the increasingly serious situation of document's security and better protect the controlled documents, in this paper, an identity-based On-The-Fly Encryption (OTFE) and decryption scheme was proposed for the controlled documents, which combined an Identity-Based Encryption (IBE) algorithm with an on-the-fly encryption technique. In the scheme, file system filter driver technology was used to monitor program's behaviors on the controlled documents; meanwhile, the IBE algorithm was used to encrypt and decrypt the controlled documents. Specifically, a new algorithm that associated the original ciphertext and divided the associated ciphertext into two parts stored in different locations was proposed. Therefore, it is impossible for an adversary to obtain the whole ciphertext and further recover the original plaintext. Finally, an elaborate description was made on the scheme from system level and algorithm level. The security analysis indicates that the proposed scheme is able to effectively protect the controlled documents.

Key words: controlled document, identity-based encryption, On-The-Fly Encryption (OTFE), document security, access control

中图分类号: