CN111541652A - A system for improving the security of secret information storage and transmission - Google Patents

A system for improving the security of secret information storage and transmission Download PDF

Info

Publication number
CN111541652A
CN111541652A CN202010252580.9A CN202010252580A CN111541652A CN 111541652 A CN111541652 A CN 111541652A CN 202010252580 A CN202010252580 A CN 202010252580A CN 111541652 A CN111541652 A CN 111541652A
Authority
CN
China
Prior art keywords
key
module
image
custodian
secret information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010252580.9A
Other languages
Chinese (zh)
Other versions
CN111541652B (en
Inventor
袁理锋
孙鹏飞
刘永
李金宸
赵云天
林杰
陈星杵
吴炳金
徐瀚文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN202010252580.9A priority Critical patent/CN111541652B/en
Publication of CN111541652A publication Critical patent/CN111541652A/en
Application granted granted Critical
Publication of CN111541652B publication Critical patent/CN111541652B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N1/32144Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title embedded in the image data, i.e. enclosed or integrated in the image, e.g. watermark, super-imposed logo or stamp
    • H04N1/32149Methods relating to embedding, encoding, decoding, detection or retrieval operations
    • H04N1/32267Methods relating to embedding, encoding, decoding, detection or retrieval operations combined with processing of the image
    • H04N1/32272Encryption or ciphering

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供一种用于提高秘密信息保管及传递安全性的系统。本发明系统包括图像隐写模块、共享模块、加密模块、解密模块、文件传输模块、影子图像混淆模块、系统交互模块、安全认证模块和系统数据库。用户通过文件传输模块传输秘密信息,系统交互模块与安全认证模块用于用户的登录及操作,通过加密模块、共享模块、图像隐写模块和影子图像混淆模块进行秘密信息的加密,通过多个密钥保管者进行密钥的拆分保管。本发明方法有效的克服了因密钥丢失而无法解密的情况,有效克服了密钥保管者忠诚度问题,密钥不再由单一人员持有,而改为多人持有,能够实现密钥的更好防护,使用户的秘密信息得到更好的保护。

Figure 202010252580

The present invention provides a system for improving the security of secret information storage and transmission. The system of the invention includes an image steganography module, a sharing module, an encryption module, a decryption module, a file transmission module, a shadow image obfuscation module, a system interaction module, a security authentication module and a system database. The user transmits secret information through the file transmission module, the system interaction module and the security authentication module are used for user login and operation, and the secret information is encrypted through the encryption module, the sharing module, the image steganography module and the shadow image obfuscation module. The key custodian performs the split custody of the key. The method of the invention effectively overcomes the situation that the key cannot be decrypted due to the loss of the key, and effectively overcomes the problem of the loyalty of the key custodian. better protection, so that the user's secret information is better protected.

Figure 202010252580

Description

一种用于提高秘密信息保管及传递安全性的系统A system for improving the security of secret information storage and transmission

技术领域technical field

本方法属于计算机技术领域,特别涉及一种用于提高秘密信息安全保管和传递安全性的方法。The method belongs to the field of computer technology, and in particular relates to a method for improving the security of safe storage and transmission of secret information.

背景技术Background technique

在高度信息化的今天,海量信息和数据的产生丰富了我们的网络空间。但信息和数据的泄露、被窃取现象也日益严重。对于政府机关,企业医院,保密部门等机构来说,信息安全的重要性更是不言而喻。所以对于秘密信息,人们通常在保存和传递过程中采取必要的加密手段。In today's highly informatized world, the generation of massive amounts of information and data enriches our cyberspace. However, the leakage and theft of information and data are becoming more and more serious. For government agencies, corporate hospitals, confidentiality departments and other institutions, the importance of information security is self-evident. So for secret information, people usually take necessary encryption methods in the process of storage and transmission.

密钥,是一种参数,用于在明文转化为密文或将密文转化为明文的算法中输入的参数。密钥又分为对称密钥与非对称密钥。由于这两种传统的密钥加密方式自身及信息传递过程存在的漏洞,使得黑客获得密钥进而窃取秘密信息成为了可能。在信息保存和传递的过程中,密钥的安全性决定信息的安全性。A key is a parameter that is used to input parameters in an algorithm that converts plaintext to ciphertext or converts ciphertext to plaintext. Keys are divided into symmetric keys and asymmetric keys. Due to the loopholes in the two traditional key encryption methods themselves and the information transmission process, it is possible for hackers to obtain the key and then steal the secret information. In the process of information storage and transmission, the security of the key determines the security of the information.

当前,对称密钥加密与非对称密钥加密都存在一定缺陷,除此之外,在信息保管的过程中,人为的泄露和窃取也是不可控的安全隐患。At present, both symmetric key encryption and asymmetric key encryption have certain defects. In addition, in the process of information storage, human leakage and theft are also uncontrollable security risks.

对称密钥加密存在如下缺陷:(1)通信过程中密钥易遭受窃取;(2)密钥管理、分发较为繁琐;(3)无法进行身份认证。Symmetric key encryption has the following defects: (1) the key is easy to be stolen during the communication process; (2) the key management and distribution are cumbersome; (3) the identity authentication cannot be performed.

非对称密钥加密存在如下缺陷:(1)加解密运算速度慢;(2)占用运算空间资源较多。Asymmetric key encryption has the following defects: (1) The encryption and decryption operation speed is slow; (2) It occupies a lot of computing space resources.

为了解决对称密钥和非对称密钥存在的缺陷和其容易受到的攻击,一种简单的改进方式是使用混合加密体制,即将两者结合起来使用:对需要加密的文档信息等内容使用对称密钥加密,将对称密钥加密的密钥使用非对称加密钥加密的公钥加密,然后发送出去,接收方使用非对称密钥加密的私钥进行解密获得对称加密的密钥,之后双方就可以使用对称加密的密钥来进行信息的传递。这样做可以解决几个问题:(1)解决了对称密钥分发困难的问题;(2)解决了非对称密钥加密信息过程中运算速度慢的问题;In order to solve the defects of symmetric key and asymmetric key and their vulnerability to attacks, a simple improvement is to use a hybrid encryption system, that is to use a combination of the two: use symmetric encryption for content such as document information that needs to be encrypted key encryption, encrypt the symmetric key encrypted key with the asymmetric encryption key encryption public key, and then send it out, the receiver uses the asymmetric key encryption private key to decrypt to obtain the symmetric encryption key, and then both parties Information can be communicated using symmetric encryption keys. This can solve several problems: (1) solve the problem of difficult distribution of symmetric keys; (2) solve the problem of slow operation speed in the process of encrypting information with asymmetric keys;

但在信息传递过程中采用混合加密体制也存在几个问题:(1)加密后的密钥一般是一堆乱码,信息窃取者可以轻松发现有哪些信息经过了密钥的加密,则这些信息很有可能是重要信息;(2)在传递过程中一旦密钥损坏或丢失则无法解密信息;(3)密钥依然存在遭受窃取的风险;(4)无法保证密钥持有者的忠诚度问题。However, there are also several problems in the use of the hybrid encryption system in the process of information transmission: (1) The encrypted key is generally a bunch of garbled characters, and information thieves can easily find out which information has been encrypted by the key. It may be important information; (2) once the key is damaged or lost during transmission, the information cannot be decrypted; (3) the key is still at risk of being stolen; (4) the loyalty of the key holder cannot be guaranteed .

为了解决上述问题,我们提出了一种新的密钥保管和传递机制,可以有效提高密钥保存和传递的安全性。In order to solve the above problems, we propose a new key storage and delivery mechanism, which can effectively improve the security of key storage and delivery.

术语定义Definition of Terms

1、明文:未经加密的原始信息。1. Plaintext: Unencrypted original information.

2、密文:经加密处理后的信息。2. Ciphertext: The encrypted information.

3、加密:将明文转换为密文的过程。3. Encryption: The process of converting plaintext into ciphertext.

4、解密:将密文转换成明文的过程。4. Decryption: The process of converting ciphertext into plaintext.

5、对称密钥:加密过程和解密过程所使用的密钥相同。5. Symmetric key: The same key is used in the encryption process and the decryption process.

6、非对称密钥:加密过程和解密过程所使用的密钥不同。6. Asymmetric keys: The keys used in the encryption process and the decryption process are different.

7、对称密钥加密:使用对称密钥进行加密的方式。7. Symmetric key encryption: A method of encrypting using a symmetric key.

8、非对称密钥加密:使用非对称密钥进行加密的方式。8. Asymmetric key encryption: A method of encrypting using asymmetric keys.

9、源端身份认证:确定信息发送方为指定用户。9. Source-end authentication: determine the sender of the information as the designated user.

10、影子图像:将原始图像由(t,n)门限秘密共享技术处理后得到的无规律像素点图像。10. Shadow image: an irregular pixel image obtained by processing the original image by the (t,n) threshold secret sharing technique.

11、混淆图像:将影子图像隐写至正常图像后,经图层混淆技术处理形成的图像。11. Obfuscated image: After the shadow image is steganographic to the normal image, the image formed by the layer obfuscation technology is processed.

发明内容SUMMARY OF THE INVENTION

本发明的目的是针对现有技术的不足,针对目前密钥保存和传递过程中易遭到泄露、窃取、破坏问题,提出一种用于提高秘密信息保管及传递安全性的系统,可以有效提高密钥保存和传递的安全性。The purpose of the present invention is to aim at the deficiencies of the prior art and to propose a system for improving the security of secret information storage and transmission, which can effectively improve the Security of key storage and delivery.

为了解决上述问题,我们提出了一种新的密钥保管和传递机制。我们的方案中使用了密钥切割技术、(t,n)门限秘密共享技术、图像隐写技术和图层混淆技术。密钥切割技术用于将密钥切割成不同的部分,可以对不同部分的密钥采取不同的处理方式;(t,n)门限秘密共享技术用于将一张图像转化为n张影子图像(类似随机像素点所组成的图像),取其中任意t张图像可还原原有图像,少于t张则无法还原,可以解决单一密钥丢失而无法解密获取原信息的问题;信息隐藏技术用于将密钥隐藏到一张正常图片中,可以解决信息窃取者轻易发现有重要信息经过加密的问题;图像隐写技术用于将影子图像隐藏到正常图像中,解决了影子图像因为其样子具有较大的可疑性而遭到攻击的问题;图层混淆技术用于在正常图像上再加入随机生成的像素图像,可以在窃取信息者通过图像提取出影子图像时进行混淆,使其难以确定影子图像的真实性及解密手段的正确性。To solve the above problems, we propose a new key custody and delivery mechanism. Key cutting technique, (t,n) threshold secret sharing technique, image steganography technique and layer obfuscation technique are used in our scheme. The key cutting technology is used to cut the key into different parts, and different processing methods can be adopted for the keys of different parts; the (t,n) threshold secret sharing technology is used to convert an image into n shadow images ( Similar to the image composed of random pixels), take any t images to restore the original image, if less than t, it cannot be restored, which can solve the problem of the loss of a single key and the inability to decrypt and obtain the original information; information hiding technology is used for Hiding the key in a normal image can solve the problem that information thieves can easily find out that important information is encrypted; image steganography technology is used to hide the shadow image into the normal image, which solves the problem that the shadow image has a relatively high appearance because of its appearance. The problem of being attacked due to large suspiciousness; layer obfuscation technology is used to add randomly generated pixel images to normal images, which can confuse information stealers when they extract shadow images from images, making it difficult to determine shadow images. authenticity and correctness of decryption means.

一种用于提高秘密信息保管及传递安全性的系统,包括图像隐写模块、共享模块、加密模块、解密模块、文件传输模块、影子图像混淆模块、系统交互模块、安全认证模块和系统数据库。A system for improving the security of secret information storage and transmission includes an image steganography module, a sharing module, an encryption module, a decryption module, a file transfer module, a shadow image obfuscation module, a system interaction module, a security authentication module and a system database.

所述的系统交互模块连接安全认证模块、文件传输模块、加密模块和解密模块;所述加密模块连接图像隐写模块、共享模块;所述的共享模块连接影子图像混淆模块和解密模块,系统数据库与各个模块相连。The system interaction module is connected to the security authentication module, the file transfer module, the encryption module and the decryption module; the encryption module is connected to the image steganography module and the sharing module; the sharing module is connected to the shadow image obfuscation module and the decryption module, and the system database connected to each module.

所述的图像隐写模块包含图像隐写函数,图像隐写函数基于LSB算法,将信息嵌入到图像像素点灰度值的最低有效位中以实现隐藏信息的功能。The image steganography module includes an image steganography function, and the image steganography function is based on the LSB algorithm, and the information is embedded in the least significant bit of the gray value of the image pixel to realize the function of hiding information.

所述的共享模块包含图像秘密共享函数,图像秘密共享函数基于(t,n)门限秘密共享方案,利用拉格朗日插值多项式对图像像素点的灰度值进行操作,对于任意一张图像可生成n张影子图像,实现任何t张或t张以上影子图像可还原图像内容,而t张以下影子图像无法还原任何内容的功能。The sharing module includes an image secret sharing function. The image secret sharing function is based on a (t,n) threshold secret sharing scheme, and uses Lagrangian interpolation polynomials to operate on the gray values of image pixels. For any image, it can be Generate n shadow images, and realize the function that any t or more shadow images can restore the image content, but the shadow images below t cannot restore any content.

所述的加密模块包含3DES、IDEA、AES、RC5加密算法的加密函数与对应的密钥生成函数,用于生成和分割密钥、加密秘密信息。The encryption module includes encryption functions of 3DES, IDEA, AES, and RC5 encryption algorithms and corresponding key generation functions, which are used for generating and dividing keys and encrypting secret information.

所述的解密模块包含3DES、IDEA、AES、RC5加密算法的解密函数,可通过共享模块还原的密钥对秘密信息进行解密。The decryption module includes decryption functions of 3DES, IDEA, AES, and RC5 encryption algorithms, and can decrypt the secret information through the key restored by the shared module.

所述的文件传输模块基于flask框架实现文件收发功能,用于收发图像和文件。The file transmission module realizes the function of sending and receiving files based on the flask framework, and is used for sending and receiving images and files.

所述的影子图像混淆模块包含图层混淆技术,对影子图像图层进行处理,可以生成随机像素点图像,通过将随机像素点图像的二进制内容加入到影子图像的二进制内容之后实现为影子图像加入图层的功能,以达到混淆的效果。The shadow image obfuscation module includes layer obfuscation technology, which processes the shadow image layer to generate a random pixel image, and realizes adding a shadow image by adding the binary content of the random pixel image to the binary content of the shadow image. The function of the layer to achieve the effect of confusion.

所述的系统交互模块基于layui框架实现用户界面显示,利用Python的flask框架实现系统web服务用于用户与系统的交互,包括用户注册与登录、加解密和权限更改的选择以及计时功能。用户界面包括登录界面以及操作界面。The system interaction module implements user interface display based on the layui framework, and utilizes the flask framework of Python to implement system web services for user-system interaction, including user registration and login, selection of encryption and decryption, and permission changes, and timing functions. The user interface includes a login interface and an operation interface.

所述的安全认证模块通过SMS接口进行手机短信验证或通过人脸识别API进行人脸验证以实现安全认证功能。The security authentication module performs mobile phone short message verification through the SMS interface or face verification through the face recognition API to realize the security authentication function.

所述的系统数据库用于储存操作过程中的数据、用户信息及加密后的秘密信息。The system database is used for storing data during operation, user information and encrypted secret information.

其实现方式如下:It is implemented as follows:

步骤1:用户通过系统交互模块进行注册和登录身份认证;当用户在系统中已经注册时,在系统交互模块的登录界面输入登录密码并通过安全认证模块认证通过后,进入操作界面;当用户未在系统中注册时,需通过手机号验证或人脸识别的方式进行注册,通过安全认证模块将用户特征原文以及采用SHA-256不可逆哈希算法生成的登录密码的摘要写入系统数据库。所述的用户特征原文为用户进行安全认证时所用的手机号码,或人脸采集图像的二进制编码。Step 1: The user performs registration and login identity authentication through the system interaction module; when the user has already registered in the system, enter the login password on the login interface of the system interaction module and pass the authentication through the security authentication module, enter the operation interface; When registering in the system, you need to register through mobile phone number verification or face recognition, and write the original text of the user characteristics and the digest of the login password generated by the SHA-256 irreversible hash algorithm into the system database through the security authentication module. The original text of the user feature is the mobile phone number used by the user for security authentication, or the binary code of the face collection image.

步骤2:用户进入系统交互模块的操作界面后,选择需要进行的操作。Step 2: After the user enters the operation interface of the system interaction module, he selects the operation to be performed.

当用户选择进行秘密信息加密时,跳转至步骤3;当用户选择进行秘密信息解密,跳转至步骤5;当用户选择更改密钥保管者权限,跳转至步骤6。When the user chooses to encrypt the secret information, jump to step 3; when the user chooses to decrypt the secret information, jump to step 5; when the user chooses to change the authority of the key custodian, jump to step 6.

步骤3:用户通过文件传输模块将要进行加密的秘密信息上传至系统数据库,用户通过加密模块选择加密算法,加密模块根据用户选择的加密算法对应的密钥生成算法生成密钥,并利用密钥和用户选择的加密算法对秘密信息进行加密,加密后的秘密信息存放于系统数据库中;Step 3: The user uploads the secret information to be encrypted to the system database through the file transmission module, the user selects the encryption algorithm through the encryption module, and the encryption module generates the key according to the key generation algorithm corresponding to the encryption algorithm selected by the user, and uses the key and The encryption algorithm selected by the user encrypts the secret information, and the encrypted secret information is stored in the system database;

步骤3.1用户通过加密模块选择不少于3个的其他密钥保管者并设置每个密钥保管者的权限,所述的权限分为高权限和普通权限;高权限密钥保管者持有r张混淆图像,普通权限密钥保管者持有一张混淆图像,系统共享模块根据确定的密钥保管者数量和对应权限计算出所需影子图像的总数n,之后用户设置解密所需的混淆图像个数t。Step 3.1 The user selects no less than 3 other key custodians through the encryption module and sets the authority of each key custodian. The authority is divided into high authority and ordinary authority; the high authority key custodian holds r One obfuscated image is held by the ordinary authority key custodian, and the system sharing module calculates the total number of required shadow images n according to the determined number of key custodians and the corresponding authority, and then the user sets the obfuscated image required for decryption number t.

步骤3.2:通过加密模块将用于加密信息的密钥切分成两部分,分别为s1与s2,将s2保存在系统数据库中。Step 3.2: Divide the key used for encrypting information into two parts through the encryption module, namely s1 and s2, and save s2 in the system database.

步骤3.4:通过图像隐写模块将s1隐藏到正常图像中,隐写后的图片被称为原始秘密图像,原始秘密图像暂时保存于系统数据库中。Step 3.4: hide s1 into the normal image through the image steganography module, the steganographic image is called the original secret image, and the original secret image is temporarily stored in the system database.

步骤4:通过共享模块根据计算出的所需影子图像的总数n将原始秘密图像分成n张由无规律像素点组成的影子图像。Step 4: Divide the original secret image into n shadow images composed of irregular pixels according to the total number n of shadow images calculated by the sharing module.

步骤4.1:通过图像隐写模块将n张影子图像隐写到n张正常图像中,并删除系统数据库中的原始秘密图像。Step 4.1: Steganography n shadow images into n normal images through the image steganography module, and delete the original secret images in the system database.

步骤4.2:通过图像混淆模块,在每一张含有影子图像的正常图像图层中加入随机生成的像素图像进行混淆,生成混淆图像。Step 4.2: Through the image obfuscation module, add randomly generated pixel images to each normal image layer containing a shadow image for obfuscation to generate an obfuscated image.

步骤4.3:根据密钥保管者的权限将生成的混淆图像通过文件传输模块发送给每一位密钥保管者,所有发送的混淆图像都不相同。Step 4.3: According to the authority of the key custodian, send the generated obfuscated image to each key custodian through the file transfer module, and all the sent obfuscated images are different.

步骤5:密钥保管者请求查看秘密信息时,系统交互模块向其他密钥保管者发送解密请求,并开始计时,同时对提出请求的密钥保管者的权限级别进行判断;Step 5: When the key custodian requests to view the secret information, the system interaction module sends a decryption request to other key custodians, starts timing, and at the same time judges the authority level of the requested key custodian;

当提出请求的密钥保管者为高权限密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-r份混淆图像至系统后,系统通过解密模块对加密后的秘密信息进行解密,密钥保管者可以浏览秘密信息;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-r份,则拒绝密钥保管者请求,并返回操作界面。When the requesting key custodian is a high-authority key custodian, within the specified time of the system, after other key custodians submit at least t-r copies of the obfuscated image to the system, the system decrypts the encrypted secret information through the decryption module , the key custodian can browse the secret information; if the obfuscated images submitted by other key custodians are less than t-r copies within the specified time of the system, the request of the key custodian will be rejected and the operation interface will be returned.

当提出请求的密钥保管者为普通密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-1份混淆图像至系统后,系统通过解密模块对加密后的秘密信息进行解密,密钥保管者可以浏览秘密信息;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-1份,则拒绝密钥保管者请求,并返回操作界面。When the requesting key custodian is an ordinary key custodian, after other key custodians submit at least t-1 obfuscated images to the system within the specified time, the system will decrypt the encrypted secret information through the decryption module. Decryption, the key custodian can browse the secret information; if the obfuscated images submitted by other key custodians are less than t-1 within the specified time of the system, the request of the key custodian will be rejected and the operation interface will be returned.

步骤6:密钥保管者选择请求更改密钥保管者权限。系统交互模块向其他密钥保管者发送秘密信息权限更改的请求,并开始计时,同时对提出请求的密钥保管者的权限级别进行判断。Step 6: The key custodian chooses to request a change of key custodian permissions. The system interaction module sends a request for changing the authority of the secret information to other key custodians, starts timing, and at the same time judges the authority level of the requesting key custodian.

当提出请求的密钥保管者为高权限密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-r份混淆图像至系统后,系统进行更改密钥保管者权限操作;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-r份,则拒绝密钥保管者请求,并返回系统交互模块的操作界面。When the requesting key custodian is a high-authority key custodian, within the time specified by the system, after other key custodians submit at least t-r obfuscated images to the system, the system will change the key custodian's authority; If the number of obfuscated images submitted by other key custodians within the specified time period is less than t-r copies, the request of the key custodian will be rejected and the operation interface of the system interaction module will be returned.

当提出请求的密钥保管者为普通密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-1份混淆图像至系统后,系统进行更改密钥保管者操作;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-1份,则拒绝密钥保管者请求,并返回系统交互模块的操作界面。When the requesting key custodian is an ordinary key custodian, within the time specified by the system, after other key custodians submit at least t-1 obfuscated images to the system, the system will change the key custodian; If the obfuscated images submitted by other key custodians are less than t-1 within the specified time of the system, the request of the key custodian will be rejected, and the operation interface of the system interaction module will be returned.

所述的更改密钥保管者权限具体如下:系统通过解密模块处理密钥保管者提交的混淆图像,得到密钥s1,与系统数据库中存储的s2进行拼接,得到完整的密钥,通过密钥对加密后的秘密信息进行解密,还原出秘密信息,然后系统销毁原有密钥,并生成新的密钥,利用新的密钥和用户选择的加密算法对明文进行再次加密,然后重复步骤3.1-步骤4.3。The modification of the authority of the key custodian is as follows: the system processes the obfuscated image submitted by the key custodian through the decryption module, obtains the key s1, and splices it with the s2 stored in the system database to obtain a complete key, and obtains the complete key through the key. Decrypt the encrypted secret information, restore the secret information, then the system destroys the original key, generates a new key, and re-encrypts the plaintext with the new key and the encryption algorithm selected by the user, and then repeats step 3.1 - Step 4.3.

本发明有益效果如下:The beneficial effects of the present invention are as follows:

(1)、本发明是一款提高秘密信息的安全保管和传递的系统,能够实现密钥的更好防护,使用户的秘密信息得到更好的保护。(1) The present invention is a system for improving the safe storage and transmission of secret information, which can achieve better protection of keys and better protection of users' secret information.

(2)、本发明方法有效的克服了因密钥丢失而无法解密的情况,个别混淆图像的丢失不影响最后的解密,只要提交的混淆图像数目满足规定的t值便可进行解密。(2) The method of the present invention effectively overcomes the situation that the decryption cannot be performed due to the loss of the key. The loss of individual confusing images does not affect the final decryption, and decryption can be performed as long as the number of submitted obfuscated images meets the specified t value.

(3)、本发明方法有效克服了密钥遭受黑客窃取而使秘密信息泄露的问题,要想进行密钥的窃取,黑客需同时满足以下几条要求:(1)黑客需识别出该正常图片中是否含有解密所需的部分密钥的影子图像;(2)黑客需准确区分含有部分密钥的影子图像和进行混淆的图像何者为解密所需图像;(3)黑客需获得至少t张混淆图像;(4)黑客需破解出正确的隐写以及秘密共享算法。这极大的减少了秘密信息泄露的风险。(3), the inventive method effectively overcomes the problem that the secret key is stolen by hackers and leaks the secret information. In order to steal the key, the hacker needs to meet the following requirements at the same time: (1) The hacker needs to identify the normal picture (2) The hacker needs to accurately distinguish between the shadow image containing the partial key and the obfuscated image which is the image required for decryption; (3) The hacker needs to obtain at least t obfuscated images (4) Hackers need to crack the correct steganography and secret sharing algorithms. This greatly reduces the risk of leakage of secret information.

(4)、本发明方法有效克服了密钥保管者忠诚度问题,密钥不再由单一人员持有,而改为多人持有,要想获得秘密信息,需要至少t张混淆图像方能进行解密。(4) The method of the present invention effectively overcomes the key custodian's loyalty problem. The key is no longer held by a single person, but is held by multiple people. To obtain secret information, at least t confusion images are required. to decrypt.

(5)、本发明方法有效克服了黑客通过攻击系统获得密钥从而窃取秘密信息的问题。在本系统中,即使黑客通过攻击系统获得了保存在系统中的密文及部分密钥s2,但缺少s1部分,故黑客无法还原出密钥,无法窃取秘密信息。(5) The method of the present invention effectively overcomes the problem of hackers stealing secret information by obtaining keys by attacking the system. In this system, even if the hacker obtains the ciphertext and part of the key s2 stored in the system by attacking the system, but the part s1 is missing, the hacker cannot restore the key and steal the secret information.

(6)、本发明方法有效克服了决策者在紧急情况下需阅读秘密信息的问题。用户可通过系统方便的对每位用户进行权限设置。拥有较高权限的密钥保管者需要在短时间内查看秘密信息时,只需联合较少数其他密钥保管者即可进行信息解密。(6) The method of the present invention effectively overcomes the problem that decision makers need to read secret information in emergency situations. Users can easily set permissions for each user through the system. When a key custodian with higher authority needs to view secret information in a short period of time, it only needs to join a small number of other key custodians to decrypt the information.

综上,本系统解决了原有秘密信息保管和传递方式中所存在的痛点问题,提供了一种较好的秘密信息保管和传递方法。To sum up, this system solves the pain points in the original secret information storage and transmission methods, and provides a better secret information storage and transmission method.

附图说明Description of drawings

图1为本发明系统加密秘密信息流程图;Fig. 1 is the system encryption secret information flow chart of the present invention;

图2为本发明系统解密秘密信息流程图;Fig. 2 is the system decryption secret information flow chart of the present invention;

图3为本发明系统保管者权限更改流程图。FIG. 3 is a flow chart of changing the authority of the system custodian of the present invention.

具体实施方式Detailed ways

下面结合附图和具体实施方式对本发明的具体实施方案作进一步详细描述和说明。The specific embodiments of the present invention will be further described and illustrated in detail below with reference to the accompanying drawings and specific embodiments.

秘密信息加密与密钥分发的过程如图1所示,秘密信息解密的过程如图2所示,本系统保管者权限更改的过程如图3所示。The process of secret information encryption and key distribution is shown in Figure 1, the process of secret information decryption is shown in Figure 2, and the process of changing the authority of the custodian of this system is shown in Figure 3.

一种用于提高秘密信息保管及传递安全性的系统,包括图像隐写模块、共享模块、加密模块、解密模块、文件传输模块、影子图像混淆模块、系统交互模块、安全认证模块和系统数据库。A system for improving the security of secret information storage and transmission includes an image steganography module, a sharing module, an encryption module, a decryption module, a file transfer module, a shadow image obfuscation module, a system interaction module, a security authentication module and a system database.

所述的系统交互模块连接安全认证模块、文件传输模块、加密模块和解密模块;所述加密模块连接图像隐写模块、共享模块;所述的共享模块连接影子图像混淆模块和解密模块,系统数据库与各个模块相连。The system interaction module is connected to the security authentication module, the file transfer module, the encryption module and the decryption module; the encryption module is connected to the image steganography module and the sharing module; the sharing module is connected to the shadow image obfuscation module and the decryption module, and the system database connected to each module.

所述的图像隐写模块包含图像隐写函数,图像隐写函数基于LSB算法,将信息嵌入到图像像素点灰度值的最低有效位中以实现隐藏信息的功能。The image steganography module includes an image steganography function, and the image steganography function is based on the LSB algorithm, and the information is embedded in the least significant bit of the gray value of the image pixel to realize the function of hiding information.

所述的共享模块包含图像秘密共享函数,图像秘密共享函数基于(t,n)门限秘密共享方案,利用拉格朗日插值多项式对图像像素点的灰度值进行操作,对于任意一张图像可生成n张影子图像,实现任何t张或t张以上影子图像可还原图像内容,而t张以下影子图像无法还原任何内容的功能。The sharing module includes an image secret sharing function. The image secret sharing function is based on a (t,n) threshold secret sharing scheme, and uses Lagrangian interpolation polynomials to operate on the gray values of image pixels. For any image, it can be Generate n shadow images, and realize the function that any t or more shadow images can restore the image content, but the shadow images below t cannot restore any content.

所述的加密模块包含3DES、IDEA、AES、RC5加密算法的加密函数与对应的密钥生成函数,用于生成和分割密钥、加密秘密信息。The encryption module includes encryption functions of 3DES, IDEA, AES, and RC5 encryption algorithms and corresponding key generation functions, which are used for generating and dividing keys and encrypting secret information.

所述的解密模块包含3DES、IDEA、AES、RC5加密算法的解密函数,可通过共享模块还原的密钥对秘密信息进行解密。The decryption module includes decryption functions of 3DES, IDEA, AES, and RC5 encryption algorithms, and can decrypt the secret information through the key restored by the shared module.

所述的文件传输模块基于flask框架实现文件收发功能,用于收发图像和文件。The file transmission module realizes the function of sending and receiving files based on the flask framework, and is used for sending and receiving images and files.

所述的影子图像混淆模块包含图层混淆技术,对影子图像图层进行处理,可以生成随机像素点图像,通过将随机像素点图像的二进制内容加入到影子图像的二进制内容之后实现为影子图像加入图层的功能,以达到混淆的效果。The shadow image obfuscation module includes layer obfuscation technology, which processes the shadow image layer to generate a random pixel image, and realizes adding a shadow image by adding the binary content of the random pixel image to the binary content of the shadow image. The function of the layer to achieve the effect of confusion.

所述的系统交互模块基于layui框架实现用户界面显示,利用Python的flask框架实现系统web服务用于用户与系统的交互,包括用户注册与登录、加解密和权限更改的选择以及计时功能。用户界面包括登录界面以及操作界面。The system interaction module implements user interface display based on the layui framework, and utilizes the flask framework of Python to implement system web services for user-system interaction, including user registration and login, selection of encryption and decryption, and permission changes, and timing functions. The user interface includes a login interface and an operation interface.

所述的安全认证模块通过SMS接口进行手机短信验证或通过人脸识别API进行人脸验证以实现安全认证功能。The security authentication module performs mobile phone short message verification through the SMS interface or face verification through the face recognition API to realize the security authentication function.

所述的系统数据库用于储存操作过程中的数据、用户信息及加密后的秘密信息。The system database is used for storing data during operation, user information and encrypted secret information.

其实现方式如下:It is implemented as follows:

步骤1:用户通过系统交互模块进行注册和登录身份认证;当用户在系统中已经注册时,在系统交互模块的登录界面输入登录密码并通过安全认证模块认证通过后,进入操作界面;当用户未在系统中注册时,需通过手机号验证或人脸识别的方式进行注册,通过安全认证模块将用户特征原文以及采用SHA-256不可逆哈希算法生成的登录密码的摘要写入系统数据库。所述的用户特征原文为用户进行安全认证时所用的手机号码,或人脸采集图像的二进制编码。Step 1: The user performs registration and login identity authentication through the system interaction module; when the user has already registered in the system, enter the login password on the login interface of the system interaction module and pass the authentication through the security authentication module, enter the operation interface; When registering in the system, you need to register through mobile phone number verification or face recognition, and write the original text of the user characteristics and the digest of the login password generated by the SHA-256 irreversible hash algorithm into the system database through the security authentication module. The original text of the user feature is the mobile phone number used by the user for security authentication, or the binary code of the face collection image.

步骤2:用户进入系统交互模块的操作界面后,选择需要进行的操作。Step 2: After the user enters the operation interface of the system interaction module, he selects the operation to be performed.

当用户选择进行秘密信息加密时,跳转至步骤3;当用户选择进行秘密信息解密,跳转至步骤5;当用户选择更改密钥保管者权限,跳转至步骤6。When the user chooses to encrypt the secret information, jump to step 3; when the user chooses to decrypt the secret information, jump to step 5; when the user chooses to change the authority of the key custodian, jump to step 6.

步骤3:用户通过文件传输模块将要进行加密的秘密信息上传至系统数据库,用户通过加密模块选择加密算法,加密模块根据用户选择的加密算法对应的密钥生成算法生成密钥,并利用密钥和用户选择的加密算法对秘密信息进行加密,加密后的秘密信息存放于系统数据库中;Step 3: The user uploads the secret information to be encrypted to the system database through the file transmission module, the user selects the encryption algorithm through the encryption module, and the encryption module generates the key according to the key generation algorithm corresponding to the encryption algorithm selected by the user, and uses the key and The encryption algorithm selected by the user encrypts the secret information, and the encrypted secret information is stored in the system database;

步骤3.1用户通过加密模块选择不少于3个的其他密钥保管者并设置每个密钥保管者的权限,所述的权限分为高权限和普通权限;高权限密钥保管者持有r张混淆图像,普通权限密钥保管者持有一张混淆图像,系统共享模块根据确定的密钥保管者数量和对应权限计算出所需影子图像的总数n,之后用户设置解密所需的混淆图像个数t。Step 3.1 The user selects no less than 3 other key custodians through the encryption module and sets the authority of each key custodian. The authority is divided into high authority and ordinary authority; the high authority key custodian holds r One obfuscated image is held by the ordinary authority key custodian, and the system sharing module calculates the total number of required shadow images n according to the determined number of key custodians and the corresponding authority, and then the user sets the obfuscated image required for decryption number t.

步骤3.2:通过加密模块将用于加密信息的密钥切分成两部分,分别为s1与s2,将s2保存在系统数据库中。Step 3.2: Divide the key used for encrypting information into two parts through the encryption module, namely s1 and s2, and save s2 in the system database.

步骤3.4:通过图像隐写模块将s1隐藏到正常图像中,隐写后的图片被称为原始秘密图像,原始秘密图像暂时保存于系统数据库中。Step 3.4: hide s1 into the normal image through the image steganography module, the steganographic image is called the original secret image, and the original secret image is temporarily stored in the system database.

步骤4:通过共享模块根据计算出的所需影子图像的总数n将原始秘密图像分成n张由无规律像素点组成的影子图像。Step 4: Divide the original secret image into n shadow images composed of irregular pixels according to the total number n of shadow images calculated by the sharing module.

步骤4.1:通过图像隐写模块将n张影子图像隐写到n张正常图像中,并删除系统数据库中的原始秘密图像。Step 4.1: Steganography n shadow images into n normal images through the image steganography module, and delete the original secret images in the system database.

步骤4.2:通过图像混淆模块,在每一张含有影子图像的正常图像图层中加入随机生成的像素图像进行混淆,生成混淆图像。Step 4.2: Through the image obfuscation module, add randomly generated pixel images to each normal image layer containing a shadow image for obfuscation to generate an obfuscated image.

步骤4.3:根据密钥保管者的权限将生成的混淆图像通过文件传输模块发送给每一位密钥保管者,所有发送的混淆图像都不相同。Step 4.3: According to the authority of the key custodian, send the generated obfuscated image to each key custodian through the file transfer module, and all the sent obfuscated images are different.

步骤5:密钥保管者请求查看秘密信息时,系统交互模块向其他密钥保管者发送解密请求,并开始计时,同时对提出请求的密钥保管者的权限级别进行判断;Step 5: When the key custodian requests to view the secret information, the system interaction module sends a decryption request to other key custodians, starts timing, and at the same time judges the authority level of the requested key custodian;

当提出请求的密钥保管者为高权限密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-r份混淆图像至系统后,系统通过解密模块对加密后的秘密信息进行解密,密钥保管者可以浏览秘密信息;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-r份,则拒绝密钥保管者请求,并返回操作界面。When the requesting key custodian is a high-authority key custodian, within the specified time of the system, after other key custodians submit at least t-r copies of the obfuscated image to the system, the system decrypts the encrypted secret information through the decryption module , the key custodian can browse the secret information; if the obfuscated images submitted by other key custodians are less than t-r copies within the specified time of the system, the request of the key custodian will be rejected and the operation interface will be returned.

当提出请求的密钥保管者为普通密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-1份混淆图像至系统后,系统通过解密模块对加密后的秘密信息进行解密,密钥保管者可以浏览秘密信息;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-1份,则拒绝密钥保管者请求,并返回操作界面。When the requesting key custodian is an ordinary key custodian, after other key custodians submit at least t-1 obfuscated images to the system within the specified time, the system will decrypt the encrypted secret information through the decryption module. Decryption, the key custodian can browse the secret information; if the obfuscated images submitted by other key custodians are less than t-1 within the specified time of the system, the request of the key custodian will be rejected and the operation interface will be returned.

步骤6:密钥保管者选择请求更改密钥保管者权限。系统交互模块向其他密钥保管者发送秘密信息权限更改的请求,并开始计时,同时对提出请求的密钥保管者的权限级别进行判断。Step 6: The key custodian chooses to request a change of key custodian permissions. The system interaction module sends a request for changing the authority of the secret information to other key custodians, starts timing, and at the same time judges the authority level of the requesting key custodian.

当提出请求的密钥保管者为高权限密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-r份混淆图像至系统后,系统进行更改密钥保管者权限操作;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-r份,则拒绝密钥保管者请求,并返回系统交互模块的操作界面。When the requesting key custodian is a high-authority key custodian, within the time specified by the system, after other key custodians submit at least t-r obfuscated images to the system, the system will change the key custodian's authority; If the number of obfuscated images submitted by other key custodians within the specified time period is less than t-r copies, the request of the key custodian will be rejected and the operation interface of the system interaction module will be returned.

当提出请求的密钥保管者为普通密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-1份混淆图像至系统后,系统进行更改密钥保管者操作;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-1份,则拒绝密钥保管者请求,并返回系统交互模块的操作界面。When the requesting key custodian is an ordinary key custodian, within the time specified by the system, after other key custodians submit at least t-1 obfuscated images to the system, the system will change the key custodian; If the obfuscated images submitted by other key custodians are less than t-1 within the specified time of the system, the request of the key custodian will be rejected, and the operation interface of the system interaction module will be returned.

所述的更改密钥保管者权限具体如下:系统通过解密模块处理密钥保管者提交的混淆图像,得到密钥s1,与系统数据库中存储的s2进行拼接,得到完整的密钥,通过密钥对加密后的秘密信息进行解密,还原出秘密信息,然后系统销毁原有密钥,并生成新的密钥,利用新的密钥和用户选择的加密算法对明文进行再次加密,然后重复步骤3.1-步骤4.3。The modification of the authority of the key custodian is as follows: the system processes the obfuscated image submitted by the key custodian through the decryption module, obtains the key s1, and splices it with the s2 stored in the system database to obtain a complete key, and obtains the complete key through the key. Decrypt the encrypted secret information, restore the secret information, then the system destroys the original key, generates a new key, and re-encrypts the plaintext with the new key and the encryption algorithm selected by the user, and then repeats step 3.1 - Step 4.3.

本发明并不局限于上述实施步骤,本领域技术人员还可据此做出多种变化,但任何与本发明等同或者类似的变化都应涵盖在本发明权利要求的范围内。The present invention is not limited to the above implementation steps, and those skilled in the art can also make various changes accordingly, but any changes equivalent or similar to the present invention should be covered within the scope of the claims of the present invention.

Claims (2)

1.一种用于提高秘密信息保管及传递安全性的系统,其特征在于,包括图像隐写模块、共享模块、加密模块、解密模块、文件传输模块、影子图像混淆模块、系统交互模块、安全认证模块和系统数据库;1. a system for improving secret information storage and delivery security, is characterized in that, comprises image steganography module, sharing module, encryption module, decryption module, file transfer module, shadow image obfuscation module, system interaction module, security Authentication modules and system databases; 所述的系统交互模块连接安全认证模块、文件传输模块、加密模块和解密模块;所述加密模块连接图像隐写模块、共享模块;所述的共享模块连接影子图像混淆模块和解密模块,系统数据库与各个模块相连;The system interaction module is connected to the security authentication module, the file transfer module, the encryption module and the decryption module; the encryption module is connected to the image steganography module and the sharing module; the sharing module is connected to the shadow image obfuscation module and the decryption module, and the system database connected to each module; 所述的图像隐写模块包含图像隐写函数,图像隐写函数基于LSB算法,将信息嵌入到图像像素点灰度值的最低有效位中以实现隐藏信息的功能;Described image steganography module comprises image steganography function, and image steganography function is based on LSB algorithm, and information is embedded in the least significant bit of image pixel gray value to realize the function of hiding information; 所述的共享模块包含图像秘密共享函数,图像秘密共享函数基于(t,n)门限秘密共享方案,利用拉格朗日插值多项式对图像像素点的灰度值进行操作,对于任意一张图像可生成n张影子图像,实现任何t张或t张以上影子图像可还原图像内容,而t张以下影子图像无法还原任何内容的功能;The sharing module includes an image secret sharing function. The image secret sharing function is based on a (t,n) threshold secret sharing scheme, and uses Lagrangian interpolation polynomials to operate on the gray values of image pixels. For any image, it can be Generate n shadow images, and realize the function that any t or more shadow images can restore the image content, but the shadow images below t cannot restore any content; 所述的加密模块包含3DES、IDEA、AES、RC5加密算法的加密函数与对应的密钥生成函数,用于生成和分割密钥、加密秘密信息;Described encryption module comprises the encryption function of 3DES, IDEA, AES, RC5 encryption algorithm and the corresponding key generation function, is used for generating and dividing key, encryption secret information; 所述的解密模块包含3DES、IDEA、AES、RC5加密算法的解密函数,可通过共享模块还原的密钥对秘密信息进行解密;Described decryption module comprises the decryption function of 3DES, IDEA, AES, RC5 encryption algorithm, and can decrypt the secret information through the key restored by the shared module; 所述的文件传输模块基于flask框架实现文件收发功能,用于收发图像和文件;The file transmission module realizes the function of sending and receiving files based on the flask framework, and is used for sending and receiving images and files; 所述的影子图像混淆模块包含图层混淆技术,对影子图像图层进行处理,可以生成随机像素点图像,通过将随机像素点图像的二进制内容加入到影子图像的二进制内容之后实现为影子图像加入图层的功能,以达到混淆的效果;The shadow image obfuscation module includes layer obfuscation technology, which processes the shadow image layer to generate a random pixel image, and realizes adding a shadow image by adding the binary content of the random pixel image to the binary content of the shadow image. The function of layers to achieve the effect of confusion; 所述的系统交互模块基于layui框架实现用户界面显示,利用Python的flask框架实现系统web服务用于用户与系统的交互,包括用户注册与登录、加解密和权限更改的选择以及计时功能;用户界面包括登录界面以及操作界面;The described system interaction module realizes user interface display based on the layui framework, and utilizes the flask framework of Python to realize the system web service for the interaction between users and the system, including user registration and login, selection of encryption and decryption and authority changes, and timing functions; user interface Including the login interface and the operation interface; 所述的安全认证模块通过SMS接口进行手机短信验证或通过人脸识别API进行人脸验证以实现安全认证功能;The described security authentication module carries out mobile phone short message verification through the SMS interface or face verification through the face recognition API to realize the security authentication function; 所述的系统数据库用于储存操作过程中的数据、用户信息及加密后的秘密信息。The system database is used for storing data during operation, user information and encrypted secret information. 2.根据权利要求1所述的一种用于提高秘密信息保管及传递安全性的系统,其特征在于,其实现方式如下:2. a kind of system for improving secret information storage and delivery security according to claim 1, is characterized in that, its realization mode is as follows: 步骤1:用户通过系统交互模块进行注册和登录身份认证;当用户在系统中已经注册时,在系统交互模块的登录界面输入登录密码并通过安全认证模块认证通过后,进入操作界面;当用户未在系统中注册时,需通过手机号验证或人脸识别的方式进行注册,通过安全认证模块将用户特征原文以及采用SHA-256不可逆哈希算法生成的登录密码的摘要写入系统数据库;所述的用户特征原文为用户进行安全认证时所用的手机号码,或人脸采集图像的二进制编码;Step 1: The user performs registration and login identity authentication through the system interaction module; when the user has already registered in the system, enter the login password on the login interface of the system interaction module and pass the authentication through the security authentication module, enter the operation interface; When registering in the system, it is necessary to register by means of mobile phone number verification or face recognition, and through the security authentication module, the original text of the user characteristics and the digest of the login password generated by the SHA-256 irreversible hash algorithm are written into the system database; The original text of the user characteristics is the mobile phone number used by the user for security authentication, or the binary code of the face collection image; 步骤2:用户进入系统交互模块的操作界面后,选择需要进行的操作;Step 2: After the user enters the operation interface of the system interaction module, select the operation to be performed; 当用户选择进行秘密信息加密时,跳转至步骤3;当用户选择进行秘密信息解密,跳转至步骤5;当用户选择更改密钥保管者权限,跳转至步骤6;When the user chooses to encrypt the secret information, jump to step 3; when the user chooses to decrypt the secret information, jump to step 5; when the user chooses to change the authority of the key custodian, jump to step 6; 步骤3:用户通过文件传输模块将要进行加密的秘密信息上传至系统数据库,用户通过加密模块选择加密算法,加密模块根据用户选择的加密算法对应的密钥生成算法生成密钥,并利用密钥和用户选择的加密算法对秘密信息进行加密,加密后的秘密信息存放于系统数据库中;Step 3: The user uploads the secret information to be encrypted to the system database through the file transmission module, the user selects the encryption algorithm through the encryption module, and the encryption module generates the key according to the key generation algorithm corresponding to the encryption algorithm selected by the user, and uses the key and The encryption algorithm selected by the user encrypts the secret information, and the encrypted secret information is stored in the system database; 步骤3.1用户通过加密模块选择不少于3个的其他密钥保管者并设置每个密钥保管者的权限,所述的权限分为高权限和普通权限;高权限密钥保管者持有r张混淆图像,普通权限密钥保管者持有一张混淆图像,系统共享模块根据确定的密钥保管者数量和对应权限计算出所需影子图像的总数n,之后用户设置解密所需的混淆图像个数t;Step 3.1 The user selects no less than 3 other key custodians through the encryption module and sets the authority of each key custodian. The authority is divided into high authority and ordinary authority; the high authority key custodian holds r One obfuscated image is held by the ordinary authority key custodian, and the system sharing module calculates the total number of required shadow images n according to the determined number of key custodians and the corresponding authority, and then the user sets the obfuscated image required for decryption number t; 步骤3.2:通过加密模块将用于加密信息的密钥切分成两部分,分别为s1与s2,将s2保存在系统数据库中;Step 3.2: Divide the key used for encrypting information into two parts through the encryption module, namely s1 and s2, and save s2 in the system database; 步骤3.4:通过图像隐写模块将s1隐藏到正常图像中,隐写后的图片被称为原始秘密图像,原始秘密图像暂时保存于系统数据库中;Step 3.4: hide s1 into the normal image through the image steganography module, the steganographic image is called the original secret image, and the original secret image is temporarily stored in the system database; 步骤4:通过共享模块根据计算出的所需影子图像的总数n将原始秘密图像分成n张由无规律像素点组成的影子图像;Step 4: Divide the original secret image into n shadow images composed of irregular pixels according to the calculated total number of required shadow images n by the sharing module; 步骤4.1:通过图像隐写模块将n张影子图像隐写到n张正常图像中,并删除系统数据库中的原始秘密图像;Step 4.1: Steganography n shadow images into n normal images through the image steganography module, and delete the original secret images in the system database; 步骤4.2:通过图像混淆模块,在每一张含有影子图像的正常图像图层中加入随机生成的像素图像进行混淆,生成混淆图像;Step 4.2: Through the image obfuscation module, add randomly generated pixel images to each normal image layer containing a shadow image to confuse, and generate an obfuscated image; 步骤4.3:根据密钥保管者的权限将生成的混淆图像通过文件传输模块发送给每一位密钥保管者,所有发送的混淆图像都不相同;Step 4.3: According to the authority of the key custodian, send the generated obfuscated image to each key custodian through the file transfer module, and all the sent obfuscated images are different; 步骤5:密钥保管者请求查看秘密信息时,系统交互模块向其他密钥保管者发送解密请求,并开始计时,同时对提出请求的密钥保管者的权限级别进行判断;Step 5: When the key custodian requests to view the secret information, the system interaction module sends a decryption request to other key custodians, starts timing, and at the same time judges the authority level of the requested key custodian; 当提出请求的密钥保管者为高权限密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-r份混淆图像至系统后,系统通过解密模块对加密后的秘密信息进行解密,密钥保管者可以浏览秘密信息;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-r份,则拒绝密钥保管者请求,并返回操作界面;When the requesting key custodian is a high-authority key custodian, within the specified time of the system, after other key custodians submit at least t-r copies of the obfuscated image to the system, the system decrypts the encrypted secret information through the decryption module , the key custodian can browse the secret information; if the obfuscated images submitted by other key custodians are less than t-r copies within the specified time of the system, the request of the key custodian will be rejected and the operation interface will be returned; 当提出请求的密钥保管者为普通密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-1份混淆图像至系统后,系统通过解密模块对加密后的秘密信息进行解密,密钥保管者可以浏览秘密信息;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-1份,则拒绝密钥保管者请求,并返回操作界面;When the requesting key custodian is an ordinary key custodian, after other key custodians submit at least t-1 obfuscated images to the system within the specified time, the system will decrypt the encrypted secret information through the decryption module. Decryption, the key custodian can browse the secret information; if the obfuscated images submitted by other key custodians are less than t-1 within the specified time of the system, the request of the key custodian will be rejected, and the operation interface will be returned; 步骤6:密钥保管者选择请求更改密钥保管者权限;系统交互模块向其他密钥保管者发送秘密信息权限更改的请求,并开始计时,同时对提出请求的密钥保管者的权限级别进行判断;Step 6: The key custodian chooses to request to change the authority of the key custodian; the system interaction module sends a request for changing the authority of the secret information to other key custodians, and starts timing, and at the same time, the authority level of the requesting key custodian is checked. judge; 当提出请求的密钥保管者为高权限密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-r份混淆图像至系统后,系统进行更改密钥保管者权限操作;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-r份,则拒绝密钥保管者请求,并返回系统交互模块的操作界面;When the requesting key custodian is a high-authority key custodian, within the time specified by the system, after other key custodians submit at least t-r obfuscated images to the system, the system will change the key custodian's authority; If the number of obfuscated images submitted by other key custodians is less than t-r within the specified time period of the system, the request of the key custodian will be rejected, and the operation interface of the system interaction module will be returned; 当提出请求的密钥保管者为普通密钥保管者时,在系统规定时间内,其他密钥保管者提交至少t-1份混淆图像至系统后,系统进行更改密钥保管者操作;若在系统规定时间内其他密钥保管者提交的混淆图像少于t-1份,则拒绝密钥保管者请求,并返回系统交互模块的操作界面;When the requesting key custodian is an ordinary key custodian, within the time specified by the system, after other key custodians submit at least t-1 obfuscated images to the system, the system will change the key custodian; If the number of obfuscated images submitted by other key custodians is less than t-1 within the specified time period of the system, the request of the key custodian will be rejected, and the operation interface of the system interaction module will be returned; 所述的更改密钥保管者权限具体如下:系统通过解密模块处理密钥保管者提交的混淆图像,得到密钥s1,与系统数据库中存储的s2进行拼接,得到完整的密钥,通过密钥对加密后的秘密信息进行解密,还原出秘密信息,然后系统销毁原有密钥,并生成新的密钥,利用新的密钥和用户选择的加密算法对明文进行再次加密,然后重复步骤3.1-步骤4.3。The modification of the authority of the key custodian is as follows: the system processes the obfuscated image submitted by the key custodian through the decryption module, obtains the key s1, and splices it with the s2 stored in the system database to obtain a complete key, and obtains the complete key through the key. Decrypt the encrypted secret information, restore the secret information, then the system destroys the original key, generates a new key, and re-encrypts the plaintext with the new key and the encryption algorithm selected by the user, and then repeats step 3.1 - Step 4.3.
CN202010252580.9A 2020-04-02 2020-04-02 System for improving security of secret information keeping and transmission Active CN111541652B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010252580.9A CN111541652B (en) 2020-04-02 2020-04-02 System for improving security of secret information keeping and transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010252580.9A CN111541652B (en) 2020-04-02 2020-04-02 System for improving security of secret information keeping and transmission

Publications (2)

Publication Number Publication Date
CN111541652A true CN111541652A (en) 2020-08-14
CN111541652B CN111541652B (en) 2022-05-20

Family

ID=71980213

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010252580.9A Active CN111541652B (en) 2020-04-02 2020-04-02 System for improving security of secret information keeping and transmission

Country Status (1)

Country Link
CN (1) CN111541652B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989321A (en) * 2021-03-02 2021-06-18 北京思特奇信息技术股份有限公司 Secret sharing algorithm-based key management method and system
CN113987527A (en) * 2021-09-29 2022-01-28 国网浙江省电力有限公司湖州供电公司 Operation authority verification method of power communication optical cable data checking system
CN118627123A (en) * 2024-08-09 2024-09-10 江苏盖睿健康科技有限公司 A remote medical data management method based on blockchain

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103761702A (en) * 2014-01-09 2014-04-30 太原科技大学 Image hiding and authentication method based on secret sharing
CN103929434A (en) * 2014-05-04 2014-07-16 西安电子科技大学 File Sharing Method Based on Encryption and Permission System
US20140341374A1 (en) * 2011-12-01 2014-11-20 Integrita Computing Systems India Private Limited Method of generating secure tokens and transmission based on (trng) generated tokens and split into shares and the system thereof
CN104993923A (en) * 2015-07-02 2015-10-21 武汉大学 Radar data protection method based on combination of information hiding and encryption techniques
US20160337124A1 (en) * 2013-04-10 2016-11-17 Michael Rozman Secure backup and recovery system for private sensitive data
CN107451948A (en) * 2017-08-09 2017-12-08 山东师范大学 Image Encrypt and Decrypt method and system based on chaos and DNA dynamic plane computings
US20190245857A1 (en) * 2018-02-02 2019-08-08 Unbound Tech Ltd. Method for securing access by software modules
CN110177134A (en) * 2019-05-10 2019-08-27 东南大学 A kind of security password manager and its application method based on cloudy storage
CN110704856A (en) * 2019-10-09 2020-01-17 成都安恒信息技术有限公司 Secret sharing method based on operation and maintenance auditing system
US20200044862A1 (en) * 2018-08-02 2020-02-06 Curv, Ltd. Techniques for securing application programming interface requests using multi-party digital signatures

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140341374A1 (en) * 2011-12-01 2014-11-20 Integrita Computing Systems India Private Limited Method of generating secure tokens and transmission based on (trng) generated tokens and split into shares and the system thereof
US20160337124A1 (en) * 2013-04-10 2016-11-17 Michael Rozman Secure backup and recovery system for private sensitive data
CN103761702A (en) * 2014-01-09 2014-04-30 太原科技大学 Image hiding and authentication method based on secret sharing
CN103929434A (en) * 2014-05-04 2014-07-16 西安电子科技大学 File Sharing Method Based on Encryption and Permission System
CN104993923A (en) * 2015-07-02 2015-10-21 武汉大学 Radar data protection method based on combination of information hiding and encryption techniques
CN107451948A (en) * 2017-08-09 2017-12-08 山东师范大学 Image Encrypt and Decrypt method and system based on chaos and DNA dynamic plane computings
US20190245857A1 (en) * 2018-02-02 2019-08-08 Unbound Tech Ltd. Method for securing access by software modules
US20200044862A1 (en) * 2018-08-02 2020-02-06 Curv, Ltd. Techniques for securing application programming interface requests using multi-party digital signatures
CN110177134A (en) * 2019-05-10 2019-08-27 东南大学 A kind of security password manager and its application method based on cloudy storage
CN110704856A (en) * 2019-10-09 2020-01-17 成都安恒信息技术有限公司 Secret sharing method based on operation and maintenance auditing system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SUBHASISH MANDAL ET AL: "Secret Data Sharing in Cloud Environment Using Steganography and Encryption Using GA", 《2015 INTERNATIONAL CONFERENCE ON GREEN COMPUTING AND INTERNET OF THINGS(ICGCIOT)》 *
任方等: "门限秘密共享及其典型应用", 《现代电子技术》 *
王宛平等: "基于二维串联调制耦合映射的图像加密-秘密分享算法", 《液晶与显示》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989321A (en) * 2021-03-02 2021-06-18 北京思特奇信息技术股份有限公司 Secret sharing algorithm-based key management method and system
CN113987527A (en) * 2021-09-29 2022-01-28 国网浙江省电力有限公司湖州供电公司 Operation authority verification method of power communication optical cable data checking system
CN118627123A (en) * 2024-08-09 2024-09-10 江苏盖睿健康科技有限公司 A remote medical data management method based on blockchain
CN118627123B (en) * 2024-08-09 2024-12-17 江苏盖睿健康科技有限公司 Remote medical data management method based on blockchain

Also Published As

Publication number Publication date
CN111541652B (en) 2022-05-20

Similar Documents

Publication Publication Date Title
CN104168108B (en) It is a kind of to reveal the traceable attribute base mixed encryption method of key
CN106789039B (en) A method of storing confidential data
CN111541652B (en) System for improving security of secret information keeping and transmission
CN108881960B (en) Intelligent camera safety control and data confidentiality method based on identification password
CN107809644A (en) A kind of encryption area image reversible data concealing method of double-encryption
CN109274644A (en) A kind of data processing method, terminal and watermark server
CN107426172A (en) The matching method for pushing and device of a kind of identity information
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
CN106059760A (en) Cipher system for calling system private key from user side cipher module
Poduval et al. Cloud based secure storage of files using hybrid cryptography and image steganography
Abiodun et al. Analysis of a Double-stage Encryption Scheme Using Hybrid Cryptography to Enhance Data Security in Cloud Computing Systems.
Pavani et al. Data security and privacy issues in cloud environment
CN113079177B (en) A Remote Sensing Data Sharing Method Based on Time and Decryption Times Limitation
CN116049792B (en) Face registration and recognition method and face data protection system
ZHANG Cryptographic Techniques in Digital Media Security: Current Practices and Future Directions.
CN114826730B (en) Blockchain covert communication model capable of hiding sensitive document and sender identity
Hegde et al. Exploring the Effectiveness of Steganography Techniques: A Comparative Analysis
CN111010386A (en) Privacy protection and data supervision control method based on shared account book
Al Sibahee et al. Promising bio-authentication scheme to protect documents for E2E S2S in IoT-cloud
Al-Husainy MAC address as a key for data encryption
CN115412236A (en) Method for key management and password calculation, encryption method and device
CN115204876A (en) Quantum security U shield equipment and method for mobile payment
Kaushik et al. A review paper on data encryption and decryption
Abduljabbar et al. Robust scheme to protect authentication code of message/image documents in cloud computing
Patel A survey on security techniques used for confidentiality in cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant