CN111541652A - System for improving security of secret information keeping and transmission - Google Patents

System for improving security of secret information keeping and transmission Download PDF

Info

Publication number
CN111541652A
CN111541652A CN202010252580.9A CN202010252580A CN111541652A CN 111541652 A CN111541652 A CN 111541652A CN 202010252580 A CN202010252580 A CN 202010252580A CN 111541652 A CN111541652 A CN 111541652A
Authority
CN
China
Prior art keywords
key
module
image
user
secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010252580.9A
Other languages
Chinese (zh)
Other versions
CN111541652B (en
Inventor
袁理锋
孙鹏飞
刘永
李金宸
赵云天
林杰
陈星杵
吴炳金
徐瀚文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN202010252580.9A priority Critical patent/CN111541652B/en
Publication of CN111541652A publication Critical patent/CN111541652A/en
Application granted granted Critical
Publication of CN111541652B publication Critical patent/CN111541652B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N1/32144Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title embedded in the image data, i.e. enclosed or integrated in the image, e.g. watermark, super-imposed logo or stamp
    • H04N1/32149Methods relating to embedding, encoding, decoding, detection or retrieval operations
    • H04N1/32267Methods relating to embedding, encoding, decoding, detection or retrieval operations combined with processing of the image
    • H04N1/32272Encryption or ciphering

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a system for improving security of secret information storage and transmission. The system comprises an image steganography module, a sharing module, an encryption module, a decryption module, a file transmission module, a shadow image confusion module, a system interaction module, a safety certification module and a system database. The user transmits the secret information through the file transmission module, the system interaction module and the security authentication module are used for login and operation of the user, the secret information is encrypted through the encryption module, the sharing module, the image steganography module and the shadow image confusion module, and the secret keys are split and stored through a plurality of secret key custodians. The method effectively overcomes the condition that the secret key cannot be decrypted due to the loss of the secret key, effectively overcomes the loyalty problem of a key keeper, and realizes better protection of the secret key by changing the key into multi-person holding instead of single person holding, so that the secret information of a user is better protected.

Description

System for improving security of secret information keeping and transmission
Technical Field
The method belongs to the technical field of computers, and particularly relates to a method for improving security of security keeping and security of secret information transmission.
Background
Today, being highly information-oriented, the generation of massive amounts of information and data enriches our network space. But the phenomena of information and data leakage and stealing are increasingly serious. The importance of information security is especially apparent to government agencies, enterprise hospitals, security departments, and the like. Therefore, for secret information, people usually adopt necessary encryption means in the processes of storage and transmission.
A key is a parameter used as an input parameter in an algorithm for converting plaintext into ciphertext or converting ciphertext into plaintext. The keys are further divided into symmetric keys and asymmetric keys. Due to the two traditional key encryption modes and the existing loopholes in the information transmission process, a hacker can obtain the key and steal secret information. The security of the key determines the security of the information during the storage and transfer of the information.
At present, there is certain defect in symmetric key encryption and asymmetric key encryption, in addition, at the in-process of information custody, also uncontrollable potential safety hazard is revealed and stolen to artificial.
Symmetric key encryption has the following disadvantages: (1) the key is easy to steal in the communication process; (2) key management and distribution are complicated; (3) identity authentication cannot be performed.
Asymmetric key encryption has the following defects: (1) the encryption and decryption operation speed is low; (2) and more computing space resources are occupied.
In order to solve the defects of the symmetric key and the asymmetric key and the attack to which the symmetric key and the asymmetric key are easy to attack, a simple improvement is to use a mixed encryption system, namely, the two are combined to use: the method comprises the steps that the contents such as document information and the like needing to be encrypted are encrypted by using a symmetric key, the key encrypted by the symmetric key is encrypted by using a public key encrypted by an asymmetric encryption key and then is sent out, a receiving party decrypts by using a private key encrypted by the asymmetric key to obtain a symmetric encrypted key, and then the two parties can use the symmetric encrypted key to transmit information. Doing so may solve several problems: (1) the problem of difficulty in symmetric key distribution is solved; (2) the problem of low operation speed in the process of encrypting information by the asymmetric key is solved;
however, there are several problems in using the hybrid encryption system in the information transmission process: (1) the encrypted key is a messy code generally, and an information stealer can easily discover which information is encrypted by the key, so that the information is likely to be important information; (2) once the key is damaged or lost in the transmission process, the information can not be decrypted; (3) the key still has the risk of being stolen; (4) there is no guarantee of key holder loyalty.
In order to solve the above problems, we propose a new key keeping and transferring mechanism, which can effectively improve the security of key keeping and transferring.
Definition of terms
1. Plaintext: original information without encryption.
2. Ciphertext: and (4) information after encryption processing.
3. Encryption: and (5) converting the plaintext into the ciphertext.
4. And (3) decryption: and (5) converting the ciphertext into the plaintext.
5. Symmetric key: the encryption process and the decryption process use the same key.
6. Asymmetric key: the encryption process and the decryption process use different keys.
7. Symmetric key encryption: a symmetric key is used for encryption.
8. Asymmetric key encryption: the way in which the encryption is performed using an asymmetric key.
9. Source end identity authentication: and determining the information sender as the specified user.
10. Shadow image: and (5) processing the original image by a (t, n) threshold secret sharing technology to obtain an irregular pixel point image.
11. Confusing images: and after the shadow image is hidden to the normal image, the formed image is processed by the layer confusion technology.
Disclosure of Invention
The invention aims to provide a system for improving the security of secret information storage and transmission aiming at the defects of the prior art and the problems of easy disclosure, stealing and damage in the process of storing and transmitting a secret key at present, and the security of secret information storage and transmission can be effectively improved.
To solve the above problem, we propose a new key keeping and transferring mechanism. In the scheme, a key cutting technology, a (t, n) threshold secret sharing technology, an image steganography technology and an image layer confusion technology are used. The key cutting technology is used for cutting the key into different parts, and different processing modes can be adopted for the keys of the different parts; (t, n) the threshold secret sharing technology is used for converting one image into n shadow images (similar to images formed by random pixel points), wherein any t images can restore the original image, and the original image cannot be restored if less than t images are selected, so that the problem that the original information cannot be obtained by decryption due to the loss of a single secret key can be solved; the information hiding technology is used for hiding the secret key into a normal picture, and can solve the problem that an information stealer easily finds that important information is encrypted; the image steganography technology is used for hiding the shadow image into the normal image, and the problem that the shadow image is attacked because the appearance of the shadow image has larger suspicion is solved; the layer confusion technology is used for adding a randomly generated pixel image to a normal image, and can be used for confusion when a person who steals information extracts a shadow image through the image, so that the authenticity of the shadow image and the correctness of a decryption means are difficult to determine.
A system for improving security of secret information keeping and transmission comprises an image steganography module, a sharing module, an encryption module, a decryption module, a file transmission module, a shadow image confusion module, a system interaction module, a security authentication module and a system database.
The system interaction module is connected with the security authentication module, the file transmission module, the encryption module and the decryption module; the encryption module is connected with the image steganography module and the sharing module; the sharing module is connected with the shadow image confusion module and the decryption module, and the system database is connected with each module.
The image steganography module comprises an image steganography function, and the image steganography function is based on an LSB algorithm and embeds information into the least significant bit of the gray value of the image pixel point to realize the function of hiding the information.
The sharing module comprises an image secret sharing function, the image secret sharing function is based on a (t, n) threshold secret sharing scheme, the gray value of an image pixel point is operated by using a Lagrange interpolation polynomial, n shadow images can be generated for any image, and the function that any t shadow images or more than t shadow images can restore image content, but no shadow images below t shadow images can restore any content is realized.
The encryption module comprises an encryption function of an encryption algorithm of 3DES, IDEA, AES and RC5 and a corresponding key generation function, and is used for generating and dividing keys and encrypting secret information.
The decryption module comprises decryption functions of 3DES, IDEA, AES and RC5 encryption algorithms, and the secret information can be decrypted by the secret key restored by the sharing module.
The file transmission module realizes a file transceiving function based on a flash frame and is used for transceiving images and files.
The shadow image confusion module comprises a layer confusion technology, processes a shadow image layer, can generate random pixel point images, and achieves the function of adding the shadow image into the layer after adding the binary content of the random pixel point images into the binary content of the shadow image so as to achieve the confusion effect.
The system interaction module realizes user interface display based on a layui framework, and realizes system web service for interaction between a user and a system by utilizing a flash framework of Python, wherein the interaction comprises user registration and login, encryption and decryption, permission change selection and timing functions. The user interface comprises a login interface and an operation interface.
The safety authentication module carries out short message verification through an SMS interface or carries out face verification through a face recognition API so as to realize the safety authentication function.
The system database is used for storing data, user information and encrypted secret information in the operation process.
The realization method is as follows:
step 1: the user performs registration and login identity authentication through the system interaction module; when a user is registered in the system, a login password is input in a login interface of the system interaction module, and the user enters an operation interface after passing the authentication of the security authentication module; when the user is not registered in the system, the user needs to be registered in a mobile phone number verification or face recognition mode, and the user characteristic original text and the abstract of the login password generated by the SHA-256 irreversible Hash algorithm are written into a system database through the security authentication module. The user characteristic original text is a mobile phone number used when the user carries out safety authentication or a binary code of a face acquisition image.
Step 2: and after entering an operation interface of the system interaction module, the user selects the operation to be performed.
When the user selects to encrypt the secret information, skipping to the step 3; when the user selects to decrypt the secret information, jumping to the step 5; when the user chooses to change the key custodian authority, the process goes to step 6.
And step 3: the user uploads the secret information to be encrypted to a system database through a file transmission module, the user selects an encryption algorithm through an encryption module, the encryption module generates a secret key according to a secret key generation algorithm corresponding to the encryption algorithm selected by the user, the secret information is encrypted by using the secret key and the encryption algorithm selected by the user, and the encrypted secret information is stored in the system database;
step 3.1, the user selects no less than 3 other key custodians through the encryption module and sets the authority of each key custodians, wherein the authority is divided into high authority and common authority; the high-authority key custodian holds r obfuscated images, the common-authority key custodian holds one obfuscated image, the system sharing module calculates the total number n of the needed shadow images according to the determined number of the key custodians and the corresponding authorities, and then the user sets the number t of the obfuscated images needed for decryption.
Step 3.2: the key used to encrypt the information is cut into two parts by the encryption module, s1 and s2, respectively, and s2 is stored in the system database.
Step 3.4: s1 is hidden in the normal image by the image steganography module, the steganographic image is called an original secret image, and the original secret image is temporarily stored in a system database.
And 4, step 4: and dividing the original secret image into n shadow images consisting of irregular pixel points through a sharing module according to the calculated total number n of the required shadow images.
Step 4.1: and hiding the n shadow images into the n normal images through an image hiding module, and deleting the original secret images in the system database.
Step 4.2: and adding a randomly generated pixel image into each normal image layer containing the shadow image for confusion through an image confusion module to generate a confusion image.
Step 4.3: and sending the generated confusion image to each key custodian through the file transmission module according to the authority of the key custodian, wherein all the sent confusion images are different.
And 5: when a key custodian requests to view the secret information, the system interaction module sends a decryption request to other key custodians, starts timing and judges the authority level of the key custodians who make the requests;
when the key custodian who makes the request is a high-authority key custodian, after other key custodians submit at least t-r parts of confusion images to the system within the specified time of the system, the system decrypts the encrypted secret information through the decryption module, and the key custodian can browse the secret information; and if the confused image submitted by other key custodians in the system set time is less than t-r, rejecting the request of the key custodians and returning to the operation interface.
When the key custodian who makes the request is a common key custodian, after other key custodians submit at least t-1 parts of the obfuscated image to the system within the specified time of the system, the system decrypts the encrypted secret information through the decryption module, and the key custodian can browse the secret information; and if the obfuscated images submitted by other key custodians within the specified time of the system are less than t-1, rejecting the request of the key custodians and returning to the operation interface.
Step 6: the key custodian chooses to request a change of the key custodian rights. The system interaction module sends a request for changing the authority of the secret information to other key custodians, starts timing and judges the authority level of the key custodians who make the request.
When the key custodian who makes the request is a high-authority key custodian, in the specified time of the system, after other key custodians submit at least t-r parts of mixed images to the system, the system carries out the operation of changing the authority of the key custodian; and if the confused image submitted by other key custodians in the specified time of the system is less than t-r, rejecting the request of the key custodians and returning to the operation interface of the system interaction module.
When the key custodian who makes the request is a common key custodian, the system changes the key custodian operation after other key custodians submit at least t-1 parts of the obfuscated images to the system within the specified time of the system; and if the obfuscated images submitted by other key custodians within the specified time of the system are less than t-1, rejecting the request of the key custodians and returning to the operation interface of the system interaction module.
The rights of the key change custodian are specifically as follows: the system processes the confusion image submitted by the key custodian through the decryption module to obtain a key s1, splices the key s1 with s2 stored in the system database to obtain a complete key, decrypts the encrypted secret information through the key to restore the secret information, destroys the original key by the system, generates a new key, encrypts the plaintext again by using the new key and the encryption algorithm selected by the user, and repeats the steps 3.1-4.3.
The invention has the following beneficial effects:
(1) the invention provides a system for improving the safe keeping and transmission of secret information, which can realize better protection of a secret key and ensure that the secret information of a user is better protected.
(2) The method effectively overcomes the condition that the decryption cannot be carried out due to the loss of the secret key, the final decryption cannot be influenced by the loss of the individual confusing images, and the decryption can be carried out as long as the number of submitted confusing images meets the specified value t.
(3) The method effectively solves the problem that secret information is leaked due to the fact that a key is stolen by a hacker, and the hacker needs to meet the following requirements at the same time when the key is stolen: (1) a hacker needs to identify whether the normal picture contains a shadow image of a partial key required for decryption; (2) a hacker needs to accurately distinguish which of the shadow image containing a partial key and the obfuscated image is the image required for decryption; (3) a hacker needs to obtain at least t confusing images; (4) hackers need to crack the correct steganographic and secret sharing algorithms. This greatly reduces the risk of secret information leakage.
(4) The method effectively solves the problem of loyalty of a key custodian, the key is not held by a single person, but is held by a plurality of persons, and at least t confused image parties are required to decrypt in order to obtain secret information.
(5) The method effectively solves the problem that a hacker obtains the secret key through an attack system so as to steal the secret information. In the present system, even if a hacker obtains the ciphertext and the partial key s2 stored in the system by attacking the system, the hacker cannot restore the key and steal the secret information because the hacker lacks the s1 portion.
(6) The method effectively solves the problem that a decision maker needs to read the secret information in an emergency. The user can conveniently set the authority of each user through the system. When a key custodian with a higher authority needs to view the secret information in a short time, the information can be decrypted by only combining a small number of other key custodians.
In conclusion, the system solves the pain point problem existing in the original secret information storage and transmission mode, and provides a better secret information storage and transmission method.
Drawings
FIG. 1 is a flow chart of the system of the present invention for encrypting secret information;
FIG. 2 is a flow chart of the system for decrypting secret information;
FIG. 3 is a flow chart of the system custodian rights change of the present invention.
Detailed Description
Specific embodiments of the present invention will be described and illustrated in further detail below with reference to the accompanying drawings and specific embodiments.
The process of secret information encryption and key distribution is shown in fig. 1, the process of secret information decryption is shown in fig. 2, and the process of change of the custodian authority of the system is shown in fig. 3.
A system for improving security of secret information keeping and transmission comprises an image steganography module, a sharing module, an encryption module, a decryption module, a file transmission module, a shadow image confusion module, a system interaction module, a security authentication module and a system database.
The system interaction module is connected with the security authentication module, the file transmission module, the encryption module and the decryption module; the encryption module is connected with the image steganography module and the sharing module; the sharing module is connected with the shadow image confusion module and the decryption module, and the system database is connected with each module.
The image steganography module comprises an image steganography function, and the image steganography function is based on an LSB algorithm and embeds information into the least significant bit of the gray value of the image pixel point to realize the function of hiding the information.
The sharing module comprises an image secret sharing function, the image secret sharing function is based on a (t, n) threshold secret sharing scheme, the gray value of an image pixel point is operated by using a Lagrange interpolation polynomial, n shadow images can be generated for any image, and the function that any t shadow images or more than t shadow images can restore image content, but no shadow images below t shadow images can restore any content is realized.
The encryption module comprises an encryption function of an encryption algorithm of 3DES, IDEA, AES and RC5 and a corresponding key generation function, and is used for generating and dividing keys and encrypting secret information.
The decryption module comprises decryption functions of 3DES, IDEA, AES and RC5 encryption algorithms, and the secret information can be decrypted by the secret key restored by the sharing module.
The file transmission module realizes a file transceiving function based on a flash frame and is used for transceiving images and files.
The shadow image confusion module comprises a layer confusion technology, processes a shadow image layer, can generate random pixel point images, and achieves the function of adding the shadow image into the layer after adding the binary content of the random pixel point images into the binary content of the shadow image so as to achieve the confusion effect.
The system interaction module realizes user interface display based on a layui framework, and realizes system web service for interaction between a user and a system by utilizing a flash framework of Python, wherein the interaction comprises user registration and login, encryption and decryption, permission change selection and timing functions. The user interface comprises a login interface and an operation interface.
The safety authentication module carries out short message verification through an SMS interface or carries out face verification through a face recognition API so as to realize the safety authentication function.
The system database is used for storing data, user information and encrypted secret information in the operation process.
The realization method is as follows:
step 1: the user performs registration and login identity authentication through the system interaction module; when a user is registered in the system, a login password is input in a login interface of the system interaction module, and the user enters an operation interface after passing the authentication of the security authentication module; when the user is not registered in the system, the user needs to be registered in a mobile phone number verification or face recognition mode, and the user characteristic original text and the abstract of the login password generated by the SHA-256 irreversible Hash algorithm are written into a system database through the security authentication module. The user characteristic original text is a mobile phone number used when the user carries out safety authentication or a binary code of a face acquisition image.
Step 2: and after entering an operation interface of the system interaction module, the user selects the operation to be performed.
When the user selects to encrypt the secret information, skipping to the step 3; when the user selects to decrypt the secret information, jumping to the step 5; when the user chooses to change the key custodian authority, the process goes to step 6.
And step 3: the user uploads the secret information to be encrypted to a system database through a file transmission module, the user selects an encryption algorithm through an encryption module, the encryption module generates a secret key according to a secret key generation algorithm corresponding to the encryption algorithm selected by the user, the secret information is encrypted by using the secret key and the encryption algorithm selected by the user, and the encrypted secret information is stored in the system database;
step 3.1, the user selects no less than 3 other key custodians through the encryption module and sets the authority of each key custodians, wherein the authority is divided into high authority and common authority; the high-authority key custodian holds r obfuscated images, the common-authority key custodian holds one obfuscated image, the system sharing module calculates the total number n of the needed shadow images according to the determined number of the key custodians and the corresponding authorities, and then the user sets the number t of the obfuscated images needed for decryption.
Step 3.2: the key used to encrypt the information is cut into two parts by the encryption module, s1 and s2, respectively, and s2 is stored in the system database.
Step 3.4: s1 is hidden in the normal image by the image steganography module, the steganographic image is called an original secret image, and the original secret image is temporarily stored in a system database.
And 4, step 4: and dividing the original secret image into n shadow images consisting of irregular pixel points through a sharing module according to the calculated total number n of the required shadow images.
Step 4.1: and hiding the n shadow images into the n normal images through an image hiding module, and deleting the original secret images in the system database.
Step 4.2: and adding a randomly generated pixel image into each normal image layer containing the shadow image for confusion through an image confusion module to generate a confusion image.
Step 4.3: and sending the generated confusion image to each key custodian through the file transmission module according to the authority of the key custodian, wherein all the sent confusion images are different.
And 5: when a key custodian requests to view the secret information, the system interaction module sends a decryption request to other key custodians, starts timing and judges the authority level of the key custodians who make the requests;
when the key custodian who makes the request is a high-authority key custodian, after other key custodians submit at least t-r parts of confusion images to the system within the specified time of the system, the system decrypts the encrypted secret information through the decryption module, and the key custodian can browse the secret information; and if the confused image submitted by other key custodians in the system set time is less than t-r, rejecting the request of the key custodians and returning to the operation interface.
When the key custodian who makes the request is a common key custodian, after other key custodians submit at least t-1 parts of the obfuscated image to the system within the specified time of the system, the system decrypts the encrypted secret information through the decryption module, and the key custodian can browse the secret information; and if the obfuscated images submitted by other key custodians within the specified time of the system are less than t-1, rejecting the request of the key custodians and returning to the operation interface.
Step 6: the key custodian chooses to request a change of the key custodian rights. The system interaction module sends a request for changing the authority of the secret information to other key custodians, starts timing and judges the authority level of the key custodians who make the request.
When the key custodian who makes the request is a high-authority key custodian, in the specified time of the system, after other key custodians submit at least t-r parts of mixed images to the system, the system carries out the operation of changing the authority of the key custodian; and if the confused image submitted by other key custodians in the specified time of the system is less than t-r, rejecting the request of the key custodians and returning to the operation interface of the system interaction module.
When the key custodian who makes the request is a common key custodian, the system changes the key custodian operation after other key custodians submit at least t-1 parts of the obfuscated images to the system within the specified time of the system; and if the obfuscated images submitted by other key custodians within the specified time of the system are less than t-1, rejecting the request of the key custodians and returning to the operation interface of the system interaction module.
The rights of the key change custodian are specifically as follows: the system processes the confusion image submitted by the key custodian through the decryption module to obtain a key s1, splices the key s1 with s2 stored in the system database to obtain a complete key, decrypts the encrypted secret information through the key to restore the secret information, destroys the original key by the system, generates a new key, encrypts the plaintext again by using the new key and the encryption algorithm selected by the user, and repeats the steps 3.1-4.3.
The present invention is not limited to the above-described implementation steps, and various changes can be made by those skilled in the art, but any changes equivalent or similar to the present invention are intended to be included within the scope of the claims of the present invention.

Claims (2)

1. A system for improving security of secret information custody and transmission is characterized by comprising an image steganography module, a sharing module, an encryption module, a decryption module, a file transmission module, a shadow image confusion module, a system interaction module, a security authentication module and a system database;
the system interaction module is connected with the security authentication module, the file transmission module, the encryption module and the decryption module; the encryption module is connected with the image steganography module and the sharing module; the sharing module is connected with the shadow image confusion module and the decryption module, and the system database is connected with each module;
the image steganography module comprises an image steganography function, and the image steganography function is based on an LSB algorithm and embeds information into the least significant bit of the gray value of the image pixel point to realize the function of hiding the information;
the sharing module comprises an image secret sharing function, the image secret sharing function is based on a (t, n) threshold secret sharing scheme, the gray value of an image pixel point is operated by using a Lagrange interpolation polynomial, n shadow images can be generated for any image, and the function that any t shadow images or more than t shadow images can restore image content, but no shadow images below t shadow images can restore any content is realized;
the encryption module comprises an encryption function of an encryption algorithm of 3DES, IDEA, AES and RC5 and a corresponding key generation function, and is used for generating and dividing keys and encrypting secret information;
the decryption module comprises decryption functions of encryption algorithms of 3DES, IDEA, AES and RC5, and the secret information can be decrypted by the secret key restored by the sharing module;
the file transmission module realizes a file transceiving function based on a flash frame and is used for transceiving images and files;
the shadow image confusion module comprises a layer confusion technology, processes a shadow image layer, can generate random pixel point images, and achieves the function of adding the random pixel point images into the layer after adding the binary content of the random pixel point images into the binary content of the shadow image so as to achieve the confusion effect;
the system interaction module realizes user interface display based on a layui framework, and realizes system web service for interaction between a user and a system by utilizing a flash framework of Python, wherein the interaction comprises user registration and login, encryption and decryption, permission change selection and timing functions; the user interface comprises a login interface and an operation interface;
the security authentication module carries out short message verification through an SMS interface or carries out face verification through a face recognition API so as to realize a security authentication function;
the system database is used for storing data, user information and encrypted secret information in the operation process.
2. A system for improving security of secret information preservation and transfer according to claim 1, implemented as follows:
step 1: the user performs registration and login identity authentication through the system interaction module; when a user is registered in the system, a login password is input in a login interface of the system interaction module, and the user enters an operation interface after passing the authentication of the security authentication module; when the user is not registered in the system, the user needs to be registered in a mobile phone number verification or face recognition mode, and the user characteristic original text and the abstract of the login password generated by the SHA-256 irreversible Hash algorithm are written into a system database through a security authentication module; the user characteristic original text is a mobile phone number used when the user carries out safety authentication or a binary code of a face acquisition image;
step 2: after entering an operation interface of the system interaction module, a user selects an operation to be performed;
when the user selects to encrypt the secret information, skipping to the step 3; when the user selects to decrypt the secret information, jumping to the step 5; when the user selects to change the authority of the key custodian, jumping to step 6;
and step 3: the user uploads the secret information to be encrypted to a system database through a file transmission module, the user selects an encryption algorithm through an encryption module, the encryption module generates a secret key according to a secret key generation algorithm corresponding to the encryption algorithm selected by the user, the secret information is encrypted by using the secret key and the encryption algorithm selected by the user, and the encrypted secret information is stored in the system database;
step 3.1, the user selects no less than 3 other key custodians through the encryption module and sets the authority of each key custodians, wherein the authority is divided into high authority and common authority; the high-authority key custodian holds r confused images, the common-authority key custodian holds one confused image, the system sharing module calculates the total number n of the needed shadow images according to the determined number of the key custodians and the corresponding authority, and then the user sets the number t of the confused images needed by decryption;
step 3.2: dividing a key for encrypting information into two parts, namely s1 and s2, through an encryption module, and storing s2 in a system database;
step 3.4: hiding s1 in a normal image through an image steganography module, wherein the steganography image is called an original secret image which is temporarily stored in a system database;
and 4, step 4: dividing the original secret image into n shadow images consisting of irregular pixel points through a sharing module according to the calculated total number n of the required shadow images;
step 4.1: hiding n shadow images into n normal images through an image hiding module, and deleting original secret images in a system database;
step 4.2: adding a randomly generated pixel image into each normal image layer containing the shadow image for confusion through an image confusion module to generate a confusion image;
step 4.3: sending the generated confusion image to each key custodian through a file transmission module according to the authority of the key custodian, wherein all the sent confusion images are different;
and 5: when a key custodian requests to view the secret information, the system interaction module sends a decryption request to other key custodians, starts timing and judges the authority level of the key custodians who make the requests;
when the key custodian who makes the request is a high-authority key custodian, after other key custodians submit at least t-r parts of confusion images to the system within the specified time of the system, the system decrypts the encrypted secret information through the decryption module, and the key custodian can browse the secret information; if the confused image submitted by other key custodians in the system set time is less than t-r, rejecting the request of the key custodians and returning to the operation interface;
when the key custodian who makes the request is a common key custodian, after other key custodians submit at least t-1 parts of the obfuscated image to the system within the specified time of the system, the system decrypts the encrypted secret information through the decryption module, and the key custodian can browse the secret information; if the confused image submitted by other key custodians in the system set time is less than t-1, rejecting the request of the key custodians and returning to the operation interface;
step 6: the key custodian selects to request to change the key custodian authority; the system interaction module sends a request for changing the authority of the secret information to other key custodians, starts timing and judges the authority level of the key custodians who make the request;
when the key custodian who makes the request is a high-authority key custodian, in the specified time of the system, after other key custodians submit at least t-r parts of mixed images to the system, the system carries out the operation of changing the authority of the key custodian; if the confusion image submitted by other key custodians in the system set time is less than t-r, rejecting the request of the key custodians and returning to the operation interface of the system interaction module;
when the key custodian who makes the request is a common key custodian, the system changes the key custodian operation after other key custodians submit at least t-1 parts of the obfuscated images to the system within the specified time of the system; if the confusion image submitted by other key custodians in the system set time is less than t-1, rejecting the request of the key custodians and returning to the operation interface of the system interaction module;
the rights of the key change custodian are specifically as follows: the system processes the confusion image submitted by the key custodian through the decryption module to obtain a key s1, splices the key s1 with s2 stored in the system database to obtain a complete key, decrypts the encrypted secret information through the key to restore the secret information, destroys the original key by the system, generates a new key, encrypts the plaintext again by using the new key and the encryption algorithm selected by the user, and repeats the steps 3.1-4.3.
CN202010252580.9A 2020-04-02 2020-04-02 System for improving security of secret information keeping and transmission Active CN111541652B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010252580.9A CN111541652B (en) 2020-04-02 2020-04-02 System for improving security of secret information keeping and transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010252580.9A CN111541652B (en) 2020-04-02 2020-04-02 System for improving security of secret information keeping and transmission

Publications (2)

Publication Number Publication Date
CN111541652A true CN111541652A (en) 2020-08-14
CN111541652B CN111541652B (en) 2022-05-20

Family

ID=71980213

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010252580.9A Active CN111541652B (en) 2020-04-02 2020-04-02 System for improving security of secret information keeping and transmission

Country Status (1)

Country Link
CN (1) CN111541652B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989321A (en) * 2021-03-02 2021-06-18 北京思特奇信息技术股份有限公司 Secret sharing algorithm-based key management method and system
CN118627123A (en) * 2024-08-09 2024-09-10 江苏盖睿健康科技有限公司 Remote medical data management method based on blockchain

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103761702A (en) * 2014-01-09 2014-04-30 太原科技大学 Image hiding and authentication method based on secret sharing
CN103929434A (en) * 2014-05-04 2014-07-16 西安电子科技大学 File sharing method based on encryption and permission system
US20140341374A1 (en) * 2011-12-01 2014-11-20 Integrita Computing Systems India Private Limited Method of generating secure tokens and transmission based on (trng) generated tokens and split into shares and the system thereof
CN104993923A (en) * 2015-07-02 2015-10-21 武汉大学 Radar data protection method based on combination of information hiding and encryption techniques
US20160337124A1 (en) * 2013-04-10 2016-11-17 Michael Rozman Secure backup and recovery system for private sensitive data
CN107451948A (en) * 2017-08-09 2017-12-08 山东师范大学 Image Encrypt and Decrypt method and system based on chaos and DNA dynamic plane computings
US20190245857A1 (en) * 2018-02-02 2019-08-08 Unbound Tech Ltd. Method for securing access by software modules
CN110177134A (en) * 2019-05-10 2019-08-27 东南大学 A kind of security password manager and its application method based on cloudy storage
CN110704856A (en) * 2019-10-09 2020-01-17 成都安恒信息技术有限公司 Secret sharing method based on operation and maintenance auditing system
US20200044862A1 (en) * 2018-08-02 2020-02-06 Curv, Ltd. Techniques for securing application programming interface requests using multi-party digital signatures

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140341374A1 (en) * 2011-12-01 2014-11-20 Integrita Computing Systems India Private Limited Method of generating secure tokens and transmission based on (trng) generated tokens and split into shares and the system thereof
US20160337124A1 (en) * 2013-04-10 2016-11-17 Michael Rozman Secure backup and recovery system for private sensitive data
CN103761702A (en) * 2014-01-09 2014-04-30 太原科技大学 Image hiding and authentication method based on secret sharing
CN103929434A (en) * 2014-05-04 2014-07-16 西安电子科技大学 File sharing method based on encryption and permission system
CN104993923A (en) * 2015-07-02 2015-10-21 武汉大学 Radar data protection method based on combination of information hiding and encryption techniques
CN107451948A (en) * 2017-08-09 2017-12-08 山东师范大学 Image Encrypt and Decrypt method and system based on chaos and DNA dynamic plane computings
US20190245857A1 (en) * 2018-02-02 2019-08-08 Unbound Tech Ltd. Method for securing access by software modules
US20200044862A1 (en) * 2018-08-02 2020-02-06 Curv, Ltd. Techniques for securing application programming interface requests using multi-party digital signatures
CN110177134A (en) * 2019-05-10 2019-08-27 东南大学 A kind of security password manager and its application method based on cloudy storage
CN110704856A (en) * 2019-10-09 2020-01-17 成都安恒信息技术有限公司 Secret sharing method based on operation and maintenance auditing system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SUBHASISH MANDAL ET AL: "Secret Data Sharing in Cloud Environment Using Steganography and Encryption Using GA", 《2015 INTERNATIONAL CONFERENCE ON GREEN COMPUTING AND INTERNET OF THINGS(ICGCIOT)》 *
任方等: "门限秘密共享及其典型应用", 《现代电子技术》 *
王宛平等: "基于二维串联调制耦合映射的图像加密-秘密分享算法", 《液晶与显示》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989321A (en) * 2021-03-02 2021-06-18 北京思特奇信息技术股份有限公司 Secret sharing algorithm-based key management method and system
CN118627123A (en) * 2024-08-09 2024-09-10 江苏盖睿健康科技有限公司 Remote medical data management method based on blockchain

Also Published As

Publication number Publication date
CN111541652B (en) 2022-05-20

Similar Documents

Publication Publication Date Title
US8806200B2 (en) Method and system for securing electronic data
CN103812854B (en) Identity authentication system, device and method and identity authentication requesting device
CN103179114A (en) Fine-grained access control method for data in cloud storage
CN104243494B (en) A kind of data processing method
CN103414682A (en) Method for cloud storage of data and system
CN109274644A (en) A kind of data processing method, terminal and watermark server
CN111970114B (en) File encryption method, system, server and storage medium
Ahmed et al. A review on recent steganography techniques in cloud computing
CN112055022A (en) High-efficiency and high-security network file transmission double encryption method
JP2022542095A (en) Hardened secure encryption and decryption system
CN103973698B (en) User access right revoking method in cloud storage environment
CN111541652B (en) System for improving security of secret information keeping and transmission
CN111510282A (en) Information encryption algorithm and device, information decryption algorithm and device and communication method
Pavani et al. Data Security and Privacy Issues in Cloud Environment
CN113794702A (en) Communication high-level encryption method in intelligent household system
Barukab et al. Secure communication using symmetric and asymmetric cryptographic techniques
CN110704856B (en) Secret sharing method based on operation and maintenance auditing system
CN106453300A (en) Data encryption and decryption method and device, and data transmission system
CN110493259A (en) A kind of encrypting and deciphering system and method ensureing cloud electronic data security
Al-Husainy MAC address as a key for data encryption
CN115412236A (en) Method for key management and password calculation, encryption method and device
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
CN111010386B (en) Privacy protection and data supervision control method based on shared account book
CN110474873B (en) Electronic file access control method and system based on knowledge range encryption
CN109120589B (en) Terminal information protection method and device based on encryption password

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant