CN112532648A - Security access method and system based on hybrid cryptosystem - Google Patents

Security access method and system based on hybrid cryptosystem Download PDF

Info

Publication number
CN112532648A
CN112532648A CN202011440258.5A CN202011440258A CN112532648A CN 112532648 A CN112532648 A CN 112532648A CN 202011440258 A CN202011440258 A CN 202011440258A CN 112532648 A CN112532648 A CN 112532648A
Authority
CN
China
Prior art keywords
key
ciphertext
symmetric
encryption
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011440258.5A
Other languages
Chinese (zh)
Inventor
管桂林
谢真强
刘汪洋
程序
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC Big Data Research Institute Co Ltd
Original Assignee
CETC Big Data Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC Big Data Research Institute Co Ltd filed Critical CETC Big Data Research Institute Co Ltd
Priority to CN202011440258.5A priority Critical patent/CN112532648A/en
Publication of CN112532648A publication Critical patent/CN112532648A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

The invention provides a security access method based on a mixed password system, which comprises the following steps: encryption: the sender encrypts the message to be transmitted into a message ciphertext by using a symmetric cryptographic algorithm, and encrypts a symmetric key into a key ciphertext by using a public key cryptographic algorithm; and (3) sending: sending the message ciphertext and the key ciphertext to a receiver; and (3) decryption: the receiving party decrypts the key ciphertext into a symmetric key by using a private key of the receiving party, and decrypts the message ciphertext into a message to be transmitted by using the symmetric key. The invention also provides a security access system based on the mixed password system; the device comprises an initialization module, an encryption module and a decryption module. The invention combines public key encryption and symmetric encryption technologies, not only solves the problem of difficult key management, but also can quickly and safely ensure the safe transmission of data.

Description

Security access method and system based on hybrid cryptosystem
Technical Field
The invention relates to a security access method and a security access system based on a hybrid cryptosystem.
Background
In order to ensure the user to access the system safely, a symmetric encryption algorithm or an asymmetric encryption algorithm can be used for encryption, so as to protect the confidentiality of information transmission. For the traditional symmetric cryptographic algorithm, the keys have certain correlation when encryption and decryption operations are carried out, and the encryption and decryption keys are completely the same. The traditional symmetric cryptographic algorithm has the advantages of low time complexity, easy hardware implementation, high encryption speed and the like, so that the traditional symmetric cryptographic algorithm is mainly used for encrypting large-block data. However, the symmetric cryptographic algorithm has a problem that key management is complicated, so that the security of the algorithm is lowered. Secondly, if a symmetric cryptographic algorithm is adopted for encryption and decryption, different receivers need different key pairs, and when the user amount sharply increases, the key data amount greatly increases, and the problem of difficult key management exists. Meanwhile, in order to make the symmetric algorithm have absolute security, a transmission secure channel is required to distribute the key, which has certain difficulty in technical aspect.
The asymmetric cryptographic algorithm is also called as a public key cryptographic algorithm, a public key used in encryption operation is different from a private key used in decryption operation, and the encryption and decryption key is mainly characterized in that the public key and the private key can only be calculated in a single direction, and the public key can be calculated by the private key, so that the encryption and decryption key is irregular. The public key belongs to public information, and the private key has privacy. Compared with a symmetric cryptographic algorithm, the public key cryptographic algorithm has higher security, and simpler key management, release and transmission processes, but the public key cryptographic algorithm has lower encryption and decryption speed, and is generally used for encryption and decryption of small block data, such as key negotiation, digital envelopes, digital signatures, non-invasive access and the like. The digital envelope combines the symmetric encryption technology and the asymmetric encryption technology, and a method for distributing the symmetric key by the asymmetric encryption mode is a technology for realizing information confidentiality transmission.
The digital envelope technology not only exerts the advantages of high speed and good safety of the symmetric encryption algorithm, but also has the advantage of convenient key management of the asymmetric encryption algorithm, and is widely applied to the network field to realize the safe access of users. However, most of the existing security access methods based on digital envelopes have the problem that man-in-the-middle attacks, which leads to the fact that the message is not determined to come from the real sender, and based on the requirement, how to design a secure and reliable access method to realize the secure access of users becomes a problem to be solved.
Disclosure of Invention
In order to solve the technical problems, the invention provides a security access method based on a mixed cryptosystem, which not only solves the problem of difficult key management, but also can quickly and safely ensure the security transmission of data.
The invention is realized by the following technical scheme.
The invention provides a security access method based on a mixed password system, which comprises the following steps:
encryption: the sender encrypts the message to be transmitted into a message ciphertext by using a symmetric cryptographic algorithm, and encrypts a symmetric key into a key ciphertext by using a public key cryptographic algorithm;
and (3) sending: sending the message ciphertext and the key ciphertext to a receiver;
and (3) decryption: the receiving party decrypts the key ciphertext into a symmetric key by using a private key of the receiving party, and decrypts the message ciphertext into a message to be transmitted by using the symmetric key.
Further comprising:
signature: the key ciphertext pair is signed with a symmetric key.
Further comprising:
and (4) checking the label: and the receiver verifies the authenticity of the sender according to the validity of the signature.
The symmetric cryptographic algorithm is DES, AES, RC4 or RC 5.
The public key cryptographic algorithm is RSA, ElGamal, SM2 or SM 9.
The invention also provides a security access system based on the mixed password system; including initialization module, encryption module and decryption module, wherein:
the initialization module generates and distributes a key; the encryption module implements the encryption step of claim 1 and the decryption module implements the decryption step.
The method also comprises a signature module for realizing the signature step.
The system also comprises a signature verification module for realizing the signature verification step.
The invention has the beneficial effects that: by combining public key encryption and symmetric encryption technologies, the problem of difficult key management is solved, and data security transmission can be rapidly and safely guaranteed; by adopting the digital signature technology, the identity information of the sender can be effectively identified, and the source of the transmission information is ensured to have reliability; the real-time performance is strong, the safety is high, and the problem of rapidly and safely realizing service data access under the conditions of large-order data encryption, safe identity authentication and the like can be effectively solved.
Drawings
FIG. 1 is a flow chart of a method of the present invention;
FIG. 2 is a cryptographic signature flow diagram of the present invention;
fig. 3 is a flow chart of signature verification decryption according to the present invention.
Detailed Description
The technical solution of the present invention is further described below, but the scope of the claimed invention is not limited to the described.
As shown in fig. 2 and fig. 3, a security access method based on a hybrid cryptosystem includes the following steps:
encryption: the sender encrypts the message to be transmitted into a message ciphertext by using a symmetric cryptographic algorithm, and encrypts a symmetric key into a key ciphertext by using a public key cryptographic algorithm;
and (3) sending: sending the message ciphertext and the key ciphertext to a receiver;
and (3) decryption: the receiving party decrypts the key ciphertext into a symmetric key by using a private key of the receiving party, and decrypts the message ciphertext into a message to be transmitted by using the symmetric key.
Further comprising:
signature: the key ciphertext pair is signed with a symmetric key.
Further comprising:
and (4) checking the label: and the receiver verifies the authenticity of the sender according to the validity of the signature.
The symmetric cryptographic algorithm is DES, AES, RC4 or RC 5.
The public key cryptographic algorithm is RSA, ElGamal, SM2 or SM 9.
A security access system based on a hybrid cryptosystem as shown in fig. 1; including initialization module, encryption module and decryption module, wherein:
the initialization module generates and distributes a key; the encryption module implements the encryption step of claim 1 and the decryption module implements the decryption step.
The method also comprises a signature module for realizing the signature step.
The system also comprises a signature verification module for realizing the signature verification step.
Example 1
By adopting the scheme, the sender firstly encrypts the message to be transmitted by using a symmetric cryptographic algorithm and calculates to obtain a message ciphertext. Then, a public key cryptographic algorithm is adopted to encrypt a symmetric key in the symmetric cryptographic algorithm to generate a key ciphertext, a private key of the public key cryptographic algorithm is used to sign the encrypted key ciphertext, and finally the signature, the key ciphertext and the message ciphertext are sent to a receiver together. After receiving the signature, the receiver firstly verifies the validity of the signature through the public key of the sender to ensure that the signature comes from a real sender; and then, decrypting the key ciphertext by using a private key of the receiving party to obtain a symmetric key. And finally, decrypting the message ciphertext by using the symmetric key, and calculating to obtain the transmitted message. Further systems are described below:
as shown in fig. 1, there are five modules:
a) initialization module
First, the entities in the system include a sender a, a receiver B, and a key generation center PGC. Then, the PGC generates corresponding public and private keys, respectively (PK), for the sender a and the receiver B, respectivelyA,SKA) And (PK)B,SKB). Then, the system selects a hash function, which is recorded as
Figure BDA0002830258430000051
Finally, the system will public key PKAPublic key PKBThe Hash function is published, and the private key SK is usedAPrivate key SKBThe secrets are sent to a and B, respectively, over a secure channel.
b) Encryption module
The sender A randomly selects a secret key K as a symmetric encryption secret key, and for the message m to be encrypted, A applies a symmetric encryption algorithmEncrypting and calculating to obtain message ciphertext EK(m) of the reaction mixture. Then, A encrypts the symmetric key K by a public key encryption algorithm, and applies the public key PK of the receiver BBEncrypting the symmetric key K, and calculating to obtain a key ciphertext
Figure BDA0002830258430000052
c) Signature module
In order to ensure that the receiver knows the identity of the sender, the method carries out digital signature operation on the key ciphertext, and the specific flow is as follows: sender A first selects a timestamp TATo secret key ciphertext
Figure BDA0002830258430000061
Performing Hash operation with the time stamp TA to obtain a Hash value by calculation
Figure BDA0002830258430000062
Then, signature operation is carried out through a digital signature algorithm, and a private key SK is appliedAPerforming digital signature, and calculating to obtain signature
Figure BDA0002830258430000063
Finally, the message ciphertext EK(m), Key cryptogram
Figure BDA0002830258430000064
And signatures
Figure BDA0002830258430000065
Together with recipient B.
d) Verification signature module
Receiver B receives message cipher text EK(m), Key cryptogram
Figure BDA0002830258430000066
And signatures
Figure BDA0002830258430000067
Thereafter, the signature is first verified using the sender's public key PKA
Figure BDA0002830258430000068
If the validity of (1) is verified
Figure BDA0002830258430000069
The signature is invalid, the signature is rejected, the signature is proved not to be signed by the sender a, and further the subsequent decryption operation is not performed; if the formula is verified
Figure BDA00028302584300000610
The signature is valid, the signature is accepted, the signature is certified as being indeed signed by sender a, and a subsequent decryption operation is performed.
e) Decryption module
The receiver B passes its private key SKBFor message ciphertext
Figure BDA0002830258430000071
Decrypting, calculating to obtain a symmetric key K, and then using the symmetric key K to encrypt a message ciphertext EKAnd (m) decrypting and calculating to obtain the sent message m.
Wherein:
1. the hash function in step a is to convert an input with an arbitrary length into an output with a fixed length through a hash algorithm, wherein the output is a hash value, and the hash algorithm such as MD4, MD5 or SHA-1 can be selected.
2. The symmetric encryption method in step b is an encryption method adopting a single-key cryptosystem, the same key can be used as a cryptographic algorithm for information encryption and decryption at the same time, and the algorithms such as DES, AES, RC4 or RC5 can be selected.
3. The public key encryption method in the step b is an algorithm which adopts an encryption method of a double-code system to generate a pair of a public key and a private key, a sender encrypts the public key, and a receiver can only decrypt the public key through the private key, wherein the algorithm can be RSA, ElGamal, SM2 or SM9 and the like.
4. The digital signature method in the step c is a signature method adopting a double-code system, a sender signs by using a private key of the sender to form a digital signature, and a verifier verifies the validity of the signature by using a public key of the sender.
5. The timestamp in step c is mainly used for authenticating the data generation time through a certain technical means, so as to verify whether the data is falsified after being generated, and prevent an attacker from carrying out replay attack.
Thus, the present invention:
firstly, the public key encryption and symmetric encryption technology are combined, so that the problem of difficult key management is solved, and the data security transmission can be rapidly and safely guaranteed;
secondly, the identity information of the sender can be effectively identified by adopting the digital signature technology, and the source of the transmission information is ensured to have reliability;
thirdly, by introducing the idea of time stamp, an attacker is prevented from carrying out replay attack on the transmitted information, and the safety transmission of the information is realized;
and fourthly, the real-time performance is strong, the safety is high, and the problem of rapidly and safely realizing service data access under the conditions of large-order data encryption, safe identity authentication and the like can be effectively solved.

Claims (8)

1. A security access method based on a hybrid cryptosystem is characterized in that: the method comprises the following steps:
encryption: the sender encrypts the message to be transmitted into a message ciphertext by using a symmetric cryptographic algorithm, and encrypts a symmetric key into a key ciphertext by using a public key cryptographic algorithm;
and (3) sending: sending the message ciphertext and the key ciphertext to a receiver;
and (3) decryption: the receiving party decrypts the key ciphertext into a symmetric key by using a private key of the receiving party, and decrypts the message ciphertext into a message to be transmitted by using the symmetric key.
2. The hybrid cryptosystem-based secure access method according to claim 1, wherein: further comprising:
signature: the key ciphertext pair is signed with a symmetric key.
3. The hybrid cryptosystem-based secure access method according to claim 2, wherein: further comprising:
and (4) checking the label: and the receiver verifies the authenticity of the sender according to the validity of the signature.
4. The hybrid cryptosystem-based secure access method according to claim 1, wherein: the symmetric cryptographic algorithm is DES, AES, RC4 or RC 5.
5. The hybrid cryptosystem-based secure access method according to claim 2, wherein: the public key cryptographic algorithm is RSA, ElGamal, SM2 or SM 9.
6. A security access system based on a hybrid cryptosystem is characterized in that: including initialization module, encryption module and decryption module, wherein:
the initialization module generates and distributes a key; the encryption module implements the encryption step of claim 1 and the decryption module implements the decryption step of claim 1.
7. The hybrid cryptosystem-based secure access method according to claim 6, wherein: further comprising a signing module implementing the signing step of claim 2.
8. The hybrid cryptosystem-based secure access method according to claim 6, wherein: further comprising a signature verification module implementing the signature verification step of claim 3.
CN202011440258.5A 2020-12-11 2020-12-11 Security access method and system based on hybrid cryptosystem Pending CN112532648A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011440258.5A CN112532648A (en) 2020-12-11 2020-12-11 Security access method and system based on hybrid cryptosystem

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011440258.5A CN112532648A (en) 2020-12-11 2020-12-11 Security access method and system based on hybrid cryptosystem

Publications (1)

Publication Number Publication Date
CN112532648A true CN112532648A (en) 2021-03-19

Family

ID=74999587

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011440258.5A Pending CN112532648A (en) 2020-12-11 2020-12-11 Security access method and system based on hybrid cryptosystem

Country Status (1)

Country Link
CN (1) CN112532648A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259934A (en) * 2021-06-25 2021-08-13 贵州大学 Short message verification code encryption method, decryption method and encryption and decryption system
CN113408013A (en) * 2021-05-29 2021-09-17 国网辽宁省电力有限公司辽阳供电公司 Encryption and decryption chip framework with multiple algorithm rules mixed
CN117061245A (en) * 2023-10-11 2023-11-14 中国电子科技集团公司第三十研究所 Lattice authentication key exchange protocol construction method using prefix hash

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1472914A (en) * 2003-06-27 2004-02-04 武汉理工大学 High performance and quick public pin encryption
CN107070948A (en) * 2017-05-23 2017-08-18 广东工业大学 Signature and verification method based on hybrid encryption algorithm in cloud storage
US20170338961A1 (en) * 2016-05-17 2017-11-23 Hyundai Motor Company Method of providing security for controller using ecryption and apparatus therefor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1472914A (en) * 2003-06-27 2004-02-04 武汉理工大学 High performance and quick public pin encryption
US20170338961A1 (en) * 2016-05-17 2017-11-23 Hyundai Motor Company Method of providing security for controller using ecryption and apparatus therefor
CN107070948A (en) * 2017-05-23 2017-08-18 广东工业大学 Signature and verification method based on hybrid encryption algorithm in cloud storage

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113408013A (en) * 2021-05-29 2021-09-17 国网辽宁省电力有限公司辽阳供电公司 Encryption and decryption chip framework with multiple algorithm rules mixed
CN113259934A (en) * 2021-06-25 2021-08-13 贵州大学 Short message verification code encryption method, decryption method and encryption and decryption system
CN117061245A (en) * 2023-10-11 2023-11-14 中国电子科技集团公司第三十研究所 Lattice authentication key exchange protocol construction method using prefix hash
CN117061245B (en) * 2023-10-11 2023-12-22 中国电子科技集团公司第三十研究所 Lattice authentication key exchange protocol construction method using prefix hash

Similar Documents

Publication Publication Date Title
US20220224551A1 (en) Mutual authentication of confidential communication
CN106506470B (en) network data security transmission method
CN107947913B (en) Anonymous authentication method and system based on identity
CN110535868A (en) Data transmission method and system based on Hybrid Encryption algorithm
CN110771089A (en) Secure communications providing forward privacy
CN110958219B (en) SM2 proxy re-encryption method and device for medical cloud shared data
US11870891B2 (en) Certificateless public key encryption using pairings
CN112532648A (en) Security access method and system based on hybrid cryptosystem
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
US11888832B2 (en) System and method to improve user authentication for enhanced security of cryptographically protected communication sessions
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
KR101516114B1 (en) Certificate-based proxy re-encryption method and its system
CN105554031A (en) Encryption method, encryption apparatus, decryption method, decryption apparatus and terminal
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
CN116614599B (en) Video monitoring method, device and storage medium for secure encryption
CN112738133A (en) RSA authentication method
CN111049738B (en) E-mail data security protection method based on hybrid encryption
CN109104278A (en) A kind of encrypting and decrypting method
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
KR101991775B1 (en) Method for data encryption and decryption based on fpga
KR20040009766A (en) Apparatus and method for transmitting and receiving in encryption system
US20220038267A1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
CN108494554B (en) Data symmetric encryption method based on double plaintexts
KR20060078768A (en) System and method for key recovery using distributed registration of private key
Gobi et al. A comparative study on the performance and the security of RSA and ECC algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210319

RJ01 Rejection of invention patent application after publication