CN112532648A - Security access method and system based on hybrid cryptosystem - Google Patents
Security access method and system based on hybrid cryptosystem Download PDFInfo
- Publication number
- CN112532648A CN112532648A CN202011440258.5A CN202011440258A CN112532648A CN 112532648 A CN112532648 A CN 112532648A CN 202011440258 A CN202011440258 A CN 202011440258A CN 112532648 A CN112532648 A CN 112532648A
- Authority
- CN
- China
- Prior art keywords
- key
- ciphertext
- symmetric
- encryption
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a security access method based on a mixed password system, which comprises the following steps: encryption: the sender encrypts the message to be transmitted into a message ciphertext by using a symmetric cryptographic algorithm, and encrypts a symmetric key into a key ciphertext by using a public key cryptographic algorithm; and (3) sending: sending the message ciphertext and the key ciphertext to a receiver; and (3) decryption: the receiving party decrypts the key ciphertext into a symmetric key by using a private key of the receiving party, and decrypts the message ciphertext into a message to be transmitted by using the symmetric key. The invention also provides a security access system based on the mixed password system; the device comprises an initialization module, an encryption module and a decryption module. The invention combines public key encryption and symmetric encryption technologies, not only solves the problem of difficult key management, but also can quickly and safely ensure the safe transmission of data.
Description
Technical Field
The invention relates to a security access method and a security access system based on a hybrid cryptosystem.
Background
In order to ensure the user to access the system safely, a symmetric encryption algorithm or an asymmetric encryption algorithm can be used for encryption, so as to protect the confidentiality of information transmission. For the traditional symmetric cryptographic algorithm, the keys have certain correlation when encryption and decryption operations are carried out, and the encryption and decryption keys are completely the same. The traditional symmetric cryptographic algorithm has the advantages of low time complexity, easy hardware implementation, high encryption speed and the like, so that the traditional symmetric cryptographic algorithm is mainly used for encrypting large-block data. However, the symmetric cryptographic algorithm has a problem that key management is complicated, so that the security of the algorithm is lowered. Secondly, if a symmetric cryptographic algorithm is adopted for encryption and decryption, different receivers need different key pairs, and when the user amount sharply increases, the key data amount greatly increases, and the problem of difficult key management exists. Meanwhile, in order to make the symmetric algorithm have absolute security, a transmission secure channel is required to distribute the key, which has certain difficulty in technical aspect.
The asymmetric cryptographic algorithm is also called as a public key cryptographic algorithm, a public key used in encryption operation is different from a private key used in decryption operation, and the encryption and decryption key is mainly characterized in that the public key and the private key can only be calculated in a single direction, and the public key can be calculated by the private key, so that the encryption and decryption key is irregular. The public key belongs to public information, and the private key has privacy. Compared with a symmetric cryptographic algorithm, the public key cryptographic algorithm has higher security, and simpler key management, release and transmission processes, but the public key cryptographic algorithm has lower encryption and decryption speed, and is generally used for encryption and decryption of small block data, such as key negotiation, digital envelopes, digital signatures, non-invasive access and the like. The digital envelope combines the symmetric encryption technology and the asymmetric encryption technology, and a method for distributing the symmetric key by the asymmetric encryption mode is a technology for realizing information confidentiality transmission.
The digital envelope technology not only exerts the advantages of high speed and good safety of the symmetric encryption algorithm, but also has the advantage of convenient key management of the asymmetric encryption algorithm, and is widely applied to the network field to realize the safe access of users. However, most of the existing security access methods based on digital envelopes have the problem that man-in-the-middle attacks, which leads to the fact that the message is not determined to come from the real sender, and based on the requirement, how to design a secure and reliable access method to realize the secure access of users becomes a problem to be solved.
Disclosure of Invention
In order to solve the technical problems, the invention provides a security access method based on a mixed cryptosystem, which not only solves the problem of difficult key management, but also can quickly and safely ensure the security transmission of data.
The invention is realized by the following technical scheme.
The invention provides a security access method based on a mixed password system, which comprises the following steps:
encryption: the sender encrypts the message to be transmitted into a message ciphertext by using a symmetric cryptographic algorithm, and encrypts a symmetric key into a key ciphertext by using a public key cryptographic algorithm;
and (3) sending: sending the message ciphertext and the key ciphertext to a receiver;
and (3) decryption: the receiving party decrypts the key ciphertext into a symmetric key by using a private key of the receiving party, and decrypts the message ciphertext into a message to be transmitted by using the symmetric key.
Further comprising:
signature: the key ciphertext pair is signed with a symmetric key.
Further comprising:
and (4) checking the label: and the receiver verifies the authenticity of the sender according to the validity of the signature.
The symmetric cryptographic algorithm is DES, AES, RC4 or RC 5.
The public key cryptographic algorithm is RSA, ElGamal, SM2 or SM 9.
The invention also provides a security access system based on the mixed password system; including initialization module, encryption module and decryption module, wherein:
the initialization module generates and distributes a key; the encryption module implements the encryption step of claim 1 and the decryption module implements the decryption step.
The method also comprises a signature module for realizing the signature step.
The system also comprises a signature verification module for realizing the signature verification step.
The invention has the beneficial effects that: by combining public key encryption and symmetric encryption technologies, the problem of difficult key management is solved, and data security transmission can be rapidly and safely guaranteed; by adopting the digital signature technology, the identity information of the sender can be effectively identified, and the source of the transmission information is ensured to have reliability; the real-time performance is strong, the safety is high, and the problem of rapidly and safely realizing service data access under the conditions of large-order data encryption, safe identity authentication and the like can be effectively solved.
Drawings
FIG. 1 is a flow chart of a method of the present invention;
FIG. 2 is a cryptographic signature flow diagram of the present invention;
fig. 3 is a flow chart of signature verification decryption according to the present invention.
Detailed Description
The technical solution of the present invention is further described below, but the scope of the claimed invention is not limited to the described.
As shown in fig. 2 and fig. 3, a security access method based on a hybrid cryptosystem includes the following steps:
encryption: the sender encrypts the message to be transmitted into a message ciphertext by using a symmetric cryptographic algorithm, and encrypts a symmetric key into a key ciphertext by using a public key cryptographic algorithm;
and (3) sending: sending the message ciphertext and the key ciphertext to a receiver;
and (3) decryption: the receiving party decrypts the key ciphertext into a symmetric key by using a private key of the receiving party, and decrypts the message ciphertext into a message to be transmitted by using the symmetric key.
Further comprising:
signature: the key ciphertext pair is signed with a symmetric key.
Further comprising:
and (4) checking the label: and the receiver verifies the authenticity of the sender according to the validity of the signature.
The symmetric cryptographic algorithm is DES, AES, RC4 or RC 5.
The public key cryptographic algorithm is RSA, ElGamal, SM2 or SM 9.
A security access system based on a hybrid cryptosystem as shown in fig. 1; including initialization module, encryption module and decryption module, wherein:
the initialization module generates and distributes a key; the encryption module implements the encryption step of claim 1 and the decryption module implements the decryption step.
The method also comprises a signature module for realizing the signature step.
The system also comprises a signature verification module for realizing the signature verification step.
Example 1
By adopting the scheme, the sender firstly encrypts the message to be transmitted by using a symmetric cryptographic algorithm and calculates to obtain a message ciphertext. Then, a public key cryptographic algorithm is adopted to encrypt a symmetric key in the symmetric cryptographic algorithm to generate a key ciphertext, a private key of the public key cryptographic algorithm is used to sign the encrypted key ciphertext, and finally the signature, the key ciphertext and the message ciphertext are sent to a receiver together. After receiving the signature, the receiver firstly verifies the validity of the signature through the public key of the sender to ensure that the signature comes from a real sender; and then, decrypting the key ciphertext by using a private key of the receiving party to obtain a symmetric key. And finally, decrypting the message ciphertext by using the symmetric key, and calculating to obtain the transmitted message. Further systems are described below:
as shown in fig. 1, there are five modules:
a) initialization module
First, the entities in the system include a sender a, a receiver B, and a key generation center PGC. Then, the PGC generates corresponding public and private keys, respectively (PK), for the sender a and the receiver B, respectivelyA,SKA) And (PK)B,SKB). Then, the system selects a hash function, which is recorded asFinally, the system will public key PKAPublic key PKBThe Hash function is published, and the private key SK is usedAPrivate key SKBThe secrets are sent to a and B, respectively, over a secure channel.
b) Encryption module
The sender A randomly selects a secret key K as a symmetric encryption secret key, and for the message m to be encrypted, A applies a symmetric encryption algorithmEncrypting and calculating to obtain message ciphertext EK(m) of the reaction mixture. Then, A encrypts the symmetric key K by a public key encryption algorithm, and applies the public key PK of the receiver BBEncrypting the symmetric key K, and calculating to obtain a key ciphertext
c) Signature module
In order to ensure that the receiver knows the identity of the sender, the method carries out digital signature operation on the key ciphertext, and the specific flow is as follows: sender A first selects a timestamp TATo secret key ciphertextPerforming Hash operation with the time stamp TA to obtain a Hash value by calculationThen, signature operation is carried out through a digital signature algorithm, and a private key SK is appliedAPerforming digital signature, and calculating to obtain signatureFinally, the message ciphertext EK(m), Key cryptogramAnd signaturesTogether with recipient B.
d) Verification signature module
Receiver B receives message cipher text EK(m), Key cryptogramAnd signaturesThereafter, the signature is first verified using the sender's public key PKAIf the validity of (1) is verifiedThe signature is invalid, the signature is rejected, the signature is proved not to be signed by the sender a, and further the subsequent decryption operation is not performed; if the formula is verifiedThe signature is valid, the signature is accepted, the signature is certified as being indeed signed by sender a, and a subsequent decryption operation is performed.
e) Decryption module
The receiver B passes its private key SKBFor message ciphertextDecrypting, calculating to obtain a symmetric key K, and then using the symmetric key K to encrypt a message ciphertext EKAnd (m) decrypting and calculating to obtain the sent message m.
Wherein:
1. the hash function in step a is to convert an input with an arbitrary length into an output with a fixed length through a hash algorithm, wherein the output is a hash value, and the hash algorithm such as MD4, MD5 or SHA-1 can be selected.
2. The symmetric encryption method in step b is an encryption method adopting a single-key cryptosystem, the same key can be used as a cryptographic algorithm for information encryption and decryption at the same time, and the algorithms such as DES, AES, RC4 or RC5 can be selected.
3. The public key encryption method in the step b is an algorithm which adopts an encryption method of a double-code system to generate a pair of a public key and a private key, a sender encrypts the public key, and a receiver can only decrypt the public key through the private key, wherein the algorithm can be RSA, ElGamal, SM2 or SM9 and the like.
4. The digital signature method in the step c is a signature method adopting a double-code system, a sender signs by using a private key of the sender to form a digital signature, and a verifier verifies the validity of the signature by using a public key of the sender.
5. The timestamp in step c is mainly used for authenticating the data generation time through a certain technical means, so as to verify whether the data is falsified after being generated, and prevent an attacker from carrying out replay attack.
Thus, the present invention:
firstly, the public key encryption and symmetric encryption technology are combined, so that the problem of difficult key management is solved, and the data security transmission can be rapidly and safely guaranteed;
secondly, the identity information of the sender can be effectively identified by adopting the digital signature technology, and the source of the transmission information is ensured to have reliability;
thirdly, by introducing the idea of time stamp, an attacker is prevented from carrying out replay attack on the transmitted information, and the safety transmission of the information is realized;
and fourthly, the real-time performance is strong, the safety is high, and the problem of rapidly and safely realizing service data access under the conditions of large-order data encryption, safe identity authentication and the like can be effectively solved.
Claims (8)
1. A security access method based on a hybrid cryptosystem is characterized in that: the method comprises the following steps:
encryption: the sender encrypts the message to be transmitted into a message ciphertext by using a symmetric cryptographic algorithm, and encrypts a symmetric key into a key ciphertext by using a public key cryptographic algorithm;
and (3) sending: sending the message ciphertext and the key ciphertext to a receiver;
and (3) decryption: the receiving party decrypts the key ciphertext into a symmetric key by using a private key of the receiving party, and decrypts the message ciphertext into a message to be transmitted by using the symmetric key.
2. The hybrid cryptosystem-based secure access method according to claim 1, wherein: further comprising:
signature: the key ciphertext pair is signed with a symmetric key.
3. The hybrid cryptosystem-based secure access method according to claim 2, wherein: further comprising:
and (4) checking the label: and the receiver verifies the authenticity of the sender according to the validity of the signature.
4. The hybrid cryptosystem-based secure access method according to claim 1, wherein: the symmetric cryptographic algorithm is DES, AES, RC4 or RC 5.
5. The hybrid cryptosystem-based secure access method according to claim 2, wherein: the public key cryptographic algorithm is RSA, ElGamal, SM2 or SM 9.
6. A security access system based on a hybrid cryptosystem is characterized in that: including initialization module, encryption module and decryption module, wherein:
the initialization module generates and distributes a key; the encryption module implements the encryption step of claim 1 and the decryption module implements the decryption step of claim 1.
7. The hybrid cryptosystem-based secure access method according to claim 6, wherein: further comprising a signing module implementing the signing step of claim 2.
8. The hybrid cryptosystem-based secure access method according to claim 6, wherein: further comprising a signature verification module implementing the signature verification step of claim 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011440258.5A CN112532648A (en) | 2020-12-11 | 2020-12-11 | Security access method and system based on hybrid cryptosystem |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011440258.5A CN112532648A (en) | 2020-12-11 | 2020-12-11 | Security access method and system based on hybrid cryptosystem |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112532648A true CN112532648A (en) | 2021-03-19 |
Family
ID=74999587
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011440258.5A Pending CN112532648A (en) | 2020-12-11 | 2020-12-11 | Security access method and system based on hybrid cryptosystem |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112532648A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113259934A (en) * | 2021-06-25 | 2021-08-13 | 贵州大学 | Short message verification code encryption method, decryption method and encryption and decryption system |
CN113408013A (en) * | 2021-05-29 | 2021-09-17 | 国网辽宁省电力有限公司辽阳供电公司 | Encryption and decryption chip framework with multiple algorithm rules mixed |
CN117061245A (en) * | 2023-10-11 | 2023-11-14 | 中国电子科技集团公司第三十研究所 | Lattice authentication key exchange protocol construction method using prefix hash |
CN118523968A (en) * | 2024-07-24 | 2024-08-20 | 杭州金智塔科技有限公司 | Non-invasive data flow platform encryption security analysis method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1472914A (en) * | 2003-06-27 | 2004-02-04 | 武汉理工大学 | High performance and quick public pin encryption |
CN107070948A (en) * | 2017-05-23 | 2017-08-18 | 广东工业大学 | Signature and verification method based on hybrid encryption algorithm in cloud storage |
US20170338961A1 (en) * | 2016-05-17 | 2017-11-23 | Hyundai Motor Company | Method of providing security for controller using ecryption and apparatus therefor |
-
2020
- 2020-12-11 CN CN202011440258.5A patent/CN112532648A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1472914A (en) * | 2003-06-27 | 2004-02-04 | 武汉理工大学 | High performance and quick public pin encryption |
US20170338961A1 (en) * | 2016-05-17 | 2017-11-23 | Hyundai Motor Company | Method of providing security for controller using ecryption and apparatus therefor |
CN107070948A (en) * | 2017-05-23 | 2017-08-18 | 广东工业大学 | Signature and verification method based on hybrid encryption algorithm in cloud storage |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113408013A (en) * | 2021-05-29 | 2021-09-17 | 国网辽宁省电力有限公司辽阳供电公司 | Encryption and decryption chip framework with multiple algorithm rules mixed |
CN113259934A (en) * | 2021-06-25 | 2021-08-13 | 贵州大学 | Short message verification code encryption method, decryption method and encryption and decryption system |
CN117061245A (en) * | 2023-10-11 | 2023-11-14 | 中国电子科技集团公司第三十研究所 | Lattice authentication key exchange protocol construction method using prefix hash |
CN117061245B (en) * | 2023-10-11 | 2023-12-22 | 中国电子科技集团公司第三十研究所 | Lattice authentication key exchange protocol construction method using prefix hash |
CN118523968A (en) * | 2024-07-24 | 2024-08-20 | 杭州金智塔科技有限公司 | Non-invasive data flow platform encryption security analysis method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220224551A1 (en) | Mutual authentication of confidential communication | |
CN106506470B (en) | network data security transmission method | |
CN107947913B (en) | Anonymous authentication method and system based on identity | |
CN110535868A (en) | Data transmission method and system based on Hybrid Encryption algorithm | |
CN112532648A (en) | Security access method and system based on hybrid cryptosystem | |
US11870891B2 (en) | Certificateless public key encryption using pairings | |
CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
CN110113150B (en) | Encryption method and system based on non-certificate environment and capable of repudiation authentication | |
US11888832B2 (en) | System and method to improve user authentication for enhanced security of cryptographically protected communication sessions | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN116614599B (en) | Video monitoring method, device and storage medium for secure encryption | |
KR101516114B1 (en) | Certificate-based proxy re-encryption method and its system | |
CN105554031A (en) | Encryption method, encryption apparatus, decryption method, decryption apparatus and terminal | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
CN109104278A (en) | A kind of encrypting and decrypting method | |
CN114650173A (en) | Encryption communication method and system | |
CN112738133A (en) | RSA authentication method | |
CN111049738B (en) | E-mail data security protection method based on hybrid encryption | |
KR101991775B1 (en) | Method for data encryption and decryption based on fpga | |
KR20040009766A (en) | Apparatus and method for transmitting and receiving in encryption system | |
CN111526131B (en) | Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station | |
US20220038267A1 (en) | Methods and devices for secured identity-based encryption systems with two trusted centers | |
CN116800416A (en) | Secure transmission method for cooperative encryption key | |
KR20060078768A (en) | System and method for key recovery using distributed registration of private key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210319 |
|
RJ01 | Rejection of invention patent application after publication |