摘要
针对日益严峻的文档安全形势,为了更好地保护受控文档,将基于身份的加密机制与透明加密(OTFE)技术相结合,提出基于身份的受控文档透明加解密方案。采用文件系统过滤驱动技术监控程序对受控文档的操作,并使用基于身份的加密机制执行加解密操作。特别地,提出将原始密文耦合后分块存储的新算法,使得敌手不可能获取完整密文进而恢复出原始明文。从系统层面和算法层面对方案进行了详细描述,安全分析表明该方案能有效地保护受控文档。
To deal with the increasingly serious situation of document's security and better protect the controlled documents, in this paper, an identity-based On-The-Fly Encryption (OTFE) and deeryption scheme was proposed for the controlled documents, which combined an Identity-Based Eneryption (IBE) algorithm with an on-the-fly encryption technique. In the scheme, file system fiher driver technology was used to monitor program's behaviors on the controlled documents; meanwhile, the IBE algorithm was used to encrypt and decrypt the controlled documents. Specifically, a new algorithm that associated the original ciphertext and divided the associated ciphertext into two parts stored in different locations was proposed. Therefore, it is impossible for an adversary to obtain the whole ciphertext and further recover the original plaintext. Finally, an elaborate description was made on the scheme from system level and algorithm level. The security analysis indicates that the proposed scheme is able to effectively protect the controlled documents.
出处
《计算机应用》
CSCD
北大核心
2013年第11期3235-3238,共4页
journal of Computer Applications
基金
国家自然科学基金资助项目(61370078)
福建省自然科学基金资助项目(2011J01339)
福建省教育厅科研基金资助项目(JA12078
JB12022)
关键词
受控文档
基于身份的加密
透明加密
文档安全
访问控制
controlled document
identity-based encryption
On-The-Fly Encryption (OTFE)
document security
access control
