基于泛化FPE加密的民航旅客信息动态脱敏方法研究

doi:10.3969/j.issn.1671-1122.2021.02.006

信息网络安全 ›› 2021, Vol. 21 ›› Issue (2): 45-52.doi: 10.3969/j.issn.1671-1122.2021.02.006

基于泛化FPE加密的民航旅客信息动态脱敏方法研究

丁建立¹, 陈盼¹(), 马勇²

1.中国民航大学计算机科学与技术学院,天津 300300
2.民航成都电子技术有限责任公司,成都 611435

收稿日期:2020-11-30 出版日期:2021-02-10 发布日期:2021-02-23
通讯作者: 陈盼 E-mail:xrk_chen@163.com
作者简介:丁建立（1963─）,男,河南,教授,博士,主要研究方向为民航信息系统主动容灾、民航智能信息处理|陈盼（1996─）,女,河南,硕士研究生,主要研究方向为数据安全|马勇（1981─）,男,河北,工程师,硕士,主要研究方向为网络安全
基金资助:
国家自然科学基金(U1833114);民航安全能力项目(SA2020280)

Research on Dynamic Desensitization Method of Civil Aviation Passenger Information Based on Generalized FPE Encryption

DING Jianli¹, CHEN Pan¹(), MA Yong²

1. School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China
2. Civil Aviation Electronic Technology Co., Ltd, Chengdu 611435, China

Received:2020-11-30 Online:2021-02-10 Published:2021-02-23
Contact: CHEN Pan E-mail:xrk_chen@163.com

摘要/Abstract

摘要：

随着电子客票和生物特征安检的发展,民航业务系统保存了大量旅客信息,这些信息为“智慧民航”发展奠定了数字基础,但同时也给民航的数据安全保护带来了新的挑战。为解决内部人员恶意或无意泄露旅客信息的情况,文章提出在内部人员访问旅客信息时,采用泛化FPE加密方式对旅客敏感信息进行实时脱敏,在保留旅客信息原始格式特征的基础上,确保旅客信息安全。实验结果表明,该方法可以高效、安全地处理旅客信息查询请求,从而在满足内部人员查询旅客信息的同时,保证旅客信息的安全。

关键词: 动态脱敏, 民航旅客信息, 泛化FPE加密, 个人信息保护

Abstract:

With the development of e-tickets and biometric security inspection, the civil aviation business system keeps a large number of passenger information, which has laid a digital foundation for the development of "intelligent civil aviation", but also brought new challenges to the data security protection of civil aviation. In order to solve the situation of malicious or unintentional disclosure of passenger information by insiders, this paper proposed to use generalized FPE encryption to desensitize the sensitive information of passengers in real time, and to ensure the security of passenger information on the basis of preserving the original format features of passengers. The experimental results show that this method can efficiently and safely process the passenger information query request, so as to ensure the passenger information security while the internal personnel query the passenger information.

Key words: dynamic desensitization, civil aviation passenger information, generalized FPE, personal information protection

中图分类号:

TP309

丁建立, 陈盼, 马勇. 基于泛化FPE加密的民航旅客信息动态脱敏方法研究[J]. 信息网络安全, 2021, 21(2): 45-52.

DING Jianli, CHEN Pan, MA Yong. Research on Dynamic Desensitization Method of Civil Aviation Passenger Information Based on Generalized FPE Encryption[J]. Netinfo Security, 2021, 21(2): 45-52.

图/表 9

图1

表1

表2

图2

表3

表4

表5

图3

图4

参考文献 20

[1]	SARADA G, ABITHA N, MANIKANDAN G, et al. A Few New Approaches for Data Masking[C]//IEEE. 2015 International Conference on Circuits, Power and Computing Technologies, March 19-20, 2015, Nagercoil India. Piscataway, NJ, USA: IEEE, 2015: 1-4.
[2]	KING S. Data Masking: Counter-attack to Internal Data Theft[J]. Computer Security Journal, 2007,23(2): 22-26.
[3]	YOU Fucheng, ZHANG Chenwei, CAO Yue, et al, Data Masking System Based on Ink Technology[C]//IEEE. 2018 5th International Conference on Information Science and Control Engineering, July 20-22, 2018, Zhengzhou, China. Los Alamitos, CA, USA: IEEE Computer Society, 2019: 176-180.
[4]	BARANCHIKOV A I, GROMOV A Y, GUROV V S, et al. The Technique of Dynamic Data Masking in Information Systems[C]//IEEE. Mediterranean Conference on Embedded Computing (MECO), June 12-16, 2016, Bar, Montenegro. Piscataway, NJ, USA: IEEE, 2016: 473-476.
[5]	ZHENG Yao. Design and Implementation of Data Desensitization System for Relational Database[D]. Fuzhou: Fuzhou University, 2018.
	郑瑶. 面向关系型数据库的数据脱敏系统的设计与实现[D]. 福州:福州大学, 2018.
[6]	HU Ronglei, HE Yanqiong, ZENG Ping, et al. Design and Implementation of Medical Privacy Protection Scheme in Big Data Environment[J]. Netinfo Security, 2018,18(9): 48-54.
[7]	LI Min, LIU Zheli, YOU Xiaoying, et al. Preserved Format Encryption Model for Sensitive Information[J]. Journal of Nankai University (Natural Science Edition), 2012,45(5): 1-6.
	李敏, 刘哲理, 游晓莺, 等. 敏感信息的保留格式加密模型[J]. 南开大学学报(自然科学版), 2012,45(5): 1-6.
[8]	LIU Zheli, JIA Chunfu, LI Jingwei. Research on the Preserved Format Encryption Model[J]. Journal on Communications, 2011,32(6): 184-190.
	刘哲理, 贾春福, 李经纬. 保留格式加密模型研究[J]. 通信学报, 2011,32(6): 184-190.
[9]	WANG Peng, LUO Hong, LIU Jie. Format-preserving Encryption for Excel[EB/OL]. https://ieeexplore.ieee.org/document/7520934, 2016-07-28.
[10]	LIU Zheli, JIA Chunfu, LI Jingwei. Research on the Format-preserving Encryption Techniques[J]. Journal of Software, 2012,23(1): 152-170.
	刘哲理, 贾春福, 李经纬. 保留格式加密技术研究[J]. 软件学报, 2012,23(1): 152-170.
[11]	MINOR M, HERBORN A, JORDAN D. Case-based Data Masking for Software Test Management[C]//The ICCBR 2018 Organizers. Case-based Reasoning Research and Development-26th International Conference, ICCBR 2018, July 9-12, 2018, Stockholm, Sweden. Cham, Switzerland: Springer International Publishing, 2018: 281-291.
[12]	BLACK J, ROGAWAY P. Ciphers with Arbitrary Finite Domains[C]//Springer. Cryptographers Track at the RSA Conference on Topics in Cryptology, February 18, 2002, San José, CA, USA. Berlin, Heidelberg: Springer, 2002: 114-130.
[13]	SPIES T. Feistel Finite Set Encryption Mode[EB/OL]. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem/ffsem-spec.pdf, 2020-09-07.
[14]	BELLARE M, RISTENPART T, ROGAWAY P, et al. Format-preserving Encryption[J]. Lecture Notes in Computer Science, 2009,45(5): 295-312.
[15]	BELLARE M, ROGAWAY P, SPIES T. The FFX Mode of Operation for Format-preserving Encryption[EB/OL]. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffx/ffxspec.pdf, 2020-09-07.
[16]	BRUCE S, JOHN K. Unbalanced Feistel Networks and Block Cipher Design[C]//FSE 1996 Organizers. International Workshop on Fast Software Encryption, February 21-23, 1996, Cambridge, United Kingdom. Berlin, Heidelberg: Springer, 1996: 121-144.
[17]	MOSES L, RIVEST RL, DAVID W. Tweakable Block Ciphers[C]//Springer. International Cryptology Conference, August 18-22, 2002,Santa Barbara, CA, USA. Berlin, Heidelberg: Springer, 2002: 31-46.
[18]	ZHANG Baihui. Research on Reserved Format Encryption Technology for Big Data Release[D]. Beijing: Beijing University of Posts and Telecommunications, 2018.
	张百惠. 面向大数据发布的保留格式加密技术研究[D]. 北京:北京邮电大学, 2018.
[19]	DWORKIN W. NIST Special Publication 800-38G, Recommendation for Block Cipher Modes of Operation: Methods for Format-preserving Encryption[EB/OL]. http://dx.d oi.org/10.6028/NIST.SP.800-38G, 2016-08-04.
[20]	GB/T 37964-2019. Information Security Technology Guidelines for the De-identification of Personal Information[S]. Beijing: China Standards Press, 2019.
	GB/T 37964-2019B/T 37964-2019.信息安全技术个人信息去标识化指南[S]. 北京: 中国标准出版社, 2019.

敏感属性名	含义	格式要求	数据类型
psgname	旅客姓名	姓+名	Varchar（30）
psgcontact	手机号	3位网络识别号+4位地区码+4位用户编号	Varchar（11）
psgid	身份证号	6位地区码+8位出生日期+3位顺序码+1位校验码	Varchar（18）
ffnumber	常客卡号	2位字母+9/12位数字	Varchar（14）
ticketno	客票号	3位航空公司代码+10位票号	Varchar（13）

作用字段	策略名称	脱敏函数	策略意义
Psgname	pnameDM	pnmDMf	姓名脱敏
Psgconta	pcotaDM	pctaDMf	手机号脱敏
Psgid	psgidDM	pidDMf	身份证号脱敏
ffnumb	ffnumDM	ffnDMf	常客卡号脱敏
ticketno	tiknoDM	tikDMf	客票号脱敏

序号	姓名	手机号	身份证号	客票号	常客卡号
1	余**	137******05	4206011958********	99997*******1	CA27********49
2	周**	186******96	5129301969********	99997*******2	CA27********20
3	杨**	139******04	5129301954********	99997*******3	CA33********34
4	高**	138******30	5223211958********	99997*******4	CA33********23
5	袁**	130******52	6201021952********	99997*******5	NULL
6	黎**	135******43	2204211963********	99997*******6	NULL
7	汪**	151******01	1304031954********	99997*******4	NULL
…	…	…	…	…	…
11121	范*	148******45	5201021941********	99922*******9	NULL

序号	旅客姓名	手机号	身份证号	常客卡号
1	儜獈亯	13759591280	420601194502287194	CA273510856803
2	櫖乌放	18627923172	512930199806095417	CA276189781961
3	渓璔幍	13912255097	512930194302133421	CA335704507226
4	馵並昴	13887807932	522321194502287295	CA333829612407
…	…	…	…	…
11121	腖瑗	14809927009	520102199602086616	NULL

序号	原始身份证号（模拟）	泛化FPE加密后数据	基本FPE加密后数据
1	420601195802282322	420601196502287190	420601194502287194
2	512930196906093327	512930191406095411	512930199806095417
3	512930195402133167	512930200202133422	512930194302133421
4	522321195802288649	522321196502287291	522321194502287295
5	62010219520321433X	62010220020321638X	620102193003216382
6	22042119630102376X	220421196501028792	220421191201028798
…	…	…	…
11121	520102194102085015	520102200802086616	520102199602086616

基于泛化FPE加密的民航旅客信息动态脱敏方法研究

Research on Dynamic Desensitization Method of Civil Aviation Passenger Information Based on Generalized FPE Encryption

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 20

相关文章 2

编辑推荐

Metrics

本文评价

[1]	姜楠, 王玮琦, 王健. 基于智能合约的个人隐私数据保护方法研究[J]. 信息网络安全, 2020, 20(11): 22-31.
[2]	张晔. 电子身份认证与实名制制度安排的法律环境[J]. , 2011, 11(3): 0-0.