信息网络安全 ›› 2021, Vol. 21 ›› Issue (2): 45-52.doi: 10.3969/j.issn.1671-1122.2021.02.006
收稿日期:
2020-11-30
出版日期:
2021-02-10
发布日期:
2021-02-23
通讯作者:
陈盼
E-mail:xrk_chen@163.com
作者简介:
丁建立(1963─),男,河南,教授,博士,主要研究方向为民航信息系统主动容灾、民航智能信息处理|陈盼(1996─),女,河南,硕士研究生,主要研究方向为数据安全|马勇(1981─),男,河北,工程师,硕士,主要研究方向为网络安全
基金资助:
DING Jianli1, CHEN Pan1(), MA Yong2
Received:
2020-11-30
Online:
2021-02-10
Published:
2021-02-23
Contact:
CHEN Pan
E-mail:xrk_chen@163.com
摘要:
随着电子客票和生物特征安检的发展,民航业务系统保存了大量旅客信息,这些信息为“智慧民航”发展奠定了数字基础,但同时也给民航的数据安全保护带来了新的挑战。为解决内部人员恶意或无意泄露旅客信息的情况,文章提出在内部人员访问旅客信息时,采用泛化FPE加密方式对旅客敏感信息进行实时脱敏,在保留旅客信息原始格式特征的基础上,确保旅客信息安全。实验结果表明,该方法可以高效、安全地处理旅客信息查询请求,从而在满足内部人员查询旅客信息的同时,保证旅客信息的安全。
中图分类号:
丁建立, 陈盼, 马勇. 基于泛化FPE加密的民航旅客信息动态脱敏方法研究[J]. 信息网络安全, 2021, 21(2): 45-52.
DING Jianli, CHEN Pan, MA Yong. Research on Dynamic Desensitization Method of Civil Aviation Passenger Information Based on Generalized FPE Encryption[J]. Netinfo Security, 2021, 21(2): 45-52.
表3
部分实验数据(隐私起见以*号隐去部分数据)
序号 | 姓名 | 手机号 | 身份证号 | 客票号 | 常客卡号 |
---|---|---|---|---|---|
1 | 余** | 137******05 | 4206011958******** | 99997*******1 | CA27********49 |
2 | 周** | 186******96 | 5129301969******** | 99997*******2 | CA27********20 |
3 | 杨** | 139******04 | 5129301954******** | 99997*******3 | CA33********34 |
4 | 高** | 138******30 | 5223211958******** | 99997*******4 | CA33********23 |
5 | 袁** | 130******52 | 6201021952******** | 99997*******5 | NULL |
6 | 黎** | 135******43 | 2204211963******** | 99997*******6 | NULL |
7 | 汪** | 151******01 | 1304031954******** | 99997*******4 | NULL |
… | … | … | … | … | … |
11121 | 范* | 148******45 | 5201021941******** | 99922*******9 | NULL |
表4
基本FPE加密结果
序号 | 旅客姓名 | 手机号 | 身份证号 | 常客卡号 |
---|---|---|---|---|
1 | 儜獈亯 | 13759591280 | 420601194502287194 | CA273510856803 |
2 | 櫖乌放 | 18627923172 | 512930199806095417 | CA276189781961 |
3 | 渓璔幍 | 13912255097 | 512930194302133421 | CA335704507226 |
4 | 馵並昴 | 13887807932 | 522321194502287295 | CA333829612407 |
… | … | … | … | … |
11121 | 腖瑗 | 14809927009 | 520102199602086616 | NULL |
表5
出生年份子段脱敏结果对比
序号 | 原始身份证号(模拟) | 泛化FPE加密后数据 | 基本FPE加密后数据 |
---|---|---|---|
1 | 420601195802282322 | 420601196502287190 | 420601194502287194 |
2 | 512930196906093327 | 512930191406095411 | 512930199806095417 |
3 | 512930195402133167 | 512930200202133422 | 512930194302133421 |
4 | 522321195802288649 | 522321196502287291 | 522321194502287295 |
5 | 62010219520321433X | 62010220020321638X | 620102193003216382 |
6 | 22042119630102376X | 220421196501028792 | 220421191201028798 |
… | … | … | … |
11121 | 520102194102085015 | 520102200802086616 | 520102199602086616 |
[1] | SARADA G, ABITHA N, MANIKANDAN G, et al. A Few New Approaches for Data Masking[C]//IEEE. 2015 International Conference on Circuits, Power and Computing Technologies, March 19-20, 2015, Nagercoil India. Piscataway, NJ, USA: IEEE, 2015: 1-4. |
[2] | KING S. Data Masking: Counter-attack to Internal Data Theft[J]. Computer Security Journal, 2007,23(2): 22-26. |
[3] | YOU Fucheng, ZHANG Chenwei, CAO Yue, et al, Data Masking System Based on Ink Technology[C]//IEEE. 2018 5th International Conference on Information Science and Control Engineering, July 20-22, 2018, Zhengzhou, China. Los Alamitos, CA, USA: IEEE Computer Society, 2019: 176-180. |
[4] | BARANCHIKOV A I, GROMOV A Y, GUROV V S, et al. The Technique of Dynamic Data Masking in Information Systems[C]//IEEE. Mediterranean Conference on Embedded Computing (MECO), June 12-16, 2016, Bar, Montenegro. Piscataway, NJ, USA: IEEE, 2016: 473-476. |
[5] | ZHENG Yao. Design and Implementation of Data Desensitization System for Relational Database[D]. Fuzhou: Fuzhou University, 2018. |
郑瑶. 面向关系型数据库的数据脱敏系统的设计与实现[D]. 福州:福州大学, 2018. | |
[6] | HU Ronglei, HE Yanqiong, ZENG Ping, et al. Design and Implementation of Medical Privacy Protection Scheme in Big Data Environment[J]. Netinfo Security, 2018,18(9): 48-54. |
[7] | LI Min, LIU Zheli, YOU Xiaoying, et al. Preserved Format Encryption Model for Sensitive Information[J]. Journal of Nankai University (Natural Science Edition), 2012,45(5): 1-6. |
李敏, 刘哲理, 游晓莺, 等. 敏感信息的保留格式加密模型[J]. 南开大学学报(自然科学版), 2012,45(5): 1-6. | |
[8] | LIU Zheli, JIA Chunfu, LI Jingwei. Research on the Preserved Format Encryption Model[J]. Journal on Communications, 2011,32(6): 184-190. |
刘哲理, 贾春福, 李经纬. 保留格式加密模型研究[J]. 通信学报, 2011,32(6): 184-190. | |
[9] | WANG Peng, LUO Hong, LIU Jie. Format-preserving Encryption for Excel[EB/OL]. https://ieeexplore.ieee.org/document/7520934, 2016-07-28. |
[10] | LIU Zheli, JIA Chunfu, LI Jingwei. Research on the Format-preserving Encryption Techniques[J]. Journal of Software, 2012,23(1): 152-170. |
刘哲理, 贾春福, 李经纬. 保留格式加密技术研究[J]. 软件学报, 2012,23(1): 152-170. | |
[11] | MINOR M, HERBORN A, JORDAN D. Case-based Data Masking for Software Test Management[C]//The ICCBR 2018 Organizers. Case-based Reasoning Research and Development-26th International Conference, ICCBR 2018, July 9-12, 2018, Stockholm, Sweden. Cham, Switzerland: Springer International Publishing, 2018: 281-291. |
[12] | BLACK J, ROGAWAY P. Ciphers with Arbitrary Finite Domains[C]//Springer. Cryptographers Track at the RSA Conference on Topics in Cryptology, February 18, 2002, San José, CA, USA. Berlin, Heidelberg: Springer, 2002: 114-130. |
[13] | SPIES T. Feistel Finite Set Encryption Mode[EB/OL]. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem/ffsem-spec.pdf, 2020-09-07. |
[14] | BELLARE M, RISTENPART T, ROGAWAY P, et al. Format-preserving Encryption[J]. Lecture Notes in Computer Science, 2009,45(5): 295-312. |
[15] | BELLARE M, ROGAWAY P, SPIES T. The FFX Mode of Operation for Format-preserving Encryption[EB/OL]. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffx/ffxspec.pdf, 2020-09-07. |
[16] | BRUCE S, JOHN K. Unbalanced Feistel Networks and Block Cipher Design[C]//FSE 1996 Organizers. International Workshop on Fast Software Encryption, February 21-23, 1996, Cambridge, United Kingdom. Berlin, Heidelberg: Springer, 1996: 121-144. |
[17] | MOSES L, RIVEST RL, DAVID W. Tweakable Block Ciphers[C]//Springer. International Cryptology Conference, August 18-22, 2002,Santa Barbara, CA, USA. Berlin, Heidelberg: Springer, 2002: 31-46. |
[18] | ZHANG Baihui. Research on Reserved Format Encryption Technology for Big Data Release[D]. Beijing: Beijing University of Posts and Telecommunications, 2018. |
张百惠. 面向大数据发布的保留格式加密技术研究[D]. 北京:北京邮电大学, 2018. | |
[19] | DWORKIN W. NIST Special Publication 800-38G, Recommendation for Block Cipher Modes of Operation: Methods for Format-preserving Encryption[EB/OL]. http://dx.d oi.org/10.6028/NIST.SP.800-38G, 2016-08-04. |
[20] | GB/T 37964-2019. Information Security Technology Guidelines for the De-identification of Personal Information[S]. Beijing: China Standards Press, 2019. |
GB/T 37964-2019B/T 37964-2019.信息安全技术个人信息去标识化指南[S]. 北京: 中国标准出版社, 2019. |
[1] | 姜楠, 王玮琦, 王健. 基于智能合约的个人隐私数据保护方法研究[J]. 信息网络安全, 2020, 20(11): 22-31. |
[2] | 张晔. 电子身份认证与实名制制度安排的法律环境[J]. , 2011, 11(3): 0-0. |
阅读次数 | ||||||||||||||||||||||||||||||||||||||||||||||||||
全文 408
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
摘要 347
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||