信息网络安全 ›› 2019, Vol. 19 ›› Issue (12): 38-46.doi: 10.3969/j.issn.1671-1122.2019.12.005

• 技术研究 • 上一篇    下一篇

基于蜜罐加密算法的个人隐私数据保护

郭亚军, 蒲东齐()   

  1. 华中师范大学计算机学院,湖北武汉 430079
  • 收稿日期:2019-05-20 出版日期:2019-12-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:郭亚军(1965—),男,湖北,教授,博士,主要研究方向为信息安全;蒲东齐(1997—),男,海南,硕士研究生,主要研究方向为机器学习、隐私数据保护。

  • 基金资助:
    国家自然科学基金[61772224];中央高校基本科研业务费[CCNU19ZN008]

Privacy Data Protection Based on the Honey Encryption

Yajun GUO, Dongqi PU()   

  1. School of Computer, Central China Normal University, Wuhan Hubei 430079, China
  • Received:2019-05-20 Online:2019-12-10 Published:2020-05-11

摘要:

个人隐私数据的保护具有重要的意义。目前常使用基于口令的加密方法来保护个人隐私数据,该方法的安全性依赖于口令选择的强度,而用户往往会趋向于挑选简单的、易于预测的口令。当使用错误猜测的口令对消息进行解密时,该方法会输出无效的消息用以指示失败的攻击尝试,所以不能有效地抵御暴力攻击。因此,文章引入蜜罐加密算法来解决上述问题,在基于口令加密的基础上,引入分布式转换编码器的概念,当攻击者使用暴力穷举攻击对消息进行解密时,系统会提供看似有效的输出来迷惑攻击者。文章将蜜罐加密算法应用到个人电子钱包,以此来解决弱口令对于保护用户的银行卡账号及其密码的弱点问题。文章首先介绍蜜罐加密算法的基本思想;而后对该应用设计细粒度的消息空间以提供可信的引诱消息;首次引入机器学习的方法对蜜罐加密算法的安全性问题进行讨论。实验表明,蜜罐加密算法的安全性比现有基于口令加密算法的安全性更高,生成的引诱消息也足够难以区分。

关键词: 蜜罐加密, 分布式转换编码器, 隐私数据保护

Abstract:

It is significant to protect the people’s private data. There is a big vulnerability to password-based encryption, which is often used to protect privacy data, because the security of this scheme is depended on how to select a password. However, users tend to choose simple and easy-to-predict passwords. When decrypting a message with incorrect passwords, the algorithm will output invalid messages, and then indicates failed attempts. This means that it cannot effectively against the brute-force attack. Therefore, honey encryption can be used to solve the above problem. Base on password encryption, the system will output plausible-looking decoy messages to confuse attackers when decrypting a message with the exhaustive-key-search method by introducing the concept of the distribution-transforming encoder. In this paper, honey encryption was applied to protect the users’ digital wallets, which can solve the drawback of weak passwords when using in the users’ bank card accounts and their PIN. This paper begins by introducing the basic idea of honey encryption; Then, the message space was designed in more granular for the application to give more plausible false messages; Furthermore, machine learning methods were firstly used to discuss the security of this system. The result shows that the security of honey encryption is higher than the existing password-based encryption, and the decoy messages are also too difficult to distinguish.

Key words: honey encryption, distribution-transforming encoder, privacy data protection

中图分类号: