基于蜜罐加密算法的个人隐私数据保护

doi:10.3969/j.issn.1671-1122.2019.12.005

摘要/Abstract

摘要：

个人隐私数据的保护具有重要的意义。目前常使用基于口令的加密方法来保护个人隐私数据,该方法的安全性依赖于口令选择的强度,而用户往往会趋向于挑选简单的、易于预测的口令。当使用错误猜测的口令对消息进行解密时,该方法会输出无效的消息用以指示失败的攻击尝试,所以不能有效地抵御暴力攻击。因此,文章引入蜜罐加密算法来解决上述问题,在基于口令加密的基础上,引入分布式转换编码器的概念,当攻击者使用暴力穷举攻击对消息进行解密时,系统会提供看似有效的输出来迷惑攻击者。文章将蜜罐加密算法应用到个人电子钱包,以此来解决弱口令对于保护用户的银行卡账号及其密码的弱点问题。文章首先介绍蜜罐加密算法的基本思想;而后对该应用设计细粒度的消息空间以提供可信的引诱消息;首次引入机器学习的方法对蜜罐加密算法的安全性问题进行讨论。实验表明,蜜罐加密算法的安全性比现有基于口令加密算法的安全性更高,生成的引诱消息也足够难以区分。

关键词: 蜜罐加密, 分布式转换编码器, 隐私数据保护

Abstract:

It is significant to protect the people’s private data. There is a big vulnerability to password-based encryption, which is often used to protect privacy data, because the security of this scheme is depended on how to select a password. However, users tend to choose simple and easy-to-predict passwords. When decrypting a message with incorrect passwords, the algorithm will output invalid messages, and then indicates failed attempts. This means that it cannot effectively against the brute-force attack. Therefore, honey encryption can be used to solve the above problem. Base on password encryption, the system will output plausible-looking decoy messages to confuse attackers when decrypting a message with the exhaustive-key-search method by introducing the concept of the distribution-transforming encoder. In this paper, honey encryption was applied to protect the users’ digital wallets, which can solve the drawback of weak passwords when using in the users’ bank card accounts and their PIN. This paper begins by introducing the basic idea of honey encryption; Then, the message space was designed in more granular for the application to give more plausible false messages; Furthermore, machine learning methods were firstly used to discuss the security of this system. The result shows that the security of honey encryption is higher than the existing password-based encryption, and the decoy messages are also too difficult to distinguish.

Key words: honey encryption, distribution-transforming encoder, privacy data protection

中图分类号:

TP309

郭亚军, 蒲东齐. 基于蜜罐加密算法的个人隐私数据保护[J]. 信息网络安全, 2019, 19(12): 38-46.

Yajun GUO, Dongqi PU. Privacy Data Protection Based on the Honey Encryption[J]. Netinfo Security, 2019, 19(12): 38-46.

图/表 11

表1

图1

图2

图3

图4

图5

表2

图6

表3

图7

图8

参考文献 19

[1]	BONNEAU J.The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords[C]//IEEE. 2012 IEEE Symposium on Security and Privacy, May 20-23, 2012, San Francisco, California, USA. New York: IEEE, 2012: 538-552.
[2]	KU Weichi, CHEN Shuaimin.Weaknesses and Improvements of an Efficient Password Based Remote User Authentication Scheme Using Smart Cards[J]. IEEE Transactions on Consumer Electronics, 2004, 50(1): 204-207.
[3]	JUELS A, RISTENPART T.Honey Encryption: Security Beyond the Brute-Force Bound[C]//Springer. 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 11-15, 2014, Copenhagen, Denmark. Heidelberg: Springer, 2014: 293-310.
[4]	JUELS A, RIVEST R L.Honeywords: Making Password-Cracking Detectable[C]//ACM. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, November 04-08, 2013, Berlin, Germany. New York: ACM, 2013: 145-160.
[5]	ERGULER I.Achieving Flatness: Selecting the Honeywords from Existing User Passwords[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 13(2): 284-295.
[6]	RAO S.Data and System Security with Failwords: U.S. Patent Application 11/039, 577[P].2006-7-20.
[7]	YOU Jianzhou, ZHANG Yueyang, LV Shichao, et al.Method of ICS Honeypot Identification Based on Packet-Sharding[J]. Journal of Cyber Security, 2019, 4(3):83-92.
	游建舟,张悦阳,吕世超,等. 基于数据包分片的工控蜜罐识别方法[J]. 信息安全学报,2019,4(3):83-92.
[8]	BOJINOV H, BURSZTEIN E, BOYEN X, et al.Kamouflage: Loss-Resistant Password Management[C]// Springer. European Symposium on Research in Computer Security, September 20-22, 2010, Athens, Greece. Heidelberg: Springer, 2010: 286-302.
[9]	GENC Z A, KARDAŞ S, KIRAZ M S.Examination of a New Defense Mechanism: Honeywords[C]//Springer. IFIP International Conference on Information Security Theory and Practice, September 28-29, 2017, Heraklion, Crete, Greece. Heidelberg: Springer, 2017: 130-139.
[10]	YUILL J, ZAPPE M, DENNING D, et al.Honeyfiles: Deceptive Files for Intrusion Detection[C]//IEEE. Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, June 10-11, 2004, West Point, NY, USA. New York: IEEE, 2004: 116-122.
[11]	VINAYAK P P, NAHALA M A.Avoiding Brute Force Attack in MANET Using Honey Encryption[J]. International Journal of Science and Research, 2015, 4(3): 83-85.
[12]	TYAGI N, WANG J, WEN K, et al. Honey Encryption Applications[EB/OL]. , 2019-4-30.
[13]	YIN Wei, ZHOU Hongjian, XING Guoqiang.Application of Honey Encryption Mechanism in Protection of Private Data[J]. Journal of Computer Applications, 2017, 37(12): 3406-3411.
	银伟,周红建,邢国强. 蜜罐加密技术在私密数据保护中的应用[J]. 计算机应用,2017,37(12):3406-3411.
[14]	HUANG Z, AYDAY E, FELLAY J, et al.GenoGuard: Protecting Genomic Data Against Brute-Force Attacks[C]//IEEE. 2015 IEEE Symposium on Security and Privacy, May 17-21, 2015, San Jose, CA, USA. New York: IEEE, 2015: 447-462.
[15]	YOON J W, KIM H, JO H J, et al.Visual Honey Encryption: Application to Steganography[C]//ACM. Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 17-19, 2015, Portland, Oregon, USA. New York: ACM, 2015: 65-74.
[16]	JAEGER J, RISTENPART T, TANG Q.Honey Encryption Beyond Message Recovery Security[C]//Springer. Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 8-12, 2016, Vienna, Austria. Heidelberg: Springer, 2016: 758-788.
[17]	CORON J S, DODIS Y, MANDAL A, et al.A Domain Extender for the Ideal Cipher[C]//Springer. Theory of Cryptography Conference, February 9-11, 2010, Zurich, Switzerland. Heidelberg: Springer, 2010: 273-289.
[18]	NICK. PIN Number Analysis[EB/OL]. , 2019-4-30.
[19]	BELLARE M, RISTENPART T, TESSARO S.Multi-instance Security and Its Application to Password-based Cryptography[C]//Springer. Annual Cryptology Conference, August 19-23, 2012, Santa Barbara, CA, USA. Heidelberg: Springer, 2012: 312-329.

技术	HE	HE with AES(CBC)	HE with AES(ECB)	HE with Blowfish(CBC)	HE withBlowfish(ECB)
时间消耗/ms	1466.532	1861.284	1503.496	1470.209	1472.058
内存消耗/MB	10.5859375	10.65234375	10.62890625	10.59515625	10.59765625