基于国产密码算法的云计算网络信息传输认证系统设计与实现
摘 要
随着云计算的发展,越来越多的应用都在使用云计算,然而,数据的隐私安全也变得格外重要,作为云计算服务的使用者,他们不希望自己的数据服务提供者所得到,只是借助云计算强大的计算和存储能力来帮助完成一些任务。如果服务使用者发送密文数据到相应的云上,云服务对密文进行运算,得到的密文结果再发送给服务使用者,服务使用者解密拿到的结果和直接使用明文进行相同的操作得到的结果是相同的,若密码算法具备这种性质,则称为同态加密算法,这也是目前解决云计算数据隐私安全最强有力的手段。
本课题主要对云计算环境下的网络信息传输认证系统的设计与实现,信息传输使用的国产密码算法需要具有同态性。主要研究的国产密码算法是非对称加密算法SM2,对称密码算法SM4,数字摘要算法SM3三种密码算法,先通过实验确定其是否具有同态性,再通过时间衡量其加解密的效率,最后选择合适的算法以及模式设计传输认证系统。
研究主要通过socket通信,通信双方分为发送者和接收者模拟用户和云服务器,发送者为用户端,接收者为服务端,对数据的加密操作在用户端进行,用户端再将加密后的数据通过网络发送给服务端,服务端对客户端传递来的数据进行某种计算,并且将得到的密文结果返回给客户端,客户端解密后拿到结果,再判断与使用明文进行相应计算得到的结果是否相同。通过此种方式模拟用户数据传输到云服务器,云服务进行只进行相应的计算操作,客户端拿到密文后解密得到明文的结果。
研究最后得出在国产加密算法SM4的ECB模式下,使用分割字符串的方法拿到的结果解密之后与明文运算的结果相同。
Design And Implementation Of Information Transmission And Authentication System In Cloud Computing Network Based On Domestic Cryptography Algorithm
Abstract
With the more and more scene use cloud computing, but the security of data has also become an very important problem. As users of cloud computing services, they do not want their data to be gotten by cloud computing providers, and they only want to use the powerful computing of cloud computing to help complete some problems. If the service users send the ciphertext data to the remote cloud, and the cloud service calculates result using the ciphertext and sends the ciphertext result to user. Users decrypt ciphertext result and get the plaintext result. It is the same as execute those operation on the plaintext directly. The cipher algorithm with this property is called homomorphic encryption algorithm. This is one powerful way to solve the problem of data security on the cloud.
In this paper, we mainly study how to design and implementation of transmission authentication system. Homomorphism is required for the domestic cryptographic algorithms used in information transmission.We mainly study some existing domestic cryptographic algorithms. They are SM2, SM3, and SM4. Firstly, we determine whether it has homomorphism by experiment, then measure the efficiency of encryption and decryption by time, and finally choose the appropriate algorithm and mode to design the transmission authentication system.
In this paper, I use socket to communication. Coding the socket of client and server independently, then encrypting the data in client, then client sends the encrypted data to server. Server calculates result, and returns the encrypted result to the client. Client decrypts the result, then judges if it is the same as using the corresponding operation in plaintext. In this way, It is simulated to transmit data to the cloud server, and the cloud service only performs the corresponding computing operation. The client gets the ciphertext result and decrypts it to get the plaintext result.
At last, it is concluded that under the ECB mode of the domestic encryption algorithm SM4, the result by using the method of splitting string is the same as result using plaintext to operate.
目 录
