ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (7): 1488-1497.doi: 10.7544/issn1000-1239.2019.20180745

• 信息安全 • 上一篇    下一篇

面向数字型的轻量级保形加密算法研究

刘波涛1,2,3,彭长根1,2,3,吴睿雪1,3,丁红发3,4,谢明明3   

  1. 1(贵州大学计算机科学与技术学院 贵阳 550025);2(中国电子科技集团大数据研究院有限公司 贵阳 550081);3(公共大数据国家重点实验室(贵州大学) 贵阳 550025);4(贵州财经大学信息学院 贵阳 550025) (teslal0505@foxmail.com)
  • 出版日期: 2019-07-01
  • 基金资助: 
    国家自然科学基金项目(U1836205,61662009,61772008);贵州省科技计划项目(黔科合重大专项字[2018]3001,黔科合重大专项字[2018]3007,黔科合重大专项字[2017]3002,黔科合基础[2017]1045,黔科合支撑[2016]2315);衡阳师范学院智能信息处理与应用湖南省重点实验室开放基金项目(IIPA18K02)

Lightweight Format-Preserving Encryption Algorithm Oriented to Number

Liu Botao1,2,3, Peng Changgen1,2,3, Wu Ruixue1,3, Ding Hongfa3,4, Xie Mingming3   

  1. 1(College of Computer Science and Technology, Guizhou University, Guiyang 550025);2(Big Data Research Institute Co., Ltd., China Electronic Technology Group Corporation Ltd., Guiyang 550081);3(State Key Laboratory of Public Big Data (Guizhou University), Guiyang 550025);4(College of Information, Guizhou University of Finance and Economics, Guiyang 550025)
  • Online: 2019-07-01

摘要: 物联网的大规模普及应用引发了诸多安全和隐私问题.轻量级加密是资源受限环境下物联网设备保证数据机密性的主要手段,然而直接应用轻量级分组密码加密会因为编码序列的混淆扩散使密文格式发生巨大变化,在表现形式和格式上与明文不一致,需要额外的存储、计算、回显资源.轻量级保形加密算法可以在实现机密性的同时,保持密文数据与明文数据在格式上具有一致性,在物联网领域具有更大的优势.针对现有保形加密算法存在实现效率不高、资源消耗较大及不能加密较长数字型数据的问题,提出一种面向数字型的轻量级保形加密算法.首先利用轻量级分组密码算法构造数字型置换表,数字型明文与轻量级分组密码的加密密钥进行一一对应相加、取模10操作,再利用数字型置换表进行置换加密操作,得到数字型密文数据.算法实现了对任何长度数字型数据加密前后的格式不改变,分析表明该算法在效率、安全性方面与原轻量级分组密码算法保持一致.同时,实验结果表明:相比传统的保形加密算法,该算法具有高安全、高效、低资源,适用于资源受限环境下物联网设备的数据加密存储及数据遮蔽.

关键词: 轻量级分组密码, 保形加密, 数字型数据, 物联网, 数据遮蔽

Abstract: The Internet of things (IoT), which has been widespread and large-scale applied, arises more and more security and privacy issues. Lightweight encryption is an important measurement for ensuring confidentiality for devices of IoT, in where the computing, storage and energy resources are always limited. However, the shallow application of lightweight block cipher will change the format of ciphertext tremendously due to confusion and diffusion operations. These changes make the ciphertext inconsistent with plaintext in expressive form and format, and lead to require extra storage, computation and redisplay resources. Lightweight format-preserving encryption algorithm can ensure data confidentiality while maintaining the format consistency between ciphertext and plaintext, and these features benefit to IoT greatly. Aiming at the problems that the traditional format-preserving encryption algorithm performs inefficiently, consumes many resources, and cannot encrypt length numeric data, a lightweight format-preserving encryption algorithm oriented to number is proposed in this work. Firstly, a numeric typed permutation table is constructed by using lightweight block cipher algorithm; then the numerical plaintext is added to the key of lightweight block cipher in one-to-one correspondence, and the modulo 10 operation is performed; at last, replacement cryptographic operation is performed to obtain the numerical ciphertext by using the proposed the numeric typed replacement table. The proposed algorithm preserves the format for any numerical data with arbitrary length, and it’s also consistent with the original lightweight block cipher in terms of efficiency and security. By comparing with traditional format-preserving encryption, the experimental result shows that the proposed algorithm is more security, more efficient and more lowly lower resource-consuming. It is suitable for secure storage and data marking of numerical data in resource-constrained environment devices of IoT.

Key words: lightweight block cipher, format-preserving encryption, numeric data, Internet of things (IoT), data marking

中图分类号: