一种基于保形加密的大数据脱敏系统实现及评估

卞超轶; 朱少敏; 周涛

doi:10.11959/j.issn.1000-0801.2017059

您当前的位置：

首页 >

文章列表页 >

一种基于保形加密的大数据脱敏系统实现及评估

运营技术广角 | 更新时间：2024-06-05

- 一种基于保形加密的大数据脱敏系统实现及评估
- Implementation and evaluation of big data desensitization system based on format-preserving encryption
- 电信科学 2017年33卷第3期页码：119-125
- 作者机构：
  
  1. 北京启明星辰信息安全技术有限公司，北京100193
  2. 北京邮电大学，北京100876
- 作者简介：
  
  [ "卞超轶（1987-），男，北京启明星辰信息安全技术有限公司高级研究员，启明星辰博士后工作站——北京邮电大学博士后流动站联合培养博士后，主要研究方向为大数据自身安全、大数据安全分析等。" ]
  [ "朱少敏（1983-），男，北京启明星辰信息安全技术有限公司前线技术专家团成员，主要研究方向为电力系统信息安全、多媒体信息处理等。" ]
  [ "周涛（1979-），男，博士，北京启明星辰信息安全技术有限公司教授级高级工程师，主要研究方向为大数据安全分析、事件关联分析、入侵检测等。" ]
- 基金信息：
- DOI：10.11959/j.issn.1000-0801.2017059
  中图分类号： TP309.2
- 网络出版日期：2017-03，
  
  纸质出版日期：2017-03-20
- 稿件说明：
移动端阅览
卞超轶, 朱少敏, 周涛. 一种基于保形加密的大数据脱敏系统实现及评估[J]. 电信科学, 2017,33(3):119-125.

Chaoyi BIAN, Shaomin ZHU, Tao ZHOU. Implementation and evaluation of big data desensitization system based on format-preserving encryption[J]. Telecommunications science, 2017, 33(3): 119-125.
卞超轶, 朱少敏, 周涛. 一种基于保形加密的大数据脱敏系统实现及评估[J]. 电信科学, 2017,33(3):119-125. DOI： 10.11959/j.issn.1000-0801.2017059.

Chaoyi BIAN, Shaomin ZHU, Tao ZHOU. Implementation and evaluation of big data desensitization system based on format-preserving encryption[J]. Telecommunications science, 2017, 33(3): 119-125. DOI： 10.11959/j.issn.1000-0801.2017059.

摘要

数据脱敏，是指对数据中包含的一些涉及机密或隐私的敏感信息进行特殊处理，以达到保护私密及隐私信息不被恶意攻击者非法获取的目的。保形加密是众多数据脱敏技术的一种，但其具有保持原始数据格式不变的重要优势，从而在一定程度上对上层应用透明。随着大数据时代的到来以及Hadoop平台的广泛应用，传统的基于关系型数据库的数据脱敏技术已不能满足实际的生产需要。针对Hadoop大数据平台实现了一种基于保形加密的数据脱敏系统，支持对多种数据存储格式以及纯数字、纯字母或数字—字母混合等多种数据类型敏感数据的加密脱敏处理。然后对3种不同的实现方式进行了探讨，并开展了一系列实验对系统的加密脱敏性能进行详细的评估比较。

Abstract

Data desensitization is a process that makes some special transformations on sensitive data in order to protect the secrecy and privacy from being acquired by malicious attackers.Format-preserving encryption is one of the techniques of data desensitization

which has the advantage of keeping data format unchanged so that the upper layer applications are not affected.Along with the coming of big data and the wide application of the Hadoop platform

data desensitization techniques for traditional relational database management systems cannot satisfy the need of production. A data desensitization system based on format-preserving encryption for Hadoop platform was implemented

which provided the encryption support for multiple data storage formats and data value types. Moreover

three different sorts of implementations were discussed

and a series of experiments were carried out to evaluate the performance.

关键词

Keywords

references

BLACK J , ROGAWAY P . Ciphers with arbitrary finite domains [M ] . Berlin Heidelberg: Springer , 2002

SPIES T . Feistel finite set encryption mode [J/OL ] . NIST Proposed Encryption Mode . 2008 : 1 - 10 . ( 2008 - 01 - 24 )[ 2016 - 07 - 01 ] . https://static.aminer.org/pdf/PDF/000/217/259/about_feistel_schemes_with_six_or_more_rounds.pdf https://static.aminer.org/pdf/PDF/000/217/259/about_feistel_schemes_with_six_or_more_rounds.pdf .

BELLARE M , RISTENPART T , ROGAWAY P , et al . Format-preserving encryption [C ] // Selected Areas in Cryptography , March 4 - 9 , 2009 , Berlin, Germany. Berlin Heidelberg:Springer . 2009 : 295 - 312 .

BELLARE M , ROGAWAY P , SPIES T . The FFX mode of operation for format-preserving encryption [J ] . Unpublished Nist Proposal , 2010 , 136 ( 9 ): 633 .

BRIER E , PEYRIN T , STERN J . BPS: a format-preserving encryption proposal [J/OL ] . NIST submission , 2010 : 1 - 11 . ( 2010 - 04 - 04 )[ 2016 - 07 - 01 ] . http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/bps/bps-spec.pdf http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/bps/bps-spec.pdf .

DWORKIN M . Recommendation for block cipher modes of operation:methods for format-preserving encryption [J ] . NIST Special Publication , 2013 （ 800 ）: 38 .

刘哲理，贾春福，李经纬 . 保留格式加密模型研究 [J ] ．通信学报， 2011 , 32 ( 6 ): 184 - 190 .

LIU Z L , JIA C F , LI J W . Research on the format-preserving encryption modes [J ] . Journal on Communications , 2011 , 32 ( 6 ): 184 - 190 .

刘哲理，贾春福，李经纬 . 保留格式加密技术研究 [J ] ．软件学报， 2012 , 23 ( 1 ): 152 - 170 .

LIU Z L , JIA C F , LI J W . esearch on the format-preserving encryption techniques [J ] . Journal of Software , 2012 , 23 ( 1 ): 152 - 170 .

李敏，贾春福，李经纬 , 等 . 变长编码字符型数据的保留格式加密 [J ] ．吉林大学学报：工学版 2012 , 42 ( 5 ): 1257 - 1261 .

LI M , JIA C F , LI J W , et al . Format-preserving encryption for variable-length encoding character data [J ] . Journal of Jilin University ： Engineering and Technology Edition , 2012 , 42 ( 5 ): 1257 - 1261 .

李经纬，贾春福，刘哲理 , 等 . 基于k-分割Feistel网络的FPE方案 [J ] ．通信学报， 2012 , 33 ( 4 ): 62 - 68 .

LI J W , JIA C F , LIU Z L , et al . FPE scheme based on k-splits feistel network [J ] . Journal on Communications , 2012 , 33 ( 4 ): 62 - 68 .

HP ． HP security voltage [EB/OL ] . ( 2015 - 02 - 09 )[ 2016 - 03 - 01 ] . https://saas.hpe.com/en-us/software/voltage-data-encryption-%security https://saas.hpe.com/en-us/software/voltage-data-encryption-%security .

Apache Software Foundation ． Apache Hadoop [EB/OL ] . ( 2011 - 12 - 10 )[ 2016 - 07 - 01 ] . http://hadoop.apache.org/ http://hadoop.apache.org/ .

Apache Software Foundation ． Apache Spark [EB/OL ] . ( 2014 - 05 - 30 )[ 2016 - 07 - 01 ] . http://spark.apache.org/ http://spark.apache.org/ .

Pentaho ． Data integration-Kettle [EB/OL ] . ( 2009 - 05 - 14 )[ 2016 - 07 - 01 ] . http://community.pentaho.com/projects/data-integration/ http://community.pentaho.com/projects/data-integration/ .

Cloudera ． Cloudera CDH [EB/OL ] . ( 2012 - 10 - 12 )[ 2016 - 07 - 01 ] . http://www.cloudera.com/products/apache-hadoop/key-cdh-comp-%onents.html http://www.cloudera.com/products/apache-hadoop/key-cdh-comp-%onents.html .

Hortonworks ． HORTONW0RKS data platform（HDP） [EB/OL ] . ( 2012 - 11 - 30 )[ 2016 - 07 - 01 ] . http://hortonworks.com/products/data-center/hdp/ http://hortonworks.com/products/data-center/hdp/ .

浏览量

2149

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于区块链的多源网络大数据安全访问权限认证仿真

基于大数据的5G流量驻留比极限值研究

基于异构数据的电力短期负荷大数据预测方案

DT时代面向数据服务的新型基础设施架构

大数据安全特征与运营实践