Security Analysis And Improvement For IHO S63 Data Protection Scheme

With the development of computer technology, various mature electronic chart display and information systems have been used in the field of navigation successfully. In order to improve the navigation safety, protect the legitimate rights and interests of Data Services, and ensure the security and time-validity of the electronic chart data, the International Hydrographic Organization developed the S63 data protection scheme.In the data protection scheme, ZIP compression algorithm is used to achieve the data transmission quickly, and the BlowFish encryption algorithm is applied to avoid the illegal copying of the electronic chart data. The CRC algorithm is employed to check the error of data transmission, while the SHA-1 algorithm and DSA digital signature algorithm is chosen to ensure the reliability of the data source. The IHO S63 Data protection scheme also strictly formulates the respective responsibilities and communication protocol of participants (such as Scheme Administrator SA, Original Equipment Manufacturer OEM, Data Service DS and Data client DC), so as to realize the electronic chart will be on operation safely and efficiently.With the detailed description of the data protection scheme, this paper uses the relevant knowledge of probability theory and mathematical statistics and computer password security,to analyze the security of the Blowfish cipher algorithm from statistical detection, algorithm loopholes, and the mode of block cipher algorithm. We make use of general attack and weak attack to discuss the DSA digital signature protocol in the principle theory and the key management to study the key transport protocol. By the BAN logic and Kailar logic, the security protocols of the S63 data protection scheme is analyze formally.After the security analysis of the data protection scheme is detailed at large, we find the potential security problem still exists. Then from the point of data security, we have the cryptography theory to put forward some improvement suggestions about the Blowfish's equivalent key, the information abstract length of the DSA digital signature algorithm, the exposed key of the key management protocol and identity authentication and accountability of the security protocol, which improves the safety efficiency. At the same time, by the involved part of probability theory and mathematical statistics and cryptography, we analyze and verify the scheme modified further.