Design And Implementation Of Key Management Server Based On Content Associated Key Technology

In recent years,with the rapid development of big data technology and application,big data security has become a hot technology.Using cryptography to enhance data security is a common method.In the field of big data,the traditional encryption technology(symmetric encryption/asymmetric encryption,etc.)has some limitations.On the one hand,the encryption mode of the traditional encryption mechanism is relatively fixed and the update is slow.In the environment of massive data files and large-scale users,there is a certain degree of security risk due to the encryption technology with a fixed pattern for a long period of time.On the other hand,traditional encryption mechanisms rely on computational complexity.As supercomputing becomes more powerful,traditional encryption mechanisms require longer keys to achieve higher-intensity encryption,but at the same time,higher computational costs.Content-associated key technology is a new encryption technology different from traditional encryption technology.The idea is to separate clear-text data into main data and sensitive data.The sensitive data is extracted as a key,and the remaining main data is treated as a ciphertext.There is a one-to-one correspondence between the key and the ciphertext and the key contains the important data of the plaintext.Ciphertext is difficult to be brute-forced without the key.The discrete nature of the ciphertext guarantees the discrete type of the key and solves the problem of fixed encryption mode.At the same time,the operation of the key extraction does not depend on the computational complexity and solves the contradiction between the encryption strength and the calculation cost.However,under the content-associated key technology,when the number of users and the number of encrypted files increase,the management of massive keys will be a very difficult problem.If manual management is adopted,there will be issues such as safety and practicality.Therefore,it is very necessary to design and implement a special key management system to manage massive keys.Based on the above actual requirements,a key management server is designed and implemented to organizes and manages the massive keys generated under the content-associated key technology,solve problems such as distribution,storage,and backup faced by mass key management,and provides technical support for the applicationof content-associated key technology.A new encryption algorithm is designed based on the content-associated key technology,while at the same time combining the specific characteristics of the key for encrypting the content-associated key to ensure that it is stored safely.In the security authentication,the token-based mechanism is adopted to implement user authorization and authentication suitable for distributed environment.In the system architecture design,the horizontal extension technology is applied to solve the inherent problem of high coupling in a single-system,so that the system has a certain degree of scalability.At the same time,it adopts the model of service subscription and publishing,and combine vertical replication technologies to ensure high availability of system function modules.The database is based on active and standby modes to ensure high availability.Finally,through the test and verification of the system function module,it is shown that the key management server can assume the responsibility of key management for the application of content-associated key technology.