Design And Implementation Of Document Secure Transmission System Based On State Secret

The promotion of the national secret series algorithm enhances the independent control ability of China ’ s industry information system.Document transmission is one of the important parts of information system.The application of national secret algorithm as the underlying technology in document transmission can make it safe,reliable and efficient.However,the document transmission scheme still faces the problems of weak document confidentiality,single document sender authentication mechanism and insufficient flexibility of user access rights.To solve the above problems,this thesis studies the secure,autonomous and controllable document transmission protection scheme based on the national secret algorithm from the perspective of the national commercial cipher algorithm.This paper focuses on the key issues of improving document security and ensuring multi-authentication of identity of both sides of document transmission by using national secret series algorithms.Based on national secret SM3,SM4 and SM9 algorithms,combined with ring signature,attribute encryption and SSL protocol and other related theories and technologies,a document security transmission system based on national secret is implemented.Specific research work is as follows :1.Construct a hybrid encryption and decryption and signature scheme based on state secret algorithm.Aiming at the problem of insufficient document security protection,a hybrid encryption and decryption scheme based on SM3,SM4 and SM9 algorithms is constructed.Firstly,the SM4 algorithm with high encryption and decryption efficiency and easy hardware and software implementation is used for symmetric encryption protection of documents.Secondly,the SM3 algorithm is used for integrity verification.Finally,the SM9 algorithm is used to manage the key.Because it has the advantage of no need to apply for digital certificates,it can effectively reduce the cost of managing the key.Hybrid encryption and decryption scheme can not only achieve self-control of document security,but also get higher degree of security redundancy ciphertext documents.A threshold ring signature scheme based on SM9 algorithm is proposed to solve the identity problem of real signers in hidden documents.Firstly,SM9 digital signature algorithm is used as the support of the underlying algorithm,and it is combined with the threshold ring signature.Secondly,SM4 algorithm is used to protect the confidentiality of the signature,and the time stamp that can verify the timeliness of the signature is cleverly embedded in the signature.Finally,it is proved in the random oracle model that the scheme has the unforgeability under the adaptive selection message attack.The proposed signature scheme not only retains the characteristics of ring signature,but also enhances the security of signature and improves the efficiency of signature generation stage and signature verification stage.2.Construct an authenticated document transmission scheme based on state secrets.Aiming at the problem of document access permission classification,firstly,SM3 algorithm is used to generate identity based on user attribute set.Secondly,according to the classified attribute of the document,SM9 is used as the underlying algorithm support.Finally,the attribute encryption protection of the document is carried out.It can achieve more flexible fine-grained access control and hierarchical encryption access management for documents;in order to solve the security authentication problem of the identity of both sides of the document transmission,the SSL protocol with higher security is used to ensure the safe communication of the document.Secondly,the identity based on the user attribute set is cleverly embedded in the random number segment of the first protocol packet.Finally,the LDAP server is used to authenticate the user identity.The identity authentication scheme based on national secret not only realizes hierarchical access to documents,but also realizes multiple verification of user identity,and further enhances the security of SSL protocol.3.Implementation of a document secure transmission system based on state secrets.Based on the research scheme and related technologies,a secure document transmission system based on national secret is designed and implemented according to the software design and development process by investigating the requirements of document transmission system.Based on the research of document hybrid encryption and decryption and signature scheme,the key management module,document management module and signature management module are designed and implemented.At the same time,based on the research foundation of user identity-based transmission scheme,user management module and attribute management module are designed and implemented.The system test analysis shows that the designed system can not only better meet the basic security requirements of the transmission document,but also realize the encryption protection,integrity authentication,fine-grained access control and multiple authentication of the identity of the transmission parties.