| Data circulation and sharing are the important means to stimulate data assets and promote the development of data resources,but they also pose significant challenges of data security and privacy protection.In the process of data circulation,there is a lack of traceability and supervision of data transactions,user performance,and other processes.And there is a problem of malicious users using illegal means to steal private data,which poses a threat to the security of private data.Therefore,based on technologies such as national cryptographic algorithms,blockchain,data traceability,and Merkle Mountains,this paper proposes a bidirectional authenticated encryption algorithm based on the national cryptography algorithms and a data provenance scheme based on Merkle Mountains.Besides,it designs and implements an authentication encryption system for traceability of data flow.The specific research work is as follows:1.Propose a bidirectional authenticated encryption algorithm based on the national cryptography algorithms.Aiming at the problems of data privacy disclosure and illegal user identities during data circulation and transactions,firstly,based on SM2 and SM3 cryptographic algorithms,a random number generator is used to generate unpredictable message authentication codes.Then,based on the difficult problem of ECDLP and ensuring the identity privacy,bidirectional authentication is achieved by using a two-round message interaction mode that allows both communication participants to mutually verify fresh message authentication codes.Finally,a shared key is negotiated by specifying a key seed,and an automatic key update mechanism is designed to achieve key synchronization between the two participants.The theoretical and experimental analysis show that the proposed authentication encryption algorithm can meet the security requirements of the algorithm,and the algorithm execution efficiency can meet practical application requirements.2.Propose a data provenance scheme based on Merkle Mountains.In order to solve the issues such as the safety,controllability and traceability of the data flow process,firstly,the traceability data is described as structured and serialized form based on the PROV data provenance model.Secondly,a dual zone storage structure is designed based on server and blockchain,which provides a safe and reliable storage environment for the traceability data.The serialized traceability data is stored in the blockchain through smart contracts.Then,a preamble data ID is added to the traceability data storage record to concatenate the associated traceability data to form a traceability chain.Lastly,the Merkle tree proof mechanism is introduced to verify whether the traceability data exists in the block,and the Merkle mountain proof mechanism is used to verify whether the blocks containing the traceability data exist in the blockchain,so as to achieve the traceability data to be inspectable,controllable,and traceable.3.Design and implement an authentication encryption system for the traceability of data flow.Based on the researched algorithms and solutions,according to the actual application requirements of data circulation transactions and combining mainstream development technologies such as Vue,SSM,and Nginx,an authentication encryption system for provenance of data flow is designed and implemented.The system includes five functional modules: registration and login,user management,authentication encryption,data security management,and data traceability.Through the test and analysis of the system,the results show that the system has achieved the expected results and can better ensure the application security of data in the circulation and transaction process. |
PDF Full Text Request