Research On Several Key Technologies Of Data Security Exchange

With the development of Internet technology and national information construction, the classification and protection of important information systems have been basically completed. However, the information systems based on different demand and importance can’t be exchanged arbitrarily and the result of information silos is contrary to the exchange requirements in information construction. Therefore, in order to guarantee the security of information systems and the exchange of data and find a balance point between security and availability, the security exchange technology has emerged.Based on the anlysis of data security exchange demands and characteristics, several key technologies, such as the data security exchange trust chain model, the trust measurement of exchange process, the anomaly detection and signature protection on data source, have been deeply researchered. The main innovations of this paper are summarized as follows:1. Aimed at the lack of research on data security exchange theoretical model, a data security exchange trust chain transfer model based on the credible process is proposed. The model firstly abstracts system for process, operation and status output, and then defines the basic elements and the trust rules of data soure, static process and dynamic process. Secondly, it analyses the non-interference of running process and proves the security of the model, which establishes the foundation for data security exchange chain.2. Aimed at the attacks on exchange process, resulting in uncontrollable in the exchange process, a trust measurement of exchange process based on TMIB method is proposed. The method adds process executable files, dynamic link library, kernel modules and other environmental factors such as port, CPU into the exchange process behavior trace. Then a construction algorithm of the trust measurement information base TMIB based on external behavior trace is proposed. According to the TMIB, the trust of exchange process can be judged. The security analysis indicates that the method can detect common attack types, which acheieves the trust measurement of exchange process.3. Aimed at the lack of anomaly detection on exchange data source, an anomaly detection based on the characteristics of exchange data source structure, mainly PDF and XML format, is proposed. The main idea of PDF document anomaly detection is to analyse the logical and physical structure, use the breadth first search algorithm to form the structure path and the decision tree algorithm to establish the training model on given data, which can compelet the detection on unknown data. The main idea of XML document anomaly detection is to analyse the document tree, extract the full pathe vector, generate a m×n structure matrix and calculate the similarity between target document and compared document. Experimental results show that this method has higher detection accuracy rate and lower time cost, and can detect the structure of the potential difference between the characteristics of anomalous and benign document effectively, which is suitable for the anomaly detection on data source in data security exchange.4. Aimed at the problems of poor efficiency, too large rights and complexity secret key management in the exisiting signature scheme on exchange data source, an exchange data source signature method based on proxy re-signature is proposed. The method firstly proposes a new certificateless proxy re-signature scheme and then proves it to be existentially unforgeable in the standard model and its security can be stipulated as the difficulties of NGBDH and Many-DH assumption. Compared with the exisiting proxy re-signature schemes, this scheme has excellent performance in efficiency and security. The new cetificateless proxy re-signature solves the problem of key escrow and the need for public key certificates and is suitable to the characteristic of security exchange environment, which can achieve the signature protect of data source very well.