基于SM9密码算法的大数据完整性保护方案  

作　　者：边杏宾 胡志勇[1,2] 马俊明 胡耀华[1] Bian Xingbin;Hu Zhiyong;Ma Junming;Hu Yaohua(CETC Pengyue Electronic Technology Co.,Ltd.,Taiyuan 030032,China;The 33rd Research Institute of China Electronics Technology Group Corporation,Taiyuan 030032,China)

机构地区：[1]中电科鹏跃电子科技有限公司,山西太原030032 [2]中国电子科技集团公司第三十三研究所,山西太原030032

出　　处：《网络安全与数据治理》2023年第4期51-55,共5页CYBER SECURITY AND DATA GOVERNANCE

基　　金：工业和信息化部大数据产业发展试点示范项目(20210446)。

摘　　要：大数据是众多智能分析决策应用的基础,大数据的部分损毁和缺失会导致所蕴含信息不完整,造成分析决策的偏差甚至严重错误。云计算平台为大数据的存储、使用提供了基础支撑,但在这种环境中,大数据脱离了所有者的直接监管,增加了众多大数据相关方,导致大数据的完整性安全风险增加。针对这一问题,基于国家密码标准SM9设计了一套大数据全生命期完整性保护方案。该方案针对大数据的全生命周期进行数据完整性审计,发现大数据完整性问题,并对数据完整性责任溯源。分析了云上大数据全生命期中的参与者,在SM9标准算法基础上,针对云上大数据应用场景中数据流转过程,设计了多用户有序链式签名和验证方案,改进了签名和验签过程以及相关计算步骤,建立起大数据在流转过程中的完整性验证机制和完整性问题的溯源机制。Big data is the basis of many intelligent analysis and decision applications.Partial damage and loss of big data will lead to incomplete information,resulting in deviation and even serious errors in analysis and decision making.Cloud computing platform provides basic support for the storage and use of big data.However,in this environment,big data is separated from the direct supervision of the owner,and many big data related parties are added,leading to an increase in the integrity and security risks of big data.To solve this problem,a set of big data life-cycle integrity protection scheme is designed based on the national password standard SM9.The scheme conducts data integrity audit for the whole life cycle of big data,finds the integrity problems,and traces the responsibility for data integrity.The participants in the whole life of cloud big data are analyzed.Based on the SM9 standard algorithm,a multi-user orderly chain signature and verification scheme is designed for the data circulation process in cloud big data application scenarios.The signature and signature verification process and related calculation steps are improved,and the integrity verification mechanism and the traceability mechanism of integrity problems in the circulation process of big data are established.

关 键 词：大数据 国产IBC密码 有序链式签名 完整性保护 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]