Dynamic Keys Based Sensitive Information System

摘要

Protecting sensitive information systems from security threats such as unauthorised access, information eavesdropping and information interfering, is significant. Most of the natural approaches employ strong authentication or cryptography systems to protect critical data. But those approaches do not stress on the potential amount of risks associated with sensitive information, especially the vulnerability from compromising of long term cryptographic keys and the lack of fine gained access control. Therefore, in this paper, a dynamic key theory based secure sensitive information system is proposed, which integrates dynamic keys with raw data to protect sensitive information; and the system also uses the keys to secure communication and enhance access control. A formal analysis is provided to verify the security of the proposed work. It shows that the proposed system guarantees critical information data security and access control flexibility. In addition, by using two sets of dynamic keys, fraud detection and prevention is achieved in the proposed system.