Disclosure of Invention
The present invention has been made in view of the above-described problems occurring in the prior art.
Therefore, the invention provides a file transmission protection method based on a multiple encryption algorithm, which solves the problems of insufficient data sensitivity identification, inflexible encryption protection and low steganography embedding efficiency in the file transmission process.
In order to solve the technical problems, the invention provides the following technical scheme:
In a first aspect, the present invention provides a file transmission protection method based on a multiple encryption algorithm, which includes selecting a target file to be transmitted and performing preprocessing to generate a file fragment;
Analyzing the sensitivity of each file fragment, and performing hierarchical encryption processing to obtain an encrypted fragment set;
selecting a steganographic carrier file, embedding the encrypted fragments into the carrier file, and generating a steganographic index table;
Generating a dynamic session key based on the confusion key pool, encrypting the steganographic file transmission layer and embedding dynamic key generation parameters;
The receiving end decrypts the transmission layer data to extract the steganographic file and decrypts according to the session key formed by the transmission report Wen Tousheng;
And reorganizing the decrypted and restored fragment data into a complete file according to the identifier sequence, and verifying whether the file is damaged through integrity verification to obtain a verification result.
As an optimal scheme of the file transmission protection method based on the multiple encryption algorithm, the method comprises the steps of selecting a target file to be transmitted, preprocessing the target file, generating file fragments,
The user selects a target file to be transmitted, performs format verification on the target file, and judges whether the target file belongs to a supported file type set;
Detecting the size of the target file based on the format verification result;
slicing the detected oversized file according to a fixed size, and determining the total number of required slices;
sequentially extracting data fragments from the file according to the determined total number of fragments to generate a fragment set;
each tile in the set of tiles is assigned a unique identifier and the tile order and size are recorded.
As a preferable scheme of the file transmission protection method based on the multiple encryption algorithm, the method comprises the steps of analyzing the sensitivity of each file fragment, performing hierarchical encryption processing to obtain an encrypted fragment set,
Loading a sensitive keyword list and a user configured sensitivity level threshold Sth from a sensitivity rule database;
keyword matching and context analysis are carried out on the content of each fragment in the fragment set, sensitivity scores of the fragments are calculated, and the expression is as follows:
Wherein, S [ i ] represents the sensitivity score of the ith fragment, i represents the fragment index, j represents the sensitive keyword index, m represents the total number of sensitive keywords, wj represents the weight of the jth sensitive keyword, A [ i ] represents the total byte number of the ith fragment, Oj (A [ i ] represents the number of times the jth sensitive keyword appears in the ith fragment;
classifying the fragments according to the sensitivity scores;
When S [ i ] is not less than Sth, marking the fragments as high-sensitivity fragments, and when S [ i ] is less than Sth, marking the fragments as low-sensitivity fragments;
Performing double encryption on the fragments marked as high sensitivity by adopting an elliptic curve encryption algorithm and an AES-256 symmetric encryption method;
performing single-layer encryption on the fragments marked as low sensitivity by adopting AES-128 symmetric encryption;
And packaging the encrypted high-sensitivity fragments and the encrypted low-sensitivity fragments, and adding encryption marks and fragment metadata information for each encrypted fragment to obtain an encrypted fragment set.
As a preferable scheme of the file transmission protection method based on the multiple encryption algorithm, the method comprises the steps of selecting a steganographic carrier file, embedding encrypted fragments into the carrier file, generating a steganographic index table,
Loading a steganography carrier file library, extracting metadata of each file in the carrier file library, and generating a carrier information table;
Extracting the size of each encrypted fragment from the encrypted fragment set, and dynamically matching the carrier files in the carrier information table for each encrypted fragment according to the carrier allocation rule;
Embedding the encrypted fragments into specific positions of the carrier files by adopting a steganography algorithm for each encrypted fragment and the carrier files matched with the encrypted fragments;
after the steganography is completed, a steganography index table is generated for each embedded fragment completed.
As a preferable scheme of the file transmission protection method based on the multiple encryption algorithm, the method comprises the steps of generating a dynamic session key based on a mixed key pool, encrypting a steganographic file transmission layer and embedding dynamic key generation parameters,
Acquiring a current time stamp and a dynamic operation mode of a user, and generating a unique device fingerprint identifier based on hardware characteristics of transmitting end devices;
the hash function and the encryption algorithm are adopted to carry out confusion processing on the obtained current timestamp, the dynamic operation mode of the user and the generated unique equipment fingerprint identifier, and a dynamic key seed is generated, wherein the expression is as follows:
Seedkey=HMAC-SHA256(Tcurrent||Fdevice||Buser,Kstatic);
wherein Seedkey represents a dynamic key Seed, Tcurrent represents a current timestamp, Buser represents a dynamic operation mode of a user, Fdevice represents a fingerprint identifier of a unique device, HMAC represents a hash-based message authentication code, SHA256 represents mapping of arbitrary length input data to a fixed length 256-bit output value, and Kstatic represents a secure static root key;
the pseudo-random key is extracted from the dynamic key seed by adopting a key derivation function, and the expression is as follows:
PRK=HMAC-SHA256(Seedkey,Kstatic);
wherein PRK represents a pseudorandom key;
the pseudo-random key is converted into a dynamic session key with the required length, and the expression is as follows:
Ksession=HKDF-Expand(PRK,info,L);
Wherein Ksession represents a dynamic session key, HKDF-Expand represents a key of a required length generated from a pseudo-random key, info represents optional context information, and L represents a length of the required session key;
Starting a transmission layer encryption session, and transmitting and encrypting the steganographic file in the steganographic index table through a transmission layer encryption channel by using the generated dynamic session key;
during transmission, a dynamic key seed in the dynamic key is embedded in each transmission header.
As a preferred scheme of the file transmission protection method based on the multiple encryption algorithm, the method comprises the following steps that a receiving end decrypts a transmission layer data extraction steganographic file according to a session key formed by a transmission report Wen Tousheng and decrypts,
After receiving the steganographic file transmitted by encryption, the receiving end analyzes the dynamic key seed in the transmission message header and generates a dynamic session key through a logic and key pool consistent with the transmitting end;
Decrypting the encrypted transport layer data by using the generated dynamic session key, and extracting a steganographic file;
Extracting an embedded steganography index table from the decrypted steganography file, loading a corresponding steganography carrier file according to the steganography index table, and extracting metadata of the carrier file from the steganography carrier file;
Extracting the slice data from the pixel data by using a least significant bit anti-embedding algorithm;
extracting fragment data from the frequency domain coefficient by a discrete cosine transform inverse transformation algorithm;
verifying whether the extracted fragment data is complete and correct by using the fragment identifier;
selecting a corresponding decryption algorithm according to the sensitivity marks of the fragments, and decrypting the fragment data one by one;
comparing the decrypted fragment data with the fragment identifier, and verifying the integrity of the decrypted data.
As a preferable scheme of the file transmission protection method based on the multiple encryption algorithm, the invention comprises the steps of reorganizing decrypted and restored fragment data into a complete file according to an identifier sequence, verifying whether the file is damaged through integrity verification, obtaining a verification result,
Extracting all the fragment data from the decrypted fragment data, and carrying out ascending sort by adopting a quick sort algorithm;
Creating a file buffer area, and sequentially writing the sequenced segmented data into the buffer area to obtain a recombined file;
carrying out hash calculation on a buffer area of the reconstructed file by using an SHA-256 algorithm to generate a check value of the complete file;
Comparing the generated complete file check value with the original file check value to obtain a check result;
when the verification is passed, writing the recombined file buffer into a disk to generate a final original file;
when the verification fails, an error message is returned and the user is prompted to retransmit the relevant fragment.
In a second aspect, the present invention provides a file transfer protection system based on multiple encryption algorithms, comprising,
The file preprocessing module is used for selecting a target file to be transmitted and preprocessing the target file to generate file fragments;
the slicing encryption module analyzes the sensitivity of each file slicing and performs layered encryption processing to obtain an encrypted slicing set;
the steganography embedding module selects a steganography carrier file, embeds the encrypted fragments into the carrier file, and generates a steganography index table;
The key generation module is used for generating a dynamic session key based on the confusion key pool, encrypting the steganographic file transmission layer and embedding dynamic key generation parameters;
the receiving end generates a session key according to the transmission report Wen Tousheng, decrypts the transmission layer data, extracts the steganographic file and decrypts the steganographic file;
and the file reorganization module reorganizes the decrypted and restored fragment data into a complete file according to the identifier sequence, and verifies whether the file is damaged through integrity verification to obtain a verification result.
In a third aspect, the invention provides a computer device comprising a memory and a processor, the memory storing a computer program, wherein the computer program when executed by the processor implements any step of the multiple encryption algorithm based file transfer protection method according to the first aspect of the invention.
In a fourth aspect, the present invention provides a computer readable storage medium having a computer program stored thereon, wherein the computer program when executed by a processor implements any step of the file transfer protection method based on multiple encryption algorithms according to the first aspect of the present invention.
The method has the advantages that the normative of the transmission file is ensured through format check sum size detection, the oversized file is fragmented, the supporting capacity of the large-scale file is enhanced, the sensitivity analysis mechanism is utilized to dynamically encrypt the fragmented content in a layering mode, the encryption efficiency is optimized while the safety is improved, the efficient embedding of the fragmented data and the generation of a steganographic index table are realized through dynamic matching of the steganographic carrier file, the concealment and the suitability in the transmission process are ensured, a dynamic session key is generated through an confusion key pool, the key generation parameters are dynamically embedded, the randomness and the attack resistance of the session key are enhanced, the steganographic file is restored through the dynamic key, the fragmented data is extracted, the corresponding decryption algorithm is selected through the sensitivity mark, the high efficiency and the accuracy of data decryption are ensured, whether the file is tampered or lost is verified through rapid sequencing of the re-fragmented data, and the integrity and the reliability of the transmission file are ensured.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
Embodiment 1, referring to fig. 1 and 2, is a first embodiment of the present invention, and this embodiment provides a file transmission protection method based on multiple encryption algorithms, including the following steps:
s1, selecting a target file to be transmitted, preprocessing the target file, and generating file fragments.
S1.1, selecting a target file to be transmitted by a user, performing format verification on the target file, and judging whether the target file belongs to a supported file type set.
Specifically, the file format verification refers to detecting whether the format of the file is legal, performing format verification by reading the file header identifier, returning error information and terminating operation if the file format is not supported, and entering the next process if the file format is legal.
S1.2, detecting the size of the target file based on the format verification result.
Specifically, file size detection refers to reading the size of a file, setting a size threshold, judging whether the size of the file is larger than the threshold, if the size of the file is smaller than or equal to the size threshold, directly entering an encryption process of the next step without slicing, and if the size of the file is larger than the size threshold, entering a slicing process.
S1.3, slicing the detected oversized file according to a fixed size, and determining the total number of required slices.
Specifically, the total number of slices is based on the ratio of the total number of bytes of the file to a single slice, and a rounding-up operation is taken for the size of the ratio.
S1.4, sequentially extracting data fragments from the file according to the determined total number of fragments to generate a fragment set, distributing a unique identifier for each fragment in the fragment set, and recording the sequence and the size of the fragments.
Specifically, the generation of the identifier is to generate a unique identifier by calculating a hash value of the content of each piece, and the hash value of each piece is calculated by adopting an SHA-256 algorithm, wherein the output of the SHA-256 algorithm is a fixed 256-bit (32-byte) character string, the content of each piece is different, and the hash value is unique.
S2, analyzing the sensitivity of each file fragment, and performing hierarchical encryption processing to obtain an encrypted fragment set.
Loading a sensitive keyword list and a sensitivity level threshold Sth configured by a user from a sensitivity rule database, carrying out keyword matching and context analysis on the content of each fragment in the fragment set, and calculating the sensitivity score of the fragment, wherein the expression is as follows:
Wherein, S [ i ] represents the sensitivity score of the ith fragment, the higher the score is, the more sensitive the fragment is, the more strictly the encryption protection is received, i represents the fragment index, j represents the sensitive keyword index, m represents the total number of sensitive keywords, wj represents the weight of the jth sensitive keyword, A [ i ] represents the total byte number of the ith fragment, Oj (A [ i ] represents the number of times the jth sensitive keyword appears in the ith fragment, the more the number of times is used for counting the actual appearance frequency of each keyword in the fragment, and the higher the contribution of the keyword to the sensitivity score is;
classifying fragments according to sensitivity score, marking fragments as high sensitivity fragments when S [ i ] is greater than or equal to Sth, marking fragments as low sensitivity fragments when S [ i ] is less than Sth, performing double encryption on the fragments marked as high sensitivity by adopting elliptic curve encryption algorithm and AES-256 symmetric encryption method, performing single-layer encryption on the fragments marked as low sensitivity by adopting AES-128 symmetric encryption, packaging the encrypted high sensitivity fragments and low sensitivity fragments, and adding encryption mark and fragment metadata information for each encrypted fragment to obtain an encrypted fragment set.
S3, selecting a steganographic carrier file, embedding the encrypted fragments into the carrier file, and generating a steganographic index table.
S3.1, loading a steganography carrier file library, extracting metadata of each file in the carrier file library, and generating a carrier information table.
Specifically, the steganographic carrier file library includes a picture file, an audio file, and a video file.
Picture files (e.g., JPEG, PNG) suitable for pixel level embedding, supporting LSB steganography algorithm.
Audio files (e.g.mp3, WAV) are suitable for frequency domain embedding, e.g. modifying low frequency coefficients.
Video files (e.g., MP4, AVI) are suitable for intra-frame embedding, supporting DCT or motion vector modification.
The metadata includes file name, file type, and embeddable capacity.
S3.2, extracting the size of each encrypted fragment from the encrypted fragment set, and dynamically matching the carrier files in the carrier information table for each encrypted fragment according to the carrier allocation rule.
Specifically, the operation of dynamically matching the carrier file in the carrier information table for each encrypted fragment according to the carrier allocation rule is as follows:
And when the size of the encrypted fragments is larger than the embeddable capacity in the carrier file, dividing the encrypted fragments into a plurality of sub-fragments, wherein the size of each sub-fragment does not exceed the capacity of a single carrier.
S3.3, embedding the encrypted fragments into specific positions of the carrier files by using a steganography algorithm for each encrypted fragment and the carrier files allocated to the encrypted fragments, and generating a steganography index table for each embedded fragment after steganography is completed.
In particular, the steganography algorithm includes LSB (least significant bit) steganography algorithm applicable to a picture carrier and DCT (discrete cosine transform) steganography algorithm applicable to an audio/video carrier.
The LSB (LEAST SIGNIFICANT Bit) steganography algorithm realizes data embedding by modifying the least significant Bit of the picture pixel, has small change amplitude and is not perceived by naked eyes, and the specific embedding steps are as follows:
Reading the allocated picture carrier, extracting the pixel data, embedding the bit stream into the least significant bit of the pixels according to the sequence, and embedding the kth pixel to obtain an embedded pixel value, wherein the expression is as follows:
Pk=(Pk&254)|b;
Wherein, P'k represents the k pixel value after embedding, Pk represents the k pixel value before embedding, b represents a bit in the bit stream to be embedded, k represents the index number of the pixel, and represents bitwise operation.
The DCT (discrete cosine transform) steganography algorithm implements data embedding by modifying the frequency domain coefficients of the carrier, typically by performing a transform operation on the audio or video frames, the embedding steps being as follows,
For encrypted fragments, the encrypted fragments are converted into bit streams, and the frame data of the segmented audio/video carriers are extracted and subjected to discrete cosine transform, wherein the expression is as follows:
Where F (u, v) denotes a coefficient at a specific position (u, v) in the frequency domain, the frequency domain coefficient is used to denote the component intensity of the original data at different frequencies, steganography achieves embedding by modifying the low frequency coefficient (usually the most energy part) so as to not only maintain data integrity but also reduce the perceptibility of the embedding, u denotes a frequency component in the horizontal frequency direction, v denotes a component in the vertical frequency direction, N denotes the total number of pixels in the horizontal direction, M denotes the total number of pixels in the vertical direction, x denotes the pixel index in the horizontal direction, y denotes the pixel index in the vertical direction, and F (x, y) denotes the original value of the pixel (x, y) in the time domain.
S4, generating a dynamic session key based on the confusion key pool, encrypting the steganographic file transmission layer and embedding dynamic key generation parameters.
The method comprises the steps of obtaining a current timestamp and a dynamic operation mode of a user, generating a unique device fingerprint identifier based on hardware characteristics of transmitting end equipment, carrying out confusion processing on the obtained current timestamp, the dynamic operation mode of the user and the generated unique device fingerprint identifier by adopting a hash function and an encryption algorithm, and generating a dynamic key seed, wherein the expression is as follows:
Seedkey=HMAC-SHA256(Tcurrent||Fdevice||Buser,Kstatic);
Wherein Seedkey represents a dynamic key Seed, Tcurrent represents a current timestamp, Buser represents a dynamic operation mode of a user, Fdevice represents a fingerprint identifier of a unique device, HMAC represents a hash-based message authentication code, SHA256 represents a 256-bit output value mapping input data of an arbitrary length to a fixed length, Kstatic represents a secure static root key, and the secure static root key is stored at a transmitting end and a receiving end and is used as a key of HMAC;
the pseudo-random key is extracted from the dynamic key seed by adopting a key derivation function, and the expression is as follows:
PRK=HMAC-SHA256(Seedkey,Kstatic);
wherein PRK represents a pseudorandom key;
the pseudo-random key is converted into a dynamic session key with the required length, and the expression is as follows:
Ksession=HKDF-Expand(PRK,info,L);
Wherein Ksession represents a dynamic session key, HKDF-Expand represents a key of a required length generated from a pseudo-random key, info represents optional context information for marking the purpose of the session key, and L represents the length of the required session key;
Starting a transmission layer encryption session, and transmitting and encrypting the steganographic file in the steganographic index table through a transmission layer encryption channel by using the generated dynamic session key; during transmission, a dynamic key seed in the dynamic key is embedded in each transmission header during transmission.
S5, the receiving end decrypts the transmission layer data to extract the steganographic file and decrypts the steganographic file according to the session key formed by the transmission report Wen Tousheng.
The method comprises the steps of receiving a steganographic file transmitted by encryption, analyzing a dynamic key seed in a transmission message header by a receiving end, generating a dynamic session key through logic and a key pool consistent with a transmitting end, decrypting encrypted transmission layer data by using the generated dynamic session key, extracting the steganographic file, extracting an embedded steganographic index table from the decrypted steganographic file, loading corresponding steganographic carrier files according to the steganographic index table, extracting metadata of the carrier files from the steganographic carrier files, extracting fragment data from pixel data by using a least significant bit anti-embedding algorithm, extracting the fragment data from frequency domain coefficients by using a discrete cosine transform inversion algorithm, verifying whether the extracted fragment data is complete and correct by using a fragment identifier, selecting a corresponding decryption algorithm one by one according to a sensitivity mark of the fragment, comparing the decrypted fragment data with the fragment identifier, and verifying the integrity of the decrypted data.
S6, recombining the decrypted and restored fragment data into a complete file according to the identifier sequence, and verifying whether the file is damaged through integrity verification to obtain a verification result.
Extracting all the fragment data from the decrypted fragment data, carrying out ascending sort by adopting a quick sorting algorithm, creating a file buffer zone, writing the sorted fragment data into the buffer zone in sequence to obtain a recombined file, carrying out hash calculation on the buffer zone of the recombined file by using an SHA-256 algorithm to generate a check value of the complete file, comparing the generated complete file check value with an original file check value to obtain a check result, writing the recombined file buffer zone into a magnetic disk to generate a final original file when the check is passed, and returning error information and prompting a user to retransmit related fragments when the check is failed.
The embodiment also provides a file transmission protection system based on multiple encryption algorithms, including:
The method comprises the steps of selecting a target file to be transmitted, preprocessing the target file to generate file fragments, analyzing the sensitivity of each file fragment, conducting hierarchical encryption processing to obtain an encrypted fragment set, selecting a steganography embedding module, embedding the encrypted fragments into the carrier file to generate a steganography index table, generating a dynamic session key based on a confusion key pool, encrypting a steganography file transmission layer, embedding dynamic key generation parameters, decrypting and extracting a module, enabling a receiving end to generate a session key according to a transmission report Wen Tousheng, decrypting transmission layer data, extracting the steganography file, decrypting the steganography file, and enabling the decrypted and restored fragment data to be recombined into a complete file according to an identifier sequence, verifying whether the file is damaged through integrity verification, and obtaining a verification result.
The embodiment also provides computer equipment, which is suitable for the situation of the file transmission protection method based on the multiple encryption algorithm, and comprises a memory and a processor, wherein the memory is used for storing computer executable instructions, and the processor is used for executing the computer executable instructions to realize the file transmission protection method based on the multiple encryption algorithm.
The computer device may be a terminal comprising a processor, a memory, a communication interface, a display screen and input means connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
The present embodiment also provides a storage medium having a computer program stored thereon, which when executed by a processor implements a method for implementing multiple encryption algorithm based file transfer protection as proposed in the above embodiment, the storage medium may be implemented by any type of volatile or non-volatile storage device or combination thereof, such as a static random access Memory (Static Random Access Memory, SRAM for short), an electrically erasable Programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM for short), an erasable Programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM for short), a Programmable Read-Only Memory (ROM for short), a magnetic Memory, a flash Memory, a magnetic disk, or an optical disk.
In summary, the invention ensures the standardability of a transmission file through format check sum size detection, performs fragmentation processing on an oversized file, enhances the support capability of the large-scale file, performs dynamic hierarchical encryption on fragment contents by utilizing a sensitivity analysis mechanism, optimizes encryption efficiency while improving security, realizes efficient embedding of fragment data and generation of a steganographic index table by dynamically matching steganographic carrier files, ensures the concealment and suitability in the transmission process, adopts a mixed key pool to generate a dynamic session key, dynamically embeds key generation parameters, enhances the randomness and attack resistance of the session key, restores the steganographic file by utilizing the dynamic key, extracts fragment data, selects a corresponding decryption algorithm by using a sensitivity mark, ensures the high efficiency and accuracy of data decryption, verifies whether the file is tampered or lost by rapidly sequencing the re-fragment data, and ensures the integrity and reliability of the transmission file.
Embodiment 2, referring to table 1, is a second embodiment of the present invention, and in order to further verify the technical solution of the present invention, experimental simulation data of a file transmission protection method based on multiple encryption algorithms is provided.
In order to verify the effectiveness of the file transmission protection method of the present invention, a target test file (size 45MB, format PDF, named test_file.pdf) is selected as a test object, and a simulation experiment of the file transmission process is performed. The test is developed from six steps of file preprocessing, slicing, encryption, steganography, transmission to data recovery and integrity verification.
Firstly, the test performs format verification on the file, the header information of the file is identified as PDF format, the file meets the supported file type set, and a file size detection link is entered. According to the set fragmentation threshold (10 MB), the file size exceeds the threshold, and thus the fragmentation process is required. By calculation, test_file.pdf is divided into 5 slices (10 MB per slice, with the last slice size being 5 MB). Subsequently, a unique identifier is calculated for each slice by using the SHA-256 algorithm, and the slice sequence and size information is recorded to generate a slice set, as shown in Table 1 below:
table 1 fragment set data table
Sensitivity analysis is then performed on each tile in the set of tiles. A sensitivity score is calculated for each shard based on a list of sensitive keywords (e.g., "confidence", "secret", etc.) and a user-configured sensitivity level threshold (Sth). In the experiment, the segmentation sensitivity score range is 0.2-0.8, wherein 3 segments with the score larger than 0.6 are marked as high-sensitivity segments, elliptic curve encryption algorithm and AES-256 double encryption are adopted, and the other 2 low-sensitivity segments are encrypted by adopting an AES-128 single layer, and the specific steps are shown in the following table 2:
TABLE 2 sensitivity results Table
The expression of the sensitivity score is:
The experimental data are set up as follows,
Slicing information:
The slice size is 10MB per slice (5 MB for the last slice).
Conversion into a byte number:
Each 10MB slice: 10×1024×1024= 10,485,760 bytes
5 Th slice: 5×1024×1024= 5,242,880 bytes
List of sensitive keywords:
Keywords [ "confidential", "secret", "classified", "private" ]
Weights (w) [0.4,0.3,0.2,0.1] (set according to keyword sensitivity)
Number of occurrences of the fragmented content key (Oj):
assume that the number of occurrences of the sensitive keyword included in each piece of content is as follows:
| Fragment number | confidential | secret | classified | private |
| 1 | 12 | 8 | 5 | 3 |
| 2 | 5 | 4 | 8 | 1 |
| 3 | 15 | 12 | 8 | 6 |
| 4 | 10 | 8 | 6 | 4 |
| 5 | 3 | 2 | 1 | 1 |
Taking the slice 1 as an example, the calculation process is as follows:
The other is calculated in the same way as the slice 1, and the final result can be obtained.
Loading a steganography carrier file library, dynamically matching a proper carrier file according to the size of each fragment, embedding 2 fragments into a JPEG picture carrier, embedding 3 fragments into an MP3 audio carrier, embedding the picture carrier by adopting an LSB steganography algorithm, embedding the audio carrier by adopting a DCT steganography algorithm, finally generating steganography index table record embedded information, generating a dynamic session key based on a confusion key pool in a transmission stage, generating a dynamic key seed by adopting an HMAC-SHA256 algorithm, and further deriving the dynamic session key. Transmitting the steganographic file and the steganographic index table to a receiving end through a TLS encryption layer, embedding dynamic key generation parameters in a message header, analyzing a dynamic key seed in the transmission message header by the receiving end, generating a dynamic session key, decrypting the transmission layer data, extracting the steganographic file and the steganographic index table. And extracting the encrypted fragments from the carrier file through the LSB and DCT anti-embedding algorithm, and decrypting according to the fragment metadata information. And finally, recombining the files into a complete file according to the sequence of the fragment identifiers by using a quick sorting algorithm, checking the integrity by adopting an SHA-256 hash value, and verifying the consistency of the recombined file and the original file. The experimental results show that the file is successfully recovered and the data is complete, and the specific results are shown in the following table 3:
table 1 steganographic embedding and transmission process recording table
From the above table, it can be known that the steganography embedding success rate is 100% (all fragments are successfully embedded into the carrier), the extraction success rate is 80% (4 of 5 fragments are successfully extracted, 1 part is successful), and the integrity check passing rate is 60% (3 fragments are consistent with the original data).
Fragment 2 extraction failure:
retransmission of the slice may be attempted or lost data recovered by redundant coding.
The part extraction of the slice 3 is successful:
The repair of partially lost steganographic data may be attempted in combination with the fragment metadata information and an error recovery algorithm.
Overall file recovery:
Because the partial sharded data is incomplete, the final file may require manual intervention or retransmission of the partial data to complete the restoration.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered in the scope of the claims of the present invention.