Application Model and Implementation about Team Secrecy Encryption

Personal and network encryption application models nowadays are analyzed in this paper, then a team secrecy encryption application model is proposed based on practical applications. In this model, members of one team have same access authority for electronic documents, and team is the smallest unit of key distribution. Procedures of distribution, transmission and updating key are offline. This model is suitable for co-confidential application among many departments which are loose coupling. An encryption system is implemented based on this model aimed at protecting Microsoft office document.


Introduction
There are diverse electronic document encryption products on the market. Result of investigation on these products shows that these products can be categorized into two types. One is encrypting file system provided by operating system such as transparent encrypting file system in secure linux [1,2,3] or in windows 2000 ,windows xp ,or windows 7. The other is encryption tools developed by the software or hardware manufacturers other than operating system manufacturers, including transparent file encryption based on filter driver [4] and file encryption based on virtual disk [5].
There are four kinds of encryption application model nowadays. The first is personal encryption application model on single computer such as encryption file system [1,2] and professional encryption tools [4,5,6]. The second is personal encryption application model of network storage [6]. Characteristics of these two model include: key management is simple, no key exchange among users. The third is Intranet interactive encryption application model and the fourth is Internet interactive encryption application model. These two models are all based on complicated key exchange and management mechanism, and there are more security risks about these models [7].
To solve some practical team secrecy problems, this paper proposes a team secrecy encryption application model.

Team Secrecy Encryption Application Model
In practical, among some branches or departments, there is a kind of demand for electronic document secrecy: authorize access authority to electronic documents by unit of team, only members of that team can access those electronic documents. One member of a team can authorize access authority of a electronic document to another team. A team may consist of one or many members. In this team secrecy application model, team is the smallest unit of authorization, distinguishing from above-mentioned any model which the smallest authorization unit is individual.
Specially, there are loose coupling relationships among these teams. Teams may connect with network, or there is no sharing network connection at all, and usb-disk or optical-disk are used to exchange data. So it may be impossible to rely on network to transfer those authorization information among teams.
So team secrecy encryption application model can be described as following: (1) Team secrecy (or secrecy data) can be exchanged through peer-to-peer network, network servers, or portable storage device. (2) Asymmetric key is distributed to team, that is, each member of a team has same public key and private key. (3) Symmetric key that is generated randomly is used to encrypt secrecy data, public key of team is used to sign and protect symmetric key, private key of team is used to unsign digital signature. (4) All keys, including symmetric key, public key and private key, are stored in hardware smart usb-key for distribution and using. (5) Each smart usb-key has a unique hardware serial number to identify one team member with another. (6) Smart usb-key must be updated while keys is needed to be updated periodically.

Offline Key Management
Every smart usb-key has a unique hardware serial number to identify one team member with another. There is a list of team public key stored in every smart usb-key. Each record of this list includes two items: identity of team and public key of team, illustrating as table 1. Security administrator initializes each smart usb-key on offline secret computer. Procedure of initializing smart usb-key is: (1) Generate public and private key pair <PKu ,SKu > for a team randomly. (2) Create list of team public key in each usb-key. After initializing, security administrator writes a record of these usb-keys and distributes these usb-keys to members of each team. Security administrator is also responsible for others management of key such as withdrawing, updating, and etc. After getting usb-key device, members of a team must set Personal Identification Number of his/her smart usb-key. In application, members of team use his/her own smart usb-key device to encrypt or decrypt authorized electronic file.

Principle of Office Plug-in Transparent Encryption
There are so many Plug-in products for Microsoft corporation's office software because of its wide usage. Principle of transparent encryption using plug-in to encrypt/decrypt office document is illustrated as figure 1.

Fig.1 Principle of office plug-in transparent encryption
First, run regsvr32 command to register office encryption plug-in, then when office software is running, two button will be added to its tool bar, one is encrypting button, the other is decrypting button. Once the encrypting button is clicked, data in edit area will be changed from plaintext into ciphertext, and cannot be edited again. Then if the decrypting button is clicked, data in edit area will be changed from ciphertext into plaintext again, and be allowed to edit again. So users can see the result immediately when they do encrypt or decrypt operation. If users save the document with saving operation, the content saved in the file will be as same as the displayed in edit area, that is, plaintext displayed, plaintext saved, ciphertext displayed, ciphertext saved, which is so called 'what you see is what you get'.The encrypted file is saved as normal office document file format.

340
Information Technology for Manufacturing Systems III

Procedure of Authorization and Encryption for Team Secrecy
Define following symbols: K O :symmetric key, used for encrypting data of office document. SK A : private key of member A of team A, stored in smart usb-key of member A. SID A : serial number of smart usb-key of member A of team A. PK B : public key of member B of team B, stored in list of team public key in smart usb-key of member A.
Sig o : digital signature. Figure 2 illustrates the member A how to use office encrypting plug-in and initialized smart usb-key to encrypt data of office document file which is opening and editing.

Fig.2 Procedure of authorization and encryption
(1)Symmetric key K O is generated randomly by office encrypting plug-in.
(2)Office encrypting plug-in encrypts data of office document, then transfers the key K O to smart usb-key.
(3)Smart usb-key concatenates its own SID A with the key K O , assuming result is R1, and encrypts result R1 using public key PK B of member B, assuming result is R2, then makes a signature operation to the result R2 using the private key SK A , the signature operation result is Sig o .
(4)Smart usb-key transfers Sig o to office encrypting plug-in. (5)Office encrypting plug-in saves the encrypted office document file with the digital signature Sig o together.
The digital signature Sig o of concatenation result of SID A and K O encrypted with the public key PK B can only be decrypted using private key SK B by members of team B, that is, only members of team B can decrypt the file, Members of others team except team B can not decrypt the encrypted file. Because signed with the private key SK A , people can know which team has authorized and encrypted this file, and because the signature Sig o including the serial number of smart usb-key SID A , people can know which member of team A has authorized and encrypted this file.Every office document file is encrypted with different symmetric key, that is, the symmetric key is generated randomly, this method reduces the risk of batch crack over encrypted office documents.

Procedure of Authentication and Decryption for Team Secrecy
Define following symbols: PK A : public key of member A of team A, stored in list of team public key in smart usb-key of member B of team B. SK B : private key of member B of team B, stored in smart usb-key of member B. After getting the encrypted office document file, the member B uses his/her own smart usb-key to authenticate and decrypt the file as following: (1)Office encrypting plug-in gets the digital signature Sig o from the encrypted office document file, transfers the digital signature Sig o to the smart usb-key.
(2) The smart usb-key receives the digital signature Sig o , unsigns it with the public key PK A stored in list of team public key, then decrypts the result using the private key SK B of team B, The operation result will get SID A ′and K O ′. If unsign or decrypt operation fails, then stop to decrypt the office document file.
Advanced Engineering Forum Vols. 6-7 (3)The smart usb-key sends success message and the symmetric key K O ′to the office encrypting plug-in. The office encrypting plug-in then decrypts the office document file using this symmetric key.

System Analysis
The security characteristics of team secrecy encryption application model and the example system implemented in this paper include: (1)Key management is offline, simple and effective. This can avoid the security vulnerabilities and complexity of management arosed by using of PKI [7].
(2)It can trace who has authorized a file afterwards.
(3)Symmetric key used to encrypt file data is generated randomly, this can reduce the risk of batch crack over encrypted file.
(4)It can be applied securely among different sections or departments whether a share network exists or not.
(5)Keys are stored securely in hardware device smart usb-key.

Conclusion
A kind of team secrecy encryption application model is proposed and implemented in this paper. According to practical application case, offline key management is adapted in this model, and smart usb-key is used as key carrier. An encryption system is implemented based on this model to protect Microsoft office document. It proves that this model is simple and effective for co-confidential application among many sections or departments which are loose coupling.