The Design and Implementation of a Sensitive Information System

Protecting sensitive information systems from security threats such as unauthorized access, information eavesdropping and information interfering, is significant. Most of the natural approaches employ strong authentication or cryptography systems to protect critical data. But those approaches do not stress on the potential amount of risks associated with sensitive information, especially the vulnerability from compromising of long term cryptographic keys and the lack of fine-grained access control for group sharing. Therefore, in this paper, we use dynamic key and group key theories to propose a new security architecture for sensitive information protection. The architecture categorizes sensitive information based on classified information. We implement the architecture by adopting elliptic curve cryptography (ECC) and dynamic key approaches to generate symmetric key to secure unicast and multicast communication among users. A formal analysis is provided to verify the security of the proposed work. It shows that the proposed system guarantees critical information data security and access control flexibility.