基于访问控制和中国剩余定理的数据库密钥管理方案的研究

针对密文数据库中数据项加密时会出现数据项密钥量大和安全需求高的问题,通过引入中国剩余定理来管理数据项密钥,提出了一种新的基于访问控制和中国剩余定理的密钥管理方案。当用户申请用户密钥时,密文数据库可以将用户u_i能够访问的大量数据项对应的密钥K_i"合成"用户密钥uki并保存;当用户ui提供用户密钥uk_i和密文查询请求CQR访问密文数据库时,系统会根据系统表和中国剩余定理将用户密钥uk_i再分解成数据项密钥K_i,用户就可以解密数据。该方案不仅实现了对用户访问权限的管理,还解决了大量数据项密钥带来的数据处理时间长、占用系统资源多等问题,提高了密文数据库中密钥管理的效率和安全性。论文最后实现了该密钥管理方案,并对比分析了该方案的安全性。

Key management schemes based on access control and Chinese remainder theorem in database

Since the number of data items keys is larger, much higher security is needed in database encryption systems. In view of this question, we propose new key management schemes based on access control and Chinese remainder theorem which makes the management of data items keys convenient. A large number of the data items keys Ki which the user ui has access to, can be compounded to user class keys uki when the user applies for the key, then this key is saved. When the user decrypts the data, user class keys uki are broken down into key data items using the system tables and the Chinese remainder theorem. The schemes can solve the problems of high time cost on processing data and more system resources occupation, thus improving the efficiency and security of the key management in the cipher text database. Experiments and comparison prove the significant improvement in efficiency and security of key management.