基于可搜索加密机制的数据库加密方案

近年来,数据外包的日益普及引发了数据泄露的问题,云服务器要确保存储的数据具有足够的安全性,为了解决这一问题,亟需设计一套高效可行的数据库加密方案,可搜索加密技术可较好地解决面向非结构文件的查询加密问题,但是仍未较好地应用在数据库中,因此,针对上述问题,提出基于可搜索加密机制的数据库加密方案.本文贡献如下:第一,构造完整的密态数据库查询框架,保证了数据的安全性且支持在加密的数据库上进行高效的查询;第二,提出了满足IND-CKA1安全的数据库加密方案,在支持多种查询语句的前提下,保证数据不会被泄露,同时在查询期间不会降低数据库中的密文的安全性;第三,本方案具有可移植性,可以适配目前主流的数据库如MySQL、PostgreSQL等,本文基于可搜索加密方案中安全索引的构建思想,利用非确定性加密方案和保序加密方案构建密态数据库安全索引结构,利用同态加密以及AES-CBC密码技术对数据库中的数据进行加密,实现丰富的SQL查询,包括等值查询、布尔查询、聚合查询、范围查询以及排序查询等,本方案较BlindSeer在功能性方面增加了聚合查询的支持,本方案改善了CryptDB方案执行完成SQL查询后产生相等性泄露和顺序泄露的安全性问题,既保证了数据库中密文的安全性,又保证了系统的可用性,最后,我们使用一个有10000条记录的Student表进行实验,验证了方案框架以及算法的有效性,同时,将本方案与同类方案进行功能和安全性比较,结果表明本方案在安全性和功能性之间取得了很好的平衡.

A Database Encryption Scheme Based on Searchable Encryption

In recent years,the increasing popularity of outsourcing data to cloud server has led to data leakage problems,we need to ensure that the data stored in cloud server is sufficiently secure.It is necessary to design efficient and feasible database encryption schemes to solve this problem.Searchable encryption can make encrypted data searchable while solve data leakage problem for non-structural files,but it is still not well applied in the database.Therefore,in this paper,aiming at the problem that the data in the database server is leaked,we designed a database encryption framework based on searchable encryption.The novelty of this work comes with three contributions.First,we construct a well-defined encrypted database query framework,which not only ensure the security of data,but also make the encrypted query efficient.Second,Our scheme is secure under IND-CKA1(semantic security against adaptive chosen keyword attack),it ensures that the data is not compromised and that the security of the ciphertext in the database is not compromised during the query.Third,our framework achieves high portability and is suitable for many mainstream databases such as MySQL,PostgreSQL and so on.Based on the idea of constructing secure index in searchable encryption scheme,We use cryptographic techniques such as homomorphic encryption and AES-CBC to encrypt database.Our scheme implements rich SQL queries,including equivalent query,Boolean query,aggregated query,range queries,sort query and so on.Our scheme adds support for aggregated queries compared to BlindSeer in functionality.Compared to CryptDB,our scheme does not reveal the equality and the order of the ciphertext,which not only ensures the security of the ciphertext in the database,but also ensures the availability of the system.Finally,we use a student table which has 10 000 records to evaluate our scheme,and the results show that the proposed framework and algorithm are effective.At the same time,we compare the functionality and security of our scheme with similar schemes,and our scheme achieves a good balance between security and functionality.