全密态数据库密态计算关键技术综述

随着近些年云服务的流行, 越来越多的企业和个人将数据存储在云数据库上. 但在享受云服务便利的同时, 也带来数据安全的问题. 其中一个比较关键的问题是敏感数据的机密性保护, 即保护用户的敏感数据不被窥探和泄漏. 在这样的背景下, 全密态数据库应运而生. 相对于传统数据库, 全密态数据库能够在数据的传输、存储和计算整个生命周期中对数据进行加密, 保护数据的机密性. 目前, 在对数据加密的同时, 支持所有SQL功能并保持高性能等方面还存在很多挑战. 全面调研全密态数据库密态计算的关键技术, 根据技术类型进行归纳分类, 并在功能性、安全性和性能等方面进行对比与总结. 首先介绍全密态数据库架构, 包括基于加密算法的纯软件架构、基于可信执行环境(TEE)的可信硬件架构和软硬融合式架构. 然后, 总结归纳各个架构的关键技术. 最后, 讨论当前研究的挑战和机会, 并提供一些未来研究的开放性问题.

Survey on Key Techniques of Encrypted Computing in Fully Encrypted Databases

In recent years, with the popularity of cloud services, increasingly more enterprises and individuals have stored their data in cloud databases. However, enjoying the convenience of cloud services also brings about data security issues. One of the crucial problems is data confidentiality protection, which is to safeguard the sensitive data of users from being spied on or leaked. Fully encrypted databases have emerged to face this challenge. Compared with traditional databases, fully encrypted databases can encrypt data in the entire lifecycle of data transmission, storage, and computation, thereby ensuring data confidentiality. Currently, there are still many challenges in encrypting data while supporting all SQL functionalities and maintaining high performance. This study comprehensively investigates the key techniques of encrypted computing in fully encrypted databases, summarizes the techniques according to the types, and compares and sums up them based on functionality, security, and performance. Firstly, it introduces the architecture of fully encrypted databases, including crypto-based architecture, trusted execution environment (TEE)-based architecture, and hybrid architecture. Then, the key techniques of each architecture are summarized. Finally, the challenges and opportunities of current research are discussed, with some open problems provided for future research.