| 面向云数据库的属性基加密和查询转换中间件 |
| |
| 引用本文: | 江炳城,何倩,陈亦婷,刘鹏. 面向云数据库的属性基加密和查询转换中间件[J]. 计算机应用, 2018, 38(8): 2280-2286. DOI: 10.11772/j.issn.1001-9081.2018010279 |
| |
| 作者姓名: | 江炳城 何倩 陈亦婷 刘鹏 |
| |
| 作者单位: | 1. 认知无线电与信息处理教育部重点实验室(桂林电子科技大学), 广西 桂林 541004;2. 广西密码学与信息安全重点实验室(桂林电子科技大学), 广西 桂林 541004;3. 桂林电子科技大学 广西云计算与大数据协同创新中心, 广西 桂林 541004 |
| |
| 基金项目: | 国家自然科学基金资助项目(61661015);认知无线电与信息处理教育部重点实验室主任基金资助项目(CRKL160101);广西云计算与大数据协同创新基金资助项目(YD16801,C77KYS02SX18);广西密码学与信息安全重点实验室基金资助项目(GCIS201701)。 |
| |
| 摘 要: | 针对云数据库租户隐私数据的加密和查询问题,提出并实现了一种面向云数据库的属性基加密(ABE)和查询转换服务中间件。首先,服务中间件的加解密部件对租户的对称密钥进行属性基加密,生成密文并保存;其次,服务中间件的查询转换部件对查询语句进行转换,使其可在加密后的数据库上正确执行;最后,租户的隐私数据经过对称加密后保存到云数据库。实验结果表明,与未加密数据库的数据写入和查询时间相比,加密数据库的写入时间与其相当,按照查询语句的复杂程度,查询时长增加10%~150%不等。理论分析表明,所采用的代理解密方案是安全的,与传统的基于密钥策略的属性基加密(CP-ABE)方案相比,代理解密方案在时间复杂度上更具优势。
|
| 关 键 词: | 多租户 云数据库 属性基加密 查询转换 服务中间件 |
| 收稿时间: | 2018-01-29 |
| 修稿时间: | 2018-03-27 |
Cloud database oriented attribute based encryption and query translation middleware |
| |
| JIANG Bingcheng,HE Qian,CHEN Yiting,LIU Peng. Cloud database oriented attribute based encryption and query translation middleware[J]. Journal of Computer Applications, 2018, 38(8): 2280-2286. DOI: 10.11772/j.issn.1001-9081.2018010279 |
| |
| Authors: | JIANG Bingcheng HE Qian CHEN Yiting LIU Peng |
| |
| Affiliation: | 1. Key Laboratory of Cognitive Radio and Information Processing of the Ministry of Education(Guilin University of Electronic Technology), Guilin Guangxi 541004, China;2. Key Laboratory of Cryptography and Information Security(Guilin University of Electronic Technology), Guilin Guangxi 541004, China;3. Guangxi Collaborative Innovation Center of Cloud Computing and Big Data, Guilin University of Electronic Technology, Guilin Guangxi 541004, China |
| |
| Abstract: | Focusing on the problem of encryption and querying of tenant private data on cloud database, a cloud database oriented Attribute Based Encryption (ABE) and query transform service middleware was proposed and realized. Firstly, the tenant symmetric keys were encrypted in the encryption and decryption component of the service middleware through attribute based encryption, and the ciphertext was generated and saved. Secondly, the query statements were translated in the query translation component so that they can be correctly executed on the encrypted database. Finally, the tenant privacy data was stored in the cloud database after symmetric encryption. The experimental results show that compared with the unencrypted database, the write time of the encrypted database is equivalent, while the querying time is increased by 10% to 150% according to the complexity of the query statement. The theoretical analysis shows that the proposed proxy decryption method is secure, and it has superiority over traditional Key Policy Attribute Based Encryption (KP-ABE) algorithm in time complexity. |
| |
| Keywords: | multi-tenant cloud database Attribute Based Encryption (ABE) query translation service middleware |
|
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
