Study And Examination Of Secure Database Middleware Based On J2EE In DAS

With the development of cloud computing, DAS (Database as a Service) model has gained widely attention due to its high availability and convenience. At present, cloud databases have been used in many J2EE application. In DAS model, to ensure the security of database, we must encrypt the sensitive information, as server is totally not to be trusted, DBSP can gain the sensitive data easily. However, to query on the encrypted data, we must transport all the encrypted data to the client and then decrypt, which leading to great lost of query performance. Therefore, at present the main research focus on how to improve the efficiency of query of encrypted database. Because of the differences of data types, strategies of encryption and ciphertext query are different for numerical data and character data.The main work and contributions of this paper are as follows:(1) To ensure the security of feature index in ciphertext query of character data, proposed an improved strategy based on traditional group mapping scheme. Hash key and digital disruption are introduced to this strategy. In the construction of the ciphertext feature index, this strategy distribute an independent Hash Key for each sensitive field. Only with the correct Hash Key, we can get the correct mapping index. And then operate the mapping value and record ID with XOR to get the final feature index. This strategy makes the same plaintext corresponding with different feature index, which destructing the frequency statistics features, and therefore resist known plaintext attack and statistical attack effectively.(2) To address the semantic features of the sensitive field and query keywords in practical application, designed a retrieval system for encrypted database which has semantic features. In this system, the paper introduced the well-developed segmentation technology, proposed an secure ciphertext index based on B+tree, laid special stress on analysing the ciphertext index engine and ciphertext retrieval engine. At the same time, this paper evaluated the security and efficiency of the system comprehensively, proved that this system have great advantage over ciphertext retrieval strategy for no semantic field.(3) Designed and implemented a secure middleware to encrypt sensitive data and query on ciphertext in DAS model. This middleware is based of JDBC technology, integrated the sub system which has no semantic feature and the sub system which has semantic feature. This paper detailedly described the implementation of driver management, SQL statement parsing, encryption module, cipher index construction and ciphertext retrieval. After that compared the traditional group mapping scheme, the sub system which has no semantic feature and the sub system which has semantic feature in three aspect:retrieval accuracy, retrieval performance and data redundancy.