| As a data storage medium,the database has been widely used in real life.In recent years,data leakage events have emerged in a endless stream,and the interests of related personnel have been severely damaged,the security of database has attracted widespread attention.In this context,database encryption becomes the most effctive means of protecting data security.However,encryption results in loss of data orderliness,comparability,and computability,the retrieval of encrypted data in database becomes difficult and system performance is severely degraded.Therefore,how to provide users with an efficient ciphertext database retrieval service while ensuring data security has important research significance.Based on research of existing technology for function and safety comparison,this paper focuses on the first practical ciphertext database retrieval scheme,CryptDB,and improves the ciphertext retrieval of numerical data and character data commonly used in CryptDB.The specific work is as follows:1.For numerical data,it no longer has the attributes of order and comparability after encryption,range retrieval becomes a problem.This paper points out the defects of CryptDB system which include the numerical order information leakage due to the removal of the entire column RND layer and complex implemention as well as low efficiency of adopted order preserving algorithm,and proposes an improved ciphertext retrieval scheme based on partition and numerical order substitution.This scheme availably combines equal depth partition strategy and numerical order substitution strategy,designs a new data encryption and storage model,and based on it,proposes a retrieval strategy based on binary search.The improved scheme effectively decreases the data decryption range and reduces unnecessary data transmission,improving the efficiency of ciphertext retrieval,and reduces the information exposure due to the removal of the RND layer in the ciphertext retrieval process,enhancing the security.2.For character data,encryption makes the positional relationship between characters difficult to distinguish,fuzzy retrieval becomes a problem.This paper points out that the CryptDB system is not friendly to fuzzy retrieval of character data and the multi-layer encryption of all the attribute columns leads to that the space overhead of ciphertext table is too large,proposes a ciphertext index generation scheme based on selective encryption strategy,which effectively supports the fuzzy retrieval function in CryptDB and reduces the ciphertext storage overhead.The ciphertext index is generated based on a string information matrix,introducing digital scrambling in the process which effectively resists similarity analysis attacks.In the retrieval process,a two-stage ciphertext fuzzy retrieval method was proposed.The method uses the ciphertext index to filter in the initial stage,improves the retrieval efficiency.This paper has carried on the experimental test to the efficiency and the security of the new scheme in CryptDB.The analysis of the experimental result shows that the scheme has advantages in efficiency and safety,and has certain practical value. |
PDF Full Text Request