| In recent years,information technologies including cloud computing develop rapidly,and more and more users are migrating database services to the cloud to cut costs.At the same time,the sensitive data leakage incidents about the database occur frequently in the world,which makes the database security gradually get widespread attention.On the one hand,attackers can make use of the system vulnerability to hack the server and directly steal plaintexts of the database stored in the hard disk.On the other hand,cloud service providers can peep at users' sensitive data without their knowledge.Therefore,traditional database security technologies such as identity authentication,access control and so on have been unable to deal with the existing security threats.At present,database encryption is a promising solution.However,the existing database encryption schemes mainly adopt order-preserving encryption or order-revealing encryption to support the range query in the manner of ciphertexts,which suffers from the leakage of plaintext content inevitably.To improve the security of database encryption and guarantee the performance of the database,this thesis studies database encryption based on ASPE(Asymmetric Scalar-product-preserving Encryption)and SGX(Software Guard Extensions).The main contents are as follows:(1)This thesis proposes a hierarchical database encryption scheme based on ASPE,in which database encryption is divided into three layers: secure encryption layer,range encryption layer and ciphertext index layer.In the security encryption layer,the data is encrypted by a probabilistic symmetric cryptography algorithm,whichhas both semantic security and correctness of encryption and decryption.In therange encryption layer,the data is encrypted by ASPE.Compared with the schemesof database encryption using order-preserving encryption or order-revealing encryp-tion,the ciphertexts in the range encryption layer provide efficient range query andequivalent query functionalities without leaking any bit of the plaintexts and canresist offline attacks.At the ciphertext index layer,the scheme builds a tree indexbased on the ciphertexts of ASPE,which can reduce the time complexity of theciphertext query to o(log n).The scheme can effectively reduce computation andstorage costs while protecting data confidentiality in the database.(2)This thesis proposes a database encryption scheme based on SGX,in which all data is encrypted by a probabilistic symmetric cryptography algorithm,which can achieve semantic security.To support computations between ciphertexts and reduce the trusted computing base,we constructed a series of components for computing of ciphertexts using SGX,allowing cloud servers to access these components in a black-box manner.At the same time,to limit the ability of cloud servers to access these components,we proposed a method that ensures the freshness of data based on bloom filter.Besides,we combine the decision tree for the first time to provide classification service for the database and enrich the function of the database.The scheme can effectively guarantee the confidentiality and freshness of the data in the database,reduce the trusted computing base and provide rich functionalities with excellent performance. |
PDF Full Text Request