Database Encryption Technology And Its Application Research

With the abroad application of computer technology, more and more people are depending on the information systems. The problem of security has attracted our attention while we are enjoying the convenient services brought by computer technology. As the important component of the information systems, database plays the crucial role in the construction and application of the whole information systems because of containing data of different degree of importance and confidentiality.Nowadays, many enterprises with security conscious have realized that sole reliance on generic security mechanisms, such as firewalls, access control and intrusion detection, does not provide the protection needed for their business operations. Each of these security mechanisms is important, but they are insufficient to address an enterprise's overall information security needs. In particular, users have a lot of ways to access the information systems in the environment of networks and distribution application, so that the problem of database security is facing with a lot of threats. For example, some unauthorized users can illegally intrude and gain data by bypassing the database access control mechanism; Lose of the mediums containing confidential data led to leaking the secret information; Managers within organizations take some illegal actions using their privileges.The primary reasons for the failure are that raw data exist in a readable form inside the database. If we encrypt data in the database, then we can solve the problems above. Even if an user illegally intrude the system or steal the storage medium containing secrete data, he can not still gain data without the decrypting keys. Therefore, it is very important for database encryption to ensure the security of data.Based on the collection and analysis of large quantity of literatures about security database and especially about database encryption in recent years, the dissertation researches several key techniques about database encryption at the level of storage, including the architecture and the extended relational schema of the encrypted database, the way of storing and querying the encrypted data. Moreover, the dissertation implements database encryption at the level of storage based on the opening source of database management system PostgreSQL. All studies above are the important components and basis of the project entitled security database management platform. The main works include:The first chapter introduces the background about database security, and points to the importance of database encryption, and then describes some problems brought by the encrypting technology. Then, it provides the related works, the encrypting application for commercial DBMS, and some security criteria. Lastly, it presents the main contributions and the structure of our paper.The second chapter analyzes the noticeable issues while databases are encrypted, and how to take proper choices while implementing database encryption.Firstly, it discusses the two different security mechanisms of access control and encryption. It is important to clearly point to the difference and relation between them. Secondly, it distinguishes data-at-rest from data-in-motion, and gives the way how to choose the encryption algorithm and the encryption granularity and encryption mode. Lastly, it provides the attacking ways against the encrypted database.The third chapter studys the storage and query over the encrypted character data in database. In this regard, we adopt the encryption way outside database and the granularity of field-level.Firstly, we propose the architecture of storing the ciphertext. When character data are stored in the encrypted database, we not only store the encrypted character data, but also turn the character data into characteristic values through using characteristic functions and store characteristic values as additional columns in the encrypted table. Secondly, we introduce two kinds of ways extracting the characteristic values of the character data. One of the ways is based on the Pair Coding function; the other way is base on the Flatten- Scrambling function. Lastly, we implement the two-phase way of query over the encrypted data and results of experiments validate our approach.The fourth chapter studys the storage and query over the encrypted numerical data in database. In this regard, we adopt the encryption way inside database and the granularity of field-level.For the numerical data, we analyze the architecture of DBMS, and choose to create B+ tree index before data are transferred from the schema layer to the storage layer. That is to say, we call encryption component to encrypt them before writing data into the disk. The benefit of the approach is from improving the performance of querying encrypted data due to creating B+ tree index over the encrypted field. In order to further protect the sensitive information from attacking, the index files themselves are also encrypted. In the experiments, we simulate the way of...