Font Size: a A A

The Study Of Database Encryption And Ciphertext Query In DAS

Posted on:2011-10-22Degree:DoctorType:Dissertation
Country:ChinaCandidate:N LiuFull Text:PDF
GTID:1118360308461776Subject:Signal and Information Processing
Abstract/Summary:PDF Full Text Request
DAS (Database as a Service) is a novel database application architecture of Cloud Storage. In DAS model, data owner outsource data to a DBSP(Database Service Provider), and database is provided as a service. Database server provides the services of storage, access, management and query of data. This means DBSP can gain the data of data owner easily. Therefore, instead of the external database attack, the biggest threat in security is from data administrator. In the untrusted database server, database encryption is a natural solution. However, due to the wasted time in decryption, the query performance will be lost. For the structured database, range query and fuzzy query is inefficient because the ordering, similarity, comparability is destroyed by encryption; for the unstructured database, encryption granularity is difficult to control owing to the unstructured property. Simultaneously, the conventional key management method cannot ensure security in untrusted database server. HSM is a secure strategy but the storage space of HSM is limited. There's not an appropriate method in the key management of DAS so far.To address these problems, for relational database and XML database, the different encryption method and ciphtext query model are proposed based on the structure of database. This model can improve the performance of ciphtext query on the premise of ensuring the security of database. Furthermore, a key management strategy is presented, by which the quantity of key will not be limited, and the utilization efficiency of key can be improved.The main work and contributions of the paper are as follows: (1) To address the security problem of database encryption of relational database, a database encryption strategy applied to DAS is introduced. This strategy changes the distribution of ciphertext of database by the translation of initialization vector. There's no need to store the initialization vectors in our strategy. The frequency-based attack can be avoided, and the data redundancy will not be caused. On this basis, to the problem of ciphertext query of numeric data, a ciphertext query model is proposed.This model determines the range of numeric data dynamically by the order replacement of numerical value, and the needed ciphertext can be extracted. Range query is supported by this model, in which the unnecessary data transmission and encryption/decryption will be avoided. The experimental results show that the time of data transmission and encryption/decryption is saved and the efficiency of ciphertext query is improved remarkably.(2) To the fuzzy query of encrypted character data in relational database, an encryption and ciphertext query model is proposed. For the CHAR or VARCHAR data type, a double filtration method based on feature extraction is presented. The characteristic value is extracted from the character set and the positions of character data, by which most of the nonmatched data will be filtered. Therefore, the time wasted on transmission and encryption reduced greatly. As a result, the retrieval speed is improved. Only key holder can extract the characteristic value and match it with that of keyword in that the extraction is based on encryption algorithm.So the security is ensured in database encryption. The experimental results show that the double filtration algorithm eliminated most of nonmatched records in database. Naturally, the performance of ciphertext query was improved. To CLOB data type, we store and encrypt these positions group by group instead of the original data. In other words, the original character data will be abandoned because they can be generated by the positions. When the query of database is executing, we only decrypt one or more group and the character matching translates into the numerical comparison. The amount of decryption is reduced efficiently. As a result, the query efficiency of database will be improved remarkably. Furthermore, this strategy confused the distribution of plaintext, which avoids the frequency-based attack.(3) To address the problem of the coarse granularity in encryption and the inefficiency in ciphertext query, an approach based on curve interpolation is presented. Firstly, more flexible encryption granularity can be obtained through a XML node-hide mechanism; secondly, more efficiency to resist various kinds of database attack due to the changing of ciphertext distribution and data size. A XMLQuery (XQuery) is established. The proposed model offers greater security, and the ciphertext query performance can amount to 65% of the plaintext query based on the result of experimental simulation.(4) To address the difficulty of security insurance and limited storage space in key management, the key management strategy based on the query of hash values is proposed. The key dictionary is established in multiway tree structure. This strategy can be applied in relational database and XML database. Simultaneously, the key dictionary query model is presented. The hash value of each path in multiway tree structure is stored in key dictionary. The secondary key can be extracted by matching hash values. The experimental results show that the efficiency of key extraction is improved. Furthermore, due to the adoption of HSM(Hardware Security Module), it is difficult to obtain the primary key or working key in database server. The secondary key information is stored in database server, by which the quantity of key will not be limited. The linkage between the secondary key information and database records is concealed by the hash values of multiway tree structure. As a result, the security is obtained.
Keywords/Search Tags:database as a service, encryption granularity, relational database, XML database, curve interpolation, key management
PDF Full Text Request
Related items