| Database is the base of information system; therefore database security is becoming an important research field. Today, most database files are stored in plaintext without authentication, however, only adopting user authentication and access control in database system can not protect the database well. In this paper, two schemes: storing data in ciphertext and establishing authentication mechanism, are introduced.We analyze several currently available database encryption approaches and conclude that the field-based data encryption with sub-key generating(FBDE) approach is the best one. We then present a connection-based sub-key generating(CBSKG) algorithm and a user-information-based multilevel key management(UMKM) scheme, which can manage the keys required by the FBDE approach efficiently, and can adapt to encryption/decryption on server or client.We compare several currently available database authentication approaches, and propose an approach of field-based authentication on record(FBAR). This approach is safer than the field-based authentication approach, and reserves its flexibility and efficiency.We design a component for database encryption and authentication based on the CBSKG algorithm, the UMKM scheme and the FBAR approach. We also discuss several relevant issues, e.g. SQL command expansion, encryption dictionary and 2-level ciphertext index. We implement the component in Microsoft .Net Framework with ODBC interface. The component is used to replace the original ODBC interface, and provide a convenient interface to database encryption and authentication for various .Net applications. Experiment results show the functionality and efficiency of our approaches in .Net applications. |
PDF Full Text Request