Design And Research Of Database Encryption System With Fast Query Engine

Nowaday society is a society of information. Information security has been playing an important role in people's daily life. As database being the base platform of current information systems, to ensure the security of its data is very important to our society. With the development of science and technology, the traditional database security technologies such as access control, firewall, invasion detection and etc. can not solve all security problems of database as follows: operation system can not protect database in every aspect, database administrator (DBA) is too powerful to harm database security and the secret information could be exposed by stolen or the loss of backup data.Based on problems mentioned above, via studying of the current security policies, this thesis applies encryption technology to database with mature encryption algorithms. What's more, through analysis of the characteristic of cipher text and attack approaches of encrypted database, with the conception 'salt' using in UNIX password management system, this thesis proposes a secure data encryption scheme that data is encrypted after it's been salted.Encryption ensures the confidentiality of sensitive data, but it will degrade system performance for that after encryption data losing its all original characteristics makes database management system have to decrypt all cipher texts before executing query process. This thesis proposes a practical technique for fast query over encrypted data to solve this problem. The later experiment shows that this approach greatly increases query speed, therefore improves the system performance.This thesis also designs a key management system based on Centralized policy to ensure the security of keys of system. This system is neat and easy to implement with an explicit picture of key management. In this key management system, a database security administrator (DBSA) is introduced to separate the power of DBA. The introduction of DBSA prevents DBA use its power to harm system security. USBKEY is also introduced to protect the cipher keys. In the end, a system performance experiment is carried out to show that system performs well after data encryption.