| With the coming of the Internet Age, Computers play an important role in people's lives. The secure problem of large quantities of data stored in the computer and the anti-theft and anti-tampering issue of sensitive data have been drawn increasing attention. The core of information security is the database security. Database system is a core component of computer information system. Meanwhile, database files as the information distribution center, store a large amount of user information. Their safety will be the top priority of the information industry. Now, people pay more and more attention to the secure issue of data stored in the database. The application of database encryption greatly solves the data's secure problem. It is animportant means to improve the security of database. In practical applications, the specific encryption methods are varied.Based on the research and analysis of the existing database encryption, this paper proposes an idea of differentiated services. This idea is to divide users into different levels, and then to provide different quality of encryption/decryption services according to their levels.In order to reduce the performance of server-side'encryption/decryption loss, we design a universal encryption/decryption component to complete the actual work. The component has simple structure, and it is easy to extend and portable.In this paper, we do the encryption on the database'outer layer and only encrypt the user'sensitive fields. On the aspect of encryption fields'selection, we combine the theory of key range and key family. It is not only easy to manage the key, but also can reduce the expense of encryption/decryption process. On the aspect of key management, we use two-level key management system. That is to use the data key to encrypt user data and the key encryption key to encrypt the data key. At last, we realize the aim of hiding the key encryption key by the MD5 hash value of user passwrod and the mapping mechanism of the encryption services. On the aspect of encryption algorithm choice, by comparing the advantages and disadvantages of symmetric algorithm and asymmetric algorithm, we use stacking pattern of symmetric encryption algorithm and hybrid pattern based on symmetric encryption algorithm and asymmetric encryption algorithm, which are the services we provide for the users of different levels.Finally, we design and implement the major modules of the system and give a database encryption system which is based on B/S structure. By testing and analyzing the system, we find that the system has reached the database security requirement. |
PDF Full Text Request