| Database as a platform for centralized storage and sharing of information system data, along with the popularity of the development of computer networks and information systems, its security has increasingly become a serious problem in the field of information security. Database of existing security measures, including network firewalls, intrusion detection, access control, but in recent years, database spill reasons are system vulnerabilities and internal staff for some reason deliberately leak information. Database of existing security measures can not avoid the database manager of data leakage.Encrypted database is a effective way to keep database secret, plaintext database become ciphertext database after encrypted, database security has been greatly improved. But expressly through encryption, the data type, length, storage space, data consistency and so need to be resolved, and database management system does not recognize the ciphertext in the library, it is not possible to realize data ciphertext query, the database decrypted and then query that greatly reduces the efficiency of the system, seriously affecting the availability of the database.Consider the database efficiency, usually select the symmetric encryption algorithm to encrypt the database.symmetric encryption algorithm using a key for each encryption granularity, the entire database requires a lot of keys and use the same key for encrypting and decrypting. In database encryption technology, the encryption algorithm is open to the public, the ciphertext data security depends on the security of the encryption key custody, which involves a large number of key management issues to the database.Departure from the system safety and efficiency point of view, discussed the security of the database in detail. In-depth analysis of the database encryption technology and encryption algorithms. Designed a three-key management scheme:the first key for the MD5hash of the user password, the two key as the user key or public user key, the three key named work key. Among them, the user key to encrypt the user’s private data corresponding key, public user key to encrypt the corresponding key of the public data resources, the administrator choose a legal authority for the user’s key encryption public user key for user authorization. For ciphertext query, designed a two-dimensional array index for numeric data. After hash algorithm on the indexed column, its primary key are stored in the two-dimensional array to quickly find the target record to the database using ciphertext index query without decrypting.Based on the above design using the AES algorithm to realize a database encryption system, including key management, data encryption, and ciphertext query function. Key management administrator can give the user authorization, data encryption, complete encryption of the data table the specified field, ciphertext query query based on two-dimensional array index. The query efficiency of the two-dimensional array index in the final performance test, compared with no ciphertext index query. Test data analysis found that two-dimensional array index can effectively improve the efficiency of the numerical data in the database query and have a good effect, especially for the less hit record query, the query result is not ideal but for more hit records. |
PDF Full Text Request