| As a platform for the storage of information, database security gets more and more attention. Although the access control measures of database management systems can provide security guarantees to a large extent. That’s not enough, some attackers could go directly inside the database through the loopholes in the system to bypass the firewall and query the data. As a result it makes great threat to the database. In addition to the threat of external attack, there is greater threat which come from within the system or the database administrator. The database administrator don’t need to bypass the firewall and has the highest privileges to access the database. And how to guard against internal attacks is an important object in this research.Encrypting sensitive information in the database is an effective method to prevent the internal attacks. This paper researches on the technology of database encryption, and it provides a database encryption middleware program which is based on field-level encryption and develops a system for demonstrating. Through related experimental analysis of the system, it shows that the system can work well, and proves the feasibility of the program.Main work of the paper are as follows:First, it introduces the research and achievements in transparent database encryption at home and abroad in recent years. And it presents the technology of the transparent database encryption. In addition, the characteristics of a common database encryption scheme are summarized. Second, this article achieves a middleware system that mainly consists of seven logical components. The seven logical components that are cryptographic engine, key vault, key manifest, key manager, cryptographic provider, cryptographic consumer and protected data are studied in detail. Finally, it shows that the program that is provided in this article is correct and feasible through the experiments.After a summary of this work, the main innovation can be summarized as follows:1) The business data and key data are stored in two databases that are business database and key database. The administrator can also be divided into business database administrator and key database administrator. The administrator’s permissions are divided by the system.2) The system takes a special technology to protect the master key. It divides the master key into a confusion of keys and key mask, and put them in difference place.3)It designs a query program based on word for word concordance. The program can reduce the number of records required to decrypt effectively, and improve query efficiency. |
PDF Full Text Request