Research On Transparent Encryption Technology Of Oracle Database

As the continuous development of science and technology and the informatization construction getting deeper, computers have been part of people's life and learning.Information has become the most critical resources in this age. However, the data security problems such as information loss of theft events have become the focus of people in present.In this case, the security of database data storage seems more important.The database encryption has become a major method to guarantee the database security.In recent years, lots of achievements in terms of database encryption technology have been proposed. Based on the related results of the current database security, this paper carried on the research on the safety of the Oracle database, especially in terms of achieving its transparent encryption function. The mainly two aspects content of the work in this paper is as follows:Firstly, based on the technology of API Hook and combined with the underlying access interface of the Oracle database, this paper implements transparent encryption function of the Oracle database. In addition, an Oracle database transparent encryption container model is put forward. After divides the model into functional modules, this paper introduces the functions of each module- and implements the features of each module. The implementation mainly uses the Hook technology to intercept the results of the OCI functions. With the help of the coordination between multiple functions, it can obtain the data transmitted between applications and databases. As a result, the functions of data encryption and decryption can be realized;Secondly, this paper carries on the thorough study of the format preserving encryption(FPE) method, which is one of the key technologies to realize database transparent encryption.This paper introduces three current FPE methods on the integer domain and three kinds of encryption model. The three kinds of encryption methods is analyzed and compared in this paper. At the same time, the flaws of the Prefix method in practical application axe analyzed and summarized. In addition, this paper introduces several strategies to improve the performance of the Prefix method. The main implementations are: utilizing a method of combining the table key and the offset key to protect the security of the data; utilizing the table key to generate the uniform replace table used to encrypt data, at the same time, the offset key produces different offsets for the different records, as a result that the encryption ciphers are different while using the same replacement table to encrypt the same attribute value of different records; meanwhile another solution is proposed to encrypt the discontiguous data using the Prefix method.