The Research Of CryptDB Encrypted Database System

With the rapid development of cloud computing,cloud storage service which is an important component has been widespread concerned.Due to losing the physical control of the data,its security can not be guaranteed.One solution to solve the aboving problem is to encrypt the data.However,customers can not query or operate the data directly when they are encrypted with traditional encryption algorithm.Server-side ciphertext must be downloaded and decrypted in the local machine before they can be operated and the modified data must be encrypted again before uploading them into the cloud.Obviously,in the face of the massive demands for data storage,the efficiency of this scheme is far lower than the plaintext database.It is an urgent problem that performing efficient operations on ciphertext without decrypting them in the cloud environment.In this thesis,the ciphertext computing algorithm in the relational database is studied based on CryptDB which is an open source ciphertext database system designed by MIT artificial intelligence laboratory.In order to improve the efficiency of ciphertext computation,this thesis combines selective encryption strategy with CryptDB system and has proposed a self-defined sensitive field detection algorithm.Experiments show that the effiency and practicability of the CryptDB system are improved with the decrease of the number of encrypted fields and the reduction of time in ciphertext computation and storage space without reducing the security of the database.It appears that the order-preserving encryption algorithm in the original system has greatly reduced the efficiency of selective encryption strategy due to their computational overhead.An improved security and efficient Order-Preserving encryption algorithm is proposed which costs lower and hides the statistical properties of the data by adding secondary random noise to the order-preserving index and mapping it into the extended data space.Through the analysis of security and performance testing,the scheme has higher security and the advantage of resisting the Chosen-Plaintext Attack and Statistical Attack.