| Database is the core of the information system,there is no doubt that its security.The basic security measures(user identification,identity authentication,access control,backup and recovery)far from sufficient for strict data security requirements,some more elaborate measures must be used,such as inference channel,privacy protection and data encryption.Database encryption is a relatively safe and effective protection measures that the stored data is encrypted and user protected keys,it’s difficult to identify the lost or leaked data and improve the database security.But there are three key management problems in the encrypted database: firstly,how to generate and store data encryption keys to ensure the confidentiality of encrypted data;secondly,the large amount of data key need to implement efficient key management scheme;the derivation between multi-level keys requires attention to efficiency and security.Aiming at the above problems,the authors studied the key management scheme of encrypted database in different application scenarios,the main research work is as follows.(1)Attribute-Based Encryption(ABE)is an optimal choice for one-to-many data sharing in the cloud environment,but this approach is less efficient and the key update is complex.In order to solve this problem,data sharing scheme supporting fast key updates in the encrypted database was proposed.In the scheme,the data owner encrypts the data key with attribute-based encryption mechanism,which is re-encrypted and distributed to the data user by data center.Data and data keys are distributed and stored in the form of ciphertext throughout the lifecycle,so it will prevent data leakage from server compromise.In addition,re-encryption mechanism is used to support the rapid update of the data key.In this way,it can reduce the user and server workload and improve system security because it doesn’t need secondary encryption after decrypting the data key.The scheme is secure against chosen plaintext attack under the Decision Bilinear Diffie-Hellman(DBDH)assumption in the standard model.(2)A new key management scheme based on Role-Based Access Control and Chinese Remainder Theorem is proposed to solve the problem of large amount of key and high security requirement in encrypted database.The scheme realizes the management of user access rights,and also solves the problems of long data processing time and large amount of system resources brought by a large number of data item keys,and improves the efficiency and security of key management in encrypted database.In addition,this paper studies the key management of hierarchical access control based on Elliptic Curve Cryptosystem.The high-level users in the scheme can derive the key information of the low-level users safely and effectively by using the relational parameters and user keys,and then use the key information to decrypt the encrypted database of the low-level users.(3)A safe and effective key management scheme is presented on the basis of combining database encryption and Number Theory Research Unit(NTRU)signature technology for addressing security issues in the Database as a Server.In this scheme,users select properties parameters according to the structural characteristics of the data table,and then generate data keys that used for encrypting data.Implement NTRU signature on encrypted data after encrypt it.Encrypted data and the signature data are stored together in Database as a Server,the data keys is stored in local secure database that encrypted by the system master key.At last,system master key and NTRU signature verification key stored securely in a hardware security module.Need to verify NTRU signature when decrypt the request data firstly,through the validation can decrypt data,and otherwise don’t need to decrypt the data. |
PDF Full Text Request