| No SQL database is becoming increasingly more popular due to its outstanding capabilities of high concurrency and high availability.As No SQL database is relatively new,the research focuses on designing the data storage model with high availability and high reliability instead of the security aspect of storage encryption.In the meanwhile,more users prefer to store their data in cloud since No SQL databases are often deployed in a cloud-based form.In order to ensure the protection of users' privacy,it is significant to exploit the storage encryption to enhance No SQL database security.This paper proposes a secure storage encryption solution,which is based on the secure proxy.The mainstream Mongo DB is selected as the research object among various databases,and the storage encryption service will be provided transparently by SNProxy as a secure proxy server.First,we survey the current situation of No SQL storage security,and analyze the shortcomings in the existing solutions.Then,the key technologies involved in the solution,such as encryption technology,hash algorithm and searchable encryption,are discussed.Moreover,a searchable encryption algorithm named SCS is designed and implemented,which includes encryption,decryption and cipher-text matching operations.The algorithm security is also analyzed based on the trust and threat model.SCS algorithm is one of the most vital components in our solution.While the traditional searchable encryption algorithm has the limitation of only supporting query based on key works,SCS algorithm has been improved by adding the query based on regular expression in Mongo DB,and hence it supports the fuzzy query in encrypted database.Next,the secure proxy named SNProxy is designed and implemented,including modules of communication proxy,encryption/decryption and key management.The communication proxy maintains the network connection between client and database,and intercepts requests and responses.The encryption/decryption module utilizes Onion encryption model,and allows special encryption algorithm to process data.So query can be performed without decryption and the final result returns to users in the form of plaintext.The key management module adopts a key chain management scheme,which solves the problem of multi-user key storage and ensures the security of users' keys.Finally,a test environment is set up to verify the function and performance.The result shows that the time cost and the proportion of data expanding are acceptable.In addition,the solution is practical because the user application need not be developed in a special way due to proxy transparency. |
PDF Full Text Request