Encrypted Database Based On Transparent Data Encryption And Query Over Ciphertext

Database is essential for many computer systems.Secret leakage from a database could cause economic losses and terrible social impact.Attacks from hackers and betrayal from internal staff are the main threats for databases.Encrypted Database is an effective countermeasure for these threats.Encrypted Database is an approach to prevent leakage from databases by encrypting data in the database.It can be learnt from current Encrypted Database schemes that there are still a lot of shortcomings to be overcome.Some schemes are hard to deploy,and their performances are affected by clients;Some schemes do not care about the security of middleware they deployed,but just believe it's trustable;Other schemes are either slow or unsafe,therefore far from practical.Hence,in this paper we propose an improved scheme with following works:1.We summarized current Encrypted Database schemes and related query techniques,and classify these schemes into 3 categories.We analyzed proxy-based scheme Crypt DB and SGX-based scheme Crypt SQLite in detail.2.In order to address the security issue of proxy in proxy-based schemes,we proposed a novel SGX-proxy based Encrypted Database scheme.It protects secret data and keys by moving all security-critical operations into SGX enclaves.It can prove its creditability via SGX remote attestation.It encrypts the encryption keys using SGX sealing to make sure no one other than itself can decrypt them.3.Based on our scheme,we proposed a dynamic partition-based strategy to achieve ciphertext indexing.It marks partitions for ciphertexts when executing the conditional query,and the partitions will be used in later conditional queries to locate proper ciphertexts before decryption and filtering,thus the query performance over ciphertext can be improved.In the meantime,it keeps the partition information in SGX enclaves to prevent attacks by inferring from partitions.4.We implemented our scheme and tested it in terms of functionality and performance.The results show that our scheme is practical and efficient,and our ciphertext indexing strategy is more efficient than the classic order-preserving encoding based indexing strategy.