| Data is the core and foundation of information system,which provides important support for various services in the Internet.With the rapid development of cloud computing,cloud storage has become the mainstream solution of data storage.However,there are many security problems in cloud environment,which make cloud data face severe security challenges.Encryption is an important method to ensure the security of cloud data.Under this circumstance,fine-grained and customizable encryption schemes on database need the support from technology on massive key management.This thesis focuses on the problem of massive key management in database under fine-grained encryption scenario,and analyses the threats and challenges faced by key management in this scenario.In the scenario of fine-grained data encryption,the key management system will distribute keys for each encrypted object separately.In this situation,the key management system will generate a large number of keys.The security of these keys is the basis of the security of the whole encrypted database system.At the same time,when the users read and write data through the encrypted database system,a large number of keys will be used to encrypt and decrypt the data.During the process of keys,the time cost will affect the performance of the whole system.Aiming at improving the performance of massive key management in cloud encryption database system,this thesis applies hash tree to key management strategies,and proposes an efficient key management scheme.The scheme achieves the fast mapping from encrypted object to its key,and designs an algorithm based on the mapping relationship.It achieves efficient generation,fast query,flexible update and immediate cancellation on massive keys.The scheme mainly reduces the time cost of keys generation and keys query.Compared with the traditional scheme of encrypting data key with master key,the time consumption of keys generation and keys query is reduced obviously.Aiming at solving the security problems caused by key leakage in key management system,this thesis proposes a secure storage scheme based on hash tree key management model.The scheme does not store the information of keys directly,but stores the hash value of the encrypted object,and generates the key with the path information in the process of finding the hash value in the hash tree.Because the key is calculated while the system is running,the security of keys can be guaranteed when the key file is leaked.At the same time,because of the unidirectionality of hash operation,it ensures that the leakage of partial keys will not destroy the confidentiality of other data.In security analysis,the scheme can resist chosen plaintext attack.Based on the model above,this thesis designs and implements a key management system based on hash tree.The system achieves fast distribution of million-level keys,efficient key query,flexible key update and key security cancellation,and achieves the secure storage of key data.At the same time,an encrypted relational database system is built which supports column-level encryption.After the performance test,the experiment data shows that the scheme reduces the time consumption by 80% and reduces the storage cost by 30% compared with the hierarchical key management scheme. |
PDF Full Text Request