Research On Database Encryption Based On Searchable Encryption

With the development of cloud storage,there is an increasing number of users who outsource their databases to cloud servers for saving local storage resources.How the confidentiality of the data can be ensured in the untrusted server has become one of the popular research topics.Database encryption is an encryption algorithm using searchable encryption technology that can be utilized to ensure data confidentiality while still allowing users to search and even dynamically update the database.There are mainly two problems with existing database encryption technologies.(1)Existing research on database encryption mainly focuses on the single keyword search.It means that when a user wants to perform a conjunctive search on an encrypted database,he needs to execute the single keyword search protocol several times and decrypt the search results locally to get the final result.(2)The majority of database encryption research so far has concentrated on exploring unstructured datasets,while structured databases such as relational databases have been neglected.In addition to the tradeoff between security and efficiency of database operations,researchers often exclude the security requirement of protecting database access patterns.Based on the aforementioned problems,this thesis consists of the following three parts.(1)A database encryption scheme ODXT-p that supports conjunctive search with forward/backward privacy is proposed.It supports fine-grained update operations and prevents the incorrect search results of repeated database update operations performed by other researchers.(2)This thesis proposes another database encryption scheme SEr D with forward/back-ward privacy that can hide access patterns,with a variant that is applicable for distributed storage systems of SEr D.The scheme is constructed for structured databases and can protect the access patterns of databases.SEr D outsources Oblivious Sorted Multimap(OSM)to the server,which allows users to search the database by retrieving only part of the encrypted indexes.The proposed SEr D system adopts SGX to transfer the computational overhead of the client to the hardware enclave platform and protects the communication between the user and the hardware enclave by constructing an authenticated encrypted channel.(3)We present a formal analysis of the two proposed schemes' security.We then demonstrate the practicality of the schemes by evaluating the communication overhead,storage overhead,and computation overhead of the schemes.