摘要
在云数据库环境下,为保证云存储数据的安全性,通常将数据加密存储。针对加密存储数据查询开销大,不支持密文排序,查询等缺点,该文提出一种f-mOPE数据库密文检索方案。该方案基于可变保序编码(mOPE),采用二叉排序树数据结构思想,生成明文一一对应的保序编码;基于AES加密方案将数据明文转化为密文存储;采用改进的部分同态加密算法提升保序加密方案的安全性。通过安全性分析及实验结果表明,该方案在保证数据隐私的基础上,不但能抵御统计型攻击,而且能够有效地降低服务器计算开销,提高数据库处理效率。
In a cloud database environment, data is usually encrypted and stored to ensure the security of cloud storage data. To overcome the shortcomings of encrypting the data that the query overhead is big, the cipher text sortings and query are not support, etc, this paper puts forward a kind of f-mOPE cryptograph database retrieval scheme. Based on the mOPE sequential encryption algorithm, the idea of binary sort tree data structure is used to generate plaintext one-to-one corresponding sequential coding. Data plaintext is converted into ciphertext storage based on the AES encryption scheme. The improved partial homomorphic encryption algorithm is used to improve the security of sequential encryption scheme. The security analysis and experimental results show that this scheme can not only resist statistical attack, but also reduce effectively server computing cost and improve database processing efficiency on the basis of guaranteeing data privacy.
引文
[1]GABEL M and MECHLER J.Secure database outsourcing to the cloud:Side-channels,counter-measures and trusted execution[C].The 2017 IEEE 30th International Symposium on Computer-Based Medical Systems,Thessaloniki,Greece,2017:799-804.
[2]陆海宁.可隐藏搜索模式的对称可搜索加密方案[J].信息网络安全,2017(1):38-42.doi:10.3969/j.issn.1671-1122.2017.01.006.LU Haining.Searchable symmetric encryption with hidden search pattern[J].Netinfo Security,2017(1):38-42.doi:10.3969/j.issn.1671-1122.2017.01.006.
[3]DEMERTZIS I and PAPAMANTHOU C.Fast searchable encryption with tunable locality[C].2017 ACMInternational Conference on Management of Data,Chicago,Illinois,USA,2017:1053-1067.
[4]PENG Tianyue,LIN Yaping,YAO Xin,et al.An efficient ranked multi-keyword search for multiple data owners over encrypted cloud data[J].IEEE Access,2018,6:21924-21933.doi:10.1109/ACCESS.2018.2828404.
[5]AGRAWAL R,KIERNAN J,SRIKANT R,et al.Order preserving encryption for numeric data[C].2004 ACMSIGMOD International Conference on Management of Data,Paris,France,2004:563-574.
[6]BOLDYREVA A,CHENETTE N,LEE Y,et al.Orderpreserving symmetric encryption[C].The 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques,Cologne,Germany,2009:224-241.
[7]LIU Zheli,CHEN Xiaofeng,YANG Jun,et al.New order preserving encryption model for outsourced databases incloud environments[J].Journal of Network and Computer Applications,2016,59:198-207.doi:10.1016/j.jnca.2014.07.001.
[8]TERANISHI I,YUNG M,and MALKIN T.Orderpreserving encryption secure beyond one-wayness[C].The20th International Conference on the Theory and Application of Cryptology and Information Security,Taiwan,China,2014:42-61.doi:10.1007/978-3-662-45608-8_3.
[9]MAVROFORAKIS C,CHENETTE N,O’NEILL A,et al.Modular order-preserving encryption,revisited[C].2015ACM SIGMOD International Conference on Management of Data,Melbourne,Australia,2015:763-777.
[10]ZHANG Huanguo,HAN Wenbao,LAI Xuejia,et al.Survey on cyberspace security[J].Science China Information Science,2015,58(11):1-43.doi:10.1007/s11432-015-5433-4.
[11]LIU Dongxi and WANG Shenlu.Programmable orderpreserving secure index for encrypted database query[C].The 2012 IEEE 5th International Conference on Cloud Computing,Honolulu,USA,2012:502-509.
[12]LIU Dongxi and WANG Shenlu.Nonlinear order preserving index for encrypted database query in service cloud environments[J].Concurrency and Computation:Practice and Experience,2013,25(13):1967-1984.doi:10.1002/cpe.2992.
[13]张成果.CryptDB密文数据库系统研究[D].[硕士论文],南京邮电大学,2017.ZHANG Chengguo.The research of cryptDB encrypted database system[D].[Master dissertation],Nanjing University of Posts and Telecommunications,2017.
[14]POPA R A,REDFIELD C M S,ZELDOVICH N,et al.processing queries on an encrypted database[J].Communications of the ACM,2012,55(9):103-111.doi:10.1145/2330667.2330691.
[15]POPA R A,LI F H,and ZELDOVICH N.An ideal-security protocol for order-preserving encoding[C].2013 IEEESymposium on Security and Privacy,Berkeley,USA,2013:463-477.doi:10.1109/SP.2013.38.
[16]VAN DIJK M,GENTRY C,HALEVI S,et al.Fully homomorphic encryption over the integers[C].The 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques,French Riviera,2010:24-43.