摘要
密态数据库技术是密码学[Stallings W,2001;Atul Kahate,2005]与数据库[Chaudhuri S.,2001;Haraty,2003;Preston Carole,2002;Bettino Elisa,2002]技术的融合,在这个结合的技术中,人们在方便使用数据库技术的同时,存储的数据得到更加安全的保密。但是这种结合的技术带来了新的问题。由于加密后的数据库通常不再具有原先的特性,传统的数据库操作将不能用于密态数据库。另外,数据库的加密也将给查询、运算等的执行效率产生较坏的影响。在密态数据库环境中,为了向用户提供信息服务,系统通常需要通过解密获得原始信息。但从另一个方面来看,数据库解密后,就将导致大量的用户数据暴露。因此同态[Rivest,1978;Domingo-Ferrer,1996]运算将是密态数据库实施所面临的最主要研究问题。
加密[Bruce Schneier,1996]模型、密钥管理[Damiani,Ernesto,2005]、同态操作和密态处理[Domingo-Ferrer,1997;N.Ahituv,1987;Wu Xintao,2005]以及有效利用是密态数据库研究的主要任务。
建立合适的密态数据库加密模型需要考虑两个主要问题:一是要考虑加密的粒度和加密的层次;二是要考虑操作的效率,即在安全性和易用性方面寻找平衡点。为了建立加密模型,主要讨论了数据库的基本结构、数据库系统的层次模型以及操作效率等问题。
密态数据库的安全保障主要取决于在密文下处理数据。同态操作概念的提出使我们有信心直接进行密文运算。但目前的情形只适合算术运算,并且算法有缺陷。
密态数据库下利用密码学技术加密数据,其决定安全性的密钥管理及生成问题也是期待较好解决的问题。
密态处理使我们保证数据库安全性的同时为用户提供数据挖掘和个性化服务。
有效利用是我们研究密态数据库理论的最终目标。
本文在收集和分析大量近年来国内外数据库安全方面的研究报告学术论文等专业资料的基础上对数据库安全所涉及的若干理论问题包括密文挖掘等问题进行了探讨。主要工作包括:
1.对数据库系统的理论进行了研究,分析了其不安全性的产生原因并讨论了各种解决方法。包括从操作系统底层进行安全保护和从其上层进行安全控制的实现方法,并分析了其优缺点。结论是必须根据特定应用的要求进行正确选择,从而在安全性和易用性方面实现权衡。为进一步研究密态安全数据库问题提供了基础和研究角度。
2.分析了目前已有的密文索引模型,提出了一个较安全的改进性控制方法。该方法通过平均差值排序来隐藏明文序列。对字段级加密,通过引入干扰因子来隐藏信息的泄露。并对可能出现的有限值域信息泄露进行了研究。对文献[5]提出的防泄露算法进行了分析。通过实验结果表明:文中提出的方法在增强数据安全的同时,也具有较短的响应时间。采用将数据置乱,尽量避免使用指针以防止泄露联系,存储位置的联系完全取决于函数依赖。研究各种变换技术所产生的算术运算效果。
3.对安全数据库系统中的密态操作问题进行了研究,文献[戴一奇等,1997;崔国华等,2000]提出一种索引机制,但安全性和任务分配存在问题。文献[杨勇等,2005;王晓峰等,2003]提出用一种秘密同态的技术解决此问题。但如何实际实现未提及。提出了基于秘密同态的实现模型,分析了整数算术同态和实数算术同态的实现。在代数范围内对同态变换进行了研究。为实现加密数据的比较运算,保序加密理论提出了一种解决方法,并分析了其各自的特点。提出一种改进的同态操作算法,该算法避免了E(m_1)-E(m_2)=m_1-m_2的缺陷。
4.针对目前的C/S模式的数据库应用系统提出了实现安全科学计算的一种新的途径。根据实际应用,结合各种方法之优缺点,提出依靠Matlab系统通过秘密同态和安全套接层来保证科学计算中数据的安全性。并提出基于数据库的在线改进计算模型,借助秘密同态来实现安全算术运算。对如何提高在线安全计算提供了一个可参考的方法。在线实现WEB技术是指服务端根据客户端的请求自动生成新的相应页面.相应页面在服务端完成后,传至客户端。数据的处理在服务端执行。
5.基于密态的数据挖掘是安全数据库应用系统中的另一个重要研究领域。对实现隐私保护的数据挖掘提供了一种解决途径。分析了数据挖掘理论及在密态下的实现途径。为了解决这个问题,我们引入第三方代理。首先,将需要挖掘的部分加密后传送到代理,以避免代理泄露数据。如果服务商需要执行相关的数据挖掘,就发送请求到第三方。代理在密态下执行运算。最后代理将加密的结果传送给服务商,服务商通过解密获取结果。
6.研究了利用手写体技术自动生成密钥的问题。基于手写体特征的密钥生成将生物特征与应用密码有机结合。使在生成安全便利密钥的同时,加入了用户的个性化特征,进一步增强了信息系统的安全性。
概括起来,本论文在分析数据库理论和已有的密态理论基础上,探讨了其运行机理,并在相关理论改进和应用方面作了许多工作,为数据库安全增添了新的血液。进一步深入研究其理论基础和拓宽其应用领域是今后工作的研究重点和发展方向。
With the technical development of computer, the great important data is processed through computer and saved to storage.The computer suffers the attack of the external world easily. Therefore the safety of database has the higher realistic meaning and theories meanings.The security of database information become the key part of the modern information.The acquired achievements of this dissertation are summarized as follows:
A. Study on database system
This paper Carry on the research to the theories of the database system, analyze its insecurity reason and discuss various solve the method.
B. In order to imp rove database security, and to avoid information exposing of access control strategy, data item was used as the encryp ted p rincip le, app lying its p roperty of basic granularity to strengthen the database security. Some solved method was given in the database currently. A new query algorithm was used to acquire imp roved encryp ted data. The p roposed algorithm uses average-value as p rincip le to conceal the clear statement sequence. For field encryp tion, the information exposing was avoided by interference factor. A kind of information exposure of encryp ted database was given in limited value area. The simulation results p roved that the database security ofmodified method is higher than other method, and modified method has shorter response time.
C. Encryp ted database are an effective method to realize database security. A quick index is raised in paper [Dai Yiqi, 1997].But there isdeficiency about security and task allocation. Privacy homomorphism is raised to discuss this p roblem in paper [Yang Yong, 2005]. A module based on p rivacy homomorphism is presented, and mathematic method on p rivacy homomorphism is discussed. It is p roved that thismethod is impossible in the range of the real, and a new operation must be defined.
D. How to improve secure computing is a important problem in science computing. This paper analyzes dynamic network technique and Web system of Matlab firstly. Then put forward the improvement project of the database for the purpose of the further analysis. It puts a referenced method to how to improve secure computing.
E. A Modified Model for Secure Database.
In order to improve personal data security in database, and to avoid information exposing of personal privacy, personal data was used as the encrypted principle, applying homomorphism and random perturbation to strengthen personal data security. This paper analyze the usage of personal data in electronic commerce firstly, Then discuss realization security of personal data. In light of this, a new algorithm was used to acquire improved security. The proposed algorithm uses homomorphism as principle to preserve privacy. This method can make the important data to be appeared with secret content in the web service, and prevent personal data from being misused. The simulation results proved that the modified method can protect personal privacy effectively, and can carry on data mining to provide the characteristic service for the customer, and modified method has shorter response time.
F. Study on automatic key-generation based on speech technique.
Summarily, the dissertation does a great deal of work in the aspect of studying encrypted database theory and applications, while having acquired many achievements of which inject new blood for secure database. Besides, these models will be further enriched and consummated. Our research, from now on, will be focused on compressively studying their theoretical foundations and exploring their applying area.
引文
[1] Rivest R L, Adleman L, Detrouzos M L. On Data Banks and Privacy Homomorphism[C]. Foundations of Secure Computation New York: Academic Press, 1978:169-179
[2] Domingo-Ferrer J.A New Privacy Homomorphism and Applications [J].Information Processing Letters, 1996, 60(5): 277-282
[3] Domingo-Ferrer J.Multi-application Smart Cards and Encrypted Data Processing. Future Generation Computer Systems, 1997,13
[4] Atul Kahate. Cryptography and network security [M]. Tata McGraw-Hill Companies,2005
[5] http://www.0791book.com/Article/
[6] http://www.mathworks.com
[7] Cormen T, Leiserson C, Rivest R. Introduction to Algorithms. Cambridge, MA: MIT Press, 1990
[8] N.Ahituv,Y,Lapid and S.Neumann.Processing encrypted data,Comm.ACM 20(1987)777-780
[9] W.Adams and D.Shakes.Strong Primality Tests That Are Not Suffcient.Mathmatics of Computation. 1982
[10]D.E.Bell and L.J.Lapadula,Secure Computer Systems:A Mathematical Model.Report MTR-2547,MITRE Corp, 1973
[11]Bruce Schneier. Applied Cryptography Second Edition: protocols, algorithms, and source code in C. John Wiley &Sons, Inc., 1996
[12] Wu Xintao,Wang Yongge,Zheng Yuliang.Statistical database modeling for privacy preserving database generation.ISMIS2005 Proceedings, 2005, p382-390
[13]Damiani, Ernesto; Jajodia, Sushil; De Capitani Di Vimercati, S.; Paraboschi, Stefano; Foresti, Sara; Samarati, Pierangela. Key management for multi-user encrypted databases. Proceedings of the 2005 ACM Workshop on Storage Security and Survivability,2005, p74-83
[14]Chaudhuri, S.; Dayal, U.; Ganti, V.Database technology for decision support systems[J].Computer,v34, n12,December,2001 ,p48-55+28
[15]Haraty, Ramzi A. Database technology: Track chair message.Proceedings of the ACM Symposium on Applied Computing, 2003, p502
[16]Preston, Carole ; Lin, Binshan.Database technology in digital libraries. Information Services and Use, v22, n1, 2002, p9-17
[17] Bertino, Elisa; Bouguettaya, Athman.Database technology on the Web.IEEE Internet Computing, v 6, n 4, July/August, 2002, p 31-32
[18] Wang M L, Lam W, Leung K S, et al. Discovering Knowledge from Medical Databases Using Evolutionary Algorithms[J].IEEE Engineering in Medicine Biology,2000, 19(4): 45-55
[19]Stefanowski J, Slowinski K. Rough Sets as a Tool for Studying Attribute Dependcies in the Urinary Stones Treatment Data Set, in Rough Sets, and Data Ming: Analysis and Imprecise Data, T.Y.Lin and N.cercone(Eds),Dordrecht, The Netherlands: Kluwer, 1997: 177-196
[20]Tsumoto S. Extraction of Experts' Decision Process from Clinical Database Using Rough Set Model. In Proc. First Eur. Symp.PKDD' 97, Trondheim, Norway, 1997: 58-67
[21]Brumen B, Welzer T. Protecting Medical Data for Analyses.Proceedings of the 15th IEEE Symposium on Computer-based Medical Systems (CBMS 2002),2002
[22]Agrawal R and. Srikan R t. Privacy- Preserving Data Mining[J].Proc. of ACMSIGMODIntl. Conf. on Management of Data, 2000.
[23]Lindell Y and Pinkas B. Privacy preserving data mining [J]. In Advances in Cryptology- CRYPTO, 2000 (2000), 36-54.
[24]Vaidya J and Clifton C. Privacy pre - serving association rule mining in vertically partitioned data [R]. In the 8th ACM SIGKDDInternational Conference on Knowledge Discovery andData Mining, 2002, 639-644.
[25] S Castano,M G Fugini,et al. Database Security[M].Addison Wesley, 1994
[26] Chris Strahorn. Security in Next-Generation Databases[C].University of California, 1998
[27]Sushil Jajodia.Database Security and Privacy[J].ACM Computing Surveys, 1996,28(1).
[28]Dorothye E Denning,Peter J Denning.Data Security [J] .Computing Surveys, 1979,11(3)
[29]Sesay, Samba ; Yang, Zongkai; Chen, Jingwen; Xu, Du.A secure database encryption scheme.CCNC2005, 2005, p 49-53
[30]Zhu, Luhua; Chen, Rongliang.Design and implementation of database encryption system. Jisuanji Gongcheng/Computer Engineering, v 28, n 8, August, 2002, p 61.
[31]Chunyong Yin, Jianshi Li, Ruxia Sun. A Modified Model for Private Data Security Facing E-commerce.SNPD2007,2007
[32]Chunyong Yin, Ruxia Sun, Qi Luo. On Speech Emotion Recognition System in E-learning.CCC07,2007
[33]Chunyong Yin, Qi Luo.Research on Personality Mining System in E-Learning by Using Improved Association Rules.ICMLC2007,2007
[34] Yu, Han.; Zhao, Liang; Xu, Wei-Jun; Niu, Xia-Mu; Shen, Chang-Xiang.Research on a new method for database encryption and cipher index.Tien Tzu Hsueh Pao/Acta Electronica Sinica, v 33, n SUPPL., December, 2005, p 2539-2542
[35]Yuan, Chun; Wen, Zhen-Kun; Zhang, Ji-Hong; Zhong, Yu-Zhuo. Progress of cryptographic access control and encryption security database. Tien Tzu Hsueh Pao/Acta Electronica Sinica, v 34, n11, November, 2006, p 2043-2046
[36]Hacigumus, Hakan; Iyer, Bala; Mehrotra, Sharad.Query optimization in encrypted database systems.DASFAA 2005, Proceedings, 2005, p 43-55
[37] Wagner, Neal R. ; Putter, Paul S.; Cain, Marianne R. ENCRYPTED DATABASE DESIGN: SPECIALIZED APPROACHES.Proceedings of the Symposium on Security and Privacy, 1986, p 148-153
[38]Kim, Won.RELATIONAL DATABASE SYSTEMS.ACM Computing Surveys, v 11, n 3, Sep, 1979, p 185-211
[39] Yin, Shuxin ; Ray, Indrakshi.Relational database operations modeling with UML.AINA 2005,2005, p 927-932
[40]Runkler, Thomas A. Data mining.Proceedings of the IEEE International Conference on Fuzzy Systems, FUZZ-IEEE 2005, 2005, p1
[41]Brady, Thomas F. Simulation data mining.IIE Annual Conference and Exposition 2005,2005, 6p
[42]Berger, Gerald ; Neuschitzer, Fritz. Mining the data. International Water Power and Dam Construction, v 55, n 7, July, 2003, p 38-42
[43] Anon.Data mining.PC AI, v 15, n 6, November/December, 2001, p11
[44]Doerr, Christopher R.MATLAB for beginners.Optics and Photonics News, v 10, n 7, July, 1999, p 41-42
[45] Weaver, Mark.Modeling with MatLab.Dr. Dobb's Journal of Software Tools for Professional Programmer,v22, n11, Nov, 1997, p80
[46]Wirth, M.A.; Kovesi, P.MATLAB as an introductory programming language.Computer Applications in Engineering Education, v14, n 1, May, 2006, p20-30
[47]Lysiak, Keith; Polendo, Jason.A generalized MATLAB-based distributed-computing optimization tooI.S International Conference on Wireless Communications and Applied Computational Electromagnetics, 2005, p 170-173
[48]Dai, Yiqi; Shang, Jie; Chen, Wei; Su, Zhongmin. New key management scheme in database encryption.Qinghua Daxue Xuebao/Journal of Tsinghua University, v35,n4,Aug, 1995, p 43-47
[49]Damiani, Ernesto ; Jajodia, Sushil; De Capitani Di Vimercati, S.; Paraboschi, Stefano; Foresti, Sara; Samarati, Pierangela.Key management for multi-user encrypted databases.Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, StorageSS'05 - Proceedings of the 2005 ACM??Workshop on Storage Security and Survivability, 2005, p 74-83
[50]Ozsoyoglu, Z. Meral; Wang, Jian.A keying method for a nested relationaldatabase management system .Proceedings - International Conference on DataEngineering, Jan, 1992, p 438-446
[51]Dromey R. Geoff.COMPACT AND EFFICIENT FILE STRUCTURE FORSEARCHING LARGE GENERIC-KEYED DATABASES. AN APPLICATIONTO MASS SPECTRAL DATA.Journal of Chemical Information and ComputerSciences, v 18, n 4, Nov, 1978, p 222-225
[52]Freire-Santos, M. ; Fierrez-Aguilar, J.; Ortega-Garcia, J.Cryptographic keygeneration using handwritten signature.Proceedings of SPIE - The InternationalSociety for Optical Engineering, v 6202, Biometric Technology for HumanIdentification Ⅲ, 2006
[53]尹春勇,李坚石,孙汝霞.安全科学计算系统SSCS实现.计算机工程与设计, 2007,9
[54]尹春勇,李坚石,孙汝霞.秘密同态模式的研究.计算机应用与软件.2007.11
[55]尹春勇,李坚石,李少波. 一种结合秘密同态的在线安全计算研究..计算 机应用研究.2007,12
[56]马建平,敏感信息存储安全理论与实践,博士学位论文,华中理工大学,1998
[57]许向阳,王元珍,冯玉才.多级安全数据库管理系统MLSDBMS的设计与实现. 计算机工程与应用,1997,Vol.12(1),P.5-7
[58]邓纳姆.数据挖掘教程.出版社:清华大学出版社,2005
[59]C.J.Date著,孟小峰,王珊等译,数据库系统导论,机械工业出版社,2000
[60]张徽燕,张胡.数据库系统访问控制技术研究[J].情报杂志.2005(04): 77-78.
[61]蒋贊贊,吴承荣,张世永.数据库访问控制模型分析[J].计算机工程与应用. 2002(13):183-185.
[62]胡兆玮,于万钧,杨博.使用控制授权模型的安全性研究[J].计算机应用研 究.2008(01):226-229.
[63]罗星,汪卫,施伯乐.安全数据库访问控制模型[J].计算机应用与软件.??2007(02).
[64]赵宝献,秦小麟.数据库访问控制研究综述[J].计算机科学.2005(01): 88-91.
[65]袁春,文振煜,张基宏,et al.基于密码学的访问控制和加密安全数据库[J]. 电子学报.2006(11):2043-2046.
[66]朱勤,骆轶姝,乐嘉锦.数据库加密与密文数据查询技术综述[J].东华大学 学报(自然科学版).2007(04).
[67]尚晋,徐江峰,黄小粟.基于B/S结构的数据库加密研究[J].计算机科学. 2005(08).
[68]赵立平.数据库的数据加密[J].河北农业大学学报.2003(S1).
[69]李亚秀,刘国华,余靖.数据库中的数据加密技术[J].燕山大学学报. 2006(04).
[70]王晓峰,王尚平,秦波.数据库加密方法研究[J].西安理工大学学报. 2002(03).
[71]冯朝胜,秦志光,袁丁.数据库加密系统密钥管理模块的设计[J].电子科技 大学学报.2007(05).
[72]刘自伟,罗燕琪,段琦.加密算法与密钥生成技术在数据库加密中的应用[J]. 计算机时代.2007(06).
[73]罗军.数据库加密中动态密钥生成算法研究[J].计算机与现代化.2007(03).
[74]邓婕,周珩.数据库密钥管理机制研究[J].天府新论.2006(S2).
[75]冯朝胜,袁丁.密钥管理在数据库加密系统中的应用研究[J].四川大学学报 (自然科学版).2005(06).
[76]王瑾,刘自伟,黄晓芳.密钥管理在数据库加密中的应用[J].兵工自动化. 2005(01).
[77]余祥宣,闵锐.一个面向对象的单域数据库密钥管理模型[J].华中科技大学 学报(自然科学版).1999(S1)
[78]严和平,汪卫,施伯乐.安全数据库的推理控制[J].软件学报.2006(04).
[79]李黎明,秦小麟.安全数据库概述与前瞻[J].计算机系统应用.2005(05).
[80]樊克利,姜建国,程斌.数据库文件的结构分析与加密方法[J].计算机应用.??1999(05).
[81]熊新阶.Fox系列数据库结构描述文件的新特性[J].计算机工程.1998(05).
[82]钱培德,吕强,朱巧明,et al.试析Microsoft文件系统的关键数据结构[J]. 计算机研究与发展.1997(01).
[83]李鹰,蔡碧野,黄道昌,et al.FoxPro和Visual FoxPro的表文件的结构分析[J]. 微型机与应用.2001(10).
[84]王建军,俞金海,胡继普,et al.在ACCESS中如何实现数据库的安全[J].计 算机应用研究.1998(01).
[85]仲红,.安全多方计算的关键技术分析[J].安徽农业大学学报,2007,(2).
[86]刘木兰,.密钥共享体制与安全多方计算[J].北京电子科技学院学 报,2006,(4).
[87]朱珂,姚重俭,朱培栋,卢锡城,.基于安全多方计算的BGP策略冲突检测算法 [J].计算机工程与科学,2006,(12).
[88]朱岩,杨永田,孙中伟,冯登国,.基于安全多方计算的数字作品所有权证明(英 文)[J].软件学报,2006,(1).
[89]王磊,祝跃飞.Mix-Match安全多方计算的一个注记[J].信息工程大学学 报,2005,(1).
[90]李强,颜浩,陈克非,.安全多方计算协议的研究与应用[J].计算机科 学,2003,(8).
[91]陈晓明,李军怀,彭军,刘海玲.隐私保护数据挖掘算法综述[J].计算机科学. 2007(06).
[92]陈芸,张伟.隐私保护数据挖掘方法的研究[J].微计算机信息.2006(21).
[93]吕品,陈年生,董武世.面向隐私保护的数据挖掘技术研究[J].计算机技术 与发展.2006(07).
[94]王令群,郑应平,张术.数据挖掘及隐私保护在医学中的应用[J].计算机工 程.2005(10).
[95]李蒙,宋翰涛.数据挖掘中隐私保护的随机化处理方法[J].计算机工程与科 学.2005(02).
[96]王春爽.数据库加密中的二级密钥体制[J].商场现代化.2008(02).
[97]冯朝胜,秦志光,袁丁.数据库加密系统密钥管理模块的设计[J].电子科技 大学学报.2007(05).
[98]秦军,王正飞,谈子敬,et al.一种数据库加密及密钥管理方法[J].计算机应 用与软件.2006(12).
[99]冯朝胜,袁丁.密钥管理在数据库加密系统中的应用研究[J].四川大学学报 (自然科学版).2005(06).
[100] 王庆梅,吴克力,刘凤玉,et al.一种子密钥数据库加密算法及其密钥管 理方案研究[J].计算机工程与应用.2003(11).
