基于云存储的密文检索研究和实现

发布时间：2018-04-17 23:39

本文选题：云存储 + 关系型数据　；参考：《北京邮电大学》2013年硕士论文

【摘要】：随着互联网和计算机应用的发展高速发展,时时刻刻都会产生大量的数据,我们进入了一个大数据时代。云计算应运而生,云存储作为云计算的一个具体应用,为大数据时代的个人,中小企业和政府部门的提供了一个相对高效,可靠,成本较低的存储平台。云存储的作为一个第三方平台,具有不可信赖性,把敏感数据放到上面会出现一定的安全问题,最大威胁来自云存储的管理者。解决这个安全问题最有效的办法是对敏感数据加密。对数据加密后,完全返回,然后逐一解密,检索性能急剧下降。本文主要研究云存储环境下的关系型数据库的密文检索问题。对关系型数据库中的数据加密后,破坏了原有的有序性、可比较性、模糊匹配等特性,数据的范围检索和模糊检索变的很困难。针对上述问题,本文基于关系型数据库的特点,在云存储的环境下,提出了关系数据库中的两类重要数据类型数值型和字符型的加密策略和检索策略,并基于云存储服务商xeround提供的MySql数据库进行了实现。本文的主要工作如下： 1.针对云存储提供的关系数据库服务的安全性问题,提出了一种适用于云存储数据库的加密策略,该策略通过变换初始化向量改变数据库中的密文分布规律,初始化向量相当于密钥存在客户端,在数据库中只需要记录变换次数即可,可以有效的避免基于频率攻击方式的攻击。在数据库只需存储一个TINTINT型数据,对数据库造成的冗余很小。在此基础上提出了,提出了基于数值型密文划分器和密钥散列序列的密文检索方式,这种方式能很好的解决等值检索和范围检索。该检索方案返回满足要求的密文,对此密文进行解密即可,避免了不必要的解密和数据传输,提高云存储数据的密文检索效率。 2.针对云存储数据库的关系型数据库中的字符型的模糊检索问题,提出了对字符型数据采用在字符型数据前增加一段随机字符来避免重复数据,然后对该字符串进行AES加密的加密方案。检索方案中提出了基于对偶编码映射的特征值索引的二次检索。对密文检索时,第一次根据关键字的特征值,检索索引字段,过滤掉一部分不满足要求的密文记录；第二次对返回的记录进行解密,然后再次进行检索,返回满足要求的值。通过上述方案,提高了字符型密文数据的检索效率和模糊检索的准确度。 3.本文对云存储数据库进行了实现,利用云存储数据库服务商xeround提供的MySql数据库,结合基于Java Web经典框架SSH(Struts2,Spring,Hibernate),组建了中国社会科学院研究生图书馆管理平台,并根据加密策略,实现了字符型密文检索模块。并进行了测试和验证。
[Abstract]:With the rapid development of Internet and computer applications, a large number of data will be generated at all times, and we have entered an era of big data.Cloud computing came into being, cloud storage as a specific application of cloud computing, for big data era of individuals, small and medium-sized enterprises and government departments to provide a relatively efficient, reliable, low-cost storage platform.Cloud storage, as a third party platform, can not be trusted. There will be some security problems when the sensitive data is placed on it, and the biggest threat comes from the managers of cloud storage.The most effective solution to this security problem is to encrypt sensitive data.After encrypting the data, return completely, then decrypt one by one, the retrieval performance drops sharply.This paper mainly studies ciphertext retrieval of relational database in cloud storage environment.After encrypting the data in relational database, the original characteristics of order, comparability and fuzzy matching are destroyed, and the range retrieval and fuzzy retrieval of data become very difficult.In order to solve the above problems, based on the characteristics of relational database, in the cloud storage environment, this paper puts forward two kinds of important data types in relational database: numeric and character encryption strategy and retrieval strategy.It is based on the MySql database provided by cloud storage service provider xeround.The main work of this paper is as follows:1.Aiming at the security of relational database service provided by cloud storage, this paper proposes an encryption strategy suitable for cloud storage database, which changes the distribution of ciphertext in database by changing initialization vector.Initialization vector is equivalent to the existence of the key in the client, only need to record the number of changes in the database, can effectively avoid attacks based on frequency attack.Only one TINTINT type of data is stored in the database, resulting in minimal redundancy to the database.On this basis, a new ciphertext retrieval method based on numeric ciphertext divider and key hash sequence is proposed, which can solve the problem of equivalent retrieval and range retrieval.The retrieval scheme returns ciphertext that meets the requirements, which can be decrypted, thus avoiding unnecessary decryption and data transmission, and improving the efficiency of ciphertext retrieval for cloud storage data.2.Aiming at the fuzzy retrieval problem of character type in relational database of cloud storage database, this paper puts forward a method to avoid repeating data by adding a random character before character type data.The string is then encrypted by AES encryption.In the retrieval scheme, the quadratic retrieval of eigenvalue index based on dual coding mapping is proposed.In the ciphertext retrieval, the index field is first retrieved according to the characteristic value of the keyword, and a part of the ciphertext record that does not meet the requirements is filtered out. The returned record is decrypted in the second time, and then retrieved again to return the required value.The efficiency of character ciphertext retrieval and the accuracy of fuzzy retrieval are improved.3.In this paper, the cloud storage database is implemented. The management platform of graduate student library of Chinese Academy of Social Sciences is set up based on the Java Web classic framework, which is based on the MySql database provided by the cloud storage service provider xeround, and according to the encryption strategy.The character-type ciphertext retrieval module is implemented.The test and verification were carried out.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP333;TP309.7

【参考文献】