基于DAS模型的云存储加密与密文检索方案的研究与实现

发布时间：2019-03-29 08:29

【摘要】：随着计算机技术和应用地不断发展,企业级用户的数据量呈指数级增长,用于数据存储以及数据维护的成本急剧增加,这在一定程度上消耗了企业的精力。他们不得不为了扩展存储容量而购买更多的硬件设备,甚至需要为此来雇佣专业人员管理和维护这些数据,这在一定程度上限制了原有业务的发展。由此,基于DAS模型的云存储业务应运而生。在该模型下,用户将数据交由第三方的数据库服务提供商保存和管理。然而,新的存储模型也带来了新的问题,由于数据的存储与访问都要依赖于数据库服务提供商,企业很容易受到来自数据库服务提供商内部人员的攻击。若不对数据进行处理,他们可以轻易获取数据。为此,需要将数据进行加密处理后再交由DBSP进行存储和管理。但是加密后的数据失去了原有的相似性、有序性和可比性,致使检索性能大幅度下降。因此如何在保证数据安全性的前提下,提高数据密文检索性能是一个亟需解决的问题。本文的主要研究工作如下:1、针对数值型数据,在加密方面,提出了一种基于IDEA的改进加密策略:即通过随机数字生成函数生成指定范围的随机扰乱数字,将其与经过倍数扩大后的原始明文进行加法操作,以使相同的数值明文经过加密后生成不同的密文。在密文检索方面,提出了一种改进的检索方案;在这种检索方案中,用户端首先通过安全哈希算法SHA-256,对本地持有的密钥进行运算,得到指定长度的数值分布参考序列;然后将原始明文数据按照该序列的分布规律进行编号映射,并将映射结果存入用户端的数据库表中以备后期查询;在此基础上,提出了一种基于折半查找的数值逼近策略的范围检索方案;与原方案相比,该方案借用折半查找的核心思想,有效提高了检索性能。2、针对字符型数据,在加密方面,提出了一种基于IDEA的改进加密策略:即利用随机字符序列生成函数生成固定长度的随机扰乱字符,将其作为首部加在敏感字符数据前。通过实验,这种加密策略相对于以往的加密策略在保证安全性的基础上大大提高了加/解密速度。在密文检索方面,提出了一种改进的桶划分策略,该策略将字符数值化,并在字符划分入桶之前即对桶号进行随机扰乱操作,同时通过随机分配函数指定随机数目的字符划分入桶,将字符转换为所在桶号,实现了字符数据的信息隐藏。最后,提出了一种将基于BloomFilter的改进字符集特征索引生成策略和基于对偶编码函数映射的改进字符位置关系特征索引生成策略相结合的索引生成策略。通过实验,这种双重检索策略较以往的检索策略性能有所提高。3、基于DAS模型环境下,应用阿里云作为第三方DBSP对敏感数据进行托管存储。并应用Java语言,对基于DAS模型的云存储环境下的字符型数据加密和密文检索方案进行了实现。并针对加/解密模块、字符信息隐藏子模块、字符集特征索引生成模块、字符位置关系索引生成模块以及密文检索模块等核心模块进行了代码实现地详细说明。并通过实验对本文提出的加密及密文检索方案进行了验证,证明了其在保证安全性的同时仍具有较高的检索性能。
[Abstract]:With the development of computer technology and application, the data volume of enterprise-class users has increased exponentially, and the cost of data storage and data maintenance has increased dramatically, which has consumed the energy of the enterprise to some extent. They had to buy more hardware devices to expand their storage capacity, and even needed to hire professionals to manage and maintain the data, which, to some extent, limited the development of the original business. Therefore, the cloud storage service based on the DAS model comes into being. In this model, the user places the data to a third-party database service provider for storage and management. However, the new storage model also brings new problems, because the storage and access of the data depends on the database service provider, and the enterprise is vulnerable to the attack from the internal personnel of the database service provider. If the data is not processed, they can easily get the data. To this end, the data needs to be encrypted and then be stored and managed by the DBSP. But the encrypted data has lost the original similarity, the order and the comparability, so that the retrieval performance is greatly reduced. Therefore, it is an urgent problem to improve the retrieval performance of the data cipher text under the premise of ensuring the data security. The main research work of this paper is as follows:1. In the aspect of encryption, an improved encryption strategy based on IDEA is proposed: that is, a random disturbance number of a specified range is generated by a random number generation function, And performing an addition operation on the original plaintext after the multiple expansion so as to generate different cipher text after the same numerical text is encrypted. In the search of the cipher text, an improved retrieval scheme is proposed; in this retrieval scheme, the user end first calculates the locally-held key by the secure hash algorithm SHA-256 to obtain a numerical distribution reference sequence of the specified length; then, the original plain text data is numbered and mapped according to the distribution rule of the sequence, and the mapping result is stored in the database table of the user terminal for later inquiry; on the basis, a range retrieval scheme of a numerical approximation strategy based on the semi-search is proposed; and compared with the original scheme, this scheme uses the core idea of the semi-lookup to effectively improve the retrieval performance. In the aspect of encryption, an improved encryption strategy based on IDEA is proposed, namely, the random character sequence generation function is used to generate the random disturbance character of the fixed length, It is applied as a header to the sensitive character data. Experiments show that the encryption strategy greatly improves the encryption/ decryption speed on the basis of ensuring the security with respect to the previous encryption strategy. in the aspect of cipher text retrieval, an improved bucket division strategy is proposed, And the information hiding of the character data is realized. Finally, an index generation strategy combining an improved character set feature index generation strategy based on a binary filter and an improved character position relation feature index generation strategy based on a dual coding function mapping is proposed. Based on the DAS model, the application of Alibaba Cloud as the third-party DBSP for the managed storage of sensitive data. And a Java language is applied to implement the character-type data encryption and the cipher text retrieval scheme under the cloud storage environment based on the DAS model. And the core modules such as the encryption/ decryption module, the character information hiding sub-module, the character set characteristic index generation module, the character position relation index generation module and the cipher text retrieval module are described in detail. The encryption and cipher text retrieval scheme proposed in this paper is verified by the experiment, and it is proved that it still has higher retrieval performance while ensuring the security.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP333;TP309.7

【相似文献】