计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (9): 67-74.DOI: 10.3778/j.issn.1002-8331.1612-0230

• 网络、通信与安全 • 上一篇    下一篇

用户可自定义的低调整率保序加密算法

孙彦珺,杨  庚,史经启,刘国秀   

  1. 南京邮电大学 计算机学院、软件学院,南京 210003
  • 出版日期:2018-05-01 发布日期:2018-05-15

User-definable order-preserving encoding with low adjusting ratio

SUN Yanjun, YANG Geng, SHI Jingqi, LIU Guoxiu   

  1. School of Computer Science & Technology, School of Software, Nanjing University of Posts and Telecommunications, Nanjing 210003, China
  • Online:2018-05-01 Published:2018-05-15

摘要: 不可信云计算环境下存储数据的隐私保护问题已逐渐引起人们的关注,目前保护数据隐私安全的方法之一是采用加密技术将数据加密后再存储到数据库,但必须要解决对密文的运算、检索等问题。提出一种可变保序编码方案gmOPE,基于广义平衡二叉搜索树(AVL-N)进行保序编码,允许用户自定义加密算法与调整策略,保证加密的信息保留明文的顺序关系,使用户能直接对数据库中密文进行高效的顺序相关查询。gmOPE支持任意数据类型的保序加密,运用新型重平衡调整策略,提高数据库增减操作的效率。实验结果表明,gmOPE方法有效地降低了用户与数据库交互和编码变更带来的额外开销,提高了密文数据库的运行效率。

关键词: 密文数据库, 保序加密, 广义可变保序编码

Abstract: Privacy preserving in untrusted cloud environment has gradually aroused people’s attention. One of the major ways to solve this problem is to use encryption technology. Data are encrypted first and then are stored into database in cloud. However, it is necessary to find a way to operate and retrieve the encrypted data directly. A scheme, named as general mutable Order-Preserving Encoding(gmOPE), is proposed. Based on generalized balanced binary tree, gmOPE allows user to choose a specific encryption algorithm and customize the adjustment strategy. And it can support order-related operations over the encrypted data efficiently by ensuring that the encrypted data keep the order of plain text. Meanwhile, it supports all kinds of data type and improves the efficiency of database operations by utilizing new rebalancing strategy. Experimental results show that gmOPE decreases the extra expense from re-coding and interaction between user and database and greatly improves the efficiency of encrypted database.

Key words: encrypted database, order-preserving encryption, general mutable order-preserving encoding