面向云数据库的属性基加密和查询转换中间件

doi:10.11772/j.issn.1001-9081.2018010279

计算机应用 ›› 2018, Vol. 38 ›› Issue (8): 2280-2286.DOI: 10.11772/j.issn.1001-9081.2018010279

面向云数据库的属性基加密和查询转换中间件

江炳城^1,2, 何倩^1,2, 陈亦婷^1,3, 刘鹏^1,2

1. 认知无线电与信息处理教育部重点实验室(桂林电子科技大学), 广西桂林 541004;
2. 广西密码学与信息安全重点实验室(桂林电子科技大学), 广西桂林 541004;
3. 桂林电子科技大学广西云计算与大数据协同创新中心, 广西桂林 541004

收稿日期:2018-01-29 修回日期:2018-03-27 出版日期:2018-08-10 发布日期:2018-08-11
通讯作者: 何倩
作者简介:江炳城(1990-),男,广东汕尾人,硕士研究生,主要研究方向:云数据库、数据安全;何倩(1979-),男,湖南郴州人,教授,博士,CCF高级会员,主要研究方向:云服务、分布式计算、信息安全;陈亦婷(1992-),女,湖南郴州人,硕士,主要研究方向:大数据、数据中心网络;刘鹏(1990-),男,河南驻马店人,硕士研究生,CCF会员,主要研究方向:分布式计算、数据安全。
基金资助:
国家自然科学基金资助项目（61661015）；认知无线电与信息处理教育部重点实验室主任基金资助项目（CRKL160101）；广西云计算与大数据协同创新基金资助项目（YD16801，C77KYS02SX18）；广西密码学与信息安全重点实验室基金资助项目（GCIS201701）。

Cloud database oriented attribute based encryption and query translation middleware

JIANG Bingcheng^1,2, HE Qian^1,2, CHEN Yiting^1,3, LIU Peng^1,2

1. Key Laboratory of Cognitive Radio and Information Processing of the Ministry of Education(Guilin University of Electronic Technology), Guilin Guangxi 541004, China;
2. Key Laboratory of Cryptography and Information Security(Guilin University of Electronic Technology), Guilin Guangxi 541004, China;
3. Guangxi Collaborative Innovation Center of Cloud Computing and Big Data, Guilin University of Electronic Technology, Guilin Guangxi 541004, China

Received:2018-01-29 Revised:2018-03-27 Online:2018-08-10 Published:2018-08-11
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61661015), the Key Laboratory of Cognitive Radio and Information Processing Director Fund, Ministry of Education (CRKL160101), the Guangxi Collaborative Innovation Center of Cloud Computing and Big Data Fund (YD16801, C77KYS02SX18), the Guangxi Key Laboratory of Cryptography and Information Security Fund (GCIS201701).

摘要/Abstract

摘要： 针对云数据库租户隐私数据的加密和查询问题，提出并实现了一种面向云数据库的属性基加密（ABE）和查询转换服务中间件。首先，服务中间件的加解密部件对租户的对称密钥进行属性基加密，生成密文并保存；其次，服务中间件的查询转换部件对查询语句进行转换，使其可在加密后的数据库上正确执行；最后，租户的隐私数据经过对称加密后保存到云数据库。实验结果表明，与未加密数据库的数据写入和查询时间相比，加密数据库的写入时间与其相当，按照查询语句的复杂程度，查询时长增加10%~150%不等。理论分析表明，所采用的代理解密方案是安全的，与传统的基于密钥策略的属性基加密（CP-ABE）方案相比，代理解密方案在时间复杂度上更具优势。

关键词: 多租户, 云数据库, 属性基加密, 查询转换, 服务中间件

Abstract: Focusing on the problem of encryption and querying of tenant private data on cloud database, a cloud database oriented Attribute Based Encryption (ABE) and query transform service middleware was proposed and realized. Firstly, the tenant symmetric keys were encrypted in the encryption and decryption component of the service middleware through attribute based encryption, and the ciphertext was generated and saved. Secondly, the query statements were translated in the query translation component so that they can be correctly executed on the encrypted database. Finally, the tenant privacy data was stored in the cloud database after symmetric encryption. The experimental results show that compared with the unencrypted database, the write time of the encrypted database is equivalent, while the querying time is increased by 10% to 150% according to the complexity of the query statement. The theoretical analysis shows that the proposed proxy decryption method is secure, and it has superiority over traditional Key Policy Attribute Based Encryption (KP-ABE) algorithm in time complexity.

Key words: multi-tenant, cloud database, Attribute Based Encryption (ABE), query translation, service middleware

中图分类号:

TP393.2

江炳城, 何倩, 陈亦婷, 刘鹏. 面向云数据库的属性基加密和查询转换中间件[J]. 计算机应用, 2018, 38(8): 2280-2286.

JIANG Bingcheng, HE Qian, CHEN Yiting, LIU Peng. Cloud database oriented attribute based encryption and query translation middleware[J]. Journal of Computer Applications, 2018, 38(8): 2280-2286.

参考文献

[1] 林子雨,赖永炫,林琛,等.云数据库研究[J]. 软件学报,2012,23(5):1148-1166. (LIN Z Y, LAI Y X, LIN C, et al. Research on cloud databases[J]. Journal of Software, 2012, 23(5):1148-1166.)
[2] 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83. (FENG D G, ZHANG M, ZHANG Y, et al. Study on cloud computing security[J]. Journal of Software, 2011, 22(1):71-83.)
[3] 田洪亮,张勇,李超,等.云环境下数据库机密性保护技术研究综述[J].计算机学报,2017,40(10):2245-2270. (TIAN H L, ZHANG Y, LI C, et al. A survey of confidentiality protection for cloud databases[J]. Chinese Journal of Computers, 2017, 40(10):2245-2270.)
[4] 田秀霞,王晓玲,高明,等.数据库服务——安全与隐私保护[J].软件学报,2010,21(5):991-1006. (TIAN X X,WANG X L,GAO M, et al. Database as a service - security and privacy preserving[J]. Journal of Software, 2010, 21(5):991-1006.)
[5] YAISH H, GOYAL M. Multi-tenant database access control[C]//CSE '13:Proceedings of the 16th International Conference on Computational Science and Engineering. Washington, DC:IEEE Computer Society, 2013:870-877.
[6] MYKLETUN E, NARASIMHA M, TSUDIK G. Authentication and integrity in outsourced databases[J]. ACM Transactions on Storage, 2006, 2(2):107-138.
[7] 沈晴霓,杨雅辉,禹熹,等.一种面向多租户云存储平台的访问控制策略[J].小型微型计算机系统,2011,32(11):2223-2229. (SHEN Q N, YANG Y H,YU X, et al. An access control policy for multi-tenancy cloud storage platform[J]. Journal of Chinese Computer Systems, 2011, 32(11):2223-2229.)
[8] 谭跃生,宁宁,王静宇.基于PBAC和ABE的云数据访问控制研究[J].计算机工程与应用,2018,54(13):117-122. (TAN Y S, NING N, WANG J Y. Research of cloud data access control based on PBAC and ABE[J]. Computer Engineering and Applications, 2018, 54(13):117-122.)
[9] ION M, RUSSELLO G, CRISPO B. enforcing multi-user access policies to encrypted cloud databases[C]//POLICY'11:Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks. Washington, DC:IEEE Computer Society, 2011:175-177.
[10] YOON J P. Access control and trustiness for resource management in cloud databases[M]//Grid and Cloud Database Management. Berlin:Springer-Verlag, 2011:109-131.
[11] GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts[C]//SEC'11:Proceedings of the 20th USENIX conference on Security. Berkeley:USENIX Association, 2011:34-34.
[12] ZHOU Z, HUANG D. Efficient and secure data storage operations for mobile cloud computing[C]//CNSM '12:Proceedings of the 8th International Conference on Network and Service Management. Laxenburg, Austria:International Federation for Information Processing, 2012:37-45.
[13] LAI J, DENG R H, GUAN C, et al. Attribute-based encryption with verifiable outsourced decryption[J]. IEEE Transactions on Information Forensics & Security, 2013, 8(8):1343-1354.
[14] 王皓,郑志华,吴磊,等.自适应安全的外包CP-ABE方案研究[J].计算机研究与发展,2015,52(10):2270-2280. (WANG H, ZHENG Z H, WU L, et al. Adaptively secure outsourcing ciphertext-policy attribute-based encryption[J]. Journal of Computer Research and Development, 2015, 52(10):2270-2280.)
[15] 蔡孟飞,何倩,程东生,等.面向移动云存储的属性基解密服务中间件[J].计算机应用,2016,36(7):1828-1833. (CAI M F, HE Q, CHENG D S, et al. Mobile cloud storage-oriented attribute based decryption service middleware[J]. Journal of Computer Applications, 2016, 36(7):1828-1833.)
[16] WATERS B. Ciphertext-policy attribute-based encryption:an expressive, efficient, and provably secure realization[C]//PKC 2011:Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography, LNCS 6751. Berlin:Springer, 2011:53-57.
[17] DENG H, WU Q, QIN B, et al. Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts[J]. Information Sciences, 2014, 275:370-384.

面向云数据库的属性基加密和查询转换中间件

Cloud database oriented attribute based encryption and query translation middleware

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[2]	郭丽峰, 王倩丽. 自适应安全的带关键字搜索的外包属性基加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3266-3273.
[3]	庞晓琼, 杨婷, 陈文俊, 王云婷, 刘天野. 区块链环境下基于秘密共享的数字权限管理方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3257-3265.
[4]	余卿斐, 涂广升, 李宁波, 周潭平. 多跳多策略属性基全同态加密方案[J]. 计算机应用, 2019, 39(8): 2326-2332.
[5]	李聪, 杨晓元, 白平, 王绪安. 可追责和完全可验证外包解密CP-ABE方案[J]. 计算机应用, 2018, 38(8): 2249-2255.
[6]	李聪, 杨晓元, 王绪安. 基于扩展属性基功能加密的有效外包计算[J]. 计算机应用, 2018, 38(6): 1633-1639.
[7]	刘荣, 潘洪志, 刘波, 祖婷, 方群, 何昕, 王杨. 基于密文策略属性基加密算法的云存储数据更新方法[J]. 计算机应用, 2018, 38(2): 348-351.
[8]	李琦, 熊金波, 黄利智, 王煊, 毛启铭, 姚岚午. 智慧健康中基于属性的访问控制方案[J]. 计算机应用, 2018, 38(12): 3471-3475.
[9]	蔡岳平, 张文鹏, 罗森. 基于最小接入保证带宽的数据中心网络带宽分配机制[J]. 计算机应用, 2017, 37(7): 1825-1829.
[10]	陈丹伟, 杨晟. 基于动态信用等级的密文访问控制方案[J]. 计算机应用, 2017, 37(6): 1587-1592.
[11]	王经纬, 殷新春. 支持带权属性撤销的密文策略属性基加密方案[J]. 计算机应用, 2017, 37(12): 3423-3429.
[12]	李聪, 杨晓元, 王绪安, 白平. 固定密文长度的可验证属性基外包解密方案[J]. 计算机应用, 2017, 37(11): 3299-3303.
[13]	陈建, 沈潇军, 姚一杨, 邢雅菲, 琚小明. 基于密文策略属性基加密系统访问机制的缓存替换策略[J]. 计算机应用, 2017, 37(10): 2964-2967.
[14]	明利, 李彤, 秦江龙, 郑明, 蒋旭东, 谢仲文. 面向软件即服务的负载均衡策略建模与分析[J]. 计算机应用, 2017, 37(1): 24-30.
[15]	蔡孟飞, 何倩, 程东生, 王士成. 面向移动云存储的属性基解密服务中间件[J]. 计算机应用, 2016, 36(7): 1828-1833.