Multi-key page-level encryption system for SQLite

doi:10.11772/j.issn.1001-9081.2023091362

Journal of Computer Applications

Multi-key page-level encryption system for SQLite

LI Xudong^1,2,3, FENG Yukang^1,3, CHEN Junsheng^1,3

1.College of Software, Nankai University 2.Haihe Laboratory of Information Technology Application Innovation (HL-IT) 3.Tianjin Key Laboratory of Operating System

Received:2023-10-08 Revised:2023-12-17 Online:2024-03-21 Published:2024-03-21
About author:LI Xudong，born in 1975，Ph. D. associate professor, His research interests include operating system，database，distributed computing. FENG Yukang，born in 1998，M. S. candidate. His research interests include database. CHEN Junsheng，born in 2000，M. S. candidate. His research interests include database.

面向SQLite的多密钥页级别加密系统

李旭东^1,2,3,冯宇康^1,3,陈俊升^1,3

1.南开大学软件学院 2.先进计算与关键软件（信创）海河实验室 3.天津市操作系统企业重点实验室

通讯作者: 冯宇康
作者简介:李旭东(1975—)，男，吉林松原人，副教授，博士，主要研究方向：操作系统、数据库、分布式计算；冯宇康(1998—)，男，河北保定人，硕士研究生，主要研究方向：数据库；陈俊升(2000—)，男，广西梧州人，硕士研究生，主要研究方向：数据库。

Abstract

Abstract: At present, research on SQLite encryption both domestically and internationally is conducted at the file level and single-key, resulting in coarse encryption granularity and low decryption difficulty. In response to the security shortcomings of SQLite, a multi-key page-level encryption system was proposed. Firstly, an independent page key was assigned to each physical page, allowing for individual encryption and decryption of each page. A key file was introduced to store all page keys. Secondly, a page key cache module KeyCache was designed to generate and cache page keys for pages, thereby reducing the performance loss caused by frequent I/O read and write operations. Thirdly, an encryption and decryption module Crypto was proposed to implement the encryption and decryption functions. Crypto quickly retrieved page keys through KeyCache, consequently enhancing the overall system performance. A comparative experiment was conducted between the proposed solution and typical SQLCipher. Experimental results show that in read and update tests, compared with SQLCipher, the execution time of the proposed solution reduced by 1.5% and 3.0% on average, achieving better performance at a higher security level. Additionally, in create and delete tests, the proposed solution exhibites minimal performance loss compared to SQLCipher and the performance loss is close to SQLCipher while significantly enhancing the security level, verifying the effectiveness of the proposed solution.

Key words: SQLite database, database encryption, page-level, multi-key encryption, key management

摘要： 目前国内外对于SQLite的加密研究粒度级别都是文件级别且采取的都是单一密钥，加密粒度粗、破解难度低。针对SQLite的安全性不足的问题，设计了一个多密钥页级别加密系统。首先，为每一个物理页设置一个独立的页密钥，每个页面独立加解密，并引入密钥文件来存放所有页密钥；其次，在内存中引入一个页密钥缓存器KeyCache生成和缓存物理页的页密钥，减少页密钥频繁I/O读写的性能损失；再次，设计了加解密模块Crypto实现物理页的加密和解密功能，Crypto通过KeyCache快速获取页密钥从而提升整个系统的处理性能。将所提方案和典型的SQLCipher等进行对比实验，实验结果表明，在读取测试和修改测试中，相较于SQLCipher，所提方案的执行时间平均缩短了1.5%和3.0%，能在安全级别更高的情况下达到更好的性能；而在新增测试和删除测试中，所提方案相较于SQLCipher的性能损失很小，在大大提升安全级别的情况下性能损失接近，验证了所提方案的有效性。

关键词: SQLite数据库, 数据库加密, 页粒度, 多密钥加密, 密钥管理

CLC Number:

TP392

LI Xudong, FENG Yukang, CHEN Junsheng. Multi-key page-level encryption system for SQLite[J]. Journal of Computer Applications, DOI: 10.11772/j.issn.1001-9081.2023091362.

李旭东冯宇康陈俊升. 面向SQLite的多密钥页级别加密系统[J]. 《计算机应用》唯一官方网站, DOI: 10.11772/j.issn.1001-9081.2023091362.

[1]	HAN Si, ZHENG Baokun, CAO Qimin. Logical key hierarchy plus based key management program for wireless sensor network [J]. Journal of Computer Applications, 2019, 39(5): 1378-1384.
[2]	ZHOU Yang, WU Qiwu, JIANG Lingzhi. Group key management scheme based on distributed path computing element in multi-domain optical network [J]. Journal of Computer Applications, 2019, 39(4): 1095-1099.
[3]	SONG Tianyu, YANG Geng. Design and implementation of middleware system for ciphertext database [J]. Journal of Computer Applications, 2018, 38(12): 3450-3454.
[4]	LI Chengwen, WANG Xiaoming. Outsourced data encryption scheme with access privilege revocation [J]. Journal of Computer Applications, 2016, 36(1): 216-221.
[5]	WANG Binbin ZHANG Yanyan ZHANG Xuelin. Mixed key management scheme based on domain for wireless sensor network [J]. Journal of Computer Applications, 2014, 34(1): 90-94.
[6]	LUO Wenjun XU Min. Attribute-based encryption and re-encryption key management in cloud computing [J]. Journal of Computer Applications, 2013, 33(10): 2832-2834.
[7]	ZHANG Min-qing FU Wen-hua WU Xu-guang. Key management scheme based on composite design and identity encryption for clustered wireless sensor networks [J]. Journal of Computer Applications, 2012, 32(05): 1392-1396.
[8]	WU Qiu-lin LI Qiao-liang. Secure management of continuity key pre-distribution scheme based on SBIBD [J]. Journal of Computer Applications, 2012, 32(04): 960-963.
[9]	SUN Mei ZHAO Bing. Identity-based key management scheme for Ad Hoc network [J]. Journal of Computer Applications, 2012, 32(01): 104-106.
[10]	CAO Shuai ZHANG Chuan-rong SONG Cheng-yuan. Self-healing group key management scheme with collusion resistance [J]. Journal of Computer Applications, 2011, 31(10): 2692-2693.
[11]	Quan-di WANG Jin-feng LI Jie ZHOU. Modification of Cao's multicast key management scheme based on generalized cat map [J]. Journal of Computer Applications, 2011, 31(04): 975-977.
[12]	Shi-wei HUO Zhong-min CAI Chang-yuan LUO. Identity-based group key management scheme in pervasive computing environment [J]. Journal of Computer Applications, 2011, 31(04): 981-983.
[13]	JIKE Lin-hao YANG Jun. Security analysis of "zero rekeying" scheme based on multi-cast RSA [J]. Journal of Computer Applications, 2011, 31(03): 793-797.
[14]	. Join-tree-based contributory group key management scheme for key update [J]. Journal of Computer Applications, 2011, 31(01): 143-146.
[15]	. Research and implementation of key techniques of encryption and decryption system on heterogeneous database [J]. Journal of Computer Applications, 2010, 30(9): 2339-2343.

Multi-key page-level encryption system for SQLite

面向SQLite的多密钥页级别加密系统

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics