关键词: CryptDB, 加密数据库, Crypt-JDBC模型, 洋葱加密算法, 密文数据库

Abstract: CryptDB is a typical encrypted data storage technology that uses onion encryption algorithm to rewrite the SQL statement to the different columns of the onion, so that only partial attributes of data are exposed for conducing different operations. To overcome the multiple weaknesses of onion encryption algorithm, this paper proposes a new Crypt-JDBC model: (1) As the existence of too many layers of onion, and poor inheritance of neighbor layers, the new model compresses layers of onion, and divides onion-fields into the main field and auxiliary fields (the main field uses a two-way algorithm for restoring the plain text, and the auxiliary fields use one-way algorithm for operations and security); (2) As the existence of inefficient join function, the new model simplifies one important part (difference transformation) to reduce complexity; (3) As the existence of low corresponding between the names of columns and fields, the new model redesigns the corresponding relationship between columns (plain text) and fields (cipher text), reduces the context information, and enhances the integrity of keys. This paper implements the Crypt-JDBC model, and uses JDBC to replace the middleware MySQL-Proxy. The experimental results show that the model is efficient.

Key words: CryptDB, crypto database, Crypt-JDBC model, onion encryption algorithm, cipher text database