CN110807021B - Database auditing system and method based on searchable encryption - Google Patents
Database auditing system and method based on searchable encryption Download PDFInfo
- Publication number
- CN110807021B CN110807021B CN201911074188.3A CN201911074188A CN110807021B CN 110807021 B CN110807021 B CN 110807021B CN 201911074188 A CN201911074188 A CN 201911074188A CN 110807021 B CN110807021 B CN 110807021B
- Authority
- CN
- China
- Prior art keywords
- audit
- module
- auditing
- ciphertext
- keyword
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000012550 audit Methods 0.000 claims abstract description 157
- 238000012800 visualization Methods 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 15
- 238000010586 diagram Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Data Mining & Analysis (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a database auditing system and method based on searchable encryption, which comprises an initialization module, a client searchable encryption module, a port mirror image module, a server driving module and a database auditing module, wherein a key and a collision-resistant hash function are selected, an auditing keyword dictionary is determined and used, after a plaintext SQL sentence is obtained, an auditing keyword set is generated through the auditing keyword dictionary, the key is used for encrypting the auditing keyword set to obtain a ciphertext auditing keyword set, the ciphertext keyword set is generated into an auditing certificate through searchable encryption operation, matching operation is performed by combining the auditing certificate and the auditing keyword dictionary to obtain and display an auditing plaintext, so that the database can not only encrypt transmission, but also audit transmission ciphertext.
Description
Technical Field
The invention relates to the field of database security audit, in particular to a database audit system and a database audit method based on searchable encryption.
Background
The database audit is mainly used for recording various operation behaviors of the database, analyzing various operations aiming at the database and recording the operations into the audit database so as to facilitate inquiry, analysis and filtration of audit personnel. The method is characterized in that the monitoring and auditing of the user operation of the database are realized, the problem faced by the current database auditing is that the transmission of a database client and a server is ensured to be transparent (using plaintext data) on the premise of auditing, a data packet (except a login password) transmitted by the database is plaintext data, but in the transmission process, not only a database auditing system can obtain the data packet, but also an adversary invading a self network can obtain the plaintext data of an SQL statement, in order to avoid the monitoring of the adversary, a plurality of SSL tunnels adopted by the user are used for transmission, but the establishment of the encryption tunnels also excludes the database auditing system monitored by-pass, the auditing system cannot work normally, and the current database cannot simultaneously carry out encryption transmission and audit on transmission ciphertext.
Disclosure of Invention
The invention aims to provide a database auditing system and method based on searchable encryption, so that the database can not only encrypt transmission, but also audit transmission ciphertext.
In order to achieve the above object, in a first aspect, the present invention provides a database auditing method based on searchable encryption, including:
selecting a secret key and an anti-collision Hash function;
determining and using an audit keyword dictionary;
acquiring a plaintext SQL statement, and generating an audit keyword set through the audit keyword dictionary;
encrypting the audit keyword set by using the key to obtain a ciphertext audit keyword set;
generating an audit certificate through the ciphertext keyword set;
and performing matching operation by combining the audit certificate and the audit keyword dictionary to obtain and display audit plaintext keywords.
Wherein, the selecting the key and the collision-resistant hash function comprises:
the method comprises the steps of obtaining a secret key and system parameters encrypted by AES, and selecting an anti-collision hash function, wherein the anti-collision hash function is a binary string with any input bit, and the anti-collision hash function is an acquired binary string with the system parameter bit.
Wherein the determining and using an audit keyword dictionary comprises:
and acquiring plaintext keywords related to auditing, and combining the plaintext keywords with corresponding ciphertext to form an auditing keyword dictionary.
The obtaining of the plaintext SQL statement and the generating of the audit keyword set through the audit keyword dictionary comprise:
and aiming at the obtained plaintext SQL sentences, randomly selecting n plaintext keywords from the plaintext keywords in the audit keyword dictionary to form an audit keyword set.
Generating an audit certificate through the ciphertext keyword set, wherein the generating the audit certificate through the ciphertext keyword set comprises:
selecting the first 8 encryption elements of the ith keyword in the ciphertext audit keyword set to calculate a first hash value set, splicing the first 8 encryption elements with a first large random number which is randomly selected and has a length 8 less than that of the ith encryption element to obtain a second hash value set, splicing the first 8 encryption elements of the second hash value set with the first large random number to obtain a first variable set, performing bit-by-bit exponential operation on the first variable set and the corresponding ciphertext audit keyword to generate an audit certificate, wherein the number of the elements in the ciphertext audit keyword set is n, and i is more than or equal to 1 and less than or equal to n.
Wherein, combining the audit certificate and the audit keyword dictionary, performing matching operation to obtain and display the audit plaintext keywords, comprising:
and acquiring and analyzing the audit certificate, combining the audit keyword dictionary, and traversing the first 8-bit elements of the ciphertext keywords in the audit keyword dictionary to calculate a third hash value. And traversing the ciphertext set in the audit certificate to obtain a second variable set, and performing exponential operation on the second variable set and the ciphertext set in the audit keyword dictionary to obtain a third variable set.
Wherein, the combination of the audit certificate and the audit keyword set is performed with matching operation to obtain and display the keywords of the audit plaintext, and the method further comprises the following steps:
and respectively assigning the last 8 bits and the remaining bits of the third variable set to R and L, splicing the L and the third hash value set and solving the hash to obtain a fourth hash value set, judging whether the first 8 bits of the fourth hash value set are equal to R or not, then obtaining an audit plaintext keyword according to the corresponding relation between the plaintext and the ciphertext in the audit keyword dictionary, and displaying after visualization processing.
Wherein the determining whether the first 8 bits of the fourth hash value equals to R comprises:
if the first 8-bit hash value of the fourth hash value set is equal to the R, the audit ciphertext corresponding to the second variable set is the ciphertext;
if the first 8-bit hash value of the fourth hash value set is not equal to the R, the next variable value in the second variable set is obtained again, a new third variable set and a new fourth hash value set are obtained through recalculation, and whether the first 8-bit hash value of the fourth hash value set is equal to the R or not is judged again until all ciphertext keywords in the audit certificate are traversed.
In a second aspect, the present invention provides a database auditing system based on searchable encryption, which comprises an initialization module, a client searchable encryption module, a port mirror module, a server driver module and a database auditing module, wherein the initialization module, the client searchable encryption module, the port mirror module and the server driver module are electrically connected in sequence, the port mirror module is electrically connected with the database auditing module,
the initialization module is used for selecting a secret key and an anti-collision Hash function and determining a keyword dictionary;
the client searchable encryption module is used for extracting keywords for auditing from a plaintext, forming an auditing keyword set according to an auditing keyword dictionary, encrypting the auditing keyword set by using a key, generating an auditing certificate by using searchable encryption operation, and sending ciphertext data and the auditing certificate to the server driving module in a JSON format;
the server side driving module is used for acquiring a JSON format data packet, extracting ciphertext data, decrypting the ciphertext data, forwarding the ciphertext data to a database, generating JSON format data containing ciphertext data and an audit certificate in the same way according to data or state results fed back by the database, and returning the JSON format data containing ciphertext data and the audit certificate to the client side searchable encryption module;
the port mirror image module is used for forwarding data traffic of one or more client side searchable encryption modules and the server side driving module to the database auditing module;
and the database audit module is used for extracting the audit certificate in the data traffic forwarded by the port mirror image module, analyzing the audit information in the data traffic, and obtaining and displaying plaintext data.
The database auditing system based on searchable encryption comprises an initialization module, a client searchable encryption module, a port mirror image module, a server driving module and a database auditing module, wherein the initialization module, the client searchable encryption module, the port mirror image module and the server driving module are electrically connected in sequence, the port mirror image module is electrically connected with the database auditing module, a key and a collision-resistant hash function are selected, an auditing keyword dictionary is determined and used to obtain a plaintext SQL statement, an auditing keyword set is generated through the keyword auditing dictionary, the auditing keyword set is encrypted by using the key to obtain a ciphertext auditing keyword set, and the ciphertext keyword set is generated into an auditing certificate by using searchable encryption operation, and matching operation is carried out by combining the audit certificate and the audit keyword dictionary to obtain and display the audit plaintext keywords, so that the database not only can carry out encrypted transmission, but also can carry out audit on the transmission ciphertext.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of the steps of the searchable encryption based database auditing method of the present invention.
FIG. 2 is a schematic diagram of the structure of the database auditing system based on searchable encryption.
The system comprises an initialization module 1, a client searchable encryption module 2, a 3-port mirror image module, a 4-server driving module and a 5-database auditing module.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Referring to fig. 1, the present invention provides a database auditing method based on searchable encryption, including:
s101, selecting a key and an anti-collision hash function.
Specifically, in the initialization module 1, an AES encryption key k is determined, and a system parameter λ and an anti-collision hash function H are randomly selected, where the anti-collision hash function H is: {0,1} * →{0,1} λ The input of the binary string is a binary string with any length, the output is a lambda bit binary string, and then the key k and the collision-resistant hash function H are sent to the client searchable encryption module 2 and the server driver module 4.
And S102, determining and using an audit keyword dictionary.
Specifically, plaintext keywords M related to auditing are obtained, and an auditing keyword dictionary D is formed by combining the corresponding ciphertext C, and the structure of the auditing keyword dictionary D is as follows: d [ M: C ], and the client searchable encryption module 2 introduces the audit keyword dictionary D.
S103, obtaining a plaintext SQL statement, and generating an audit keyword set through the audit keyword dictionary.
Specifically, the input SQL statement is obtained, and the client searchable encryption module 2 randomly selects n plaintext keywords from M in the audit keyword dictionary 2 to form an audit keyword setWherein the content of the first and second substances,and S104, encrypting the audit keyword set by using the key to obtain a ciphertext audit keyword set.
Specifically, the key k is used for pairing the audit keyword setAES encryption is carried out to generate a ciphertext audit keyword set
And S105, generating an audit certificate through the ciphertext keyword set.
Specifically, the content is ciphertext audit keyword set of ciphertextThe client side searchable encryption module 2 encrypts each encrypted audit keywordObtaining the first 8 bits and solving a first hash value setWherein [0:7 ]]Means for taking the 0 to 7 bit elements of the variable and then randomly selecting a first large random number a having a length 8 less than that of the ith encryption element i Splicing is performed, the length of which is expressed as:splicing to obtain a second hash value set theta 2 =H(a i ||θ 1 ) The first 8 encrypted elements of the second hash value set are then summed with the first large random number a i Splicing to obtain a first variable set t i =a i ||θ[0:7]The first variable set t and each keyword of the ciphertext audit keyword setPerforming exponential operation bit by bit to obtain an audit certificate c, wherein the calculation formula is as follows:where, | | represents string concatenation, len () represents the length of a variable, θ 1 Representing a first set of hash values, θ 2 Representing a second set of hash values, c i [x]、And t i [x]Respectively representing the x-th element of the ith item of the audit certificate c and the ciphertext audit keyword setAnd the x-th element of the ith strip of the first variable set t, and transmitting the audit certificate c to the database audit module 5.
And S106, performing matching operation by combining the audit certificate and the audit keyword dictionary to obtain and display an audit plaintext.
Specifically, the audit certificate C is forwarded to the database audit module 5 through the port mirror module 3, and after the database audit module 5 obtains the audit certificate C, the audit certificate C is combined with the audit keyword dictionary D [ M: C ] contained in the database audit certificate C]Selecting the audit keyword dictionary D [ M: C]The first 8 bits of the ciphertext C in (1) are used for solving a third hash value set theta 3 =H(C[0:7]) Traversing the audit certificate to obtain a second variable set c i ,c i And ciphertext C in the audit keyword dictionary i Length of the same pair c i And C i Performing exponential operation bit by bit to obtain a third variable set G, wherein the calculation formula is as follows:assigning the last 8-bit and remaining bit elements of the third variable set G to R and L, respectively, where R ═ L [ -7:],L=G[0:-7]splicing the L and the third hash value set to obtain a fourth hash value set theta 4 =H(L||θ 3 ) Judging the fourth hash value setFirst 8-bit hash value of [0:7 ]]If equal to R, if the first 8 bits of the fourth hash value set are equal to theta [0:7 ]]Equal to R, the second set of variables c i The corresponding audit cryptograph is the cryptograph C i (ii) a If the first 8-bit hash value θ [0:7 ] of the fourth hash value set]If the value is not equal to the value R, the audit certificate c is obtained again, a new third variable set and a new fourth hash value set are obtained through recalculation, and the first 8-bit hash value theta [0:7 ] of the fourth hash value set is judged again]Whether the key words are equal to the key words R or not is judged until all the ciphertext key words in the audit certificate C are traversed, and a dictionary D [ M: C ] of the audit key words is obtained],C i Corresponding audit plaintext is M i So that M i Namely, the plaintext audit information is displayed through visual processing, wherein | | | represents character string connection, len () represents the length of a variable, and theta () represents variable length 3 、θ 4 Representing a third and a fourth set of hash values, c i [x]、C i [x]And G i [x]Respectively represent the x-th element of the ith item of the second variable set C, the x-th element of the ith item of the ciphertext keyword set C and the x-th element of the ith item of the third variable set G,
referring to fig. 2, the present invention provides a database auditing system based on searchable encryption, which comprises an initialization module 1, a client searchable encryption module 2, a port mirror image module 3, a server driver module 4 and a database auditing module 5, wherein the initialization module 1, the client searchable encryption module 2, the port mirror image module 3 and the server driver module 4 are electrically connected in sequence, the port mirror image module 3 is electrically connected with the database auditing module 5,
the initialization module 1 is used for acquiring a key k and an anti-collision hash function H and determining a keyword dictionary D;
the client searchable encryption module 2 is used for extracting keywords for auditing from a plaintext, and forming an auditing keyword set according to an auditing keyword dictionary DUse ofKey k encryption audit keyword setGenerating an audit certificate c by using searchable encryption (AES) operation, and sending the ciphertext data and the audit certificate c to the server side driving module 4 in a JSON format;
the server side driving module 4 is used for acquiring a JSON format data packet, extracting ciphertext data, decrypting the ciphertext data, forwarding the ciphertext data to a database, generating data or state results fed back by the database in the same way, generating JSON format data containing ciphertext data and audit certificates c, and returning the JSON format data to the client side searchable encryption module 2;
the port mirror image module 3 is configured to forward data traffic of one or more of the client searchable encryption module 2 and the server driver module 4 to the database audit module 5;
and the database audit module 5 is configured to obtain the data traffic forwarded by the port mirror module 3, extract the audit certificate c therein, analyze the audit information therein, and obtain and display plaintext data.
In this embodiment, the database auditing system based on searchable encryption comprises an initialization module 1, a client searchable encryption module 2, a port mirror module 3, a server driver module 4 and a database auditing module 5, wherein the initialization module 1, the client searchable encryption module 2, the port mirror module 3 and the server driver module 4 are electrically connected in sequence, the port mirror module 3 is electrically connected with the database auditing module 5, a key k and an anti-collision hash function H are obtained from the initialization module 1, a keyword dictionary D is determined and transmitted to the client searchable encryption module 2 and the server driver module 4, and the keyword dictionary D is used in the client searchable encryption module 2 and the database auditing module 5, then extracting keywords for auditing from plaintext, and the client-side searchable encryption module 2 forming an auditing keyword set according to the auditing keyword dictionary DEncrypting audit keyword sets using key kObtaining a ciphertext audit keyword setGenerating an audit certificate c by using searchable encryption (AES) operation, sending ciphertext data and the audit certificate c to the server driver module 4 in a JSON format, acquiring a JSON format data packet by the server driver module 4, extracting the ciphertext data, decrypting the ciphertext data, forwarding the ciphertext data to a database, generating data or state results fed back by the database in the same manner to contain the ciphertext data and the audit certificate c in the JSON format, returning the data or the state results to the client searchable encryption module 2, forwarding data traffic transmitted between the client searchable encryption module 2 and the server driver module 4 to the database audit module 5 by the port mirror image module 3, acquiring data traffic forwarded by the port mirror image module 3 by the database audit module 5, extracting the audit certificate c therein, analyzing the audit information therein to obtain and display plaintext data, the database can not only encrypt transmission, but also audit transmission ciphertext.
The database auditing system based on searchable encryption comprises an initialization module 1, a client searchable encryption module 2, a port mirror image module 3, a server driving module 4 and a database auditing module 5, wherein the initialization module 1, the client searchable encryption module 2, the port mirror image module 3 and the server driving module 4 are electrically connected in sequence, the port mirror image module 3 is electrically connected with the database auditing module 5 to obtain a key k and an anti-collision hash function H, an auditing keyword dictionary D is determined and used, and after a plaintext SQL sentence is obtained, an auditing keyword set is generated through the auditing keyword dictionary DUsing the key k to the set of audit keywordsEncrypting to obtain cipher text audit keyword setUsing searchable encryption operation to combine the ciphertext keyword setAnd generating an audit certificate c, and performing matching operation by combining the audit certificate c and the audit keyword dictionary D to obtain and display audit plaintext keywords, so that the database not only can encrypt transmission, but also can audit transmission ciphertext.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (9)
1. A database auditing method based on searchable encryption is characterized by comprising the following steps:
selecting a secret key and an anti-collision Hash function;
determining and using an audit keyword dictionary;
acquiring a plaintext SQL sentence, and generating an audit keyword set through the audit keyword dictionary;
encrypting the audit keyword set by using the key to obtain a ciphertext audit keyword set;
generating an audit certificate through the ciphertext audit keyword set;
and matching operation is carried out by combining the audit certificate and the audit keyword dictionary to obtain and display the audit plaintext keywords.
2. The database auditing method based on searchable encryption according to claim 1, wherein the selecting the key and the collision-resistant hash function comprises:
the method comprises the steps of obtaining a secret key and system parameters encrypted by AES, and selecting an anti-collision Hash function, wherein the anti-collision Hash function is a binary string with input arbitrary bits, and the anti-collision Hash function is an acquired binary string with the system parameter bits.
3. The searchable encryption based database auditing method of claim 2, where said determining and using an audit keyword dictionary, comprises:
and acquiring plaintext keywords related to auditing, and combining the plaintext keywords with corresponding ciphertext to form an auditing keyword dictionary.
4. The searchable encryption based database auditing method of claim 3, where said obtaining a plain SQL statement and generating an audit keyword set from said audit keyword dictionary, comprises:
and aiming at the obtained plaintext SQL sentences, randomly selecting n plaintext keywords from the plaintext keywords in the audit keyword dictionary to form an audit keyword set.
5. The searchable encryption based database auditing method of claim 4 where generating audit certificates from the set of ciphertext audit keywords comprises:
selecting the first 8 encryption elements of the ith keyword in the ciphertext audit keyword set to calculate a first hash value set, splicing the first 8 encryption elements with a first large random number which is randomly selected and has a length 8 less than that of the ith encryption element to obtain a second hash value set, splicing the first 8 encryption elements of the second hash value set with the first large random number to obtain a first variable set, performing bit-by-bit exponential operation on the first variable set and the corresponding ciphertext audit keyword to generate an audit certificate, wherein the number of the elements in the ciphertext audit keyword set is n, and i is more than or equal to 1 and less than or equal to n.
6. The database auditing method based on searchable encryption according to claim 5, wherein the matching operation is performed in combination with the audit certificate and the audit keyword dictionary to obtain and display audit plaintext keywords, comprising:
acquiring and analyzing the audit certificate, combining the audit keyword dictionary, and traversing the first 8-bit elements of the ciphertext keywords in the audit keyword dictionary to calculate a third hash value; and traversing the ciphertext set in the audit certificate to obtain a second variable set, and performing exponential operation on the second variable set and the ciphertext set in the audit keyword dictionary to obtain a third variable set.
7. The database auditing method based on searchable encryption according to claim 6, where in the matching operation is performed in combination with the audit certificate and the set of audit keywords to obtain and display audit plaintext keywords, further comprising:
and respectively assigning the last 8 bits and the remaining bits of the third variable set to R and L, splicing the L and the third hash value set and solving the hash to obtain a fourth hash value set, judging whether the first 8 bits of the fourth hash value set are equal to R or not, then obtaining an audit plaintext keyword according to the corresponding relation between the plaintext and the ciphertext in the audit keyword dictionary, and displaying after visualization processing.
8. The database auditing method based on searchable encryption according to claim 7, wherein said determining whether the first 8-bit hash value of the fourth hash value is equal to said R comprises:
if the first 8-bit hash value of the fourth hash value set is equal to the R, the audit ciphertext corresponding to the second variable set is the ciphertext;
if the first 8-bit hash value of the fourth hash value set is not equal to the R, the next variable value in the second variable set is obtained again, a new third variable set and a new fourth hash value set are obtained through recalculation, and whether the first 8-bit hash value of the fourth hash value set is equal to the R or not is judged again until all ciphertext keywords in the audit certificate are traversed.
9. A database auditing system based on searchable encryption is characterized by comprising an initialization module, a client searchable encryption module, a port mirror image module, a server driving module and a database auditing module, wherein the initialization module, the client searchable encryption module, the port mirror image module and the server driving module are electrically connected in sequence, the port mirror image module is electrically connected with the database auditing module,
the initialization module is used for selecting a key and a collision-resistant hash function and determining an audit keyword dictionary;
the client searchable encryption module is used for extracting keywords for auditing from a plaintext, forming an auditing keyword set according to an auditing keyword dictionary, encrypting the auditing keyword set by using a key, generating an auditing certificate by using searchable encryption operation, and sending ciphertext data and the auditing certificate to the server driving module in a JSON format;
the server side driving module is used for acquiring a JSON format data packet, extracting ciphertext data, decrypting the ciphertext data, forwarding the ciphertext data to a database, generating JSON format data containing the ciphertext data and an audit certificate in the same way according to data or state results fed back by the database, and returning the JSON format data to the client side searchable encryption module;
the port mirror image module is used for forwarding data traffic of one or more client side searchable encryption modules and the server side driving module to the database auditing module;
and the database audit module is used for extracting the audit certificate in the data traffic forwarded by the port mirror image module, analyzing the audit information in the data traffic, and obtaining and displaying plaintext data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911074188.3A CN110807021B (en) | 2019-11-06 | 2019-11-06 | Database auditing system and method based on searchable encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911074188.3A CN110807021B (en) | 2019-11-06 | 2019-11-06 | Database auditing system and method based on searchable encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110807021A CN110807021A (en) | 2020-02-18 |
CN110807021B true CN110807021B (en) | 2022-09-23 |
Family
ID=69501341
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911074188.3A Active CN110807021B (en) | 2019-11-06 | 2019-11-06 | Database auditing system and method based on searchable encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110807021B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112487483B (en) * | 2020-12-14 | 2024-05-03 | 深圳昂楷科技有限公司 | Encryption database flow auditing method and device |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8904171B2 (en) * | 2011-12-30 | 2014-12-02 | Ricoh Co., Ltd. | Secure search and retrieval |
CN105282167A (en) * | 2015-11-06 | 2016-01-27 | 福建工程学院 | Searchable certificateless public key encryption method |
CN108829714A (en) * | 2018-05-04 | 2018-11-16 | 西安电子科技大学 | A kind of ciphertext data multi-key word searches for method generally |
-
2019
- 2019-11-06 CN CN201911074188.3A patent/CN110807021B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN110807021A (en) | 2020-02-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102246166B (en) | Search engine service utilizing hash algorithms | |
Bao et al. | A new chaotic system for image encryption | |
CN106599723B (en) | File encryption method and device and file decryption method and device | |
EP2962422B1 (en) | Method and apparatus for secure data transmissions | |
KR20080018182A (en) | Strengthening secure hash functions | |
WO2018223777A1 (en) | Data exchange system, method, and device | |
US7986780B2 (en) | Privacy-preserving substring creation | |
CN113676348A (en) | Network channel cracking method, device, server and storage medium | |
Mewada et al. | Exploration of efficient symmetric AES algorithm | |
US11233646B2 (en) | Searchable encryption method | |
CN110807021B (en) | Database auditing system and method based on searchable encryption | |
US11101981B2 (en) | Generating a pseudorandom number based on a portion of shares used in a cryptographic operation | |
CN107852324A (en) | For encrypting the method and encryption node of message | |
CN110351289B (en) | Data encryption method and device | |
Xu | Cryptanalysis of an image encryption algorithm based on dna sequence operation and hyper-chaotic system | |
CN114978711A (en) | Data transmission method and system for symmetric encryption of dynamic secret key | |
CN111030930B (en) | Decentralized network data fragment transmission method, device, equipment and medium | |
JP5208796B2 (en) | Integer encryption and decryption methods | |
Sharma et al. | New Approach To Des With Enhanced Key Management And Encryption/Decryption System (Des Ultimate) | |
Sulaiman et al. | Extensive analysis on images encryption using hybrid elliptic curve cryptosystem and hill cipher | |
Velioğlu et al. | A New Approach to Cryptographic Hashing: Color Hidden Hash Algorithm | |
Wang et al. | LR-RRA-CCA secure functional encryption for randomized functionalities from trapdoor HPS and LAF. | |
Ghrare et al. | New text encryption method based on hidden encrypted symmetric key | |
US20170111324A1 (en) | Method and apparatus for secure data transmissions | |
CN117955751B (en) | Electronic equipment abnormal data detection method and system based on Internet of things |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20200218 Assignee: Guilin Weisichuang Technology Co.,Ltd. Assignor: GUILIN University OF ELECTRONIC TECHNOLOGY Contract record no.: X2023980046257 Denomination of invention: A Database Audit System and Method Based on Searchable Encryption Granted publication date: 20220923 License type: Common License Record date: 20231108 |