CN110807021B - Database auditing system and method based on searchable encryption - Google Patents

Database auditing system and method based on searchable encryption Download PDF

Info

Publication number
CN110807021B
CN110807021B CN201911074188.3A CN201911074188A CN110807021B CN 110807021 B CN110807021 B CN 110807021B CN 201911074188 A CN201911074188 A CN 201911074188A CN 110807021 B CN110807021 B CN 110807021B
Authority
CN
China
Prior art keywords
audit
module
auditing
ciphertext
keyword
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911074188.3A
Other languages
Chinese (zh)
Other versions
CN110807021A (en
Inventor
丁勇
李世杰
王玉珏
唐晨钧
罗得寸
邹秀清
陈锦雯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Original Assignee
Guilin University of Electronic Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology filed Critical Guilin University of Electronic Technology
Priority to CN201911074188.3A priority Critical patent/CN110807021B/en
Publication of CN110807021A publication Critical patent/CN110807021A/en
Application granted granted Critical
Publication of CN110807021B publication Critical patent/CN110807021B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a database auditing system and method based on searchable encryption, which comprises an initialization module, a client searchable encryption module, a port mirror image module, a server driving module and a database auditing module, wherein a key and a collision-resistant hash function are selected, an auditing keyword dictionary is determined and used, after a plaintext SQL sentence is obtained, an auditing keyword set is generated through the auditing keyword dictionary, the key is used for encrypting the auditing keyword set to obtain a ciphertext auditing keyword set, the ciphertext keyword set is generated into an auditing certificate through searchable encryption operation, matching operation is performed by combining the auditing certificate and the auditing keyword dictionary to obtain and display an auditing plaintext, so that the database can not only encrypt transmission, but also audit transmission ciphertext.

Description

Database auditing system and method based on searchable encryption
Technical Field
The invention relates to the field of database security audit, in particular to a database audit system and a database audit method based on searchable encryption.
Background
The database audit is mainly used for recording various operation behaviors of the database, analyzing various operations aiming at the database and recording the operations into the audit database so as to facilitate inquiry, analysis and filtration of audit personnel. The method is characterized in that the monitoring and auditing of the user operation of the database are realized, the problem faced by the current database auditing is that the transmission of a database client and a server is ensured to be transparent (using plaintext data) on the premise of auditing, a data packet (except a login password) transmitted by the database is plaintext data, but in the transmission process, not only a database auditing system can obtain the data packet, but also an adversary invading a self network can obtain the plaintext data of an SQL statement, in order to avoid the monitoring of the adversary, a plurality of SSL tunnels adopted by the user are used for transmission, but the establishment of the encryption tunnels also excludes the database auditing system monitored by-pass, the auditing system cannot work normally, and the current database cannot simultaneously carry out encryption transmission and audit on transmission ciphertext.
Disclosure of Invention
The invention aims to provide a database auditing system and method based on searchable encryption, so that the database can not only encrypt transmission, but also audit transmission ciphertext.
In order to achieve the above object, in a first aspect, the present invention provides a database auditing method based on searchable encryption, including:
selecting a secret key and an anti-collision Hash function;
determining and using an audit keyword dictionary;
acquiring a plaintext SQL statement, and generating an audit keyword set through the audit keyword dictionary;
encrypting the audit keyword set by using the key to obtain a ciphertext audit keyword set;
generating an audit certificate through the ciphertext keyword set;
and performing matching operation by combining the audit certificate and the audit keyword dictionary to obtain and display audit plaintext keywords.
Wherein, the selecting the key and the collision-resistant hash function comprises:
the method comprises the steps of obtaining a secret key and system parameters encrypted by AES, and selecting an anti-collision hash function, wherein the anti-collision hash function is a binary string with any input bit, and the anti-collision hash function is an acquired binary string with the system parameter bit.
Wherein the determining and using an audit keyword dictionary comprises:
and acquiring plaintext keywords related to auditing, and combining the plaintext keywords with corresponding ciphertext to form an auditing keyword dictionary.
The obtaining of the plaintext SQL statement and the generating of the audit keyword set through the audit keyword dictionary comprise:
and aiming at the obtained plaintext SQL sentences, randomly selecting n plaintext keywords from the plaintext keywords in the audit keyword dictionary to form an audit keyword set.
Generating an audit certificate through the ciphertext keyword set, wherein the generating the audit certificate through the ciphertext keyword set comprises:
selecting the first 8 encryption elements of the ith keyword in the ciphertext audit keyword set to calculate a first hash value set, splicing the first 8 encryption elements with a first large random number which is randomly selected and has a length 8 less than that of the ith encryption element to obtain a second hash value set, splicing the first 8 encryption elements of the second hash value set with the first large random number to obtain a first variable set, performing bit-by-bit exponential operation on the first variable set and the corresponding ciphertext audit keyword to generate an audit certificate, wherein the number of the elements in the ciphertext audit keyword set is n, and i is more than or equal to 1 and less than or equal to n.
Wherein, combining the audit certificate and the audit keyword dictionary, performing matching operation to obtain and display the audit plaintext keywords, comprising:
and acquiring and analyzing the audit certificate, combining the audit keyword dictionary, and traversing the first 8-bit elements of the ciphertext keywords in the audit keyword dictionary to calculate a third hash value. And traversing the ciphertext set in the audit certificate to obtain a second variable set, and performing exponential operation on the second variable set and the ciphertext set in the audit keyword dictionary to obtain a third variable set.
Wherein, the combination of the audit certificate and the audit keyword set is performed with matching operation to obtain and display the keywords of the audit plaintext, and the method further comprises the following steps:
and respectively assigning the last 8 bits and the remaining bits of the third variable set to R and L, splicing the L and the third hash value set and solving the hash to obtain a fourth hash value set, judging whether the first 8 bits of the fourth hash value set are equal to R or not, then obtaining an audit plaintext keyword according to the corresponding relation between the plaintext and the ciphertext in the audit keyword dictionary, and displaying after visualization processing.
Wherein the determining whether the first 8 bits of the fourth hash value equals to R comprises:
if the first 8-bit hash value of the fourth hash value set is equal to the R, the audit ciphertext corresponding to the second variable set is the ciphertext;
if the first 8-bit hash value of the fourth hash value set is not equal to the R, the next variable value in the second variable set is obtained again, a new third variable set and a new fourth hash value set are obtained through recalculation, and whether the first 8-bit hash value of the fourth hash value set is equal to the R or not is judged again until all ciphertext keywords in the audit certificate are traversed.
In a second aspect, the present invention provides a database auditing system based on searchable encryption, which comprises an initialization module, a client searchable encryption module, a port mirror module, a server driver module and a database auditing module, wherein the initialization module, the client searchable encryption module, the port mirror module and the server driver module are electrically connected in sequence, the port mirror module is electrically connected with the database auditing module,
the initialization module is used for selecting a secret key and an anti-collision Hash function and determining a keyword dictionary;
the client searchable encryption module is used for extracting keywords for auditing from a plaintext, forming an auditing keyword set according to an auditing keyword dictionary, encrypting the auditing keyword set by using a key, generating an auditing certificate by using searchable encryption operation, and sending ciphertext data and the auditing certificate to the server driving module in a JSON format;
the server side driving module is used for acquiring a JSON format data packet, extracting ciphertext data, decrypting the ciphertext data, forwarding the ciphertext data to a database, generating JSON format data containing ciphertext data and an audit certificate in the same way according to data or state results fed back by the database, and returning the JSON format data containing ciphertext data and the audit certificate to the client side searchable encryption module;
the port mirror image module is used for forwarding data traffic of one or more client side searchable encryption modules and the server side driving module to the database auditing module;
and the database audit module is used for extracting the audit certificate in the data traffic forwarded by the port mirror image module, analyzing the audit information in the data traffic, and obtaining and displaying plaintext data.
The database auditing system based on searchable encryption comprises an initialization module, a client searchable encryption module, a port mirror image module, a server driving module and a database auditing module, wherein the initialization module, the client searchable encryption module, the port mirror image module and the server driving module are electrically connected in sequence, the port mirror image module is electrically connected with the database auditing module, a key and a collision-resistant hash function are selected, an auditing keyword dictionary is determined and used to obtain a plaintext SQL statement, an auditing keyword set is generated through the keyword auditing dictionary, the auditing keyword set is encrypted by using the key to obtain a ciphertext auditing keyword set, and the ciphertext keyword set is generated into an auditing certificate by using searchable encryption operation, and matching operation is carried out by combining the audit certificate and the audit keyword dictionary to obtain and display the audit plaintext keywords, so that the database not only can carry out encrypted transmission, but also can carry out audit on the transmission ciphertext.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of the steps of the searchable encryption based database auditing method of the present invention.
FIG. 2 is a schematic diagram of the structure of the database auditing system based on searchable encryption.
The system comprises an initialization module 1, a client searchable encryption module 2, a 3-port mirror image module, a 4-server driving module and a 5-database auditing module.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Referring to fig. 1, the present invention provides a database auditing method based on searchable encryption, including:
s101, selecting a key and an anti-collision hash function.
Specifically, in the initialization module 1, an AES encryption key k is determined, and a system parameter λ and an anti-collision hash function H are randomly selected, where the anti-collision hash function H is: {0,1} * →{0,1} λ The input of the binary string is a binary string with any length, the output is a lambda bit binary string, and then the key k and the collision-resistant hash function H are sent to the client searchable encryption module 2 and the server driver module 4.
And S102, determining and using an audit keyword dictionary.
Specifically, plaintext keywords M related to auditing are obtained, and an auditing keyword dictionary D is formed by combining the corresponding ciphertext C, and the structure of the auditing keyword dictionary D is as follows: d [ M: C ], and the client searchable encryption module 2 introduces the audit keyword dictionary D.
S103, obtaining a plaintext SQL statement, and generating an audit keyword set through the audit keyword dictionary.
Specifically, the input SQL statement is obtained, and the client searchable encryption module 2 randomly selects n plaintext keywords from M in the audit keyword dictionary 2 to form an audit keyword set
Figure BDA0002261876770000051
Wherein the content of the first and second substances,
Figure BDA0002261876770000052
and S104, encrypting the audit keyword set by using the key to obtain a ciphertext audit keyword set.
Specifically, the key k is used for pairing the audit keyword set
Figure BDA00022618767700000513
AES encryption is carried out to generate a ciphertext audit keyword set
Figure BDA0002261876770000053
And S105, generating an audit certificate through the ciphertext keyword set.
Specifically, the content is ciphertext audit keyword set of ciphertext
Figure BDA0002261876770000054
The client side searchable encryption module 2 encrypts each encrypted audit keyword
Figure BDA0002261876770000055
Obtaining the first 8 bits and solving a first hash value set
Figure BDA0002261876770000056
Wherein [0:7 ]]Means for taking the 0 to 7 bit elements of the variable and then randomly selecting a first large random number a having a length 8 less than that of the ith encryption element i Splicing is performed, the length of which is expressed as:
Figure BDA0002261876770000057
splicing to obtain a second hash value set theta 2 =H(a i ||θ 1 ) The first 8 encrypted elements of the second hash value set are then summed with the first large random number a i Splicing to obtain a first variable set t i =a i ||θ[0:7]The first variable set t and each keyword of the ciphertext audit keyword set
Figure BDA0002261876770000058
Performing exponential operation bit by bit to obtain an audit certificate c, wherein the calculation formula is as follows:
Figure BDA0002261876770000059
where, | | represents string concatenation, len () represents the length of a variable, θ 1 Representing a first set of hash values, θ 2 Representing a second set of hash values, c i [x]、
Figure BDA00022618767700000510
And t i [x]Respectively representing the x-th element of the ith item of the audit certificate c and the ciphertext audit keyword set
Figure BDA00022618767700000511
And the x-th element of the ith strip of the first variable set t, and transmitting the audit certificate c to the database audit module 5.
And S106, performing matching operation by combining the audit certificate and the audit keyword dictionary to obtain and display an audit plaintext.
Specifically, the audit certificate C is forwarded to the database audit module 5 through the port mirror module 3, and after the database audit module 5 obtains the audit certificate C, the audit certificate C is combined with the audit keyword dictionary D [ M: C ] contained in the database audit certificate C]Selecting the audit keyword dictionary D [ M: C]The first 8 bits of the ciphertext C in (1) are used for solving a third hash value set theta 3 =H(C[0:7]) Traversing the audit certificate to obtain a second variable set c i ,c i And ciphertext C in the audit keyword dictionary i Length of the same pair c i And C i Performing exponential operation bit by bit to obtain a third variable set G, wherein the calculation formula is as follows:
Figure BDA00022618767700000512
assigning the last 8-bit and remaining bit elements of the third variable set G to R and L, respectively, where R ═ L [ -7:],L=G[0:-7]splicing the L and the third hash value set to obtain a fourth hash value set theta 4 =H(L||θ 3 ) Judging the fourth hash value setFirst 8-bit hash value of [0:7 ]]If equal to R, if the first 8 bits of the fourth hash value set are equal to theta [0:7 ]]Equal to R, the second set of variables c i The corresponding audit cryptograph is the cryptograph C i (ii) a If the first 8-bit hash value θ [0:7 ] of the fourth hash value set]If the value is not equal to the value R, the audit certificate c is obtained again, a new third variable set and a new fourth hash value set are obtained through recalculation, and the first 8-bit hash value theta [0:7 ] of the fourth hash value set is judged again]Whether the key words are equal to the key words R or not is judged until all the ciphertext key words in the audit certificate C are traversed, and a dictionary D [ M: C ] of the audit key words is obtained],C i Corresponding audit plaintext is M i So that M i Namely, the plaintext audit information is displayed through visual processing, wherein | | | represents character string connection, len () represents the length of a variable, and theta () represents variable length 3 、θ 4 Representing a third and a fourth set of hash values, c i [x]、C i [x]And G i [x]Respectively represent the x-th element of the ith item of the second variable set C, the x-th element of the ith item of the ciphertext keyword set C and the x-th element of the ith item of the third variable set G,
referring to fig. 2, the present invention provides a database auditing system based on searchable encryption, which comprises an initialization module 1, a client searchable encryption module 2, a port mirror image module 3, a server driver module 4 and a database auditing module 5, wherein the initialization module 1, the client searchable encryption module 2, the port mirror image module 3 and the server driver module 4 are electrically connected in sequence, the port mirror image module 3 is electrically connected with the database auditing module 5,
the initialization module 1 is used for acquiring a key k and an anti-collision hash function H and determining a keyword dictionary D;
the client searchable encryption module 2 is used for extracting keywords for auditing from a plaintext, and forming an auditing keyword set according to an auditing keyword dictionary D
Figure BDA0002261876770000061
Use ofKey k encryption audit keyword set
Figure BDA0002261876770000062
Generating an audit certificate c by using searchable encryption (AES) operation, and sending the ciphertext data and the audit certificate c to the server side driving module 4 in a JSON format;
the server side driving module 4 is used for acquiring a JSON format data packet, extracting ciphertext data, decrypting the ciphertext data, forwarding the ciphertext data to a database, generating data or state results fed back by the database in the same way, generating JSON format data containing ciphertext data and audit certificates c, and returning the JSON format data to the client side searchable encryption module 2;
the port mirror image module 3 is configured to forward data traffic of one or more of the client searchable encryption module 2 and the server driver module 4 to the database audit module 5;
and the database audit module 5 is configured to obtain the data traffic forwarded by the port mirror module 3, extract the audit certificate c therein, analyze the audit information therein, and obtain and display plaintext data.
In this embodiment, the database auditing system based on searchable encryption comprises an initialization module 1, a client searchable encryption module 2, a port mirror module 3, a server driver module 4 and a database auditing module 5, wherein the initialization module 1, the client searchable encryption module 2, the port mirror module 3 and the server driver module 4 are electrically connected in sequence, the port mirror module 3 is electrically connected with the database auditing module 5, a key k and an anti-collision hash function H are obtained from the initialization module 1, a keyword dictionary D is determined and transmitted to the client searchable encryption module 2 and the server driver module 4, and the keyword dictionary D is used in the client searchable encryption module 2 and the database auditing module 5, then extracting keywords for auditing from plaintext, and the client-side searchable encryption module 2 forming an auditing keyword set according to the auditing keyword dictionary D
Figure BDA0002261876770000071
Encrypting audit keyword sets using key k
Figure BDA0002261876770000072
Obtaining a ciphertext audit keyword set
Figure BDA0002261876770000073
Generating an audit certificate c by using searchable encryption (AES) operation, sending ciphertext data and the audit certificate c to the server driver module 4 in a JSON format, acquiring a JSON format data packet by the server driver module 4, extracting the ciphertext data, decrypting the ciphertext data, forwarding the ciphertext data to a database, generating data or state results fed back by the database in the same manner to contain the ciphertext data and the audit certificate c in the JSON format, returning the data or the state results to the client searchable encryption module 2, forwarding data traffic transmitted between the client searchable encryption module 2 and the server driver module 4 to the database audit module 5 by the port mirror image module 3, acquiring data traffic forwarded by the port mirror image module 3 by the database audit module 5, extracting the audit certificate c therein, analyzing the audit information therein to obtain and display plaintext data, the database can not only encrypt transmission, but also audit transmission ciphertext.
The database auditing system based on searchable encryption comprises an initialization module 1, a client searchable encryption module 2, a port mirror image module 3, a server driving module 4 and a database auditing module 5, wherein the initialization module 1, the client searchable encryption module 2, the port mirror image module 3 and the server driving module 4 are electrically connected in sequence, the port mirror image module 3 is electrically connected with the database auditing module 5 to obtain a key k and an anti-collision hash function H, an auditing keyword dictionary D is determined and used, and after a plaintext SQL sentence is obtained, an auditing keyword set is generated through the auditing keyword dictionary D
Figure BDA0002261876770000074
Using the key k to the set of audit keywords
Figure BDA0002261876770000075
Encrypting to obtain cipher text audit keyword set
Figure BDA0002261876770000076
Using searchable encryption operation to combine the ciphertext keyword set
Figure BDA0002261876770000077
And generating an audit certificate c, and performing matching operation by combining the audit certificate c and the audit keyword dictionary D to obtain and display audit plaintext keywords, so that the database not only can encrypt transmission, but also can audit transmission ciphertext.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (9)

1. A database auditing method based on searchable encryption is characterized by comprising the following steps:
selecting a secret key and an anti-collision Hash function;
determining and using an audit keyword dictionary;
acquiring a plaintext SQL sentence, and generating an audit keyword set through the audit keyword dictionary;
encrypting the audit keyword set by using the key to obtain a ciphertext audit keyword set;
generating an audit certificate through the ciphertext audit keyword set;
and matching operation is carried out by combining the audit certificate and the audit keyword dictionary to obtain and display the audit plaintext keywords.
2. The database auditing method based on searchable encryption according to claim 1, wherein the selecting the key and the collision-resistant hash function comprises:
the method comprises the steps of obtaining a secret key and system parameters encrypted by AES, and selecting an anti-collision Hash function, wherein the anti-collision Hash function is a binary string with input arbitrary bits, and the anti-collision Hash function is an acquired binary string with the system parameter bits.
3. The searchable encryption based database auditing method of claim 2, where said determining and using an audit keyword dictionary, comprises:
and acquiring plaintext keywords related to auditing, and combining the plaintext keywords with corresponding ciphertext to form an auditing keyword dictionary.
4. The searchable encryption based database auditing method of claim 3, where said obtaining a plain SQL statement and generating an audit keyword set from said audit keyword dictionary, comprises:
and aiming at the obtained plaintext SQL sentences, randomly selecting n plaintext keywords from the plaintext keywords in the audit keyword dictionary to form an audit keyword set.
5. The searchable encryption based database auditing method of claim 4 where generating audit certificates from the set of ciphertext audit keywords comprises:
selecting the first 8 encryption elements of the ith keyword in the ciphertext audit keyword set to calculate a first hash value set, splicing the first 8 encryption elements with a first large random number which is randomly selected and has a length 8 less than that of the ith encryption element to obtain a second hash value set, splicing the first 8 encryption elements of the second hash value set with the first large random number to obtain a first variable set, performing bit-by-bit exponential operation on the first variable set and the corresponding ciphertext audit keyword to generate an audit certificate, wherein the number of the elements in the ciphertext audit keyword set is n, and i is more than or equal to 1 and less than or equal to n.
6. The database auditing method based on searchable encryption according to claim 5, wherein the matching operation is performed in combination with the audit certificate and the audit keyword dictionary to obtain and display audit plaintext keywords, comprising:
acquiring and analyzing the audit certificate, combining the audit keyword dictionary, and traversing the first 8-bit elements of the ciphertext keywords in the audit keyword dictionary to calculate a third hash value; and traversing the ciphertext set in the audit certificate to obtain a second variable set, and performing exponential operation on the second variable set and the ciphertext set in the audit keyword dictionary to obtain a third variable set.
7. The database auditing method based on searchable encryption according to claim 6, where in the matching operation is performed in combination with the audit certificate and the set of audit keywords to obtain and display audit plaintext keywords, further comprising:
and respectively assigning the last 8 bits and the remaining bits of the third variable set to R and L, splicing the L and the third hash value set and solving the hash to obtain a fourth hash value set, judging whether the first 8 bits of the fourth hash value set are equal to R or not, then obtaining an audit plaintext keyword according to the corresponding relation between the plaintext and the ciphertext in the audit keyword dictionary, and displaying after visualization processing.
8. The database auditing method based on searchable encryption according to claim 7, wherein said determining whether the first 8-bit hash value of the fourth hash value is equal to said R comprises:
if the first 8-bit hash value of the fourth hash value set is equal to the R, the audit ciphertext corresponding to the second variable set is the ciphertext;
if the first 8-bit hash value of the fourth hash value set is not equal to the R, the next variable value in the second variable set is obtained again, a new third variable set and a new fourth hash value set are obtained through recalculation, and whether the first 8-bit hash value of the fourth hash value set is equal to the R or not is judged again until all ciphertext keywords in the audit certificate are traversed.
9. A database auditing system based on searchable encryption is characterized by comprising an initialization module, a client searchable encryption module, a port mirror image module, a server driving module and a database auditing module, wherein the initialization module, the client searchable encryption module, the port mirror image module and the server driving module are electrically connected in sequence, the port mirror image module is electrically connected with the database auditing module,
the initialization module is used for selecting a key and a collision-resistant hash function and determining an audit keyword dictionary;
the client searchable encryption module is used for extracting keywords for auditing from a plaintext, forming an auditing keyword set according to an auditing keyword dictionary, encrypting the auditing keyword set by using a key, generating an auditing certificate by using searchable encryption operation, and sending ciphertext data and the auditing certificate to the server driving module in a JSON format;
the server side driving module is used for acquiring a JSON format data packet, extracting ciphertext data, decrypting the ciphertext data, forwarding the ciphertext data to a database, generating JSON format data containing the ciphertext data and an audit certificate in the same way according to data or state results fed back by the database, and returning the JSON format data to the client side searchable encryption module;
the port mirror image module is used for forwarding data traffic of one or more client side searchable encryption modules and the server side driving module to the database auditing module;
and the database audit module is used for extracting the audit certificate in the data traffic forwarded by the port mirror image module, analyzing the audit information in the data traffic, and obtaining and displaying plaintext data.
CN201911074188.3A 2019-11-06 2019-11-06 Database auditing system and method based on searchable encryption Active CN110807021B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911074188.3A CN110807021B (en) 2019-11-06 2019-11-06 Database auditing system and method based on searchable encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911074188.3A CN110807021B (en) 2019-11-06 2019-11-06 Database auditing system and method based on searchable encryption

Publications (2)

Publication Number Publication Date
CN110807021A CN110807021A (en) 2020-02-18
CN110807021B true CN110807021B (en) 2022-09-23

Family

ID=69501341

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911074188.3A Active CN110807021B (en) 2019-11-06 2019-11-06 Database auditing system and method based on searchable encryption

Country Status (1)

Country Link
CN (1) CN110807021B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112487483B (en) * 2020-12-14 2024-05-03 深圳昂楷科技有限公司 Encryption database flow auditing method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8904171B2 (en) * 2011-12-30 2014-12-02 Ricoh Co., Ltd. Secure search and retrieval
CN105282167A (en) * 2015-11-06 2016-01-27 福建工程学院 Searchable certificateless public key encryption method
CN108829714A (en) * 2018-05-04 2018-11-16 西安电子科技大学 A kind of ciphertext data multi-key word searches for method generally

Also Published As

Publication number Publication date
CN110807021A (en) 2020-02-18

Similar Documents

Publication Publication Date Title
CN102246166B (en) Search engine service utilizing hash algorithms
Bao et al. A new chaotic system for image encryption
CN106599723B (en) File encryption method and device and file decryption method and device
EP2962422B1 (en) Method and apparatus for secure data transmissions
KR20080018182A (en) Strengthening secure hash functions
WO2018223777A1 (en) Data exchange system, method, and device
US7986780B2 (en) Privacy-preserving substring creation
CN113676348A (en) Network channel cracking method, device, server and storage medium
Mewada et al. Exploration of efficient symmetric AES algorithm
US11233646B2 (en) Searchable encryption method
CN110807021B (en) Database auditing system and method based on searchable encryption
US11101981B2 (en) Generating a pseudorandom number based on a portion of shares used in a cryptographic operation
CN107852324A (en) For encrypting the method and encryption node of message
CN110351289B (en) Data encryption method and device
Xu Cryptanalysis of an image encryption algorithm based on dna sequence operation and hyper-chaotic system
CN114978711A (en) Data transmission method and system for symmetric encryption of dynamic secret key
CN111030930B (en) Decentralized network data fragment transmission method, device, equipment and medium
JP5208796B2 (en) Integer encryption and decryption methods
Sharma et al. New Approach To Des With Enhanced Key Management And Encryption/Decryption System (Des Ultimate)
Sulaiman et al. Extensive analysis on images encryption using hybrid elliptic curve cryptosystem and hill cipher
Velioğlu et al. A New Approach to Cryptographic Hashing: Color Hidden Hash Algorithm
Wang et al. LR-RRA-CCA secure functional encryption for randomized functionalities from trapdoor HPS and LAF.
Ghrare et al. New text encryption method based on hidden encrypted symmetric key
US20170111324A1 (en) Method and apparatus for secure data transmissions
CN117955751B (en) Electronic equipment abnormal data detection method and system based on Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20200218

Assignee: Guilin Weisichuang Technology Co.,Ltd.

Assignor: GUILIN University OF ELECTRONIC TECHNOLOGY

Contract record no.: X2023980046257

Denomination of invention: A Database Audit System and Method Based on Searchable Encryption

Granted publication date: 20220923

License type: Common License

Record date: 20231108