CN113609512B - Method and device for acquiring key used during interaction between client and database - Google Patents
Method and device for acquiring key used during interaction between client and database Download PDFInfo
- Publication number
- CN113609512B CN113609512B CN202111168213.1A CN202111168213A CN113609512B CN 113609512 B CN113609512 B CN 113609512B CN 202111168213 A CN202111168213 A CN 202111168213A CN 113609512 B CN113609512 B CN 113609512B
- Authority
- CN
- China
- Prior art keywords
- database
- data packet
- client
- key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The application discloses a method and a device for acquiring a key used when a client interacts with a database, wherein the method comprises the following steps: the method comprises the following steps that a first software intercepts a plurality of data packets sent when a client interacts with a database; the method comprises the steps that first software obtains the format of a data packet used for exchanging a key between a client and a database and the opportunity of sending the data packet used for exchanging the key; the first software performs first interaction with the client according to the format and opportunity simulation database; the first software simulates a client to perform second interaction with the database according to the format and the opportunity; and the first software analyzes the data packets received in the first interaction and second interaction processes to obtain a key used when the client and the database interact. The method and the device solve the problem that the encrypted data interaction between the client and the database cannot be safely processed in the prior art, provide possibility for further processing the encrypted data, and make contribution to improving the safety of the database to a certain extent.
Description
Technical Field
The present application relates to the field of data processing, and in particular, to a method and an apparatus for obtaining a key used when a client interacts with a database.
Background
In the prior art, data content when interaction is performed between a client and a database needs to be acquired, so that corresponding security processing (for example, auditing and the like) is performed on the data content.
If the key is used for encryption when data interaction is performed between the client and the database, the data cannot be acquired, so that the security processing of the database access data is affected, and further risks may occur.
Disclosure of Invention
The embodiment of the application provides a method and a device for acquiring a key used when a client interacts with a database, so as to at least solve the problem that the encrypted data interaction between the client and the database cannot be safely processed in the prior art.
According to one aspect of the application, a method for acquiring a key used when a client interacts with a database is provided, which includes: the method comprises the following steps that a first software intercepts a plurality of data packets sent when a client interacts with a database; the first software acquires the format of a data packet used for exchanging the key between the client and the database and the opportunity for sending the data packet used for exchanging the key; under the condition that the first data packet used for exchanging the key is sent to the database by the client side through analysis, the first software simulates the database to perform first interaction with the client side according to the format and the opportunity; under the condition that a second data packet used for exchanging keys is sent to the client side by the database after being analyzed, the first software simulates the client side to perform second interaction with the database according to the format and the opportunity; and the first software analyzes the data packet received in the process of the first interaction and the second interaction to obtain a key used when the client terminal and the database are interacted.
Further, the simulating, by the first software, the database according to the format and the opportunity to perform the first interaction with the client includes: the first software constructs a first response of the first data packet, wherein the first response simulates a response sent by the database to the first data packet.
Further, the simulating, by the first software, the client to perform the second interaction with the database according to the format and the opportunity includes: and the first software constructs a second response of the second data packet, wherein the second response simulates a response to the second data packet sent by the client.
Further, the obtaining, by the first software, a format of a data packet used for exchanging a key between the client and the database and an opportunity to send the data packet used for exchanging the key include: and the first software analyzes the plurality of data packets according to a protocol used between the client and the database to obtain the format of the data packets used for exchanging the key between the client and the database and the time for sending the data packets used for exchanging the key.
Further, still include: the first software decrypts encrypted data in a data packet interacted between the client and the database by using the key; and the first software audits the decrypted data.
According to another aspect of the present application, there is also provided an apparatus for obtaining a key used when a client interacts with a database, including: the intercepting module is used for intercepting a plurality of data packets sent when the client interacts with the database; an obtaining module, configured to obtain a format of a data packet used for exchanging a key between the client and the database and a time for sending the data packet used for exchanging the key; the first simulation module is used for simulating the database to perform first interaction with the client according to the format and the opportunity under the condition that the client sends a first data packet for exchanging the key to the database; the second simulation module is used for simulating the client side to perform second interaction with the database according to the format and the opportunity under the condition that the second data packet used for exchanging the key is analyzed to be sent to the client side by the database; and the analysis module is used for analyzing the data packets received in the process of performing the first interaction and the second interaction to obtain a key used when the client side and the database are interacted.
Further, the first simulation module is configured to: and constructing a first response of the first data packet, wherein the first response is a response to the first data packet which simulates the database to send.
Further, the second simulation module is configured to: constructing a second response of the second data packet, wherein the second response is a response to the second data packet sent by the simulation client;
further, the obtaining module is configured to: and analyzing the plurality of data packets according to a protocol used between the client and the database to obtain the format of the data packets used for exchanging the key between the client and the database and the time for sending the data packets used for exchanging the key.
Further, still include: the decryption module is used for decrypting encrypted data in a data packet interacted between the client and the database by using the key; and the processing module is used for auditing the decrypted data.
In the embodiment of the application, a plurality of data packets sent when a client interacts with a database are intercepted by adopting first software; the first software acquires the format of a data packet used for exchanging the key between the client and the database and the opportunity for sending the data packet used for exchanging the key; under the condition that the first data packet used for exchanging the key is sent to the database by the client side through analysis, the first software simulates the database to perform first interaction with the client side according to the format and the opportunity; under the condition that a second data packet used for exchanging keys is sent to the client side by the database after being analyzed, the first software simulates the client side to perform second interaction with the database according to the format and the opportunity; and the first software analyzes the data packet received in the process of the first interaction and the second interaction to obtain a key used when the client terminal and the database are interacted. The method and the device solve the problem that the encrypted data interaction between the client and the database cannot be safely processed in the prior art, provide possibility for further processing the encrypted data, and make contribution to improving the safety of the database to a certain extent.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application. In the drawings:
fig. 1 is a flowchart of a method for acquiring a key used when a client interacts with a database according to an embodiment of the present application.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
In this embodiment, a method for obtaining a key used when a client interacts with a database is provided, and fig. 1 is a flowchart of a method for obtaining a key used when a client interacts with a database according to an embodiment of the present application, and as shown in fig. 1, the flowchart includes the following steps:
step S102, intercepting a plurality of data packets sent by a client when the client interacts with a database by first software;
the first software can be a database agent and can also be software or service with an auditing function.
Before step S102, a data packet sent in an interaction process when the key is not used by the client and the database is saved in the first software. The first software establishes the type (or format) and sequence of the transmitted data packets of the unused key according to the data packets of the unused key transmitted in the interactive flow. After intercepting a plurality of data packets sent by the client and the database, the first software determines that the key is used for the interaction between the client and the database if the types and the sequences of the sent data packets are different according to the pre-stored unused key. Then, the first software acquires the format and timing of the packet for exchanging the key from the packet using the key, and stores the acquired format and timing. Step S104 acquires the format and timing of the packet for exchanging the key from the stored content.
Step S104, the first software acquires the format of a data packet used for exchanging the key between the client and the database and the opportunity for sending the data packet used for exchanging the key; the first software may perform this step S104 if the transmission order and format of the plurality of packets are the same as those of the packets in the flow in which the key is not used, according to whether the transmission order and format of the plurality of packets are the same.
For example, the first software analyzes the plurality of data packets according to a protocol used between the client and the database, and obtains a format of a data packet used for exchanging the key between the client and the database and a time for sending the data packet used for exchanging the key.
In an optional embodiment, the data packet may be analyzed in an artificial intelligence manner, the machine learning model of the artificial intelligence is obtained by training multiple sets of training data, each set of training data in the multiple sets of training data includes a data packet and a tag for identifying whether the data packet carries a secret key, and the machine learning model can be used after training. And inputting the captured data packet into the machine learning model, inputting a label into the machine learning model, and storing the data packet if the label indicates that the data packet carries the secret key. And acquiring the format of the data packet, and storing the format of the data packet.
Optionally, other interactive data packets sent in the preceding and following time periods of the data packet carrying the key are obtained. And establishing a time association relation between the data packet carrying the secret key and other interactive data packets, and determining the sending time for sending the data packet carrying the secret key according to the time association relation.
Step S106, under the condition that the client sends a first data packet for exchanging the key to the database, the first software simulates the database to perform first interaction with the client according to the format and the opportunity;
for example, the first software constructs a first response of the first data packet, wherein the first response simulates a response to the first data packet sent by the database, and the first data packet is constructed according to the format and the timing.
Step S108, under the condition that the second data packet used for exchanging the key is sent to the client side by the database after being analyzed, the first software simulates the client side to carry out second interaction with the database according to the format and the opportunity;
for example, the first software constructs a second response of the second data packet, where the second response simulates a response to the second data packet sent by the client, and the second data packet is constructed according to the format and the timing.
Step S110, the first software analyzes the data packet received during the first interaction and the second interaction to obtain a key used when the client interacts with the database.
After the key is obtained, the session connection between the client and the database can be saved, a command for inquiring the encrypted data is sent to the database in the session, then the received data is decrypted, and if the decryption by using the key is successful, the key is determined to be correct.
If the decryption fails, a key corresponding to the identification information can be searched in a space of the database for storing the key by using a pre-configured account, wherein the pre-configured account is configured on the database, the pre-configured account and the database are mutually trusted accounts, and the mutually trusted account has the right of searching out the key. And then decrypted using the found key.
If the decryption still fails, all the received encrypted data packets are stored, and the encrypted data packets are sent to the auditing function for storage.
And after the key is determined to be correct, acquiring a user name used by the client for connecting the database, establishing a corresponding relation between the user name and the key, and storing the corresponding relation. And after the client is disconnected, the first software stores the corresponding relation between the user name and the key in a key table. And under the condition that the client is connected again, the first software acquires the key corresponding to the user name used for the connection from the key table, and if the acquisition is successful, the key is used for decryption.
If the acquisition fails or the decryption using the key acquired from the key table fails, the first software executes steps S106 to S110 to acquire the key.
The steps solve the problem caused by the fact that the encryption data interaction between the client and the database cannot be safely processed in the prior art, provide possibility for further processing the encryption data, and make a contribution to improving the safety of the database to a certain extent.
In this embodiment, the first software may further decrypt encrypted data in a data packet exchanged between the client and the database by using the key; and the first software audits the decrypted data.
In this embodiment, an electronic device is provided, comprising a memory in which a computer program is stored and a processor configured to run the computer program to perform the method in the above embodiments.
The programs described above may be run on a processor or may also be stored in memory (or referred to as computer-readable media), which includes both non-transitory and non-transitory, removable and non-removable media, that implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
These computer programs may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks, and corresponding steps may be implemented by different modules.
Such an apparatus and system is provided in this embodiment. The system is called a device for acquiring a key used when a client interacts with a database, and comprises: the intercepting module is used for intercepting a plurality of data packets sent when the client interacts with the database; an obtaining module, configured to obtain a format of a data packet used for exchanging a key between the client and the database and a time for sending the data packet used for exchanging the key; the first simulation module is used for simulating the database to perform first interaction with the client according to the format and the opportunity under the condition that the client sends a first data packet for exchanging the key to the database; the second simulation module is used for simulating the client side to perform second interaction with the database according to the format and the opportunity under the condition that the second data packet used for exchanging the key is analyzed to be sent to the client side by the database; and the analysis module is used for analyzing the data packets received in the process of performing the first interaction and the second interaction to obtain a key used when the client side and the database are interacted.
The system or the apparatus is used for implementing the functions of the method in the foregoing embodiments, and each module in the system or the apparatus corresponds to each step in the method, which has been described in the method and is not described herein again.
For example, the first analog module is configured to: and constructing a first response of the first data packet, wherein the first response is a response to the first data packet which simulates the database to send. Or, the second analog module is configured to: constructing a second response of the second data packet, wherein the second response is a response to the second data packet sent by the simulation client;
for another example, the obtaining module is configured to: and analyzing the plurality of data packets according to a protocol used between the client and the database to obtain the format of the data packets used for exchanging the key between the client and the database and the time for sending the data packets used for exchanging the key. Optionally, the apparatus may further include: the decryption module is used for decrypting encrypted data in a data packet interacted between the client and the database by using the key; and the processing module is used for auditing the decrypted data.
The above embodiment can be applied to after the oracle advanced encryption, the first software may obtain the keys from both sides, capture between the database and the client, and need to match exactly which data packets are used for exchanging keys, which bytes are keys, and a key encryption algorithm. And analyzing the time node for key exchange through a normal data packet, and performing simulated packet sending and key exchange at the time node.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A method for obtaining a key used when a client interacts with a database is characterized by comprising the following steps:
the method comprises the following steps that a first software intercepts a plurality of data packets sent when a client interacts with a database;
the first software acquires the format of a data packet used for exchanging the key between the client and the database and the opportunity for sending the data packet used for exchanging the key;
under the condition that the first data packet used for exchanging the key is sent to the database by the client side through analysis, the first software simulates the database to perform first interaction with the client side according to the format and the opportunity;
under the condition that a second data packet used for exchanging keys is sent to the client side by the database after being analyzed, the first software simulates the client side to perform second interaction with the database according to the format and the opportunity; the method comprises the steps that a data packet is analyzed in an artificial intelligence mode, the machine learning model of the artificial intelligence is obtained through training of multiple groups of training data, each group of training data in the multiple groups of training data comprises a data packet and a label used for identifying whether the data packet carries a secret key or not, the machine learning model can be used after training, the captured data packet is input into the machine learning model, the machine learning model inputs a label, and if the label indicates that the data packet carries the secret key, the data packet is stored; acquiring the format of the data packet, and storing the format of the data packet;
the first software analyzes the data packet received in the process of the first interaction and the second interaction to obtain a key used when the client terminal and the database are interacted; the key is used for decrypting encrypted data in a data packet interacted between the client and the database, and the decrypted data is used for auditing.
2. The method of claim 1, wherein simulating, by the first software, the first interaction with the client by the database according to the format and timing comprises:
the first software constructs a first response of the first data packet, wherein the first response simulates a response sent by the database to the first data packet.
3. The method of claim 1, wherein simulating, by the first software, the second interaction between the client and the database according to the format and timing comprises:
and the first software constructs a second response of the second data packet, wherein the second response simulates a response to the second data packet sent by the client.
4. The method of claim 1, wherein the first software obtaining the format of the data packet used by the client to exchange the key with the database and the timing for sending the data packet used to exchange the key comprises:
and the first software analyzes the plurality of data packets according to a protocol used between the client and the database to obtain the format of the data packets used for exchanging the key between the client and the database and the time for sending the data packets used for exchanging the key.
5. The method of any of claims 1 to 4, further comprising:
the first software decrypts encrypted data in a data packet interacted between the client and the database by using the key;
and the first software audits the decrypted data.
6. An apparatus for obtaining a key used when a client interacts with a database, comprising:
the intercepting module is used for intercepting a plurality of data packets sent when the client interacts with the database;
an obtaining module, configured to obtain a format of a data packet used for exchanging a key between the client and the database and a time for sending the data packet used for exchanging the key;
the first simulation module is used for simulating the database to perform first interaction with the client according to the format and the opportunity under the condition that the client sends a first data packet for exchanging the key to the database; the method comprises the steps that a data packet is analyzed in an artificial intelligence mode, the machine learning model of the artificial intelligence is obtained through training of multiple groups of training data, each group of training data in the multiple groups of training data comprises a data packet and a label used for identifying whether the data packet carries a secret key or not, the machine learning model can be used after training, the captured data packet is input into the machine learning model, the machine learning model inputs a label, and if the label indicates that the data packet carries the secret key, the data packet is stored; acquiring the format of the data packet, and storing the format of the data packet;
the second simulation module is used for simulating the client side to perform second interaction with the database according to the format and the opportunity under the condition that the second data packet used for exchanging the key is analyzed to be sent to the client side by the database;
the analysis module is used for analyzing the data packets received in the process of performing the first interaction and the second interaction to obtain a key used when the client side and the database are interacted; the key is used for decrypting encrypted data in a data packet interacted between the client and the database, and the decrypted data is used for auditing.
7. The apparatus of claim 6, wherein the first analog module is configured to:
and constructing a first response of the first data packet, wherein the first response is a response to the first data packet which simulates the database to send.
8. The apparatus of claim 6, wherein the second analog module is configured to:
and constructing a second response of the second data packet, wherein the second response is a response to the second data packet, which is simulated and sent by the client.
9. The apparatus of claim 6, wherein the obtaining module is configured to:
and analyzing the plurality of data packets according to a protocol used between the client and the database to obtain the format of the data packets used for exchanging the key between the client and the database and the time for sending the data packets used for exchanging the key.
10. The apparatus of any one of claims 6 to 9, further comprising:
the decryption module is used for decrypting encrypted data in a data packet interacted between the client and the database by using the key;
and the processing module is used for auditing the decrypted data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111168213.1A CN113609512B (en) | 2021-10-08 | 2021-10-08 | Method and device for acquiring key used during interaction between client and database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111168213.1A CN113609512B (en) | 2021-10-08 | 2021-10-08 | Method and device for acquiring key used during interaction between client and database |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113609512A CN113609512A (en) | 2021-11-05 |
| CN113609512B true CN113609512B (en) | 2022-02-08 |
Family
ID=78343344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111168213.1A Active CN113609512B (en) | 2021-10-08 | 2021-10-08 | Method and device for acquiring key used during interaction between client and database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113609512B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7454785B2 (en) * | 2002-12-19 | 2008-11-18 | Avocent Huntsville Corporation | Proxy method and system for secure wireless administration of managed entities |
| CN106911462B (en) * | 2017-01-18 | 2020-03-24 | 南宁师范大学 | Wireless router password analysis method based on gene expression programming |
| CN106941401B (en) * | 2017-03-23 | 2021-06-04 | 深信服科技股份有限公司 | Acceleration equipment and method for obtaining session key based on acceleration equipment |
| CN112035851A (en) * | 2020-07-22 | 2020-12-04 | 北京中安星云软件技术有限公司 | MYSQL database auditing method based on SSL |
| CN112487483B (en) * | 2020-12-14 | 2024-05-03 | 深圳昂楷科技有限公司 | Encryption database flow auditing method and device |
-
2021
- 2021-10-08 CN CN202111168213.1A patent/CN113609512B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113609512A (en) | 2021-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108734028B (en) | Data management method based on block chain, block chain link point and storage medium | |
| TWI598765B (en) | Data protection methods and devices | |
| CN112487483B (en) | Encryption database flow auditing method and device | |
| US20160021111A1 (en) | Method, Terminal Device, and Network Device for Improving Information Security | |
| CN109271798A (en) | Sensitive data processing method and system | |
| CN112216038B (en) | Intelligent cabinet opening method, data processing method and device and intelligent cabinet application system | |
| CN107545188B (en) | Application management method, device and system | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN114900338A (en) | Encryption and decryption method, device, equipment and medium | |
| CN112532629B (en) | Data transmission method, device, equipment and medium | |
| CN111917555A (en) | Data processing method and device | |
| CN110099065A (en) | Internet of things equipment and authentication method, Cloud Server, processing equipment, readable medium | |
| CN106506293A (en) | For obtaining home network controlling apparatus and the method for the control information of encryption | |
| CN107637016A (en) | Authentication device, Verification System, authentication method and program | |
| CN113609512B (en) | Method and device for acquiring key used during interaction between client and database | |
| CN111356132B (en) | Bluetooth access control method, system, electronic equipment and storage medium | |
| CN107172165B (en) | Data synchronization method and device | |
| CN113821820B (en) | Method, device, medium and equipment for encrypting and decrypting resources in splitting mode | |
| CN110190980A (en) | The system and method for supporting plug-in unitization access different blocks chain alliance chain network | |
| CN115941279A (en) | Encryption and decryption method, system and equipment for user identification in data | |
| CN104994078B (en) | Information transmission, acquisition methods and device, information processing system in local area network | |
| CN113595962B (en) | Safety control method and device and safety control equipment | |
| CN113922952A (en) | Access request response method, device, computer equipment and storage medium | |
| CN105120425A (en) | M2M identification method and apparatus, internet of things terminal and M2M identification system | |
| CN107172092A (en) | Facility information guard method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |