外包环境中一种支持数据完整性验证的密钥管理方案  被引量：6

作　　者：闫玺玺[1] 胡前伟 魏文燕[1,2] 李子臣[2] 

机构地区：[1]河南理工大学计算机学院,河南焦作454003 [2]北京印刷学院信息工程学院,北京102600

出　　处：《小型微型计算机系统》2016年第12期2654-2659,共6页Journal of Chinese Computer Systems

基　　金：国家自然科学基金项目(61300216;61370188)资助;北京市自然科学基金重点项目B类项目(KZ20150015015)资助;北京市教委项目(KM201510015009;KM201410015006)资助

摘　　要：针对外包数据库的数据机密性和完整性等安全问题,结合数据库加密和NTRU(Number Theory Research Unit)签名技术,提出一种安全有效的密钥管理方案.方案中首先用户由数据表的结构特点选择属性参数,产生数据加密密钥,对数据进行加密保护.其次,通过对密文数据进行基于多项式环密码体制的签名,实现数据的完整性保护.最后将密文数据和签名数据一起存放到外包数据库中,而数据加密密钥储存到本地安全数据库中,并由系统主密钥加密保护,系统主密钥和签名验证密钥安全存放在硬件安全模块中.此外,解密数据时先验证请求数据的NTRU签名,如果验证通过则可以解密数据,否则不需要解密数据.实验中分别比较了密钥管理方案中密钥生成算法以及NTRU签名的效率,结果表明该方案安全有效,并且在不同的加密算法下该密钥管理方案均是安全稳定的,可以同时提供数据机密性保护和完整保护.A safe and effective key management scheme is presented on the basis of combining database encryption and NTRU（ Num- ber Theory Research Unit） signature technology for addressing security issues in the Database as a Server. In this scheme, users select properties parameters according to the structural characteristics of the data table, and then generate data keys that used for encrypting data. Implement NTRU signature on ciphertext data after encrypt it. Ciphertext data and the signature data are stored together in Data- base as a Server,the data keys is stored in local secure database that encrypted by the system master key. At last, system master key and NTRU signature verification key stored securely in a hardware security module. Need to verify NTRU signature when decrypt the request data firstly, through the validation can decrypt data, and otherwise don＇t need to decrypt the data. Experiments compared re- spectively the efficiency of key generation algorithms and NTRU signature scheme, and experimental results show that the scheme is safe and effective, and tests the key management scheme is feasible under different encryption algorithm, it can provide data confidenti- ality protection and integrity protection at the same time.

关 键 词：外包数据库 数据库加密 密钥管理 属性参数 NTRU签名 完整性验证 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]