广西师范大学学报(自然科学版) ›› 2011, Vol. 29 ›› Issue (3): 125-130.

• • 上一篇    下一篇

基于DES加密算法的数据库二级加密密钥技术

侯有利, 杨雄   

  1. 海南大学信息科学技术学院,海南海口570228
  • 收稿日期:2011-05-16 出版日期:2011-08-20 发布日期:2018-12-03
  • 通讯作者: 杨雄(1963—),男,陕西延安人,海南大学教授。E-mail:yanan1963@163.com
  • 基金资助:
    国家自然科学基金资助项目(61073189)

Technology Research about Two-stage Encryption Key of DatabaseSecurity Based on DES Encryption Algorithm

HOU You-li, YANG Xiong   

  1. College of Information Science and Technology,Hainan University,Haikou Hainan 570228,China
  • Received:2011-05-16 Online:2011-08-20 Published:2018-12-03

摘要: 数据库加密中,主要采取敏感字段的加密设计机制,敏感字段同密钥一一对应,但如果所有的密钥全部预设势必产生新的安全问题。因此,数据库加密密钥如何产生及保管便成为重中之重。为此,可以采取一种密钥派生机制,实行二级密钥管理,包括管理密钥与加密密钥。加密密钥用于加密敏感字段,它是通过DES加密算法,对管理密钥进行的16轮加密迭代中,提取的每轮迭代结果。管理密钥需要预先设定,但为数不多;加密密钥通过程序实现,动态生成,无需预设。用户只需要保管好少数几个管理密钥即可,无需考虑加密密钥的安全存储与通讯。通过DES加密算法派生加密密钥,可以实现保管少数管理密钥,派生256倍级的加密密钥,基本可以解决数据库加密中对密钥的需求,同时又保障了加密密钥的安全存储与管理。

关键词: DES加密算法, 二级密钥, 管理密钥, 加密密钥

Abstract: One encryption design mechanism based on sensitive fields is mainly adopted in database encryption,which sensitive fields is correspondence to keys one by one.But if all the keys are fixed in advance,new security problemwill emerge.So how to generate and save the encryption keys is of grent importance.One derivative echanism of two-stage encryption key is adopted,including management keys and encryption keys.encryption keys which come from thetransformed results in sixty round of DES encryption algorithm on main keys areused to encrypt sensitive fields.Only a few management keys are needed to set in advance,but the encryption keys are dynamically generated by programming.What the user needs to do is to store several management keys safely,without considering the security storage and communication of theencryption keys.The way of deriving encryption keys by DES Encryption Algorithmcan meet the needs of encryption keys in database encryption,and derive 256 times encryption keys for the safety storage and management of the encryption keys.

Key words: DES encryption algorithm, double encryption-key, management key, encryption key

中图分类号: 

  • TP309.2
[1] Erez Shmueli,Ronen Vaisenberg,Yuval Elovici,et al.Database encryption:an overview of contemporary challenges and design considerations[J].ACM SIGMOD Record,2010,38:29-34.
[2] 孙萍萍.基于表字段的数据库加密服务器的设计与实现[J].计算机与现代化,2009,11(6):6-11.
[3] 咸鹤群,凤登国.支持属性粒度数据库加密的查询重写算法[J].计算研究与发展,2008,45(8):1307-1314.
[4] 蒙杨,卿斯汗,刘克龙.等级加密体制中的密钥管理研究[J].计算机工程,2001,12(8):1147-1153.
[5] KüHN U.Analysis of adatabase and index encryption scheme-problems and fixes[M]//Lecture Notes in Computer Science:Vol 4165.Berlin:Springer,2006:146-159.
[6] 冯朝胜,袁丁.一种基于剩余定理的密钥分配方案[J].计算机工程,2006,32(14):146-148.
[7] 徐江峰,马瑶.一种基于动态密钥的数据库加密方案[J].微计算机信息,2009,25(12-3):27-29.
[8] 安然,陈驰,徐震.数据库加密中间件的设计与实现[J].计算机工程与设计,2009,30(14):3261-3264.
[9] DONG Chang-yu,RUSSELLO G,DULAY N.Shared and searchable encrypted data for untrusted servers[M]//Lecture Notes in Computer Science:Vol 5094.Berlin:Springer,2008:127-143.
[10] üNAY O,GüNDEM T I.A survey on querying encrypted XML documents for databases as a service[J].ACM SIGMOD Record,2008,37:12-20.
[11] HACGüMü H,LYER B,MEHROTRA S.Query optimization in encrypted database systems[J].Lecture Notes in Computer Science.2005,3453:43-55.
[1] 周炎岩, 冯嘉礼. 基于定性映射的数字音频水印算法[J]. 广西师范大学学报(自然科学版), 2011, 29(2): 200-204.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 广西师范大学学报(自然科学版)编辑部
地址:广西桂林市三里店育才路15号 邮编:541004
电话:0773-5857325 E-mail: gxsdzkb@mailbox.gxnu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发