外包数据库完整性检测与追踪方法研究

As a typical paradigm of cloud computing, outsourced database is a novel scheme of database application. Users or cooperations outsource their data to cloud service providers in order to gain advantage in cost, efficiency and reliability, but the outsourcing also poses unprecedented challenges to database security. This research project aims to protect the integrity of the outsourced user data. Mechanisms and techniques will be devised to give users the ability to check whether their data have been tempered with or not, and to track integrity breach with cryptographic proof. Most related works focus on the integrity checking mechanism only, breach tracking,accountability and compatability with other security mechanisms are rarely mentioned. This research project will combine the techniques of authenticated data structure and digital watermarks. New techniques for integrity protection will be designed to check data integrity and to track integrity breach. The primary goal is to design a new authenticated data structure capable of carrying watermarks. The watermark embeding and detecting algorithms will be devised accordingly. Then, a new data outsourcing protocal will be designed, which secures the data outsourcing procedure and provides the cryptographic proof for an innocent user or a cloud service provider. Besides, the problem of compatabilty with other security mechanisms will be thoroughly studied in this research to improve applicability. Finally, this research project will provide the applicational and technological foundation for protecting outsourced database security. It will provide complete, delicate and applicable security solutions for integrity protection in outsourced databases.

外包数据库是一种新的数据库应用形态，是云计算的典型实例。用户或企业将数据库外包给云服务提供商，从而获得成本、效率和可用性等多方面的优势，但这种应用模式给数据库安全带来了前所未有的挑战。课题的研究旨在保护外包数据库中用户数据的完整性，使用户能够检测数据是否被篡改，并能实现对篡改行为的追踪和责任认定。现有研究工作多以检测方法为主要研究对象，在篡改行为的追踪和责任认定方面存在不足，并且对各类安全技术的相容性考虑较少。本课题拟采用验证数据结构与数字水印技术相结合的研究方案，研究数据完整性检测与追踪技术方法。课题将设计一种可以添加数字水印的验证数据结构，设计对应的水印添加与检测算法，设计安全、公平的数据外包协议，并可为清白的用户或云服务提供商提供密码学证据。课题还将研究外包数据库安全机制的技术相容性问题，为保护外包数据库安全提供应用技术基础，提供完备、完善并且实用性强的完整性保护技术方案。

云计算环境中的外包数据库已经成为一种学术界、工业界普遍认可的高效、低成本的数据库应用形态。信任模型的转变，使这种应用模式给数据库安全带来了前所未有的挑战。本项目研究了外包数据安全模型，研究了数据完整性检测与追踪技术方法，研究了数据库加密、密文查询和技术相容性问题。设计了一种基于复合标记水印的数据库水印添加与检测算法，实现了安全、公平的数据分发协议，能够追踪数据泄漏的路径，同时可为清白的用户或云服务商提供密码学证据。在研究完整性检测方法过程中，改造并使用了多种签名方案实现完整性度量，提出了一类有限域元素快速运算方法。此外，本项目设计了一种用于外包数据库的密文关键词查询方法，基于bloom过滤器实现了多关键词快速查询的安全方案。针对系统安全模型，抽象出了一种通用的安全控制方法。项目的研究为保护外包数据库安全提供应用技术基础，后续研究工作还将进一步在数据完整性保护以及云存储系统扩展等方面展开。