[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN110807021B - A database audit system and method based on searchable encryption - Google Patents

A database audit system and method based on searchable encryption Download PDF

Info

Publication number
CN110807021B
CN110807021B CN201911074188.3A CN201911074188A CN110807021B CN 110807021 B CN110807021 B CN 110807021B CN 201911074188 A CN201911074188 A CN 201911074188A CN 110807021 B CN110807021 B CN 110807021B
Authority
CN
China
Prior art keywords
audit
module
keyword
ciphertext
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911074188.3A
Other languages
Chinese (zh)
Other versions
CN110807021A (en
Inventor
丁勇
李世杰
王玉珏
唐晨钧
罗得寸
邹秀清
陈锦雯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Original Assignee
Guilin University of Electronic Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology filed Critical Guilin University of Electronic Technology
Priority to CN201911074188.3A priority Critical patent/CN110807021B/en
Publication of CN110807021A publication Critical patent/CN110807021A/en
Application granted granted Critical
Publication of CN110807021B publication Critical patent/CN110807021B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于可搜索加密的数据库审计系统及方法,包括初始化模块、客户端可搜索加密模块、端口镜像模块、服务端驱动模块和数据库审计模块,选取密钥和抗碰撞哈希函数,确定并使用审计关键词词典,在获取明文SQL语句后,通过所述审计关键词词典生成审计关键词集,使用所述密钥对所述审计关键词集进行加密,得到密文审计关键词集,使用可搜索加密运算将所述密文关键词集生成审计证书,结合所述审计证书和所述审计关键词词典,进行匹配运算,得到并展示审计明文,使得数据库不仅可以加密传输,还能对传输密文进行审计。

Figure 201911074188

The invention discloses a database auditing system and method based on searchable encryption, including an initialization module, a client-side searchable encryption module, a port mirroring module, a server-side driver module and a database auditing module, a key selection key and an anti-collision hash function , determine and use the audit keyword dictionary, after obtaining the plaintext SQL statement, generate the audit keyword set through the audit keyword dictionary, use the key to encrypt the audit keyword set, and obtain the ciphertext audit keyword Set, use searchable encryption operation to generate audit certificate from the ciphertext keyword set, combine the audit certificate and the audit keyword dictionary, perform matching operation, obtain and display the audit plaintext, so that the database can not only encrypt transmission, but also Can audit the transmitted ciphertext.

Figure 201911074188

Description

一种基于可搜索加密的数据库审计系统及方法A database audit system and method based on searchable encryption

技术领域technical field

本发明涉及数据库安全审计领域,尤其涉及一种基于可搜索加密的数据库审计系统及方法。The invention relates to the field of database security auditing, in particular to a database auditing system and method based on searchable encryption.

背景技术Background technique

数据库审计主要用于记录对数据库的各种操作行为,解析各种针对数据库的操作,并计入审计数据库,以方便审计人员查询、分析、过滤。实现对数据库的用户操作的监控和审计,目前的数据库审计面临的问题在于,审计的前提要保证数据库客户端和服务端的传输透明(使用明文数据),数据库传输的数据包(除登录密码)为明文数据,但在传输过程中不仅数据库审计系统可以获取数据包,侵入自身网络的敌手也可以获取SQL语句的明文数据,为了避免敌手的监听,不少用户采用的SSL隧道进行传输,但是加密隧道的建立也将旁路监听的数据库审计系统排除在外,审计系统无法正常工作,使当前的数据库不能同时进行加密传输和对传输密文进行审计。Database auditing is mainly used to record various operation behaviors on the database, analyze various operations against the database, and include them in the audit database, so as to facilitate the query, analysis and filtering of auditors. Realize the monitoring and auditing of database user operations. The problem faced by current database auditing is that the premise of auditing is to ensure that the transmission of the database client and server is transparent (using plaintext data), and the data packets transmitted by the database (except the login password) are: Plaintext data, but during the transmission process, not only the database audit system can obtain data packets, but also the plaintext data of SQL statements can be obtained by adversaries who invade their own networks. In order to avoid the adversary's monitoring, many users use SSL tunnels for transmission, but encrypted tunnels The establishment of the database also excludes the database auditing system of bypass monitoring, and the auditing system cannot work normally, so that the current database cannot perform encrypted transmission and auditing of transmitted ciphertext at the same time.

发明内容SUMMARY OF THE INVENTION

本发明的目的在于提供一种基于可搜索加密的数据库审计系统及方法,使得数据库不仅可以加密传输,还能对传输密文进行审计。The purpose of the present invention is to provide a database auditing system and method based on searchable encryption, so that the database can not only be encrypted and transmitted, but also can audit the transmitted ciphertext.

为实现上述目的,第一方面,本发明提供了一种基于可搜索加密的数据库审计方法,包括:In order to achieve the above object, in the first aspect, the present invention provides a database auditing method based on searchable encryption, including:

选取密钥和抗碰撞哈希函数;Choose a key and a collision-resistant hash function;

确定并使用审计关键词词典;Identify and use a dictionary of audit keywords;

获取明文SQL语句,通过所述审计关键词词典生成审计关键词集;Obtain plaintext SQL statements, and generate audit keyword sets through the audit keyword dictionary;

使用所述密钥对所述审计关键词集进行加密,得到密文审计关键词集;Encrypting the audit keyword set using the key to obtain a ciphertext audit keyword set;

通过所述密文关键词集生成审计证书;generating an audit certificate by using the ciphertext keyword set;

结合所述审计证书和所述审计关键词词典,进行匹配运算,得到并展示审计明文关键词。Combining the audit certificate and the audit keyword dictionary, a matching operation is performed to obtain and display the audit plaintext keywords.

其中,所述选取密钥和抗碰撞哈希函数,包括:Wherein, the selection key and anti-collision hash function include:

获取采用AES加密的密钥和系统参数,并选择一种抗碰撞哈希函数,其中所述抗碰撞哈希函数为输入任意位的二进制串,输出为获取的所述系统参数位的二进制串。Obtain the key and system parameters encrypted by AES, and select an anti-collision hash function, wherein the anti-collision hash function is an input binary string of arbitrary bits, and the output is the obtained binary string of the system parameter bits.

其中,所述确定并使用审计关键词词典,包括:Wherein, the determining and using the audit keyword dictionary includes:

获取与审计有关的明文关键词,结合对应的密文,组成审计关键词词典。Obtain plaintext keywords related to auditing, and combine with corresponding ciphertexts to form an audit keyword dictionary.

其中,所述获取明文SQL语句,通过所述审计关键词词典生成审计关键词集,包括:Wherein, the obtaining plaintext SQL statement, and generating the audit keyword set through the audit keyword dictionary, include:

针对获取的明文SQL语句,在所述审计关键词词典中的明文关键词中随机选取n个明文关键词,组成审计关键词集。For the acquired plaintext SQL statement, n plaintext keywords are randomly selected from the plaintext keywords in the audit keyword dictionary to form an audit keyword set.

其中,通过所述密文关键词集生成审计证书,包括:Wherein, generating an audit certificate through the ciphertext keyword set includes:

选取所述密文审计关键词集中的第i个关键词的前8个加密元素计算出第一哈希值集合,并和随机选取的一长度比第i个加密元素少8个长度的第一大随机数进行拼接求哈希,得到第二哈希值集合,第二哈希值集合的前8个加密元素再和第一大随机数进行拼接,得到第一变量集合,将所述第一变量集合与所对应的所述密文审计关键词逐位进行指数运算,生成审计证书,其中,所述密文审计关键词集中的元素为n个,1≤i≤n。Select the first 8 encrypted elements of the i-th keyword in the ciphertext audit keyword set to calculate the first hash value set, and calculate the first hash value set with a randomly selected first length that is 8 lengths less than the i-th encrypted element. The large random number is spliced to obtain a hash to obtain a second hash value set, and the first 8 encrypted elements of the second hash value set are spliced with the first large random number to obtain a first variable set. The variable set and the corresponding ciphertext audit keyword perform exponential operation bit by bit to generate an audit certificate, wherein the number of elements in the ciphertext audit keyword set is n, and 1≤i≤n.

其中,结合所述审计证书和所述审计关键词词典,进行匹配运算,得到并展示审计明文关键词,包括:Wherein, in combination with the audit certificate and the audit keyword dictionary, a matching operation is performed to obtain and display the audit plaintext keywords, including:

获取并解析出所述审计证书,结合所述审计关键词词典,并遍历所述审计关键词词典中的密文关键词的前8位元素计算出第三哈希值。遍历所述审计证书中的密文集合,得到第二变量集合,将第二变量集合和所述审计关键词词典中的密文集合进行指数运算,得到第三变量集合。Obtain and parse the audit certificate, combine with the audit keyword dictionary, and traverse the first 8 elements of the ciphertext keyword in the audit keyword dictionary to calculate a third hash value. Traverse the ciphertext set in the audit certificate to obtain a second variable set, and perform an exponential operation on the second variable set and the ciphertext set in the audit keyword dictionary to obtain a third variable set.

其中,所述结合所述审计证书和所述审计关键词集,进行匹配运算,得到并展示审计明文关键词,还包括:Wherein, performing a matching operation in combination with the audit certificate and the audit keyword set to obtain and display the audit plaintext keywords, further comprising:

将所述第三变量集合的后8位和剩余位元素分别赋值为R和L,将L和第三哈希值集合拼接并求哈希,得到第四哈希值集合,判断所述第四哈希值集合的前8位哈希值是否与所述R相等,然后根据所述审计关键词词典中明文和密文的对应关系得到审计明文关键词,经过可视化处理后展示。The last 8 bits and the remaining bit elements of the third variable set are assigned as R and L respectively, L and the third hash value set are spliced and hashed to obtain a fourth hash value set, and the fourth hash value set is judged. Check whether the first 8 hash values of the hash value set are equal to the R, and then obtain the audit plaintext keywords according to the correspondence between the plaintext and the ciphertext in the audit keyword dictionary, and display them after visual processing.

其中,所述判断所述第四哈希值的前8位哈希值是否与所述R相等,包括:Wherein, the judging whether the first 8-bit hash value of the fourth hash value is equal to the R includes:

若所述第四哈希值集合的前8位哈希值与所述R相等,则所述第二变量集合对应的审计密文为所述密文;If the first 8 hash values of the fourth hash value set are equal to the R, then the audit ciphertext corresponding to the second variable set is the ciphertext;

若所述第四哈希值集合的前8位哈希值与所述R不相等,则重新获取所述第二变量集合中的下一个变量值,重新计算得到新的第三变量集合和第四哈希值集合,并重新判断所述第四哈希值集合的前8位哈希值是否与所述R相等,直至遍历所述审计证书中的所有密文关键词。If the first 8 hash values of the fourth hash value set are not equal to the R, then re-acquire the next variable value in the second variable set, and recalculate to obtain a new third variable set and the first variable set. Set four hash values, and re-judg whether the first 8 hash values of the fourth set of hash values are equal to the R, until all ciphertext keywords in the audit certificate are traversed.

第二方面,本发明提供一种基于可搜索加密的数据库审计系统,所述基于可搜索加密的数据库审计系统包括初始化模块、客户端可搜索加密模块、端口镜像模块、服务端驱动模块和数据库审计模块,所述初始化模块、所述客户端可搜索加密模块、所述端口镜像模块、所述服务端驱动模块依次电性连接,所述端口镜像模块和所述数据库审计模块电性连接,In a second aspect, the present invention provides a database auditing system based on searchable encryption. The database auditing system based on searchable encryption includes an initialization module, a client-side searchable encryption module, a port mirroring module, a server-side driver module, and a database auditing module. module, the initialization module, the client searchable encryption module, the port mirroring module, and the server driver module are electrically connected in sequence, and the port mirroring module and the database audit module are electrically connected,

所述初始化模块,用于选取密钥和抗碰撞哈希函数,并确定关键词词典;The initialization module is used to select a key and an anti-collision hash function, and determine a keyword dictionary;

所述客户端可搜索加密模块,用于在明文中提取用于审计的关键字,根据审计关键词词典组成审计关键词集,使用密钥加密审计关键词集,使用可搜索加密运算生成审计证书,并将密文数据和审计证书以JSON格式发送给所述服务端驱动模块;The client-side searchable encryption module is used for extracting keywords for auditing in plaintext, forming an auditing keyword set according to the auditing keyword dictionary, encrypting the auditing keyword set using a key, and generating an audit certificate using searchable encryption operations , and send the ciphertext data and audit certificate to the server driver module in JSON format;

所述服务端驱动模块,用于获取JSON格式数据包,提取密文数据并解密,转发给数据库,并将所述数据库反馈的数据或状态结果以同样的方式生成包含密文数据和审计证书的JSON格式数据,返回给所述客户端可搜索加密模块;The server driver module is used to obtain JSON format data packets, extract the ciphertext data and decrypt it, forward it to the database, and generate the data or status results fed back by the database in the same way, including the ciphertext data and the audit certificate. JSON format data, returned to the client searchable encryption module;

所述端口镜像模块,用于将一个或多个所述客户端可搜索加密模块和所述服务端驱动模块的数据流量转发到所述数据库审计模块;The port mirroring module is used to forward the data traffic of one or more of the client-side searchable encryption module and the server-side driver module to the database audit module;

所述数据库审计模块,用于在获取所述端口镜像模块转发的数据流量,提取其中的审计证书,解析其中的审计信息,得到并展示明文数据。The database auditing module is used for acquiring the data traffic forwarded by the port mirroring module, extracting the auditing certificate therein, parsing the auditing information therein, and obtaining and displaying plaintext data.

本发明的一种基于可搜索加密的数据库审计系统及方法,所述基于可搜索加密的数据库审计系统包括初始化模块、客户端可搜索加密模块、端口镜像模块、服务端驱动模块和数据库审计模块,所述初始化模块、所述客户端可搜索加密模块、所述端口镜像模块、所述服务端驱动模块依次电性连接,所述端口镜像模块和所述数据库审计模块电性连接,选取密钥和抗碰撞哈希函数,确定并使用审计关键词词典,获取明文SQL语句后,通过所述审计关键词词典生成审计关键词集,使用所述密钥对所述审计关键词集进行加密,得到密文审计关键词集,使用可搜索加密运算将所述密文关键词集生成审计证书,结合所述审计证书和所述审计关键词词典,进行匹配运算,得到并展示审计明文关键词,使得数据库不仅可以加密传输,还能对传输密文进行审计。A database auditing system and method based on searchable encryption of the present invention, the database auditing system based on searchable encryption includes an initialization module, a client-side searchable encryption module, a port mirroring module, a server-side driver module and a database auditing module, The initialization module, the client-side searchable encryption module, the port mirroring module, and the server driver module are electrically connected in sequence, and the port mirroring module is electrically connected to the database audit module, and the key and Anti-collision hash function, determine and use an audit keyword dictionary, after obtaining plaintext SQL statements, generate an audit keyword set through the audit keyword dictionary, and use the key to encrypt the audit keyword set to obtain a password. The audit key set is used to generate an audit certificate from the cipher text key set using searchable encryption operations, and the audit certificate and the audit key dictionary are combined to perform a matching operation to obtain and display the audit plain text key words, so that the database Not only can encrypt the transmission, but also audit the transmitted ciphertext.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

图1是本发明的基于可搜索加密的数据库审计方法的步骤示意图。FIG. 1 is a schematic diagram of the steps of the database auditing method based on searchable encryption of the present invention.

图2是本发明的基于可搜索加密的数据库审计系统的结构示意图。FIG. 2 is a schematic structural diagram of the database auditing system based on searchable encryption of the present invention.

1-初始化模块、2-客户端可搜索加密模块、3-端口镜像模块、4-服务端驱动模块、5-数据库审计模块。1-Initialization module, 2-Client searchable encryption module, 3-Port mirroring module, 4-Server driver module, 5-Database audit module.

具体实施方式Detailed ways

下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,旨在用于解释本发明,而不能理解为对本发明的限制。The following describes in detail the embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary, and are intended to explain the present invention and should not be construed as limiting the present invention.

请参阅图1,本发明提供一种基于可搜索加密的数据库审计方法,包括:Referring to FIG. 1, the present invention provides a database auditing method based on searchable encryption, including:

S101、选取密钥和抗碰撞哈希函数。S101. Select a key and an anti-collision hash function.

具体的,在初始化模块1中,确定AES加密密钥k,并随机选取系统参数λ和一种抗碰撞哈希函数H,其中,抗碰撞哈希函数H为:{0,1}*→{0,1}λ,其输入为任意长度的二进制串,输出为λ位二进制串,然后将密钥k和抗碰撞哈希函数H发送至客户端可搜索加密模块2和服务器驱动模块4中。Specifically, in the initialization module 1, the AES encryption key k is determined, and the system parameter λ and an anti-collision hash function H are randomly selected, wherein the anti-collision hash function H is: {0,1} * →{ 0,1} λ , the input is a binary string of arbitrary length, the output is a λ-bit binary string, and then the key k and the anti-collision hash function H are sent to the client-side searchable encryption module 2 and the server driver module 4.

S102、确定并使用审计关键词词典。S102, determine and use the audit keyword dictionary.

具体的,获取与审计有关的明文关键词M,结合对应的密文C,组成审计关键词词典D,审计关键词词典D的结构为:D[M:C],并且所述客户端可搜索加密模块2引入所述审计关键词词典D。Specifically, the plaintext keywords M related to auditing are obtained, and the corresponding ciphertext C is combined to form an audit keyword dictionary D. The structure of the audit keyword dictionary D is: D[M:C], and the client can search The encryption module 2 introduces the audit keyword dictionary D.

S103、获取明文SQL语句,通过所述审计关键词词典生成审计关键词集。S103: Acquire a plaintext SQL statement, and generate an audit keyword set by using the audit keyword dictionary.

具体的,获取输入的SQL语句,所述客户端可搜索加密模块2从所述审计关键词词典2中的M随机选取n个明文关键词,组成审计关键词集

Figure BDA0002261876770000051
其中,
Figure BDA0002261876770000052
S104、使用所述密钥对所述审计关键词集进行加密,得到密文审计关键词集。Specifically, to obtain the input SQL statement, the client-side searchable encryption module 2 randomly selects n plaintext keywords from M in the audit keyword dictionary 2 to form an audit keyword set
Figure BDA0002261876770000051
in,
Figure BDA0002261876770000052
S104. Encrypt the audit keyword set using the key to obtain a ciphertext audit keyword set.

具体的,使用所述密钥k对所述审计关键词集

Figure BDA00022618767700000513
进行AES加密,生成密文审计关键词集
Figure BDA0002261876770000053
Specifically, use the key k to pair the audit keyword set
Figure BDA00022618767700000513
Perform AES encryption to generate ciphertext audit keyword set
Figure BDA0002261876770000053

S105、通过所述密文关键词集生成审计证书。S105. Generate an audit certificate by using the ciphertext keyword set.

具体的,内容为密文的密文审计关键词集

Figure BDA0002261876770000054
所述客户端可搜索加密模块2对每个加密过后的审计关键词
Figure BDA0002261876770000055
取前8位得到并求第一哈希值集合
Figure BDA0002261876770000056
其中[0:7]表示取该变量的0到7位的元素,然后随机选取一个长度比第i个加密元素少8个长度的第一大随机数ai进行拼接,其长度表示为:
Figure BDA0002261876770000057
拼接得到第二哈希值集合θ2=H(ai||θ1),第二哈希值集合的前8个加密元素再和第一大随机数ai进行拼接,得到第一变量集合ti=ai||θ[0:7],将所述第一变量集合t与所述密文审计关键词集的每个关键词
Figure BDA0002261876770000058
逐位进行指数运算,得到审计证书c,计算公式为:
Figure BDA0002261876770000059
其中,||表示字符串连接,len()表示变量的长度,θ1表示第一哈希值集合,θ2表示第二哈希值集合,ci[x]、
Figure BDA00022618767700000510
和ti[x]分别表示审计证书c的第i条的第x位元素、密文审计关键词集
Figure BDA00022618767700000511
的第i条的第x位元素和第一变量集合t的第i条的第x位元素,将所述审计证书c传给所述数据库审计模块5。Specifically, the ciphertext audit keyword set whose content is ciphertext
Figure BDA0002261876770000054
The client can search the encryption module 2 for each encrypted audit keyword
Figure BDA0002261876770000055
Take the first 8 bits to get and find the first hash value set
Figure BDA0002261876770000056
Wherein [0:7] means to take the elements from 0 to 7 bits of the variable, and then randomly select the first largest random number a i whose length is 8 lengths less than the i-th encrypted element for splicing, and its length is expressed as:
Figure BDA0002261876770000057
The second hash value set θ 2 =H(a i || θ 1 ) is obtained by splicing, and the first 8 encrypted elements of the second hash value set are spliced with the first large random number a i to obtain the first variable set t i =a i ||θ[0:7], compare the first variable set t with each keyword of the ciphertext audit keyword set
Figure BDA0002261876770000058
Perform the exponential operation bit by bit to get the audit certificate c. The calculation formula is:
Figure BDA0002261876770000059
Among them, || represents the string connection, len() represents the length of the variable, θ 1 represents the first hash value set, θ 2 represents the second hash value set, c i [x],
Figure BDA00022618767700000510
and t i [x] respectively represent the x-th element of the i-th item of the audit certificate c, and the ciphertext audit keyword set
Figure BDA00022618767700000511
The x-th element of the i-th item and the x-th element of the i-th item of the first variable set t are passed to the database audit module 5 .

S106、结合所述审计证书和所述审计关键词词典,进行匹配运算,得到并展示审计明文。S106. Perform a matching operation in combination with the audit certificate and the audit keyword dictionary to obtain and display the audit plaintext.

具体的,通过所述端口镜像模块3将所述审计证书c转发至所述数据库审计模块5,所述数据库审计模块5获取所述审计证书c后,结合其自身包含的所述审计关键词词典D[M:C],选取所述审计关键词词典D[M:C]中的密文C的前8位求取第三哈希值集合θ3=H(C[0:7]),遍历审计证书获得第二变量集合ci,ci和所述审计关键词词典中的密文Ci长度一致,对ci和Ci逐位进行指数运算,得到第三变量集合G,计算公式为:

Figure BDA00022618767700000512
将所述第三变量集合G的后8位和剩余位元素分别赋值为R和L,R=L[-7:],L=G[0:-7],将L和第三哈希值集合进行拼接,得到第四哈希值集合θ4=H(L||θ3),判断所述第四哈希值集合的前8位哈希值θ[0:7]是否与所述R相等,若所述第四哈希值集合的前8位哈希值θ[0:7]与所述R相等,则所述第二变量集合ci对应的审计密文为所述密文Ci;若所述第四哈希值集合的前8位哈希值θ[0:7]与所述R不相等,则重新获取所述审计证书c,重新计算得到新的第三变量集合和第四哈希值集合,并重新判断所述第四哈希值集合的前8位哈希值θ[0:7]是否与所述R相等,直至遍历所述审计证书c中的所有密文关键词,根据所述审计关键词词典D[M:C],Ci对应的审计明文为Mi,所以Mi就是明文审计信息,然后经过可视化处理展示出来,其中,||表示字符串连接,len()表示变量的长度,θ3、θ4表示第三和第四哈希值集合,ci[x]、Ci[x]和Gi[x]分别表示第二变量集合c的第i条的第x位元素、密文关键词集C的第i条的第x位元素和第三变量集合G的第i条的第x位元素,Specifically, the audit certificate c is forwarded to the database audit module 5 through the port mirroring module 3, and after the database audit module 5 obtains the audit certificate c, it combines the audit keyword dictionary contained in itself D[M:C], select the first 8 bits of the ciphertext C in the audit keyword dictionary D[M:C] to obtain the third hash value set θ 3 =H(C[0:7]), Traverse the audit certificate to obtain the second variable set c i , the length of c i and the ciphertext C i in the audit keyword dictionary are consistent, and perform an exponential operation on c i and C i bit by bit to obtain a third variable set G, the calculation formula for:
Figure BDA00022618767700000512
The last 8 bits and the remaining bit elements of the third variable set G are assigned as R and L respectively, R=L[-7:], L=G[0:-7], L and the third hash value The sets are spliced to obtain a fourth hash value set θ 4 =H(L||θ 3 ), and it is judged whether the first 8 hash values θ[0:7] of the fourth hash value set are the same as the R If the first 8 hash values θ[0:7] of the fourth hash value set are equal to the R, then the audit ciphertext corresponding to the second variable set c i is the ciphertext C i ; if the first 8 hash values θ[0:7] of the fourth hash value set are not equal to the R, then re-acquire the audit certificate c, and recalculate to obtain a new third variable set and The fourth hash value set, and re-judge whether the first 8 hash values θ[0:7] of the fourth hash value set are equal to the R, until all ciphertexts in the audit certificate c are traversed Keywords, according to the audit keyword dictionary D[M:C], the audit plaintext corresponding to C i is M i , so M i is plaintext audit information, which is then displayed through visual processing, where || represents string connection , len() represents the length of the variable, θ 3 , θ 4 represent the third and fourth hash value sets, c i [x], C i [x] and G i [x] respectively represent the second variable set c The x-th element of the i-th item, the x-th element of the i-th item of the ciphertext keyword set C, and the x-th element of the ith item of the third variable set G,

参见图2,本发明提供一种基于可搜索加密的数据库审计系统,所述基于可搜索加密的数据库审计系统包括初始化模块1、客户端可搜索加密模块2、端口镜像模块3、服务端驱动模块4和数据库审计模块5,所述初始化模块1、所述客户端可搜索加密模块2、所述端口镜像模块3、所述服务端驱动模块4依次电性连接,所述端口镜像模块3和所述数据库审计模块5电性连接,Referring to FIG. 2, the present invention provides a database auditing system based on searchable encryption. The database auditing system based on searchable encryption includes an initialization module 1, a client-side searchable encryption module 2, a port mirroring module 3, and a server-side driver module. 4 and the database audit module 5, the initialization module 1, the client searchable encryption module 2, the port mirroring module 3, and the server driver module 4 are electrically connected in sequence, and the port mirroring module 3 and all The database audit module 5 is electrically connected,

所述初始化模块1,用于获取密钥k和抗碰撞哈希函数H,并确定关键词词典D;The initialization module 1 is used to obtain the key k and the anti-collision hash function H, and determine the keyword dictionary D;

所述客户端可搜索加密模块2,用于在明文中提取用于审计的关键字,根据审计关键词词典D组成审计关键词集

Figure BDA0002261876770000061
使用密钥k加密审计关键词集
Figure BDA0002261876770000062
使用可搜索加密(AES)运算生成审计证书c,并将密文数据和审计证书c以JSON格式发送给所述服务端驱动模块4;The client can search the encryption module 2, which is used to extract keywords for auditing in plaintext, and form an auditing keyword set according to the auditing keyword dictionary D
Figure BDA0002261876770000061
Encrypt the audit keyword set with key k
Figure BDA0002261876770000062
Use searchable encryption (AES) operation to generate audit certificate c, and send ciphertext data and audit certificate c to the server driver module 4 in JSON format;

所述服务端驱动模块4,用于获取JSON格式数据包,提取密文数据并解密,转发给数据库,并将所述数据库反馈的数据或状态结果以同样的方式生成包含密文数据和审计证书c以JSON格式数据,返回给所述客户端可搜索加密模块2;The server driver module 4 is used to obtain the JSON format data packet, extract the ciphertext data and decrypt it, forward it to the database, and generate the data or status results fed back by the database in the same way, including ciphertext data and audit certificate. c returns the data in JSON format to the searchable encryption module 2 of the client;

所述端口镜像模块3,用于将一个或多个所述客户端可搜索加密模块2和所述服务端驱动模块4的数据流量转发到所述数据库审计模块5;The port mirroring module 3 is used to forward the data traffic of one or more of the client-side searchable encryption module 2 and the server-side driver module 4 to the database audit module 5;

所述数据库审计模块5,用于获取所述端口镜像模块3转发的数据流量,提取其中的审计证书c,解析其中的审计信息,得到并展示明文数据。The database audit module 5 is configured to acquire the data traffic forwarded by the port mirroring module 3, extract the audit certificate c therein, parse the audit information therein, and obtain and display plaintext data.

在本实施方式中,所述基于可搜索加密的数据库审计系统包括初始化模块1、客户端可搜索加密模块2、端口镜像模块3、服务端驱动模块4和数据库审计模块5,所述初始化模块1、所述客户端可搜索加密模块2、所述端口镜像模块3、所述服务端驱动模块4依次电性连接,所述端口镜像模块3和所述数据库审计模块5电性连接,在所述初始化模块1中,获取密钥k和抗碰撞哈希函数H,并确定关键词词典D,并将密钥k和抗碰撞哈希函数H传输至所述客户端可搜索加密模块2和所述服务端驱动模块4,而所述关键词词典D则在所述客户端可搜索加密模块2和所述数据库审计模块5中使用,然后在明文中提取用于审计的关键字,所述客户端可搜索加密模块2根据审计关键词词典D组成审计关键词集

Figure BDA0002261876770000071
使用密钥k加密审计关键词集
Figure BDA0002261876770000072
得到密文审计关键词集
Figure BDA0002261876770000073
使用可搜索加密(AES)运算生成审计证书c,并将密文数据和审计证书c以JSON格式发送给所述服务端驱动模块4,所述服务端驱动模块4获取JSON格式数据包,提取密文数据并解密,转发给数据库,并将所述数据库反馈的数据或状态结果以同样的方式生成包含密文数据和审计证书c以JSON格式数据,返回给所述客户端可搜索加密模块2,而所述端口镜像模块3将所述客户端可搜索加密模块2和所述服务端驱动模块4之间传输的数据流量转发到所述数据库审计模块5,所述数据库审计模块5获取所述端口镜像模块3转发的数据流量,提取其中的审计证书c,解析其中的审计信息,得到并展示明文数据,使得的数据库不仅可以加密传输,还能对传输密文进行审计。In this embodiment, the database auditing system based on searchable encryption includes an initialization module 1, a client-side searchable encryption module 2, a port mirroring module 3, a server driver module 4 and a database auditing module 5. The initialization module 1 , the client can search the encryption module 2, the port mirroring module 3, the server drive module 4 are electrically connected in sequence, the port mirroring module 3 and the database auditing module 5 are electrically connected, and in the In the initialization module 1, the key k and the anti-collision hash function H are obtained, and the keyword dictionary D is determined, and the key k and the anti-collision hash function H are transmitted to the client-side searchable encryption module 2 and the The server drives the module 4, and the keyword dictionary D is used in the client-side searchable encryption module 2 and the database auditing module 5, and then extracts the keywords used for auditing in plaintext, and the client The searchable encryption module 2 forms an audit keyword set according to the audit keyword dictionary D
Figure BDA0002261876770000071
Encrypt the audit keyword set with key k
Figure BDA0002261876770000072
Get ciphertext audit keyword set
Figure BDA0002261876770000073
Use searchable encryption (AES) operation to generate audit certificate c, and send ciphertext data and audit certificate c to the server driver module 4 in JSON format, and the server driver module 4 obtains the JSON format data packet, extracts the encrypted data. The text data is decrypted, forwarded to the database, and the data or status results fed back by the database are generated in the same way including cipher text data and audit certificate c in JSON format data, returned to the client searchable encryption module 2, The port mirroring module 3 forwards the data traffic transmitted between the client-side searchable encryption module 2 and the server-side driver module 4 to the database auditing module 5, and the database auditing module 5 obtains the port The data traffic forwarded by the mirror module 3 extracts the audit certificate c, parses the audit information, and obtains and displays the plaintext data, so that the database can not only encrypt the transmission, but also audit the transmitted ciphertext.

本发明的一种基于可搜索加密的数据库审计系统及方法,所述基于可搜索加密的数据库审计系统包括初始化模块1、客户端可搜索加密模块2、端口镜像模块3、服务端驱动模块4和数据库审计模块5,所述初始化模块1、所述客户端可搜索加密模块2、所述端口镜像模块3、所述服务端驱动模块4依次电性连接,所述端口镜像模块3和所述数据库审计模块5电性连接,获取密钥k和抗碰撞哈希函数H,确定并使用审计关键词词典D,在获取明文SQL语句后,通过所述审计关键词词典D生成审计关键词集

Figure BDA0002261876770000074
使用所述密钥k对所述审计关键词集
Figure BDA0002261876770000075
进行加密,得到密文审计关键词集
Figure BDA0002261876770000076
使用可搜索加密运算将所述密文关键词集
Figure BDA0002261876770000077
生成审计证书c,结合所述审计证书c和所述审计关键词词典D,进行匹配运算,得到并展示审计明文关键词,使得数据库不仅可以加密传输,还能对传输密文进行审计。A database auditing system and method based on searchable encryption of the present invention, the database auditing system based on searchable encryption includes an initialization module 1, a client-side searchable encryption module 2, a port mirroring module 3, a server-side driver module 4 and Database audit module 5, the initialization module 1, the client searchable encryption module 2, the port mirroring module 3, and the server driver module 4 are electrically connected in sequence, the port mirroring module 3 and the database The audit module 5 is electrically connected, obtains the key k and the anti-collision hash function H, determines and uses the audit keyword dictionary D, and generates an audit keyword set through the audit keyword dictionary D after acquiring the plaintext SQL statement
Figure BDA0002261876770000074
Use the key k to pair the audit keyword set
Figure BDA0002261876770000075
Encrypt to get the ciphertext audit keyword set
Figure BDA0002261876770000076
Use searchable encryption operations to convert the set of ciphertext keywords
Figure BDA0002261876770000077
The audit certificate c is generated, and the audit certificate c and the audit keyword dictionary D are combined to perform a matching operation to obtain and display the audit plaintext keywords, so that the database can not only encrypt the transmission, but also audit the transmitted ciphertext.

以上所揭露的仅为本发明一种较佳实施例而已,当然不能以此来限定本发明之权利范围,本领域普通技术人员可以理解实现上述实施例的全部或部分流程,并依本发明权利要求所作的等同变化,仍属于发明所涵盖的范围。The above disclosure is only a preferred embodiment of the present invention, and of course, it cannot limit the scope of rights of the present invention. Those of ordinary skill in the art can understand that all or part of the process for realizing the above-mentioned embodiment can be realized according to the rights of the present invention. The equivalent changes required to be made still belong to the scope covered by the invention.

Claims (9)

1.一种基于可搜索加密的数据库审计方法,其特征在于,包括:1. a database auditing method based on searchable encryption, is characterized in that, comprises: 选取密钥和抗碰撞哈希函数;Choose a key and a collision-resistant hash function; 确定并使用审计关键词词典;Identify and use a dictionary of audit keywords; 获取明文SQL语句,通过所述审计关键词词典生成审计关键词集;Obtain plaintext SQL statements, and generate audit keyword sets through the audit keyword dictionary; 使用所述密钥对所述审计关键词集进行加密,得到密文审计关键词集;Encrypting the audit keyword set using the key to obtain a ciphertext audit keyword set; 通过所述密文审计关键词集生成审计证书;Generate an audit certificate by using the ciphertext audit keyword set; 结合所述审计证书和所述审计关键词词典,进行匹配运算,得到并展示审计明文关键词。Combining the audit certificate and the audit keyword dictionary, a matching operation is performed to obtain and display the audit plaintext keywords. 2.如权利要求1所述的一种基于可搜索加密的数据库审计方法,其特征在于,所述选取密钥和抗碰撞哈希函数,包括:2. a kind of database auditing method based on searchable encryption as claimed in claim 1, is characterized in that, described selection key and anti-collision hash function, comprise: 获取采用AES加密的密钥和系统参数,并选择一种抗碰撞哈希函数,其中所述抗碰撞哈希函数为输入任意位的二进制串,输出为获取的系统参数位的二进制串。Obtain the key and system parameters encrypted by AES, and select an anti-collision hash function, wherein the anti-collision hash function is an input binary string of arbitrary bits, and the output is a binary string of the acquired system parameter bits. 3.如权利要求2所述的一种基于可搜索加密的数据库审计方法,其特征在于,所述确定并使用审计关键词词典,包括:3. a kind of database audit method based on searchable encryption as claimed in claim 2, is characterized in that, described determining and using audit keyword dictionary, comprises: 获取与审计有关的明文关键词,结合对应的密文,组成审计关键词词典。Obtain plaintext keywords related to auditing, and combine with corresponding ciphertexts to form an audit keyword dictionary. 4.如权利要求3所述的一种基于可搜索加密的数据库审计方法,其特征在于,所述获取明文SQL语句,通过所述审计关键词词典生成审计关键词集,包括:4. a kind of database auditing method based on searchable encryption as claimed in claim 3, is characterized in that, described acquiring plaintext SQL statement, through described auditing keyword dictionary generating auditing keyword set, comprising: 针对获取的明文SQL语句,在所述审计关键词词典中的明文关键词中随机选取n个明文关键词,组成审计关键词集。For the acquired plaintext SQL statement, n plaintext keywords are randomly selected from the plaintext keywords in the audit keyword dictionary to form an audit keyword set. 5.如权利要求4所述的一种基于可搜索加密的数据库审计方法,其特征在于,通过所述密文审计关键词集生成审计证书,包括:5. a kind of database auditing method based on searchable encryption as claimed in claim 4 is characterized in that, generating audit certificate through described ciphertext audit keyword set, comprising: 选取所述密文审计关键词集中的第i个关键词的前8个加密元素计算出第一哈希值集合,并和随机选取的一长度比第i个加密元素少8个长度的第一大随机数进行拼接求哈希,得到第二哈希值集合,第二哈希值集合的前8个加密元素再和第一大随机数进行拼接,得到第一变量集合,将所述第一变量集合与所对应的所述密文审计关键词逐位进行指数运算,生成审计证书,其中,所述密文审计关键词集中的元素为n个,1≤i≤n。Select the first 8 encrypted elements of the i-th keyword in the ciphertext audit keyword set to calculate the first hash value set, and calculate the first hash value set with a randomly selected first length that is 8 lengths less than the i-th encrypted element. The large random number is spliced to obtain a hash to obtain a second hash value set, and the first 8 encrypted elements of the second hash value set are spliced with the first large random number to obtain a first variable set. The variable set and the corresponding ciphertext audit keyword perform exponential operation bit by bit to generate an audit certificate, wherein the number of elements in the ciphertext audit keyword set is n, and 1≤i≤n. 6.如权利要求5所述的一种基于可搜索加密的数据库审计方法,其特征在于,结合所述审计证书和所述审计关键词词典,进行匹配运算,得到并展示审计明文关键词,包括:6. A searchable encryption-based database auditing method as claimed in claim 5, characterized in that, in combination with the audit certificate and the audit keyword dictionary, a matching operation is performed to obtain and display the audit plaintext keywords, including : 获取并解析出所述审计证书,结合所述审计关键词词典,并遍历所述审计关键词词典中的密文关键词的前8位元素计算出第三哈希值;遍历所述审计证书中的密文集合,得到第二变量集合,将第二变量集合和所述审计关键词词典中的密文集合进行指数运算,得到第三变量集合。Obtain and parse out the audit certificate, combine with the audit keyword dictionary, and traverse the first 8 elements of the ciphertext keyword in the audit keyword dictionary to calculate the third hash value; The ciphertext set is obtained, the second variable set is obtained, and the second variable set and the ciphertext set in the audit keyword dictionary are subjected to exponential operation to obtain the third variable set. 7.如权利要求6所述的一种基于可搜索加密的数据库审计方法,其特征在于,所述结合所述审计证书和所述审计关键词集,进行匹配运算,得到并展示审计明文关键词,还包括:7. A searchable encryption-based database auditing method as claimed in claim 6, characterized in that, in combination with the audit certificate and the audit keyword set, a matching operation is performed to obtain and display the audit plaintext keywords ,Also includes: 将所述第三变量集合的后8位和剩余位元素分别赋值为R和L,将L和第三哈希值集合拼接并求哈希,得到第四哈希值集合,判断所述第四哈希值集合的前8位哈希值是否与所述R相等,然后根据所述审计关键词词典中明文和密文的对应关系得到审计明文关键词,经过可视化处理后展示。The last 8 bits and the remaining bit elements of the third variable set are assigned as R and L respectively, L and the third hash value set are spliced and hashed to obtain a fourth hash value set, and the fourth hash value set is judged. Check whether the first 8 hash values of the hash value set are equal to the R, and then obtain the audit plaintext keywords according to the correspondence between the plaintext and the ciphertext in the audit keyword dictionary, and display them after visual processing. 8.如权利要求7所述的一种基于可搜索加密的数据库审计方法,其特征在于,所述判断所述第四哈希值的前8位哈希值是否与所述R相等,包括:8. A searchable encryption-based database auditing method as claimed in claim 7, wherein the judging whether the first 8-bit hash value of the fourth hash value is equal to the R comprises: 若所述第四哈希值集合的前8位哈希值与所述R相等,则所述第二变量集合对应的审计密文为所述密文;If the first 8 hash values of the fourth hash value set are equal to the R, then the audit ciphertext corresponding to the second variable set is the ciphertext; 若所述第四哈希值集合的前8位哈希值与所述R不相等,则重新获取所述第二变量集合中的下一个变量值,重新计算得到新的第三变量集合和第四哈希值集合,并重新判断所述第四哈希值集合的前8位哈希值是否与所述R相等,直至遍历所述审计证书中的所有密文关键词。If the first 8 hash values of the fourth hash value set are not equal to the R, then re-acquire the next variable value in the second variable set, and recalculate to obtain a new third variable set and the first variable set. Set four hash values, and re-judg whether the first 8 hash values of the fourth set of hash values are equal to the R, until all ciphertext keywords in the audit certificate are traversed. 9.一种基于可搜索加密的数据库审计系统,其特征在于,所述基于可搜索加密的数据库审计系统包括初始化模块、客户端可搜索加密模块、端口镜像模块、服务端驱动模块和数据库审计模块,所述初始化模块、所述客户端可搜索加密模块、所述端口镜像模块、所述服务端驱动模块依次电性连接,所述端口镜像模块和所述数据库审计模块电性连接,9. a database auditing system based on searchable encryption, is characterized in that, described database auditing system based on searchable encryption comprises initialization module, client searchable encryption module, port mirroring module, server driver module and database auditing module , the initialization module, the client searchable encryption module, the port mirroring module, and the server driver module are electrically connected in sequence, and the port mirroring module and the database audit module are electrically connected, 所述初始化模块,用于选取密钥和抗碰撞哈希函数,并确定审计关键词词典;The initialization module is used to select a key and an anti-collision hash function, and to determine an audit keyword dictionary; 所述客户端可搜索加密模块,用于在明文中提取用于审计的关键字,根据审计关键词词典组成审计关键词集,使用密钥加密审计关键词集,使用可搜索加密运算生成审计证书,并将密文数据和审计证书以JSON格式发送给所述服务端驱动模块;The client-side searchable encryption module is used for extracting keywords for auditing in plaintext, forming an auditing keyword set according to the auditing keyword dictionary, encrypting the auditing keyword set using a key, and generating an audit certificate using searchable encryption operations , and send the ciphertext data and audit certificate to the server driver module in JSON format; 所述服务端驱动模块,用于获取JSON格式数据包,提取密文数据并解密,转发给数据库,并将所述数据库反馈的数据或状态结果以同样的方式生成包含密文数据和审计证书的JSON格式数据,返回给所述客户端可搜索加密模块;The server driver module is used to obtain JSON format data packets, extract the ciphertext data and decrypt it, forward it to the database, and generate the data or status results fed back by the database in the same way, including the ciphertext data and the audit certificate. JSON format data, returned to the client searchable encryption module; 所述端口镜像模块,用于将一个或多个所述客户端可搜索加密模块和所述服务端驱动模块的数据流量转发到所述数据库审计模块;The port mirroring module is used to forward the data traffic of one or more of the client-side searchable encryption module and the server-side driver module to the database audit module; 所述数据库审计模块,用于在获取所述端口镜像模块转发的数据流量,提取其中的审计证书,解析其中的审计信息,得到并展示明文数据。The database auditing module is used for acquiring the data traffic forwarded by the port mirroring module, extracting the auditing certificate therein, parsing the auditing information therein, and obtaining and displaying plaintext data.
CN201911074188.3A 2019-11-06 2019-11-06 A database audit system and method based on searchable encryption Active CN110807021B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911074188.3A CN110807021B (en) 2019-11-06 2019-11-06 A database audit system and method based on searchable encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911074188.3A CN110807021B (en) 2019-11-06 2019-11-06 A database audit system and method based on searchable encryption

Publications (2)

Publication Number Publication Date
CN110807021A CN110807021A (en) 2020-02-18
CN110807021B true CN110807021B (en) 2022-09-23

Family

ID=69501341

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911074188.3A Active CN110807021B (en) 2019-11-06 2019-11-06 A database audit system and method based on searchable encryption

Country Status (1)

Country Link
CN (1) CN110807021B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112487483B (en) * 2020-12-14 2024-05-03 深圳昂楷科技有限公司 Encryption database flow auditing method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8904171B2 (en) * 2011-12-30 2014-12-02 Ricoh Co., Ltd. Secure search and retrieval
CN105282167A (en) * 2015-11-06 2016-01-27 福建工程学院 Searchable certificateless public key encryption method
CN108829714A (en) * 2018-05-04 2018-11-16 西安电子科技大学 A kind of ciphertext data multi-key word searches for method generally

Also Published As

Publication number Publication date
CN110807021A (en) 2020-02-18

Similar Documents

Publication Publication Date Title
US10097522B2 (en) Encrypted query-based access to data
US8031865B2 (en) Multiple level security system and method for encrypting data within documents
US7995750B2 (en) Privacy-preserving concatenation of strings
US11463237B2 (en) Method and system for robust, searchable, symmetrical encrypt ion
US9531680B2 (en) Method and apparatus for secure data transmissions
CN106961427B (en) A search method for ciphertext data based on 5G communication standard
CN113676348B (en) Network channel cracking method, device, server and storage medium
WO2020134692A1 (en) Session information extraction method and device, apparatus, and medium
Ristić Bulletproof SSL and TLS
Mewada et al. Exploration of efficient symmetric AES algorithm
CN107124385B (en) Mirror flow-based SSL/TLS protocol plaintext data acquisition method
CN110807021B (en) A database audit system and method based on searchable encryption
US11695546B2 (en) Decoupled custom event system based on ephemeral tokens for enabling secure custom services on a digital audio stream
US12160506B2 (en) Shuffling shares among nodes to detect incorrectness or frauds
Ahmed et al. Critical analysis of counter mode with cipher block chain message authentication mode protocol—CCMP
CN106227783A (en) Government affair data aggregation device, data providing end, system and method
CN114338070B (en) Shadowsocks (R) identification method based on protocol attribute
Morawiecki et al. Parallel authenticated encryption with the duplex construction
Velioğlu et al. A New Approach to Cryptographic Hashing: Color Hidden Hash Algorithm
Sharma et al. New Approach To Des With Enhanced Key Management And Encryption/Decryption System (Des Ultimate)
Dodeja BaatCheet: Android chat application coupling End-to-End encryption and LSB substitution
Prasetyadi et al. Heresy: A serverless web application to store compressed and encrypted document in the form of url
CN113515769A (en) A method and device for rediscovering big data based on hidden data
CN113328989A (en) End-cloud-cooperated vehicle insurance premium calculation model and method with user privacy protection
US20050152550A1 (en) System for transmitting encrypted data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20200218

Assignee: Guilin Weisichuang Technology Co.,Ltd.

Assignor: GUILIN University OF ELECTRONIC TECHNOLOGY

Contract record no.: X2023980046257

Denomination of invention: A Database Audit System and Method Based on Searchable Encryption

Granted publication date: 20220923

License type: Common License

Record date: 20231108

EE01 Entry into force of recordation of patent licensing contract