摘要
目前国内外对于SQLite的加密的研究粒度级别都是文件级别,且采取的都是单一密钥,加密粒度粗、破解难度低。针对SQLite的安全性不足的问题,设计了一个多密钥页级别加密系统。首先,为每一个物理页设置一个独立的页密钥,每个页面独立加解密,并引入密钥文件存放所有页密钥;其次,在内存中引入一个页密钥缓存器KeyCache生成和缓存物理页的页密钥,减少页密钥频繁I/O读写的性能损失;再次,设计了加解密模块Crypto实现物理页的加密和解密功能,Crypto通过KeyCache快速获取页密钥从而提升整个系统的处理性能。将所提系统和典型的SQLCipher等进行对比实验:在读取测试和修改测试中,相较于SQLCipher,所提系统的执行时间平均缩短了1.5%和3.0%,能在安全级别更高的情况下达到更好的性能;而在新增测试和删除测试中,所提系统相较于SQLCipher的性能损失很小,在大幅提升安全级别的情况下性能损失接近。实验结果验证了所提系统的有效性。
At present,researches on SQLite encryption both domestically and internationally are conducted at the file level and with the single-key,resulting in coarse encryption granularity and low decryption difficulty.In response to the security shortcomings of SQLite,a multi-key page-level encryption system was proposed.Firstly,an independent page key was assigned to each physical page,allowing for individual encryption and decryption of each page.A key file was introduced to store all page keys.Secondly,a page key cache module KeyCache was designed to generate and cache page keys for pages,thereby reducing the performance loss caused by frequent I/O read and write operations.Thirdly,an encryption and decryption module Crypto was proposed to implement the encryption and decryption functions.Crypto was used to quickly retrieve page keys through KeyCache,consequently enhancing the overall system performance.A comparative experiment was conducted between the proposed system and typical SQLCipher.Experimental results show that in read and update tests,compared with SQLCipher,the execution time of the proposed system reduced by 1.5%and 3.0%on average,achieving better performance at a higher security level.Additionally,in create and delete tests,the proposed system exhibits minimal performance loss compared to SQLCipher and the performance loss is close to SQLCipher while significantly enhancing the security level,verifying the effectiveness of the proposed system.
作者
李旭东
冯宇康
陈俊升
LI Xudong;FENG Yukang;CHEN Junsheng(College of Software,Nankai University,Tianjin 300457,China;Haihe Laboratory of Information Technology Application Innovation(HL-IT),Tianjin 300459,China;Tianjin Key Laboratory of Operating System,Tianjin 300457,China)
出处
《计算机应用》
CSCD
北大核心
2024年第9期2791-2801,共11页
journal of Computer Applications
