Research on order-preserving encryption scheme based on CryptDB

Abstract

With the rapid development of cloud computing technology, cloud database, as an important part of cloud computing services, has gradually become necessary for daily work of enterprises or individuals. However, entrusting data to third-party managing can lead to security issues such as data leakage, and users cannot guarantee data security. To this end, this paper is based on the CryptDB, an open source database encryption proxy system designed by MIT, in this thesis we propose an improvement scheme for the shortcomings of the original CryptDB system. Specific contents including: By studying the CryptDB system, we find that the system is lack of scalability for different databases and does not involve the management of system keys. For the inefficiency of the mutable Order-Preserving Encryption (mOPE) in CryptDB system, we propose an improved additive Order-Revealing Encryption (aORE) scheme by combining the Practical Order-Revealing Encryption (P-ORE) and mOPE. The scheme is based on pseudorandom function and double encryption. Compared with mOPE, it can improve the execution efficiency of the Order-Preserving scheme at the expense of security.