The function characteristic and realization method of database encryption technology

The core of information security is the security of database, that is to say, database encryption is the core of information security. The security of database data has been paid more and more attention, and the application of database encryption technology has solved the security problem of data in database, but the methods of implementation have focused on each other.

With more and more applications of electronic commerce, the security of data has been paid more and more attention. The first is that the enterprise itself needs to carry on the effective protection to own key data; second, the enterprise obtains the application support and the service from the Application Service provider (Application service provider,asp), in this case, the enterprise's business data is stored in the ASP department, Its security can not be effectively protected. Since traditional database protection methods are implemented by setting passwords and access rights, database administrators can access and change all data in the database without restriction. The key to solve this problem is to encrypt the data itself, even if the data is unfortunately leaked or lost, it is difficult to decipher, about which is now the basic database products support all data in the database encryption storage.

There are three main ways to encrypt data: Encryption on the system, client (outside of the DBMS), and server-side (DBMS kernel layer) encryption. The advantage of client encryption is that it does not overload the database server and enables transmission encryption on the web, which is usually implemented using the database outer tools. and server-side encryption needs to operate the database management system itself, is the core layer of encryption, if not the cooperation of database developers, the implementation of the difficulty is relatively large. In addition, for those enterprises that want to obtain services through ASP, it is necessary to encrypt and decrypt the client to ensure the security and reliability of the data.

1. Common Database encryption technology

Information security mainly refers to three aspects. First, the data security, the second is the system security, the third is the security of electronic commerce. The core is the security of the database, the data encryption of the database captures the core problem of information security.

Data encryption in database is to enhance the security of common relational database management system, provide a secure and applicable database encryption platform, and effectively protect the content of database storage. It realizes the confidentiality and integrality of database data storage through security methods such as database storage encryption, which makes the database stored in ciphertext mode and works in the secret mode to ensure the data security.

1.1 The function and characteristic of database encryption technology

After research in recent years, our country's database encryption technology has been more mature.

Generally speaking, an effective database encryption technology mainly has the following 6 aspects of function and characteristics.

(1) Identity authentication:

In addition to providing user name and password, users must also provide other relevant security credentials in accordance with system security requirements. such as using a terminal key.

(2) Communication encryption and integrity protection:

Access to the database is encrypted in the network transmission, and the meaning of the communication at once is to prevent replay and tamper-proof.

(3) database data storage encryption and integrity protection:

The database system uses the data item level storage encryption, namely in the database different records, each record's different field all uses the different key encryption, supplemented by the verification measure to guarantee the database data storage confidentiality and the integrity, prevents the data unauthorized access and the modification.

(4) Database encryption settings:

In the system, you can select which database columns you want to encrypt so that the user chooses those sensitive information for encryption rather than all the data is encrypted. Only the user's sensitive data encryption can improve database access speed. This helps the user to choose between efficiency and safety.

(5) Multilevel Key management mode:

The master key and master key variables are stored in the security zone, the two-level key is protected by the master key variable, and the key storage or transmission of the data encryption is protected by a level two key, which is protected by the master key when used.

(6) Secure backup:

The system provides the database plaintext backup function and the key backup function.

1.2 Basic requirements for database encryption system

(1) field encryption;

(2) key dynamic management;

(3) reasonable processing of data;

(4) Does not affect the operation of legitimate users;

(5) Preventing illegal copying;