Research And Implementation Of Access Pattern Protection For Key-Valued Database In Cloud Storage

With the rapid development of big data and cloud computing technology,more and more enterprises and individuals outsource data to databases on cloud servers for management.Cloud database,as an application of cloud storage,inherits many advantages of cloud storage.However,cloud servers are out of the control of users,and the outsourcing of plaintext data poses a potential threat to data security.Therefore,the data is usually encrypted before outsourcing.Although encryption ensures the confidentiality of the data,attackers can still observe the user's access pattern to the data and infer the privacy information based on prior knowledge.Oblivious RAM(ORAM)has become an important method to protect the access pattern by confusing the user's access process in order to realize the hiding of the user's real access.Due to the similarity of the memory interfaces,ORAM is also used in cloud database systems which rely on memory and disk.Nowadays,in the process of the integration of the ORAM and the database,the typical method is to directly apply ORAM to the encrypted database,but it brings a lot of overhead when executing SQL statements and also limits some functions of the original database.In addition,with the rapid application and popularization of No SQL database,key-value database is widely used in cloud storage due to its high concurrency,high reliability and easy expansion.However,the existing schemes are mainly for traditional relational databases,and there is no access pattern protection scheme for key-value databases.Due to the difference in data structure and data model,the traditional access pattern protection scheme cannot be applied to key-valued database.Aiming at these problems,this paper mainly studies the construction of key-value database scheme protected by access pattern under cloud storage.The main research contents are as follows:1.Based on ORAM technology and the characteristics of doubly linked list and dictionary data structure itself,this paper proposes two kinds of oblivious data structures for the underlying construction of key-value database: oblivious doubly linked list and oblivious dictionary.The key-valued database designed on this basis can ensure that the access pattern will not be revealed.In addition,MAC(Message Authentication Code)technology is used to ensure that the data will not be altered by attackers.Compared with the direct application of ORAM data structure,the oblivious data structure designed in this paper has obvious advantages in bandwidth blowup and has great advantages on the aspects of data storage and the client side storage.At the same time,based on the software design idea of low coupling and high cohesion,this paper completes the design of key-value database management system layer by layer on the basis of the proposed oblivious data structure.2.According to the key-value database scheme which supports the protecting of the access pattern,the corresponding database system has designed and implemented detailly.Its main functions include: Firstly,the database system supports reading and writing of four data types: key-value pairs,lists,hashes,and collections;Secondly,aiming at the data loss caused by unexpected database downtime,the data persistence function is realized;Finally,in order to record the running status and error information of the system,different levels of logging functions are realized.Compared with the current popular key-value database Redis,the key-value database system implemented in this paper effectively protects the user's access pattern and improves the security and privacy protection level of the system on the premise of ensuring availability and practicability.