开放大数据安全存储与检索系统

Secure Storage and Retrieval System for Open Big Data

数据安全存储与检索是开放大数据安全利用的基础。然而,现有大数据存储与检索系统难以支持存储密钥的高效更新,且无法兼顾多模态数据的密文存储与高效检索,难以满足开放大数据的安全高效利用需求。为此,针对存储密钥更新问题,提出了基于嵌套加密的存储密钥更新机制,支持非解密式存储密钥高效更新,满足非可信环境下密钥定期轮换需求;针对密文索引体积膨胀问题,提出了压缩密文多集合查询过滤器,支持海量数据的高密度密文索引;针对多模态数据密文检索问题,提出了跨类型密文复合关联检索算法,支持文本、空间、图像等多模态数据的单类型和跨类型密文检索。基于以上关键技术研发了多模态加密数据库系统,该系统支持存储计算分离,兼容现有大数据服务的技术架构,现有大数据平台可通过微服务增量部署完成安全加固,保障系统的可扩展性、易用性和高效性。实验结果表明,相比传统的解密重加密机制,所提出的存储密钥更新机制性能提高了80%以上;相比现有的明文数据库系统,所提出的多模态加密数据库系统在文本、空间、图像、跨模态检索等方面综合性能损耗不超过25%。

The secure storage and retrieval of data are essential for the secure utilization of open big data.However,existing big data storage and retrieval systems struggle to update storage keys and cannot handle both secure storage and efficient retrieval of multimodal data.To address the issue of storage key update,a storage key update mechanism based on nested encryption was proposed,which supports efficient non-decrypted key update to meet the requirement for regular key rotation in untrusted environments.To solve the problem of index volume expansion,a compressed encrypted multi-set query filter was proposed to support high-density ciphertext indexing of massive data.Aiming at multi-modal data retrieval on encrypted data,a cross-type ciphertext composite association retrieval algorithm was designed to support single-type and cross-type retrieval of multi-modal encrypted data such as text,spatial,and images.Based on the above technologies,a multi-modal encrypted database system was designed,which supported the separation of storage and computing and was compatible with the technical architecture of existing big data services.The existing big data platform can be upgraded through incremental deployment of microservices to ensure system scalability and efficiency.Experimental results show that the key update performance of the proposed storage key update mechanism improve by over 80%compared to the traditional re-encryption mechanism.Compared to the existing plaintext database system,the overall performance loss of the proposed multi-modal encrypted database system in terms of text,space,image,and cross-modal retrieval does not exceed 25%.