臺灣博碩士論文加值系統

資料經加密後會被置換及重排成任何可能的位元串，因此有可能會產生與原本資料庫管理系統中資料表所定義之欄位的資料型別(Data Type)的格式不符，或是例如Null及其他控制碼等特殊字元，而無法寫入資料庫的問題。雖然特殊字元可用一些類似Radix-64的編碼方法使加密後的資料都為可見字元來避免，但是卻會使資料長度變長。若要直接應用於資料庫，則必須修改原本資料表的欄位定義。
本研究主要目的係探討資料加密後如何寫入資料庫的問題，本論文提出一種資料保護的方式，結合加密與編碼的技術，將加密的資料轉換成符合Data Type的格式，使之得以順利且正確的寫入資料庫而不需變更原本資料表的欄位資料型別。

Because encrypted data will be substituted and permuted into any bit string, there is a possibility it will not meet the data type format as defined in the Database Management System (DBMS). Consequently, unrecognizable characters such as like Null, other control codes and etc., will not be written to the database successfully. Some encoders, like Radix-64, will translate encrypted data into printable characters, but will result in the output data being longer. If the output data is to be written to the DBMS, the definition must be changed.
This thesis proposes a data encoding method ensuring that encrypted data will be re-encoded to meet the data type format of DBMS. Together, the encryption and encoding technology transfer the information to meet the data type format. This method guarantees that the inputted information will be placed correctly in the column of the table, the definition of DBMS need not to be changed.

摘要 i
Abstract ii
誌謝 iii
目錄 iv
圖目錄 vii
表目錄 viii
第一章、緒論 1
1.1 研究背景 1
1.2 研究動機 1
1.3 論文架構 4
第二章、相關研究 6
2.1 Radix-64編碼法 6
2.2 uuencoding編碼法 7
2.3 ASCII-85編碼法 8
2.4 旋轉機(Rotor Machine) 9
第三章、研究方法 14
3.1 範圍及限制 14
3.2 問題分析與歸類 14
3.2.1 字元字串資料型別 16
3.2.2 日期時間資料型別 17
3.2.3 數字資料型別 18
3.2.4 二進位資料型別 18
3.2.5 其他資料型別 19
3.3 資料型別式編碼法 20
3.3.1 產生金鑰 20
3.3.2 日期資料的編碼與解碼 21
3.3.3 時間資料的編碼與解碼 22
3.3.4 字元資料的編碼與解碼 23
第四章、討論 28
4.1比較分析 28
4.2字元編碼的安全分析 29
4.3日期時間編碼的安全分析 30
第五章、結論與未來研究方向 32
5.1 結論 32
5.2 未來研究方向 33
參考文獻 34

[1]張真誠，電腦密碼學與資訊安全，台北：松崗，1989。
[2]賴溪松，韓亮，張真誠，近代密碼學及其應用，台北：松崗，1998。
[3]賴溪松，葉育斌，資訊安全入門，台北：全華，2004。
[4]鄧安文，加密演算與密碼分析計算實驗，台北：全華，2006。
[5]陳曉萍，資料庫加密與驗證之研究，朝陽科技大學資訊管理系未出版碩士論文，2002。
[6]Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant and Yirong Xu, “Order Preserving Encryption for Numeric Data,” SIGMOD, 563-574, 2004.
[7]Mihir Bellare, Joe Kilian, Phillip Rogaway, “The Security of the Cipher Block Chaining Message Authentication Code.”, Journal of Computer and System Sciences, July 29, 1999.
[8]Elisa Bertino and Ravi Sandhu, “Database Security — Concepts, Approaches, and Challenges,” IEEE Transactions on Dependable and Secure Computing, 2(1), 2-19, 2005.
[9]Eli Biham, Orr Dunkelman, Nathan Keller, “Enhancing Differential-Linear Cryptanalysis,” ASIACRYPT 2002: pp254–266
[10]R.H. Cooper, William Hyslop, and Wayne Patterson. An Application of the Chinese Remainder Theorem to Multiple-key Encryption in Database Systems. In Proceedings of the Second IFIPinter.Conf. on ComputerSecurity, IEIP/Sec ''84, pages 553-556, 1984.
[11]J. Daemen and V. Rijmen, “AES Proposal: Rijndael,” AES Algorithm Submission, September 3, 1999.
[12]George I. Davida, David L. Wells and John B. Kam, “A Database Encryption System with Subkeys,” ACM Transactions on Database Systems, Vol. 6, No.2, 312-328, 1981.
[13]D .E. Denning, “Field Encryption andAuthentication." in D. Chaum(ed), Advances in Cryptology: Proc. CRYPTOLOGY 3, Santa Barbara, CA, pp.231-247, Plenum Press, New York, 1983
[14]John R. Douceur, Atul Adya, Josh Benaloh, William J. Bolosky and Gideon Yuval, “A Secure Directory Service based on Exclusive Encryption,” Computer Security Applications Conference, Proceedings. 18th Annual 9-13 Dec. 172-182, 2002.
[15]Sergei Evdokimov and Oliver Günther, “Encryption Techniques for Secure Database Outsourcing,” LNCS, 4734, 327-342, 2007.
[16]Sergei Evdokimov, “Secure Outsourcing of IT Services in a Non-Trusted Environment,” Doctor’s Dissertation, 2008, Humboldt-University, Berlin, Germany. Available: http://deposit.d-nb.de/cgi-bin/dokserv?idn=991171357&dok_var=d1&dok_ext=pdf&filename=991171357.pdf
[17]J. Feikis, “Secure Database Management Systems,” IEEE Potentials, 18(1), 17-19, 1999.
[18]H. Hacigümüs, B. Iyer, Chen Li and S. Mehrotra, “Executing SQL over Encrypted Data in the Database Service-Provider Model,” SIGMOD, 216–227, 2002.
[19]Hakan Hacigümüs, Bala Iyer and Sharad Mehrotra, “Ensuring the Integrity of Encrypted Databases in the Database-as-a-Service Model,” IFIP TC11/WG11.3 Seventeenth Annual Working Conference on Data and Applications Security, August 4-6, 2003, Estes Park, Colorado, USA, 61-74.
[20]Hakan Hacigümüs, Bala Iyer and Sharad Mehrotra, “Query Optimization in Encrypted Database Systems,” LNCS, 3453, 43-55, 2005.
[21]J. He and M. Wang, “Cryptography and Relational Database Management Systems,” International Database and Engineering and Application Symposium, 273-284, 2001.
[22]E. Mykletun, M. Narasimha and G. Tsudik, “Authentication and Integrity in Outsourced Databases,” ACM Transactions on Storage, 2(2), 107-138, 2006.
[23]William Stallings, “Cryptography and Network Security: Principles and Practices (4th Edition),” Prentice Hall, 2006.
[24]CSI Computer Crime & Security Survey, 2008. Available: http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf