A new lightweight database encryption scheme transparent to applications

Database encryption, as a mechanism for active security enhancement, is a crucial technique to protect data confidentiality. Two important objectives of designing an encrypted database are high security and performance. In this paper, a new paradigm for database encryption is proposed in which database encryption can be provided as a service to applications with seamless access to encrypted database. Using such an encrypted data management model, applications can concentrate on their core businesses and protect data privacy against both malicious outsiders and the untrusted database service users without need to know encryption details. We propose a novel database encryption architecture with flexible data granularity and safe key management for high security and performance of database access. Security dictionary is used to keep encryption metadata safe based on the threat model. Then the implementation details are given to show how to transparently store and query encrypted database fields with the proposed scheme.