We propose a format-preserving encryption scheme that takes the field as the unit of encryption for sensitive data in a database. First of all, we need to obtain the data type and length of plain text, and then convert plain text to an array of integers. Moreover, the proposed scheme in this paper is used to encrypt and decrypt the array of integers. Finally, the data after encryption or decryption is converted to cipher text with the same format as plain text, and then is stored in the database. The proposed scheme first uses ZUC stream cipher to whiten, makes the plain text more confusing, and then uses variable block cipher based on the Lai-Massey structure to encrypt, which increases security while preserving the data format. We present the experimental results of the encryption of sensitive data in a database using AES, FFX, and the proposed format-preserving scheme respectively. The results show that the proposed scheme in the MySql database can be performed correctly and efficiently. And the proposed scheme roughly has the same performance as the AES algorithm. As well as it is approximately 5 times faster than FFX while encrypting 1000 records, the more records, the more efficient it is.
|