支持关键字更新的基于属性可搜索加密方案
|
摘要
针对云存储环境中重要通知、广播消息、数据共享等敏感性较高的数据访问控制需求,提出和设计出一种适用于云存储环境支持关键字更新的可搜索加密方案。方案中的文件明文采用基于属性的加密算法,可以实现文件密文只加密一次就可被多个用户私钥搜索,避免了针对不同用户数据拥有者需要多次加密的问题,降低了网络开销。但是现有的基于属性的可搜索加密方案无法实现文件索引的更新,针对此问题,采用带计数器的布隆过滤器对文件关键字进行处理,能够允许用户在索引密文中添加或者删除关键字,实现文件索引的动态更新,提高了检索效率。给出方案的正确性分析、安全分析以及效率分析。分析结果表明:文件索引和陷门经过带计数器的布隆过滤器并进行向量加密后,的确能够实现增加和删除关键字;采用对称加密的思想对文件和索引进行加密后,明文和索引也都是安全的;通过与其他方案的计算量和适应性对比,可以发现方案的计算量较低,适应性强。
Aiming at the high sensitive data access control requirements such as important notification,broadcast message and data sharing in cloud storage environment,a searchable encryption scheme was proposed and designed to support keyword updating in cloud storage environment. The file in the scheme adopted the attribute-based encryption algorithm plaintext,and achieved that the file ciphertext could be searched by multiple user private keys only once by encrypting. It avoided the need for multiple user data owners need to encrypt multiple times and reduced network overhead. However,existing attribute-based searchable encryption schemes did not allow file index updates. In order to solve this problem,we used the Bloom filter with counter to process the keyword of the file,which allowed users to add or delete the keyword in the index ciphertext,to dynamically update the file index and improved the retrieval efficiency.The correctness analysis,safety analysis and efficiency analysis were given. The analysis results showed that the file index and trapdoor could indeed add and delete keywords after passing through a Bloom filter with a counter and performing vector encryption. With the idea of symmetric encryption to encrypt files and indexes,both plaintext and index were also safe. Comparing with the computation and adaptability of other schemes,it could be found that the computational complexity of the scheme was low and the adaptability was strong.
Aiming at the high sensitive data access control requirements such as important notification,broadcast message and data sharing in cloud storage environment,a searchable encryption scheme was proposed and designed to support keyword updating in cloud storage environment. The file in the scheme adopted the attribute-based encryption algorithm plaintext,and achieved that the file ciphertext could be searched by multiple user private keys only once by encrypting. It avoided the need for multiple user data owners need to encrypt multiple times and reduced network overhead. However,existing attribute-based searchable encryption schemes did not allow file index updates. In order to solve this problem,we used the Bloom filter with counter to process the keyword of the file,which allowed users to add or delete the keyword in the index ciphertext,to dynamically update the file index and improved the retrieval efficiency.The correctness analysis,safety analysis and efficiency analysis were given. The analysis results showed that the file index and trapdoor could indeed add and delete keywords after passing through a Bloom filter with a counter and performing vector encryption. With the idea of symmetric encryption to encrypt files and indexes,both plaintext and index were also safe. Comparing with the computation and adaptability of other schemes,it could be found that the computational complexity of the scheme was low and the adaptability was strong.
引文
[1]Song D X,Wagner D,Perrig A.Practical Techniques for Searches on Encrypted Data[C]//IEEE Symposium on Security and Privacy.IEEE Computer Society,2000:44.
[2]Dan B,Crescenzo G D,Ostrovsky R,et al.Public Key Encryption with Keyword Search[M]//Advances in Cryptology—EUROCRYPT 2004.Springer Berlin Heidelberg,2004:506-522.
[3]Goh E J.Secure Indexes[J].Submission,2004.
[4]Cao N,Wang C,Li M,et al.Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data[J].IEEE Transactions on Parallel&Distributed Systems,2011,25(1):222-233.
[5]马明军,杨亚涛,王培东,等.基于属性的可认证搜索加密方案[J].计算机工程与设计,2016,37(2):358-362.
[6]Sahai A,Waters B.Fuzzy Identity-Based Encryption[M]//Advances in Cryptology—EUROCRYPT 2005.Springer Berlin Heidelberg,2005:457-473.
[7]Goyal V,Jain A,Pandey O,et al.Bounded Ciphertext Policy Attribute Based Encryption[M]//Automata,Languages and Programming.DBLP,2008:579-591.
[8]李新,彭长根,牛翠翠.隐藏树型访问结构的属性加密方案[J].密码学报,2016,3(5):471-479.
[9]Waters B.Ciphertext-Policy Attribute-Based Encryption:An Expressive,Efficient,and Provably Secure Realization[M]//Public Key Cryptography—PKC 2011.Springer Berlin Heidelberg,2011:53-70.
[10]Bethencourt J,Sahai A,Waters B.Ciphertext-Policy Attribute-Based Encryption[C]//IEEE Symposium on Security and Privacy.IEEE Computer Society,2007:321-334.
[11]李双,徐茂智.基于属性的可搜索加密方案[J].计算机学报,2014(5):1017-1024.
[12]李双.访问控制与加密[M].机械工业出版社,2012.
[13]谭彭超,张应辉,郑东.支持关键字更新的可搜索加密方案[J].桂林电子科技大学学报,2016,36(1):44-47.
[14]李经纬,贾春福,刘哲理,等.可搜索加密技术研究综述[J].软件学报,2015,26(1):109-128.
[2]Dan B,Crescenzo G D,Ostrovsky R,et al.Public Key Encryption with Keyword Search[M]//Advances in Cryptology—EUROCRYPT 2004.Springer Berlin Heidelberg,2004:506-522.
[3]Goh E J.Secure Indexes[J].Submission,2004.
[4]Cao N,Wang C,Li M,et al.Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data[J].IEEE Transactions on Parallel&Distributed Systems,2011,25(1):222-233.
[5]马明军,杨亚涛,王培东,等.基于属性的可认证搜索加密方案[J].计算机工程与设计,2016,37(2):358-362.
[6]Sahai A,Waters B.Fuzzy Identity-Based Encryption[M]//Advances in Cryptology—EUROCRYPT 2005.Springer Berlin Heidelberg,2005:457-473.
[7]Goyal V,Jain A,Pandey O,et al.Bounded Ciphertext Policy Attribute Based Encryption[M]//Automata,Languages and Programming.DBLP,2008:579-591.
[8]李新,彭长根,牛翠翠.隐藏树型访问结构的属性加密方案[J].密码学报,2016,3(5):471-479.
[9]Waters B.Ciphertext-Policy Attribute-Based Encryption:An Expressive,Efficient,and Provably Secure Realization[M]//Public Key Cryptography—PKC 2011.Springer Berlin Heidelberg,2011:53-70.
[10]Bethencourt J,Sahai A,Waters B.Ciphertext-Policy Attribute-Based Encryption[C]//IEEE Symposium on Security and Privacy.IEEE Computer Society,2007:321-334.
[11]李双,徐茂智.基于属性的可搜索加密方案[J].计算机学报,2014(5):1017-1024.
[12]李双.访问控制与加密[M].机械工业出版社,2012.
[13]谭彭超,张应辉,郑东.支持关键字更新的可搜索加密方案[J].桂林电子科技大学学报,2016,36(1):44-47.
[14]李经纬,贾春福,刘哲理,等.可搜索加密技术研究综述[J].软件学报,2015,26(1):109-128.