计算机科学 ›› 2021, Vol. 48 ›› Issue (11A): 576-584.doi: 10.11896/jsjkx.201000026

• 信息安全 • 上一篇    下一篇

多云环境中基于属性加密的高效多关键词检索方案

何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳   

  1. 武汉科技大学计算机科学与技术学院 武汉430065
    武汉科技大学智能信息处理与实时工业系统湖北省重点实验室 武汉430065
  • 出版日期:2021-11-10 发布日期:2021-11-12
  • 通讯作者: 何亨(heheng@wust.edu.cn)
  • 基金资助:
    国家自然科学基金项目(61602351,61802286);湖北省自然科学基金(2018CFB424);湖北省教育厅科学研究计划(B2019009)

Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment

HE Heng, JIANG Jun-jun, FENG Ke, LI Peng, XU Fang-fang   

  1. School of Computer Science and Technology,Wuhan University of Science and Technology,Wuhan 430065,China
    Hubei Province Key Laboratory of Intelligent Information Processing and Real-time Industrial System,Wuhan 430065,China
  • Online:2021-11-10 Published:2021-11-12
  • About author:HE Heng,born in 1981,Ph.D,associate professor,is a member of China Computer Federation.His main research interests include network security,cloud computing and ciphertext retrieval.
  • Supported by:
    This work was supported by the National Natural Science Foundation of China(61602351,61802286),Natural Science Foundation of Hubei Pro-vince,China(2018CFB424) and Scientific Research Project of Education Department of Hubei Province,China(B2019009).

摘要: 随着云计算技术的快速发展和广泛应用,云环境中的数据安全问题成为用户关注的焦点。为了保障数据隐私,用户将隐私数据加密后上传至云服务器。然而,如何从多个云服务器中的海量加密数据里检索到包含特定信息的密文是富有挑战性的。传统的可搜索加密方案无法直接应用于多云环境的密文数据检索中。基于属性的加密技术为密文关键词检索提供了一种新的解决思路,但是,现有的相关方案存在仅支持单个或连接关键词检索、访问控制策略不灵活、检索效率低、计算和存储开销大以及无法有效适用于多云环境等问题。因此,文中提出了一种多云环境中基于属性加密的高效多关键词检索方案(MRAM)。MRAM基于高性能的密文策略的属性加密算法,实现了任意密文多关键词检索,细粒度的访问控制,并且通过引入检索服务器有效支持多云环境中高效准确的密文检索。安全分析表明,MRAM能够实现安全索引机密性、检索陷门机密性、抗共谋攻击等重要安全特性,性能评估验证了MRAM相较于已有的方案,在安全索引生成、检索陷门生成和检索阶段具有更低的计算开销,且安全索引和检索陷门的存储开销也更小。

关键词: 多关键词检索, 多云环境, 访问控制, 密文检索, 属性加密

Abstract: With the rapid development and wide application of cloud computing technology,data security issues in the cloud environment have become the focus of users' attention.To ensure data privacy,users encrypt the private data and upload it to the cloud server.Nevertheless,it is challenging to retrieve ciphertext containing specific information from massive encrypted data of multiple cloud servers.Traditional searchable encryption schemes cannot be directly applied to ciphertext data retrieval in the multi-cloud environment.The attribute-based encryption provides a new solution for ciphertext keyword retrieval.However,the existing related schemes have some problems,such as only supporting single or conjunctive keyword retrieval,inflexible access control policy,low retrieval efficiency,large calculation and storage overhead,and not applying to the multi-cloud environment effectively.Therefore,this paper proposed an efficient Multi-keyword Retrieval scheme based on Attribute encryption in the Multi-cloud environment (MRAM).MRAM is based on the high-performance ciphertext-policy attribute-based encryption algorithm,and realizes multi-keyword ciphertext retrieval and fine-grained access control.By introducing a retrieval server,MRAM effectively supports efficient and accurate ciphertext retrieval in multi-cloud environment.Security analysis shows that MRAM can achieve important security features such as security index confidentiality,trapdoor confidentiality,and resistance to collusion attacks.The performance evaluation verifies that MRAM has lower computational overhead in the secure index generation,trapdoor generation,and retrieval stages compared with existing solutions,and the storage overhead of the secure index and trapdoor is also smaller.

Key words: Access control policy, Attribute-based encryption, Ciphertext retrieval, Multi-cloud environment, Multi-keyword retrieval

中图分类号: 

  • TP309
[1]JIANG Q,MA J F,WEI F S.On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services[J].IEEE Systems Journal,2018,12(2):2039-2042.
[2]LIY X,ZHOU F C,XU Z F,et al.An efficient two-serverranked dynamic searchable encryption scheme[J].IEEE Access,2020,8:86328-86344.
[3]TIAN H L,ZHANG Y,LI C,et al.A survey of confidentiality protection for cloud database[J].Chinese Journal of Computers,2017(10):2245-2270.
[4]GE R J,YANG G Y,WU J S,et al.A novel chaos-based symmetric image encryption using bit-pair level process[J].IEEE Access,2019,7:99470-99480.
[5]XIE D.Public key image encryption based on compressed sen-sing[J].IEEE Access,2019,7:131672-131680.
[6]WANG G F,LIU C Y,DONG Y F,et al.IDCrypt:A multi-user searchable symmetric encryption scheme for cloud applications[J].IEEE Access,2018,6:2908-2921.
[7]CHEN B W,WU L B,WANG H Q,et al.A Blockchain-basedsearchable public-key encryption with forward and backward privacy for cloud-assisted vehicular social networks[J].IEEE Transactions on Vehicular Technology,2020,69(6)5813-5825.
[8]SAHAI A,WATERS B.Fuzzy identity-based encryption [C]//Advances in Cryptology (EUROCRYPT 2005).Berlin:Springer,2005:457-473.
[9]DAN B,FRANKLIN M.Identity-based encryption from theWeil pairing [C]//Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology.Berlin:Springer,2001:213-229.
[10]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption [C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy.Piscataway,NJ:IEEE,2007:321-334.
[11]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based en-cryption for fine-grained access control of encrypted data [C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.New York,NY:ACM,2006:89-98.
[12]LI S,XU M Z.Attribute-based public encryption with keyword search[J].Chinese Journal of Computers,2014,37(5):1017-1024.
[13]ZHENG Q J,XU S H,ATENIESE G.VABKS:Verifiable attri-bute-based keyword search over outsourced encrypted data [C]//Proceedings of the IEEE Conference on Computer Communications.Piscataway,NJ:IEEE,2014:522-530.
[14]LIANG K,SUSILO W.Searchable attribute-based mechanismwith efficient data sharing for secure cloud storage[J].IEEE Transactions on Information Forensics and Security,2015,10(9):1981-1992.
[15]SONG Y,HAN Z,CHEN D,et al.Attribute-based encryption supporting arbitrary conjunctive key word search[J].Journal on Communications,2016,37(8):77-85.
[16]SUN W,YU S,LOU W,et al.Protecting your right:verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[J].IEEE Transactions on Parallel and Distributed Systems,2016,27(4):1187-1198.
[17]WU Q Y,MA J F,LI H,et al.Multi-keyword search over encrypted data with user revocation[J].Journal on Communications,2017,38(8):183-193.
[18]YAN X X,MENG H.Ciphertext policy attribute-based encryption scheme supporting direct revocation[J].Journal on Communications,2016,37(5):44-50.
[19]IBRAIMI L,TANG Q,HARTEL P,et al.Efficient and provable secure ciphertext-policy attribute-based encryption schemes[C]//Proceedings ofthe 5th International Conference on Information Security Practice and Experience,Berlin:Springer,2009:1-12.
[20]LI J,WANG Q,WANG C,et al.Fuzzy keyword search over encrypted data in cloud computing [C]//Proceedings of the IEEE Conference on Information Communications,Piscataway,NJ:IEEE,2010:441-445.
[21]WANG Y,FAN K.Effective CP-ABE with Hidden Access Policy[J].Journal of Computer Research and Development,2019,56(10):2151-2159.
[22]HE H,ZHANG J,GU J G,et al.A fine-grained and lightweight data access control scheme for WSN-integrated cloud computing[J].Cluster Computing,2017,20(2):1457-1472.
[23]RUIXUAN L,CHENGLIN S,HENG H,et al.A Lightweight Secure Data Sharing Scheme for Mobile Cloud Computing[J].IEEE Transactions on Cloud Computing,2018,6(2):344-357.
[1] 郭鹏军, 张泾周, 杨远帆, 阳申湘.
飞机机内无线通信网络架构与接入控制算法研究
Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft
计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220
[2] 阳真, 黄松, 郑长友.
基于区块链与改进CP-ABE的众测知识产权保护技术研究
Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE
计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[3] 高诗尧, 陈燕俐, 许玉岚.
云环境下基于属性的多关键字可搜索加密方案
Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing
计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214
[4] 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪.
基于区块链的工业控制系统角色委派访问控制机制
Blockchain-based Role-Delegation Access Control for Industrial Control System
计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235
[5] 程学林, 杨小虎, 卓崇魁.
基于组织架构的数据权限控制模型研究与实现
Research and Implementation of Data Authority Control Model Based on Organization
计算机科学, 2021, 48(6A): 558-562. https://doi.org/10.11896/jsjkx.200700127
[6] 潘瑞杰, 王高才, 黄珩逸.
云计算下基于动态用户信任度的属性访问控制
Attribute Access Control Based on Dynamic User Trust in Cloud Computing
计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013
[7] 曹萌, 于洋, 梁英, 史红周.
基于区块链的大数据交易关键技术与发展趋势
Key Technologies and Development Trends of Big Data Trade Based on Blockchain
计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163
[8] 徐堃, 付印金, 陈卫卫, 张亚男.
基于区块链的云存储安全研究进展
Research Progress on Blockchain-based Cloud Storage Security Mechanism
计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015
[9] 王静宇, 刘思睿.
大数据风险访问控制研究进展
Research Progress on Risk Access Control
计算机科学, 2020, 47(7): 56-65. https://doi.org/10.11896/jsjkx.190700157
[10] 顾荣杰, 吴治平, 石焕.
基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究
New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model
计算机科学, 2020, 47(6A): 400-403. https://doi.org/10.11896/JsJkx.191000066
[11] 潘恒, 李景峰, 马君虎.
可抵御内部威胁的角色动态调整算法
Role Dynamic Adjustment Algorithm for Resisting Insider Threat
计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051
[12] 王辉, 刘玉祥, 曹顺湘, 周明明.
融入区块链技术的医疗数据存储机制
Medical Data Storage Mechanism Integrating Blockchain Technology
计算机科学, 2020, 47(4): 285-291. https://doi.org/10.11896/jsjkx.190400001
[13] 吕建富,赖英旭,刘静.
基于链上链下相结合的日志安全存储与检索
Log Security Storage and Retrieval Based on Combination ofOn-chain and Off-chain
计算机科学, 2020, 47(3): 298-303. https://doi.org/10.11896/jsjkx.190200298
[14] 屠袁飞,张成真.
面向云端的安全高效的电子健康记录
Secure and Efficient Electronic Health Records for Cloud
计算机科学, 2020, 47(2): 294-299. https://doi.org/10.11896/jsjkx.181202256
[15] 乔毛,秦岭.
云存储服务中一种高效属性撤销的AB-ACCS方案
AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services
计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!