计算机科学 ›› 2022, Vol. 49 ›› Issue (3): 313-321.doi: 10.11896/jsjkx.201100214

• 信息安全 • 上一篇    下一篇

云环境下基于属性的多关键字可搜索加密方案

高诗尧, 陈燕俐, 许玉岚   

  1. 南京邮电大学计算机学院软件学院网络空间安全学院 南京210003
  • 收稿日期:2020-11-30 修回日期:2021-04-10 出版日期:2022-03-15 发布日期:2022-03-15
  • 通讯作者: 陈燕俐(chenyl@njupt.edu.cn)
  • 作者简介:(1018041101@njupt.edu.cn)
  • 基金资助:
    国家自然科学基金(61572263,61272084)

Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing

GAO Shi-yao, CHEN Yan-li, XU Yu-lan   

  1. School of Computer Science,School of Software,School of Cyberspace Security,Nanjing University of Posts and Telecommunications,Nanjing 210003,China
  • Received:2020-11-30 Revised:2021-04-10 Online:2022-03-15 Published:2022-03-15
  • About author:GAO Shi-yao,born in 1996,postgra-duate.His main research interests include information security and modern cryptography.
    CHEN Yan-li,born in 1969,Ph.D,professor.Her main research interests include network security and computer architecture.
  • Supported by:
    National Natural Science Foundation of China (61572263,61272084).

摘要: 可搜索加密技术可在不解密数据密文的同时实现密文关键字的检索,很好地保护了数据存储方的隐私。针对目前大多数可搜索加密方案无法支持用户自定义搜索策略的问题,提出了一种安全、高效、可支持任意表达的基于属性可搜索加密方案。该方案首先基于LSSS搜索结构,支持任意合取、析取或单调布尔表达式的多关键字搜索策略,用户使用私钥为LSSS搜索策略生成陷门,云服务器通过陷门可以搜索包含满足特定关键字搜索策略的密文;其次,通过与基于属性加密方案结合,可以实现对云中加密数据的细粒度访问控制;另外,该方案通过将关键字拆分成关键字名和关键字值以及“线性拆分”技术,使得攻击者无法从密文和陷门中推测出关键字值敏感信息;最后,通过将部分解密工作转移到云服务器来降低用户的计算负担。基于DBDH、(q-2)和判定线性假设证明了所提方案的安全性,理论分析和实验结果也表明了该方案的有效性。

关键词: 关键字搜索策略, 可搜索加密, 数据共享, 云计算, 属性加密

Abstract: Searchable encryption technology can realize keyword search without decrypting the data,and thus well protects user’sprivate information.Aiming at the problem that most current searchable encryption schemes cannot support user-defined search strategies,this paper proposes an attribute-based searchable encryption scheme which is secure,efficient and can support arbitrary search expressions.Firstly,the scheme,based on LSSS access structure,allows keyword search policy to be represented by conjunction,disjunction or any monotone Boolean expression,user generates trapdoor for LSSS search policy by utilizing the private key,and cloud server can search ciphertexts that satisfy specific keywords search policy through trapdoor.Secondly,it can realize fine-grained access control of encrypted data in cloud through combining with attribute-based encryption scheme.In addition,attackers cannot infer the sensitive information of keyword values from ciphertext and trapdoor by splitting keywords into keyword names and values through “linear splitting” technology.Finally,the computing burden of users is reduced due to part of decryption work is transfered to cloud server.The security of the proposed scheme is proved based on BDHE,(q-2) assumption.Theoretical analysis and experimental results also show that the scheme is effective.

Key words: Attribute -based encryption, Cloud computing, Data sharing, Keywords search policy, Searchable encryption

中图分类号: 

  • TP309
[1]SONG D X,WAGNER D,PERRIG A.Practical tech-niques for searches on encrypted data[C]//Proceedings of 2000 IEEE Symposium on Security and Privacy.Berkeley,CA:IEEE,2000:44-55.
[2]BONEH D,CRESCENZO G D,OSTROVSKY R,et al.Public key encryption with keyword search[C]//Advances in Crypto-logy-EUROCRYPT.Berlin:Springer,2004:506-522.
[3]CURTMOLA R,GARAY J,KAMARA S,et al.Searchablesymmetric encryption.Improved definitions and efficient constructions[C]//Proceedings of the 2006 ACM Computer and Communication Security.New York:ACM,2006:79-88.
[4]LI J,SHI Y,ZHANG Y.Searchable ciphertext-policy attribute-based encryption with revocation in cloud storage[J].International Journal of Communication Systems,2017,30(1):2933-2947.
[5]MIAO Y,MA J,LIU X,et al.Attribute-Based Keyword Search over Hierarchical Data in Cloud Computing[J].IEEE Transactions on Services Computing,2017,17(99):1427-1441.
[6]SWAMINATHAN A,MAO Y,SU G M,et al.Confidentiality-preserving rank-ordered search[C]//Proceedings of the 2007 ACM Workshop Storage Security and Survivability.Alexandria,VA:ACM,2007:7-12.
[7]WANG C,CAO N,REN K,et al.Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data[J].IEEE Transactions on Parallel & Distributed Systems,2011,23(8):1467-1479.
[8]ZERR S,OLMEDILLA D,NEJDL W,et al.Zerber+R:Top-k retrieval from a confıdential index[C]//Proceedings of International Conference on Extending Database Technology.2009:439-449.
[9]DAN B,WATERS B.Conjunctive,subset,and range queries on encrypted data[C]//Proceedings of 4th Theory of Cryptography Conference.Berlin,Springer,2007:535-554.
[10]LEWKO A,OKAMOTO T,SAHAI A,et al.Fully secure functional encryption:Attribute-based encryption and (hierarchical) inner product encryption[C]//Proceedings of Annual International Conference on Theory and Applications of Cryptographic Technology.Berlin,Springer,2010:62-91.
[11]MIAO Y,MA J,LIU X,et al.Practical Attribute-Based Multi-Keyword Search Scheme in Mobile Crowdsourcing[J].IEEE Internet of Things Journal,2018,5(4):3008-3018.
[12]MIAO Y,MA J,LIU X,et al.VCKSM:Verifiable conjunctive keyword search over mobile e-health cloud in shared multi-owner settings[J].Pervasive and Mobile Computing,2017,40:205-219.
[13]LAI J,ZHOU X,DENG R H,et al.Expressive search on encrypted data[C]//ACM Sigsac Symposium on Information.ACM,2013:243-251.
[14]LV Z,HONG C,ZHANG M,et al.Expressive and SecureSearchable Encryption in the Public Key Setting[J].2014:364-376.
[15]CUI H,WAN Z,DENG R,et al.Efficient and Expressive Keyword Search Over Encrypted Data in the Cloud[J].IEEE Tran-sactions on Dependable & Secure Computing,2018,15(3):409-422.
[16]HAO J,LIU J,WANG H,et al.Efficient Attribute-based Ac-cess Control with Authorized Search in Cloud Storage[J].IEEE Access,2019,7:182772-182783.
[17]SHEN C,LU Y,LI J.Expressive Public-Key Encryption withKeyword Search:Generic Construction from KP-ABE and an Efficient Scheme over Prime-Order Groups[J].IEEE Access,2020,8:93-103.
[18]SAHAI A,WATERS B.Fuzzy Identity-Based Encryption[M].Advances in Cryptology-EUROCRYPT 2005.Berlin:Springer,2005:457-473.
[19]DAN B,FRANKLIN M.Identity-Based Encryption from theWeil Pairing[M].Society for Industrial and Applied Mathema-tics,2003:235-252.
[20]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of ACM Conference on Computer and Communications Security.ACM,2006:89-98.
[21]PARK D J,KIM K,LEE P J.Public Key Encryption with Conjunctive Field Keyword Search[C]//Proceedings of Information Security Applications,5th International Workshop,WISA 2004.Jeju Island,Korea,2004:73-86.
[22]HAN F,QIN J,ZHAO H,et al.A general transformation from KP-ABE to searchable encryption[J].Future Generation Computer Systems,2014,30(Jan.):107-115.
[23]ABDALLA M,BELLARE M,CATALANO D,et al.Searchable Encryption Revisited:Consistency Properties,Relation to Ano-nymous IBE,and Extensions[C]//Annual International Crypto-logy Conference.Berlin:Springer,2005:205-222.
[24]KAUSHIK K,VARADHARAJAN V,NALLUSAMY R.Multi-user Attribute-based Searchable Encryption[C]//IEEE International Conference on Mobile Data Management.IEEE,2013:200-205.
[25]XIONG A P,GAN Q X,et al.A searchable encryption of CP-ABE scheme in cloud storage[C]//Proceedings of the 10th International Computer Conference on Wavelet Active Media Technology (ICCWAMTIP’13).USA:IEEE,2013:345-349.
[26]HE H,ZHANG J,LI P,et al.A lightweight secure conjunctive keyword search scheme in hybrid cloud[J].Future Generation Computer Systems,2019,93:727-736.
[27]WANG S P,JIA S S,ZHANG Y L,et al.Verifiable and Multi-Keyword Searchable Attribute-Based Encryption Scheme for Cloud Storage[J].IEEE Access,2019,7:50136-50147.
[28]SUN J,REN L,WANG S,et al.Multi-Keyword Searchable and Data Verifiable Attribute-Based Encryption Scheme for Cloud Storage[J].IEEE Access,2019,7:66655-66667.
[29]LIU X,LU T,HE X,et al.Verifiable Attribute-Based Keyword Search Over Encrypted Cloud Data Supporting Data Deduplication[J].IEEE Access,2020,8(99):52062-52074.
[30]LIU X,YANG X.Verifiable Multi-keyword Search Encryption Scheme with Anonymous Key Generation for Medical Internet of Things[J].IEEE Internet of Things Journal(Early Access),2021,8:1-13.
[31]BAEK J,SAFAVI-NAINI R,SUSILO W.Public Key Encryption with Keyword Search Revisited[C]//Proceedings of the International Conference on Computational Science and Its Applications,Part I.Berlin:Springer,2008:1249-1259.
[32]BEIMEL A.Secure schemes for secret sharing and key distribution[D].Haifa:Israel Institute of Technology,1996.
[33]ROUSELAKIS Y,WATERS B.New Constructions and ProofMethods for Large Universe Attribute-Based Encryption[C]//ACM Sigsac Conference on Computer & Communications Security.ACM,2013:463-473.
[34]BOYEN X,WATERS B.Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles)[C]//Procee-dings of the 26th Annual International Conference on Advances in Cryptology.Berlin:Springer,2006:290-307.
[35]SHOUP V.A proposal for an iso standard for public key en-cryption (version 2.1)[OL].http://eprint.iacr.org/2001/112.
[36]CARO A D,IOVINO V.jPBC:Java pairing based cryptography[C]//2011 IEEE Symposium on Computers and Communications (ISCC).Kerkyra,2011:850-855.
[1] 王政, 姜春茂.
一种基于三支决策的云任务调度优化算法
Cloud Task Scheduling Algorithm Based on Three-way Decisions
计算机科学, 2021, 48(6A): 420-426. https://doi.org/10.11896/jsjkx.201000023
[2] 潘瑞杰, 王高才, 黄珩逸.
云计算下基于动态用户信任度的属性访问控制
Attribute Access Control Based on Dynamic User Trust in Cloud Computing
计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013
[3] 季琰, 戴华, 姜莹莹, 杨庚, 易训.
面向混合云的可并行多关键词Top-k密文检索技术
Parallel Multi-keyword Top-k Search Scheme over Encrypted Data in Hybrid Clouds
计算机科学, 2021, 48(5): 320-327. https://doi.org/10.11896/jsjkx.200300160
[4] 陈玉平, 刘波, 林伟伟, 程慧雯.
云边协同综述
Survey of Cloud-edge Collaboration
计算机科学, 2021, 48(3): 259-268. https://doi.org/10.11896/jsjkx.201000109
[5] 蒋慧敏, 蒋哲远.
企业云服务体系结构的参考模型与开发方法
Reference Model and Development Methodology for Enterprise Cloud Service Architecture
计算机科学, 2021, 48(2): 13-22. https://doi.org/10.11896/jsjkx.200300044
[6] 王文娟, 杜学绘, 任志宇, 单棣斌.
基于因果知识和时空关联的云平台攻击场景重构
Reconstruction of Cloud Platform Attack Scenario Based on Causal Knowledge and Temporal- Spatial Correlation
计算机科学, 2021, 48(2): 317-323. https://doi.org/10.11896/jsjkx.191200172
[7] 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳.
多云环境中基于属性加密的高效多关键词检索方案
Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment
计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026
[8] 毛瀚宇, 聂铁铮, 申德荣, 于戈, 徐石成, 何光宇.
区块链即服务平台关键技术及发展综述
Survey on Key Techniques and Development of Blockchain as a Service Platform
计算机科学, 2021, 48(11): 4-11. https://doi.org/10.11896/jsjkx.210500159
[9] 陈先来, 赵晓宇, 曾工棉, 安莹.
基于区块链的患者在线交流模型
Online Patient Communication Model Based on Blockchain
计算机科学, 2021, 48(11): 28-35. https://doi.org/10.11896/jsjkx.210400240
[10] 王勤, 魏立斐, 刘纪海, 张蕾.
基于云服务器辅助的多方隐私交集计算协议
Private Set Intersection Protocols Among Multi-party with Cloud Server Aided
计算机科学, 2021, 48(10): 301-307. https://doi.org/10.11896/jsjkx.210300308
[11] 张恺琪, 涂志莹, 初佃辉, 李春山.
基于排队论的服务资源可用性相关研究综述
Survey on Service Resource Availability Forecast Based on Queuing Theory
计算机科学, 2021, 48(1): 26-33. https://doi.org/10.11896/jsjkx.200900211
[12] 雷阳, 姜瑛.
云计算环境下关联节点的异常判断
Anomaly Judgment of Directly Associated Nodes Under Cloud Computing Environment
计算机科学, 2021, 48(1): 295-300. https://doi.org/10.11896/jsjkx.191200186
[13] 徐蕴琪, 黄荷, 金钟.
容器技术在科学计算中的应用研究
Application Research on Container Technology in Scientific Computing
计算机科学, 2021, 48(1): 319-325. https://doi.org/10.11896/jsjkx.191100111
[14] 李彦, 申德荣, 聂铁铮, 寇月.
面向加密云数据的多关键字语义搜索方法
Multi-keyword Semantic Search Scheme for Encrypted Cloud Data
计算机科学, 2020, 47(9): 318-323. https://doi.org/10.11896/jsjkx.190800139
[15] 马潇潇, 黄艳.
大属性可公开追踪的密文策略属性基加密方案
Publicly Traceable Accountable Ciphertext Policy Attribute Based Encryption Scheme Supporting Large Universe
计算机科学, 2020, 47(6A): 420-423. https://doi.org/10.11896/JsJkx.190700131
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!