计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (10): 291-296.doi: 10.11896/jsjkx.210900233

• 信息安全 • 上一篇    下一篇

一种分布式的隐私保护数据搜索方案

刘明达1, 拾以娟1, 饶翔1, 范磊2   

  1. 1 江南计算技术研究所 江苏 无锡 214083
    2 上海交通大学网络空间安全学院 上海 200240
  • 收稿日期:2021-09-27 修回日期:2022-03-16 出版日期:2022-10-15 发布日期:2022-10-13
  • 通讯作者: 刘明达(happyliumd@163.com)

Distributed Privacy Protection Data Search Scheme

LIU Ming-da1, SHI Yi-juan1, RAO Xiang1, FAN Lei2   

  1. 1 Jiangnan Institute of Computing Technology,Wuxi,Jiangsu 214083,China
    2 School of Cyber Science and Engineering,Shanghai Jiao Tong University,Shanghai 200240,China
  • Received:2021-09-27 Revised:2022-03-16 Online:2022-10-15 Published:2022-10-13
  • About author:LIU Ming-da,born in 1991,Ph.D,assistant research fellow.His main research interests include data security and blockchain.

PDF (PC)

584

摘要: 针对高敏数据上云后造成数据孤岛,从而导致数据无法互相搜索、互相发现,进而无法共享的问题,提出了一种分布式的隐私保护数据搜索方案,该方案实现了分布式场景下数据和搜索条件双向保密,并能够建立可信的搜索存证。首先对数据模型进行定义,明确了方案保护的目标和应用场景;其次提出了方案的设计框架和协议流程,重点对基于区块链的可信数据交互通道、可信密钥共享模块和密文搜索引擎3个部分的整体性流程进行描述;然后提出了一种基于可信执行环境的密文态下的全文搜索引擎Tantivy-SGX,重点对原理和实现方法进行详细分析;最后对整体流程和核心部分进行实现与验证。实验结果表明,该方案高效可行,能够有效增强分布式环境下的数据发现与搜索安全。

关键词: 分布式环境, 密文搜索, 可信执行, 区块链

Abstract: Aiming at the problem of data island caused by high-sensitivity data in the cloud,which makes the data unable to search,discover and share with each other,a distributed privacy protection data search scheme is proposed to realize the two-way confidentiality of data and search conditions in distributed scenarios,and a trusted search certificate could be established.Firstly,the data model,the objectives and application scenarios of scheme protection are defined.Next,the design framework and protocol flow of the scheme are proposed,focusing on the overall flow of three parts:trusted data interaction channel based on blockchain,trusted key sharing module and ciphertext search engine.Then,a full-text search engine tantivy SGX in ciphertext state based on trusted execution environment is proposed,and the principle and implementation method are analyzed in detail.Finally,the overall process and core methods are implemented and verified.Experiments show that the scheme is efficient and feasible,and can effectively enhance the security of data discovery and search in distributed environment.

Key words: Distributed environment, Ciphertext search, Trusted execution, Blockchain

中图分类号: 

  • TP309
[1]LIU Z Y,HE Z J,LIU J L,et al.Technology research and construction scheme of unified data lake[J].Telecommunications Science,2021,37(1):121-128.
[2]GOYAL R,GOYAL V.Overcoming cryptographic impossibility results using blockchains[C]//Theory of Cryptography Confe-rence.Cham:Springer,2017:529-561.
[3]YUAN Y,NI X C,ZENG S,et al.Blockchain Consensus Algorithms:The State of the Art and Future Trends[J].Acta Automatica Sinica,2018,44(11):93-104.
[4]ZHU L H,GAO F,SHEN M,et al.Survey on Privacy Preserving Techniques for Blockchain[J].Journal of Computer Research and Development,2017,54(10):2170-2186.
[5]SCHUSTER F,COSTRA M,FOURNET C,et al.VC3:Trustworthy data analytics in the cloud using SGX[C]//2015 IEEE Symposium on Security and Privacy.IEEE,2015:38-54.
[6]YUAN R,XIA Y B,CHEN H B,et al.ShadowEth:PrivateSmart Contract on Public Blockchain[J].Journal of Computer Science and Technology,2018,33(3):542-556.
[7]CHENG R,ZHANG F,KOS J,et al.Ekiden:A Platform for Confidentiality-Preserving,Trustworthy,and Performant Smart Contract Execution[C]//Proceedings of the IEEE European Symposium on Security and Privacy.Stockholm,Sweden,2019:185-200.
[8]POPA R A,REDFIELD C M S,ZELDOVICH N,et al.CryptDB:Protecting Confidentiality with Encrypted Query Processing[C]//Proceedings of the 23rd ACM Symposium on Operating Systems Principles 2011(SOSP 2011).Cascais,Portugal,ACM,2011:23-26.
[9]PRIEBE C,VASWANI K,COSTA M.Enclavedb:A secure database using SGX[C]//2018 IEEE Symposium on Security and Privacy(SP).IEEE,2018:264-278.
[10]VINAYAGAMURTHY D,GRIBOV A,GORBUNOV S.Steal-thdb:a scalable encrypted database with full SQL query support[J].Proceedings on Privacy Enhancing Technologies,2019,2019(3):370-388.
[11]REN K,GUO Y,LI J,et al.Hybridx:New hybrid index for vo-lume-hiding range queries in data outsourcing services[C]//2020 IEEE 40th International Conference on Distributed Computing Systems(ICDCS).IEEE,2020:23-33.
[12]ANTONOPOULOS P,ARASU A,SINGH K D,et al.Azure SQL Database Always Encrypted[C]//Proceedings of the 2020 ACM SIGMOD International Conference on Management of Data.2020:1511-1525.
[13]SUN Y,WANG S,LI H,et al.Building enclave-native storage engines for practical encrypted databases[J].Proceedings of the VLDB Endowment,2021,14(6):1019-1032.
[14]PASS R,SHI E,TRAMER F.Formal abstractions for attested execution secure processors[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Cham:Springer,2017:260-289.
[15]tantivy-search/tantivy [EB/OL].(2017-03-30) [2021-09-27].https://github.com/tantivy-search/tantivy.
[16]MesaTEE[EB/OL].(2019-08-08) [2021-09-27].https://anquan.baidu.com/article/854.
[1] 王子凯, 朱健, 张伯钧, 胡凯.
区块链与智能合约并行方法研究与实现
Research and Implementation of Parallel Method in Blockchain and Smart Contract
计算机科学, 2022, 49(9): 312-317. https://doi.org/10.11896/jsjkx.210800102
[2] 傅丽玉, 陆歌皓, 吴义明, 罗娅玲.
区块链技术的研究及其发展综述
Overview of Research and Development of Blockchain Technology
计算机科学, 2022, 49(6A): 447-461. https://doi.org/10.11896/jsjkx.210600214
[3] 高健博, 张家硕, 李青山, 陈钟.
RegLang:一种面向监管的智能合约编程语言
RegLang:A Smart Contract Programming Language for Regulation
计算机科学, 2022, 49(6A): 462-468. https://doi.org/10.11896/jsjkx.210700016
[4] 毛典辉, 黄晖煜, 赵爽.
符合监管合规性的自动合成新闻检测方法研究
Study on Automatic Synthetic News Detection Method Complying with Regulatory Compliance
计算机科学, 2022, 49(6A): 523-530. https://doi.org/10.11896/jsjkx.210300083
[5] 李博, 向海昀, 张宇翔, 廖浩德.
面向食品溯源场景的PBFT优化算法应用研究
Application Research of PBFT Optimization Algorithm for Food Traceability Scenarios
计算机科学, 2022, 49(6A): 723-728. https://doi.org/10.11896/jsjkx.210800018
[6] 周航, 姜河, 赵琰, 解相朋.
适用于各单元共识交易的电力区块链系统优化调度研究
Study on Optimal Scheduling of Power Blockchain System for Consensus Transaction ofEach Unit
计算机科学, 2022, 49(6A): 771-776. https://doi.org/10.11896/jsjkx.210600241
[7] 王思明, 谭北海, 余荣.
面向6G可信可靠智能的区块链分片与激励机制
Blockchain Sharding and Incentive Mechanism for 6G Dependable Intelligence
计算机科学, 2022, 49(6): 32-38. https://doi.org/10.11896/jsjkx.220400004
[8] 孙浩, 毛瀚宇, 张岩峰, 于戈, 徐石成, 何光宇.
区块链跨链技术发展及应用
Development and Application of Blockchain Cross-chain Technology
计算机科学, 2022, 49(5): 287-295. https://doi.org/10.11896/jsjkx.210800132
[9] 阳真, 黄松, 郑长友.
基于区块链与改进CP-ABE的众测知识产权保护技术研究
Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE
计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[10] 任畅, 赵洪, 蒋华.
一种量子安全拜占庭容错共识机制
Quantum Secured-Byzantine Fault Tolerance Blockchain Consensus Mechanism
计算机科学, 2022, 49(5): 333-340. https://doi.org/10.11896/jsjkx.210400154
[11] 冯了了, 丁滟, 刘坤林, 马科林, 常俊胜.
区块链BFT共识算法研究进展
Research Advance on BFT Consensus Algorithms
计算机科学, 2022, 49(4): 329-339. https://doi.org/10.11896/jsjkx.210700011
[12] 王鑫, 周泽宝, 余芸, 陈禹旭, 任昊文, 蒋一波, 孙凌云.
一种面向电能量数据的联邦学习可靠性激励机制
Reliable Incentive Mechanism for Federated Learning of Electric Metering Data
计算机科学, 2022, 49(3): 31-38. https://doi.org/10.11896/jsjkx.210700195
[13] 张潆藜, 马佳利, 刘子昂, 刘新, 周睿.
以太坊Solidity智能合约漏洞检测方法综述
Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts
计算机科学, 2022, 49(3): 52-61. https://doi.org/10.11896/jsjkx.210700004
[14] 杨昕宇, 彭长根, 杨辉, 丁红发.
基于演化博弈的理性拜占庭容错共识算法
Rational PBFT Consensus Algorithm with Evolutionary Game
计算机科学, 2022, 49(3): 360-370. https://doi.org/10.11896/jsjkx.210900110
[15] 陈静, 李志淮, 高冬雪, 李敏.
利用状态归约的分片负载均衡方法
Shard Load Balancing Method Using State Reduction
计算机科学, 2022, 49(11): 302-308. https://doi.org/10.11896/jsjkx.210800109
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发