基于访问代理的数据加密及搜索技术研究

doi:10.11959/j.issn.1000-436x.2018114

通信学报 ›› 2018, Vol. 39 ›› Issue (7): 1-14.doi: 10.11959/j.issn.1000-436x.2018114

• 学术论文 • 下一篇

基于访问代理的数据加密及搜索技术研究

王国峰¹,刘川意²(),韩培义¹,潘鹤中¹,方滨兴²

¹ 北京邮电大学网络空间安全学院，北京 100876
² 哈尔滨工业大学（深圳）计算机科学与技术学院，广东深圳 518055

修回日期:2018-04-28 出版日期:2018-07-01 发布日期:2018-08-08
作者简介:王国峰（1988-），男，山东济宁人，北京邮电大学博士生，主要研究方向为数据安全、云计算与云安全。|刘川意（1982-），男，四川乐山人，哈尔滨工业大学（深圳）副教授，主要研究方向为云计算与云安全、大规模存储系统、数据保护与数据安全。|韩培义（1992-），男，山西吕梁人，北京邮电大学博士生，主要研究方向为数据安全、云安全。|潘鹤中（1991-），男，辽宁本溪人，北京邮电大学博士生，主要研究方向为数据安全、云安全。|方滨兴（1960-），男，江西上饶人，中国工程院院士，哈尔滨工业大学（深圳）教授，主要研究方向为网络与信息安全、内容安全。
基金资助:
国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016001);国家重点研发计划基金资助项目(2017YFB0801801);国家科技重大专项基金资助项目(BB29100002);国家科研发展咨询基金资助项目(BA25500031);国家科研发展咨询基金资助项目(BB25500019)

Research on technology of data encryption and search based on access broker

Guofeng WANG¹,Chuanyi LIU²(),Peiyi HAN¹,Hezhong PAN¹,Binxing FANG²

¹ College of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China
² School of Computer Science and Technology,Harbin Institute of Technology (Shenzhen),Shenzhen 518055,China

Revised:2018-04-28 Online:2018-07-01 Published:2018-08-08
Supported by:
The National High Technology Research and Development Program of China (863 Program)(2015AA016001);The National Key Research and Development Program of China(2017YFB0801801);The National Science and Technology Major Project of China(BB29100002);The National Research Development Consulting Project(BA25500031);The National Research Development Consulting Project(BB25500019)

摘要/Abstract

摘要：

针对云应用程序数据机密性问题，提出一种访问代理执行的密文搜索方案。此方案不需要修改云应用程序且不改变用户使用习惯，具有很强的可适用性。首先从功能性、效率性和安全性等方面分析了基于访问代理的密文搜索方案，并指出其所面临的关键问题，包括代理间索引和密文的安全分享，并设计解决方案。实验结果表明，此方案可有效保护云服务用户数据，实现多种搜索功能，且具有很高的效率性和安全性。

关键词: 云安全, 数据保护, 密文搜索, 密文分享

Abstract:

Broker executed searchable encryption (BESE) scheme was proposed for the confidentiality issues of cloud application data.The scheme did not need to modify the cloud application or user habits,thus had strong applicability.Firstly,systematic and quantitative analysis on BESE scheme was conducted in terms of query expressiveness,performance and security.Then,the main challenges of BESE scheme including securely sharing index and encrypted data between brokers were pointed out,and corresponding schemes were proposed to address the above challenges.The experimental results show that the BESE scheme can effectively protect the user data in the cloud,achieve a variety of search functions,and has high efficiency and security.

Key words: cloud security, data protection, searchable encryption, encrypted data sharing

中图分类号:

TP302

王国峰,刘川意,韩培义,潘鹤中,方滨兴. 基于访问代理的数据加密及搜索技术研究[J]. 通信学报, 2018, 39(7): 1-14.

Guofeng WANG,Chuanyi LIU,Peiyi HAN,Hezhong PAN,Binxing FANG. Research on technology of data encryption and search based on access broker[J]. Journal on Communications, 2018, 39(7): 1-14.

图/表 15

图1

图2

图3

图4

图5

表1

图6

图7

图8

图9

图10

图11

表2

图12

表3

参考文献 28

[1]	Cloud Security Alliance,Top Threats Working Group. CSA’s cloud computing top threats in 2016[R]. 2016.
[2]	It’s all about identity theft - first half findings from the 2016 breach level index[R]. 2016.
[3]	王国峰, 刘川意, 潘鹤中 ,等. 云计算模式内部威胁综述[J]. 计算机学报, 2017,40(2): 296-316.
	WANG G F , LIU C Y , PAN H Z ,et al. Survey on insider threats to cloud computing[J]. Chinese Journal of Computers, 2017,40(2): 296-316.
[4]	GOLDREICH O , OSTROVSKY R . Software protection and simulation on oblivious RAMs[J]. Journal of the ACM, 1996,43(3): 431-473.
[5]	B?SCH C , HARTEL P , JONKER W ,et al. A survey of provably secure searchable encryption[J]. ACM Computing Surveys (CSUR), 2015,47(2):18.
[6]	Gartner report:how to evaluate and operate a cloud access security broker[R]. 2015.
[7]	SCHüTZE H , . Introduction to information retrieval[C]// International Communication of Association for Computing Machinery Conference. 2008.
[8]	HE W , AKHAWE D , JAIN S ,et al. Shadowcrypt:encrypted Web applications for everyone[C]// The 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 1028-1039.
[9]	LAU B , CHUNG S , SONG C ,et al. Mimesis aegis:a mimicry privacy shield–a system’s approach to data privacy on public cloud[C]// 23rd USENIX Security Symposium (USENIX Security 14). 2014: 33-48.
[10]	POPA R A , STARK E , VALDEZ S ,et al. Building Web applications on top of encrypted data using Mylar[C]// 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14). 2014: 157-172.
[11]	POPA R A , REDFIELD C , ZELDOVICH N ,et al. CryptDB:protecting confidentiality with encrypted query processing[C]// The Twenty-Third ACM Symposium on Operating Systems Principles. 2011: 85-100.
[12]	SONG D X , WAGNER D , PERRIG A . Practical techniques for searches on encrypted data[C]// 2000 IEEE Symposium on Security and Privacy. 2000: 44-55.
[13]	GOH E J . Secure indexes[J]. International Association for Cryptologic Research Cryptology ePrint Archive, 2003:216.
[14]	CURTMOLA R , GARAY J , KAMARA S ,et al. Searchable symmetric encryption:improved definitions and efficient constructions[J]. Journal of Computer Security, 2011,19(5): 895-934.
[15]	XIA Z , WANG X , SUN X ,et al. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data[J]. IEEE Transactions on Parallel and Distributed Systems, 2016,27(2): 340-352.
[16]	LI J , WANG Q , WANG C ,et al. Fuzzy keyword search over encrypted data in cloud computing[C]// INFOCOM. 2010: 1-5.
[17]	KAMARA S , PAPAMANTHOU C , ROEDER T . Dynamic searchable symmetric encryption[C]// The 2012 ACM Conference on Computer and Communications Security. 2012: 965-976.
[18]	BONEH D , CRESCENZO G D , OSTROVSKY R ,et al. Public key encryption with keyword search[C]// International Conference on the Theory and Applications of Cryptographic Techniques. 2004: 506-522.
[19]	LIU Q , WANG G , WU J . Secure and privacy preserving keyword searching for cloud storage services[J]. Journal of Network and Computer Applications, 2012,35(3): 927-933.
[20]	GENTRY C , . Certificate-based encryption and the certificate revocation problem[C]// International Conference on the Theory and Applications of Cryptographic Techniques. 2003: 272-293.
[21]	MICALI S , . Scalable certificate validation and simplified pki management[C]// 1st Annual PKI Research Workshop. 2002:15.
[22]	SHAMIR A , . Identity-based cryptosystems and signature schemes[C]// Workshop on the Theory and Application of Cryptographic Techniques. 1984: 47-53.
[23]	BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing[C]// Annual International Cryptology Conference. 2001: 213-229.
[24]	AL-RIYAMI S S , PATERSON K G . Certificateless public key cryptography[C]// International Conference on the Theory and Application of Cryptology and Information Security. 2003: 452-473.
[25]	LEWKO A , WATERS B . Decentralizing attribute-based encryption[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2011: 568-588.
[26]	SCHULZ K U , MIHOV S . Fast string correction with Levenshtein automata[J]. International Journal on Document Analysis and Recognition, 2002,5(1): 67-85.
[27]	ISLAM M S , KUZU M , KANTARCIOGLU M . Access pattern disclosure on searchable encryption:ramification,attack and mitigation[C]// NDSS. 2012:12.
[28]	CASH D , GRUBBS P , PERRY J ,et al. Leakage-abuse attacks against searchable encryption[C]// The 22nd ACM SIGSAC Conference on Computer and Communications Security. 2015: 668-679.

方案		效率			存储
方案	建立索引时间	搜索时间	更新时间	索引大小	客户端存储	更新成本
文献[15]方案	O(nm²)	O(θ m log n)	O(m²logn)	O(nm)	O(m²)	O(mlogn)
文献[16]方案	O(nwl^e)	O(nwl^e)	不支持	O(nwl^e)	O(tl^e)	不支持
文献[17]方案	O(N)	O(q)	O(\|W_id\|)	O(m+n)	O(1)	O(\|W_id\|)
BESE	O(N)	O(q)_MRSE,O(ml)_FSE	O(\|W_id\|)	O(m+n)	O(1)	O(\|W_id\|)

文档数量/个	文档大小/GB	索引大小/GB	查询/s
9 697 882	1.212 332	0.947 194	19.567 5
10 716 760	1.339 540	1.050 98	16.188 5
11 961 342	1.487 816	1.179 34	14.677 4
13 053 463	1.624 238	1.255 26	13.830 9
17 647 279	2.201 861	1.706 34	10.957 6

过程	时间/ms
系统参数生成	50
私钥签发	20
加密	12
解密	38

基于访问代理的数据加密及搜索技术研究

Research on technology of data encryption and search based on access broker

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 28

相关文章 11

Metrics

推荐阅读 0

[1]	王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238.
[2]	韩培义,刘川意,王佳慧,段少明,潘鹤中,方滨兴. 面向云存储的数据加密系统与技术研究[J]. 通信学报, 2020, 41(8): 55-65.
[3]	王斌,李伟民,盛津芳,肖斯诺. TCCL：安全高效的拓展云桌面架构[J]. 通信学报, 2017, 38(Z1): 9-18.
[4]	王佳慧,刘川意,方滨兴. 面向物联网搜索的数据隐私保护研究综述[J]. 通信学报, 2016, 37(9): 142-153.
[5]	周志刚,张宏莉,余翔湛,李攀攀. 面向DaaS应用的数据集成隐私保护机制研究[J]. 通信学报, 2016, 37(4): 96-106.
[6]	寇广,汤光明,王硕,宋海涛,边媛. 深度学习在僵尸云检测中的应用研究[J]. 通信学报, 2016, 37(11): 114-128.
[7]	项菲1,2，刘川意2,3，方滨兴1,2，王春露1,2，钟睿明1,2. 云计算环境下密文搜索算法的研究[J]. 通信学报, 2013, 34(7): 16-153.
[8]	项菲,刘川意,方滨兴,王春露,钟睿明. 云计算环境下密文搜索算法的研究[J]. 通信学报, 2013, 34(7): 143-153.
[9]	付伟,叶清,陈泽茂,吴晓平. 云存储中的数据持有性证明研究综述[J]. 通信学报, 2012, 33(Z2): 201-206.
[10]	张伟,王汝传,李鹏. 基于云安全环境的蠕虫传播模型[J]. 通信学报, 2012, 33(4): 17-24.
[11]	吴敬征,丁丽萍,王永吉. 云计算环境下隐蔽信道关键问题研究[J]. 通信学报, 2011, 32(9A): 184-203.