云环境下安全的可验证多关键词搜索加密方案

doi:10.11959/j.issn.1000-436x.2021054

通信学报 ›› 2021, Vol. 42 ›› Issue (4): 139-149.doi: 10.11959/j.issn.1000-436x.2021054

云环境下安全的可验证多关键词搜索加密方案

张键红¹^,², 武梦龙¹, 王晶³^,⁴, 刘沛³^,⁴, 姜正涛⁴, 彭长根²

¹ 北方工业大学信息学院，北京 100144
² 贵州大学公共大数据国家重点实验室，贵州贵阳 550025
³ 京东集团财税创新部，北京 100176
⁴ 中国传媒大学计算机与网络空间安全学院，北京 100024

修回日期:2021-02-22 出版日期:2021-04-25 发布日期:2021-04-01
作者简介:张键红（1975- ），男，河北石家庄人，博士，北方工业大学教授，主要研究方向为密码学、云安全、物联网安全。
武梦龙（1972- ），男，山西太原人，博士，北方工业大学副教授，主要研究方向为无线通信、信息安全、信号处理技术等。
王晶（1988- ），男，山东烟台人，京东集团财税创新部工程师，主要研究方向为计算机软件、网络安全、电子商务等。
刘沛（1982- ），男，北京人，京东集团财税创新部工程师，主要研究方向为国家税收治理、区块链、税务数智化转型、财税安全管理。
姜正涛（1976- ），男，山东青岛人，博士，中国传媒大学副教授，主要研究方向为密码学、信息安全、物联网安全等。
彭长根（1963- ），男，贵州锦屏人，博士，贵州大学教授，主要研究方向为密码学、信息安全、物联网安全等。
基金资助:
北京市自然科学基金资助项目(4212019);北京市自然科学基金资助项目(L182039);广西密码学与信息安全重点实验室研究课题基金资助项目(GCIS201808);贵州省公共大数据重点实验室开放课题基金资助项目(2019BDKFJJ012);国家重点研发计划基金资助项目(2018YFB0803900)

Secure and verifiable multi-keyword searchable encryption scheme in cloud

Jianhong ZHANG¹^,², Menglong WU¹, Jing WANG³^,⁴, Pei LIU³^,⁴, Zhengtao JIANG⁴, Changgen PENG²

¹ School of Information Sciences and Technology, North China University of Technology, Beijing 100144, China
² Guizhou Provincial Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China
³ Finance and Tax Innovation Department of JD Group, Beijing 100176, China
⁴ School of Computer and Cyber Sciences, Communication University of China, Beijing 100024, China

Revised:2021-02-22 Online:2021-04-25 Published:2021-04-01
Supported by:
The Natural Science Foundation of Beijing(4212019);The Natural Science Foundation of Beijing(L182039);Guangxi Key Laboratory of Crypto-graphy and Information Security(GCIS201808);Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2019BDKFJJ012);The National Key Research and Development Program of China(2018YFB0803900)

摘要/Abstract

摘要：

云计算的高虚拟化与高可扩展性等优势，使个人和企业愿意外包加密数据到云端服务器。然而，加密后的外包数据破坏了数据间的关联性。尽管能够利用可搜索加密（SE）进行加密数据的文件检索，但不可信云服务器可能篡改、删除外包数据或利用已有搜索陷门来获取新插入文件相关信息。此外，现有单关键词搜索由于限制条件较少，导致搜索精度差，造成带宽和计算资源的浪费。为了解决以上问题，提出一种高效的、可验证的多关键词搜索加密方案。所提方案不仅能够支持多关键词搜索，也能实现搜索模式的隐私性和文件的前向安全性。此外，还能实现外包数据的完整性验证。通过严格的安全证明，所提方案在标准模型下被证明是安全的，能够抵抗不可信云服务器的离线关键词猜测攻击（KGA）。最后，通过与最近 3 种方案进行效率和性能比较，实验结果表明所提方案在功能和效率方面具有较好的综合性能。

关键词: 云计算, q-ABDHE安全假设, 多关键词搜索, 安全证明

Abstract:

Due to the advantages of cloud computing, such as virtualization and high scalability, individuals and enterprises are willing to outsource local data storage and computing to cloud servers.However, encryption breaks the linkability between the data.Although searchable encryption (SE) enables cloud servers to provide retrieval services of the encrypted data for data owners, cloud servers who are untrusted, may tamper and delete data, or learn information of the newly added encrypted files with previous trapdoors.Besides, single-keyword search inevitably incurs many unrelated results, resulting in a waste of bandwidth and computing resources.To address the problems above, an efficient and verifiable multi-keyword search encryption scheme was proposed, which could not only supported multiple-keyword search, but also realized the privacy of search pattern and forward security of the outsourced files.In the meanwhile, it also ensured the integrity check of the outsourced data.Through rigorous security verification, the proposed scheme was proved to be secure under the standard mode, and could resist offline keyword guesswork attack (KGA) on untrusted cloud servers.Finally, by comparing the efficiency and performance with the recent three searchable encryption schemes, the experimental results show that the proposed scheme has the best comprehensive performance in terms of function and efficiency among the four schemes.

Key words: cloud computing, q-ABDHE security assumption, multi-keyword search, security proof

中图分类号:

TP309

张键红, 武梦龙, 王晶, 刘沛, 姜正涛, 彭长根. 云环境下安全的可验证多关键词搜索加密方案[J]. 通信学报, 2021, 42(4): 139-149.

Jianhong ZHANG, Menglong WU, Jing WANG, Pei LIU, Zhengtao JIANG, Changgen PENG. Secure and verifiable multi-keyword searchable encryption scheme in cloud[J]. Journal on Communications, 2021, 42(4): 139-149.

图/表 7

图1

表1

表3

图2

图3

图4

图5

参考文献 19

[1]	AMBRUST M , FOX A , JOSEPH A D ,et al. Above the clouds:a berkeley view of cloud computing[R]. California:University of California,UCB/EECS-2009-28, 2009.
[2]	MELL P M , GRANCE T . The NIST definition of cloud computing[R]. National Institute of Standards and Technology, 2011.
[3]	JULISCH K , HALL M . Security and control in the cloud[J]. Information Security Journal:A Global Perspective, 2010,19(6): 299-309.
[4]	冯登国, 张敏, 张妍 ,等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83.
	FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[5]	TANG Y , LEE P P C , LUI J C S ,et al. Secure overlay cloud storage with access control and assured deletion[J]. IEEE Transactions on Dependable and Secure Computing, 2012,9(6): 903-916.
[6]	SONG D X , WAGNER D , PERRIG A . Practical techniques for searches on encrypted data[C]// Proceeding 2000 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2000: 44-55.
[7]	BONEH D , CRESCENZO G , OSTROVSKY R ,et al. Public key encryption with keyword search[C]// International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2004: 506-522.
[8]	GOLLE P , STADDON J , WATERS B . Secure conjunctive keyword search over encrypted data[C]// Proceedings of the 2nd International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2004: 31-45.
[9]	BALLARD L , KAMARA S , MONROSE F . Achieving efficient conjunctive keyword searches over encrypted data[C]// Proceedings of the 7th International Conference on Information and Communications Security. Berlin:Springer, 2005: 414-426
[10]	RYU E K , TAKAGI T . Efficient conjunctive keyword-searchable encryption[C]// Proceedings of 21st International Conference on Advanced Information Networking and Applications Workshops. Piscataway:IEEE Press, 2007: 409-414.
[11]	CAO N , WANG C , LI M ,et al. Privacy-preserving multi-keyword ranked search over encrypted cloud data[C]// Proceedings of IEEE INFOCOM. Piscataway:IEEE Press, 2011: 829-837.
[12]	SHACHAM H , WATERS B . Compact proofs of retrievability[J]. Journal of Cryptology, 2013,26(3): 442-483.
[13]	GUO L F , LU B , LI X Y ,et al. A verifiable proxy Re-encryption with keyword search without random oracle[C]// 2013 Ninth International Conference on Computational Intelligence and Security. Piscataway:IEEE Press, 2013: 474-478.
[14]	YANG Y , MA M D . Conjunctive keyword search with designated tester and timing enabled proxy Re-encryption function for E-health clouds[J]. IEEE Transactions on Information Forensics and Security, 2016,11(4): 746-759.
[15]	MIAO Y B , MA J F , LIU X M ,et al. VMKDO:Verifiable multi-keyword search over encrypted cloud data for dynamic data-owner[J]. Peer-to-Peer Networking and Applications, 2018,11(2): 287-297.
[16]	WANG G J , YUE F S , LIU Q . A secure self-destructing scheme for electronic data[J]. Journal of Computer and System Sciences, 2013,79(2): 279-290.
[17]	GUO Y , ZHANG C , JIA X H . Verifiable and forward-secure encrypted search using blockchain techniques[C]// IEEE International Conference on Communications. Piscataway:IEEE Press, 2020: 1321-1329.
[18]	BASERI Y , HAFID A , CHERKAOUI S . Privacy preserving fine-grained location-based access control for mobile cloud[J]. Computers ＆ Security, 2018,73: 249-265.
[19]	MIAO Y B , MA J F , LIU X M ,et al. Lightweight fine-grained search over encrypted data in fog computing[J]. IEEE Transactions on Services Computing, 2019,12(5): 772-785.

符号	描述
F₀	首次外包的文件集
F_i	第i次插入的文件集
F_i={F_i1,…,F_in}	包含n个文件的外包文件集F_i
FID_i={FID_i1,…,FID_in}	文件名称集FID_i
C_i={C_i1,…,C_in}	文件集F_i对应的密文集合
Sig _i={sig _i1,…,sig _in}	数据拥有者对文件F_i的签名集
I_i={I_i1,…,I_in}	加密文件的索引集
θ	数据拥有者的哈希密钥

算法	文献[13]方案	文献[14]方案	文献[15]方案	本文所提方案
KeyGen	4E	3E	2E	2E
Enc	(2m+1)nE+mnP	(m+5)nE+2nP	(mn+5 n+2n)E+n H₁+3P	(mn+5 n+2n)E+n H₁+2P
Trapdoor	(2l+2)E+H₁	(l+3)E	2E	(l+3)E
Search	(l+1)E+H₁+lP	(l+4)E+(l+2)P	2P+3E+lM	2P+2E+lM
Verify	?	?	(d+1)E+dH₁+2P	(d+1)E+dH₁+2P
security	yes	yes	no	yes
search model	leak	leak	leak	anonymity
forward security	no	no	no	yes

云环境下安全的可验证多关键词搜索加密方案

Secure and verifiable multi-keyword searchable encryption scheme in cloud

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 19

相关文章 15

Metrics

推荐阅读 0

[1]	马玲, 樊漆亮, 许婷, 郭冠琛, 张圣林, 孙永谦, 张玉志. 基于强化学习的在线离线混部云环境下的调度框架[J]. 通信学报, 2023, 44(6): 90-102.
[2]	王化群, 刘哲, 何德彪, 李继国. 公有云中身份基多源IoT终端数据PDP方案[J]. 通信学报, 2021, 42(7): 52-60.
[3]	李瑞琪, 贾春福, 王雅飞. 基于NTRU的多密钥同态代理重加密方案及其应用[J]. 通信学报, 2021, 42(3): 11-22.
[4]	张嘉伟, 马建峰, 马卓, 李腾. 云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案[J]. 通信学报, 2021, 42(10): 81-94.
[5]	王文娟, 杜学绘, 单棣斌. 基于动态概率攻击图的云环境攻击场景构建方法[J]. 通信学报, 2021, 42(1): 1-17.
[6]	田有亮,骆琴. 基于改进Merkle-Tree认证方法的可验证多关键词搜索方案[J]. 通信学报, 2020, 41(9): 118-129.
[7]	王娜,郑坤,付俊松,李剑. 基于分块的移动边缘计算密文检索方法[J]. 通信学报, 2020, 41(7): 95-102.
[8]	赵临东,庄文芹,陈建新,周亮. 异构蜂窝网络中分层任务卸载：建模与优化[J]. 通信学报, 2020, 41(4): 34-44.
[9]	梁冰,纪雯. 基于次模优化的边云协同多用户计算任务迁移方法[J]. 通信学报, 2020, 41(10): 25-36.
[10]	苏命峰,王国军,李仁发. 基于利益相关视角的多维QoS云资源调度方法[J]. 通信学报, 2019, 40(6): 102-115.
[11]	陈兴蜀,滑强,王毅桐,葛龙,朱毅. 云环境下SDN网络低速率DDoS攻击的研究[J]. 通信学报, 2019, 40(6): 210-222.
[12]	王万良, 臧泽林, 陈国棋, 屠杭垚, 王宇乐, 陆琳彦. 大规模云计算服务器优化调度问题的最优二元交换算法研究[J]. 通信学报, 2019, 40(5): 180-191.
[13]	王田,沈雪微,罗皓,陈柏生,王国军,贾维嘉. 基于雾计算的可信传感云研究进展[J]. 通信学报, 2019, 40(3): 170-181.
[14]	何欣枫,田俊峰,刘凡鸣. 可信云平台技术综述[J]. 通信学报, 2019, 40(2): 154-163.
[15]	朱智强,林韧昊,胡翠云. 基于数字证书的openstack身份认证协议[J]. 通信学报, 2019, 40(2): 188-196.