面向物联网搜索的数据隐私保护研究综述

doi:10.11959/j.issn.1000-436x.2016186

摘要/Abstract

摘要：

随着物联网和云计算、大数据技术的飞速发展和广泛应用，迫切需要实时、快速、精准地搜索现实世界中物理实体等相关信息，使物联网搜索引擎应运而生。然而，由于物联网搜索引擎的开放性，使在互联网搜索领域就已经存在的数据隐私问题变得更加突出。阐述了物联网搜索隐私保护的研究背景和挑战，提出了面向物联网搜索的数据隐私保护框架及相关技术。综述了近年来提出的、适用于物联网搜索的数据隐私保护技术的研究背景、最新研究进展以及主要研究方向，最后，指出了一些重要研究方向，为未来研究工作指明方向。

关键词: 物联网搜索, 隐私保护, 属性加密, 密文搜索, 隐藏随机访问模式

Abstract:

With the rapid development of the internet of things(IoT) technology and big data technology,the search engine for internet of things become a hot research topic.However,because of the openness of the search of IoT,the privacy in traditional internet search area become more prominent and face more challenges.Firstly,the research background and challenges of privacy preservation for search of IoT were described.Secondly,the framework of data privacy preservation for search of IoT were presented and several main research domain in this framework were described.Thirdly,several privacy preservation technology appropriated for search of IoT were described in detail,including the background,recent research work,main research directions.Finally,the current problems and important research field for future were presented.

Key words: search for internet of things, privacy preservation, attribute based encryption, searchable encryption

王佳慧,刘川意,方滨兴. 面向物联网搜索的数据隐私保护研究综述[J]. 通信学报, 2016, 37(9): 142-153.

Jia-hui WANG,Chuan-yi LIU,Bin-xing FANG. Survey on data preserving for the search of internet of things[J]. Journal on Communications, 2016, 37(9): 142-153.

图/表 7

图1

图2

图3

图4

图5

图6

图7

参考文献 96

[1]	ATZORI L , IERA A , MORABITO G . The internet of things:a survey[J]. Computer Networks, 2010,54(15): 2787-2805.
[2]	OSTERMAIER B , ROMER K,MATTERN , et al . A real-time search engine for the web of things[C]// Internet of Things. Tokyo,Japan, 2010: 1-8.
[3]	BODENHEIM R , BUTTS J , DUNLAP S . Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices[J]. International Journal of Critical Infrastructure Protection, 2014,7(2): 114-123.
[4]	PINKAS B , REINMAN T . Oblivious RAM revisited[C]// International Cryptology Conference. California,USA, 2010: 502-519.
[5]	SONG X D , WAGNER D , PERRIG A . Practical techniques for searches on encrypted data[C]// The IEEE Symposium on Security and Privacy. California,USA, 2000: 44-55.
[6]	GOH E . Secure indexes[R]. IACR ePrint Cryptography Archive, 2003. .
[7]	CHANG Y , MITZENMACHER M . Privacy preserving keyword searches on remote encrypted data[C]// The Applied Cryptography and Network Security. New York,USA, 2005: 442-455.
[8]	CURTMOLA R , GARAY J , KAMARA S ,et al. Searchable symmetric encryption:Improved definitions and efficient constructions[C]// The 13th ACM Conference on Computer and Communications Security (CCS 2006). New York,USA, 2006: 79-88.
[9]	BONEH D , CRESCENZO G D , OSTROVSKY R . Public key encryption with keyword search[C]// EUROCRYP’04. Interlaken,Switzerland, 2004: 71-82.
[10]	ABDALLA M , BELLARE M , CATALANO D . Searchable encryption revisited:consistency properties,relation to anonymous IBE,and extensions[C]// CRYPTO’05. California,USA, 2005: 350-391.
[11]	BAEK J,SAFAVI-NAINI R , SUSILO W . Public key encryption with keyword search revisited[C]// The International Conference on Computational Science and Applications (ICCSA 2008). Perugia,Italy, 2008: 1249-1259.
[12]	RHEE H S , PARK J H , SUSILO W ,et al. Improved searchable public key encryption with designated tester[C]// Symposium on Information,Computer and Communications Security(ASIACCS 2009). New York,USA, 2009: 376-379.
[13]	FANG L , SUSILO W , GE C ,et al. A secure channel free public key encryption with keyword search scheme without random oracle[C]// The Cryptology and Network Security (CANS 2009). Ishikawa,Japan, 2009: 248-258.
[14]	KERSCHBAUM F , SORNIOTTI A . Searchable encryption for outsourced data analytics[C]// The 7th European Conference on Public Key Infrastructures,Services and Applications (EuroPKI'10). Athens,Greece, 2010: 61-76.
[15]	CAO N , WANG C , REN K . Privacy-preserving multi-keyword ranked search over encrypted cloud data[C]// IEEE INFOCOM. Shanghai,China, 2011: 222-233.
[16]	SUN W , WANG B , CAO N . Verifiable privacy-preserving multi-keyword text search in the cloud supporting similarity-based ranking[C]// ACM ASIACCS. Hangzhou,China, 2013: 3025-3035.
[17]	CHUAH M , HU W . Privacy-aware bedtree based solution for fuzzy multi-keyword search over encrypted data[C]// International Conference on Distributed Computing Systems Workshops. Minnesota,USA, 2011: 273-281.
[18]	WANG B , YU S , LOU W . Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud[C]// IEEE INFOCOM. Toronto,Canada, 2014: 2112-2120.
[19]	MASHAURI D , LI R , HAN H . Adaptive multi-keyword ranked search over encrypted cloud data[C]// International Conference,Collaborate Computing 2015. Wuhan,China, 2015: 829-837.
[20]	SUN X , WANG X , XIA Z . Dynamic multi-keyword top-k ranked search over encrypted cloud data[J]. International Journal of Security and its Applications, 2014,8(1): 319-332.
[21]	BONEH D , WATERS B . Conjunctive,subset,and range queries on encrypted data[C]// Proceedings of TCC. New South Wales,Australia, 2007: 535-554.
[22]	SUN W , WANG B , CAO N . Verifiable privacy-preserving multi-keyword text search in the cloud supporting similarity-based ranking[J]. IEEE Transactions on Parallel and Distributed Systems, 2014,25(11): 3025-3035.
[23]	LI J , WANG Q , WANG C . Fuzzy keyword search over encrypted data in cloud computing[C]// IEEE INFOCOM. CA,USA, 2010: 1-5.
[24]	MARK G , BROST G . K-word proximity search on encrypted data[C]// The 30th International Conference on Advanced Information Networking and Applications Workshops. Crans-Montana,Switzerland, 2016: 365-372.
[25]	WANG C , CAO N , REN K . Enabling secure and efficient ranked keyword search over outsourced cloud data[J]. IEEE Transactions on Parallel and Distributed Systems (TPDS), 2011,23(8): 1467-1749.
[26]	SHI E , BETHENCOURT V , CHAN H . Multi-dimensional range query over encrypted data[C]// IEEE Symposium on Security and Privacy. California,USA, 2007: 350-364.
[27]	KAMARA S , PAPAMANTHOU C . Parallel and dynamic searchable symmetric encryption[C]// Financial Cryptography and Data Security(FC). Okinawa,Japan, 2013: 258-274.
[28]	KAMARA S , PAPAMANTHOU C , ROEDER T . Dynamic searchable symmetric encryption[C]// CCS. Vienna,Austria, 2012: 775-780.
[29]	STEFANOV E , PAPAMANTHOU C , SHI E . Practical dynamic searchable encryption with small leakage[C]// NDSS. California,USA, 2014: 256-272.
[30]	CASH D , JAEGER J , JARECKI S ,et al. Dynamic searchable encryption in very large databases:data structures and implementation[C]// Network and Distributed System Security Symposium (NDSS). California,USA, 2014: 171-182.
[31]	NAVEED M , PRABHAKARAN M , GUNTER C . Dynamic searchable encryption via blind storage[C]// IEEE Symposium on Security and Privacy. CA,USA, 2014: 639-654.
[32]	DI CRESCENZO G , SARASWAT V . Public key encryption with searchable keywords based on Jacobi symbols[C]// INDOCRYPT 2007. Chennai,India, 2007: 282-296.
[33]	LAI X , LU R , FOXTON K . An efficient searchable encryption scheme and its application in network forensics[C]// E-Forensics. Shanghai,China, 2010: 66-78.
[34]	SAHAI A , WATERS B . Fuzzy identity based encryption[C]// EUROCRYPT. Sofia,Bulgaria, 2005: 674-651.
[35]	GOYAL V , PANDEY O , SAHAI A . Attribute-based encryption for fine-grained access control of encrypted data[C]// The 13th ACM Conference on Computer and Communications Security (CCS). VA,USA, 2006: 89-98.
[36]	OSTROVSKY R , SAHAI A , WATERS B . Attribute-based encryption with non-monotonic access structures[C]// 14th ACM Conference on Computer and Communications Security. New York,USA, 2007: 521-527.
[37]	LEWKO A , SANAIS A , WATERS B . Revocation systems with very small private keys[C]// The IEEE Symposium on Security and Privacy (SP). California,USA, 2010: 273-285.
[38]	ATTRAPADUNG N , LIBERT B , PANAFIEU DE . Expressive key policy attribute-based encryption with constant-size ciphertexts[C]// Public Key Cryptography(PKC). Taormina,Italy, 2011: 521-527.
[39]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// The IEEE Symposium on Security and Privacy. California,USA, 2007: 90-108.
[40]	CHEUNG L , NEWPORT C . Provably secure ciphertext policy ABE[C]// The 14th ACM Conference on Computer and Communications Security (CCS). New York,USA, 2007: 321-324.
[41]	GOYAL V , JAIN A , PANDEY O . Bounded ciphertext policy attribute based encryption[C]// International Colloquium on Automata,Languages and Programming(ICALP). Reykjavik,Iceland, 2008: 579-591.
[42]	LIANG X , CAO Z , LIN H ,et al. Provably secure and efficient bounded ciphertext policy attribute based encryption[C]// The 4th International Symposium on ACM Symposium on Information,Computer and Communications Security (ASIACCS). Sydney,Australia, 2009: 343-352.
[43]	IBRAIMI L , TANG Q , HARTEL P . Efficient and provable secure ciphertext-policy attribute-based encryption schemes[C]// Information Security Practice and Experience (ISPEC). Xi'an,China, 2009: 1-12.
[44]	WATERS B , . Ciphertext-policy attribute-based encryption:An expressive,efficient,and provably secure realization[C]// The 14th International Conference on Practice and Theory in Public Key Cryptography. Taormina,Italy, 2011: 53-70.
[45]	LEWKO A , OKAMOTO T , SAHAI A . Fully secure functional encryption:attribute-based encryption and (hierarchical)inner product encryption[C]// EUROCRYPT. Monaco and Nice,French Riviera, 2010: 33-41.
[46]	ZHANG J , ZHANG Z F . A ciphertext policy attribute based encryption scheme without pairings[C]// Information Security and Cryptology (ISC). Beijing,China, 2012: 324-340.
[47]	ATTRAPADUNG N , IMAI H . Dual-policy attribute based encryption[C]// Applied Cryptography and Network Security. Paris-Rocquencourt,France, 2009: 168-185.
[48]	CHASE M , . Multi-authority attribute based encryption[C]// TCC. Amsterdam,The Netherlands, 2007: 333-340.
[49]	BO?OVIC V , SOCEK D , STEINWANDT R . Multiauthority attribute-based encryption with honest-but-curious central authority[J].International Journal of Computer Mathematics, 2012,89(3): 268-283.
[50]	CHASE M , CHOW S . Improving privacy and security in multi-authority attribute-based encryption[C]// The 16th ACM Conference on Computer and Communications Security (CCS). Chicago,USA, 2009: 121-130.
[51]	LEWKO A , WATERS B . Decentralizing attribute-based encryption[C]// EUROCRYPT 2011. Tallinn ,Estonia, 2011: 568-588.
[52]	LIU Z , CAO Z , HUANG Q . Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles[C]// The European Symposium on Research in Computer Security (ESORICS). Leuven,Belgium, 2011: 380-384.
[53]	HAN J , SUSILO W , MU Y . Privacy-preserving decentralized key-policy attribute-based encryption[J]. IEEE Transactions on Parallel and Distributed Systems, 2012,23(11): 2150-2162.
[54]	YU S , WANG C , REN K . Achieving secure,scalable,and fine-grained data access control in cloud computing[C]// IEEE INFOCOM. CA,USA, 2010: 1-9.
[55]	YU SC , REN K , LOU W J . Defending against key abuse attacks in KP-ABE enabled broadcast systems[C]// Security and Privacy in Communication Networks. Athens,Greece, 2009: 56-74.
[56]	WANG Y , CHEN K , LONG Y . Accountable authority key policy attribute-based encryption[J]. Science China:Information Sciences, 2012,55(7): 1631-1638.
[57]	LI J , REN K , KIM K . A2BE:accountable attribute-based encryption for abuse free access control[R]. Cryptology ePrint Archive, 2009.
[58]	LI J , REN K , ZHU B . Privacy-aware attribute based encryption with user accountability[C]// 12th International Conference. Pisa,Italy, 2009.
[59]	LI J , HUANG Q , CHEN X . Multi-authority ciphertext-policy attribute-based encryption with accountability[C]// The 6th International Symposium on Information,Computer and Communications Security (ASIACCS). Hong Kong,China, 2011: 223-228.
[60]	SUN W , YU S , LOU V . Protecting your right:attribute-based keyword with fine-grained owner enforced search authorization in the cloud[C]// IEEE INFOCOM. Toronto,Canada, 2014: 1187-1198.
[61]	HAN F , QIN J , ZHAO H . A general transformation from KP-ABE to searchable encryption[J]. Future Generation Computer Systems, 2014,30: 107-115.
[62]	BOUABANATEBIBEL T , KACI A . Parallel search over encrypted data under attribute based encryption on the cloud computing[J]. Computers & Security, 2015,54(c): 77-91.
[63]	KACI A, T , BOUABANA-TEBIBEL T . Access control reinforcement over searchable encryption[C]// The 15th IEEE International Conference on Information Reuse and Integration. San Francisco,USA, 2014: 130-137.
[64]	ISLAM M , KUZU M , KANTARCIOGLU M . Access pattern disclosure on searchable encryption:ramification,attack and mitigation[C]// Network and Distributed System Security Symposium (NDSS). California,USA, 2012: 56-78.
[65]	ZHUANG X , ZHANG T , PANDE S . HIDE:an infrastructure for efficiently protecting information leakage on the address bus[C]// Proceedings of the 11th ASPLOS. Boston,USA, 2004: 72-84.
[66]	CHOR B , GOLDREICH O , KUSHILEVITZ E . Private information retrieval[C]// IEEE Symposium on Foundations of Computer Science. Milwaukee,USA, 1995: 141-151.
[67]	DAUTRICH J , RAVISHANKAR C . Combining ORAM with PIR to minimize bandwidth costs[C]// CODASPY. TX,USA, 2015: 289-296.
[68]	MAYBERRY T , BLASS E , CHAN A . Efficient private file retrieval by combining ORAM and PIR[C]// NDSS. California,USA, 2014: 123-131.
[69]	GOLDREICH O，OSTROVSKY R . Software protection and simulation on oblivious RAMs[J]. Journal of the ACM (JACM), 1996,43(3): 431-473.
[70]	SHI E , CHAN T H H , STEFANOV E . Oblivious RAM with O((log n)3)worst-case[C]// 17th International Conference on the Theory and Application of Cryptology and Information Security. Seoul,South Korea, 2011: 95-100.
[71]	WILLIAMS P , SION R . Usable PIR[C]// NDSS. CA,USA, 2008: 22-34.
[72]	WILLIAMS P , SION R , CARBUNAR B . Building castles out of mud:practical access pattern privacy and correctness on untrusted storage[C]// CCS. Alexandria,USA, 2008: 139-148.
[73]	BLOOM B . Space/time trade-offs in hash coding with allowable errors[J]. Communications of the ACM, 1970,13(7): 422-426.
[74]	PAGH R , RODLER F F . Cuckoo hashing[J]. Journal of Algorithms, 2004,51(2): 122-144.
[75]	GOODRICH M T , MITZENMACHER M . Mapreduce parallel cuckoo hashing and oblivious ram simulations[J]. Clinical Orthopaedics and Related Research, 2010,1007(1259): 576-587.
[76]	GOODRICH M , MITZENMACHER M . Privacy-preserving access of outsourced data via oblivious RAM simulation[C]// International Colloquium on Automata,Languages and Programming. Zurich,Switzerland, 2011: 576-587.
[77]	KUSHILEVITZ E , LU S , OSTROVSKY R . On the (in) security of hash-based oblivious RAM and a new balancing scheme[C]// The 23th Annual ACM-SIAM symposium on Discrete Algorithms.Philadelphia(SIAM). Kyoto,Japan, 2012: 383-392.
[78]	GOODRICH MT , MITZENMACHER M , OHRIMENKO O . Privacy-preserving group data access via stateless oblivious RAM simulation[C]// The 23th Annual ACM-SIAM Symposium on Discrete Algorithms.Philadelphia(SIAM). Kyoto,Japan, 2012: 151-162
[79]	GOODRICH M T , MITZENMACHER M，OHRIMENKO O . Oblivious RAM simulation with efficient worst-case access overhead[C]// The 3rd ACM Workshop on Cloud Computing Security Workshop(CCSW). Chicago,USA, 2011: 99-108.
[80]	BONEH D , MAZIERES D , POPA R A . Remote oblivious storage：making oblivious RAM practical[R]..
[81]	GENTRY C , GOLDMAN K , HALEVI S . Optimizing ORAM and Using It Efficiently for Secure Computation[C]// PETS. Bloomington,USA, 2013: 1-18.
[82]	STEFANOV E，SHI E , SONG D . Towards practical Oblivious RAM[C]// NDSS. California,USA, 2012: 203-214.
[83]	CHUNG K , LIU Z , PASS R . Statistically-secure ORAM with ? (log2n) overhead[C]// ASIACRYPT. 2014: 62-81.
[84]	MOATAZ T , MAYBERRY T , BLASS EO . Resizable tree-based oblivious RAM[C]// 19th International Conference(FC). San Juan,Puerto Rico, 2015: 147-167.
[85]	CHUNG K M , PASS R . A simple ORAM[EB/OL]. Cryptology ePrint Archive,2013..
[86]	MARC SA . Toward efficient data access privacy in the cloud[J]. Communications Magazine,IEEE, 2013,51(11): 39-45.
[87]	BOYLE E , CHUNG K M PASS R . Oblivious parallel RAM[EB/OL]. Cryptology ePrint Archive,2014..
[88]	MOATAZ T , BLASS E O , NOUBIR G . Recursive trees for practical ORAM[R]. Cryptology ePrint Archive, 2014.
[89]	STEFANOV E , SHI E . ObliviStore:High performance oblivious cloud storage[C]// IEEE Symposium on Security and Privacy. CA,USA, 2013: 253-267.
[90]	DAUTRICH J , STEFANOV E , SHI E . Burst ORAM:minimizing ORAM response times for bursty access patterns[C]// USENIX Security. San Diego,USA, 2014: 58-69.
[91]	REN L , FLETCHER CW KWON A . Ring ORAM:closing the gap between small and large client storage oblivious RAM[EB/OL]. IACR Cryptology ePrint Archive, 2014:997
[92]	WILLIAMS P , SION R . Single round access privacy on outsourced storage[C]// The 2012 ACM conference on Computer and Communications Security. NC,USA, 2012: 293-304.
[93]	ZHANG J , MA Q , ZHANG W . KT-oram:a bandwidth-effcient oram built on k-ary tree of pir nodes[R]. .
[94]	APON D , KATZ J , SHI E . Verifiable oblivious storage[C]// PKC. Buenos Aires,Argentina, 2014: 131-148.
[95]	DEVADAS S , MARTEN VAN D CHRISTOPHER W . Onion ORAM:a constant bandwidth and constant client storage ORAM (without FHE or SWHE)[EB/OL]. Cryptology ePrint Archive, 2015
[96]	MOATAZ T , MAYBERRY T , BLASS E . Constant communication ORAM with small blocksize[C]// ACM Sigsac Conference on Computer and Communications Security. Denver,Colorado,US, 2015: 862-873.