云环境下基于属性策略隐藏的可搜索加密方案

doi:10.11959/j.issn.2096-109x.2022019

Abstract

Abstract:

Attribute-based searchable encryption technology can achieve fine-grained access control of data, but the existing searchable encryption scheme, keyword search, access control and file encryption are basically performed separately, causing the attacker to directly skip the access policy for keyword index matching and file decryption.Besides, the data owners in the existing schemes need to pass the key of the encrypted file to the user in a secure channel, which increases the cost of the data owner.Furthermore, most tree-based access control policies are open and easy to cause privacy leakage.Therefore, based on the LSSS (linear secret sharing schemes) access architecture, the searchable encryption scheme based on attribute policy hiding in a cloud environment was proposed.Through the embedding of policy secret values into keyword encryption and file storage encryption, the combination of access control, keyword search and file encryption were realized.The aggregate key technology enables users to decrypt files without interacting with the data owner, reducing the burden of key management and increasing storage space by approximately 30%.The experimental results and security analysis show that the proposed scheme guarantees the security of stored data, privacy of access strategy and non-connectivity of trap gate.Compared with the existing mainstream scheme, the retrieval efficiency of the proposed scheme has improved to more than 20%.

Key words: searchable encryption, attribute-based encryption, policy hiding, aggregation key

CLC Number:

TP309

Yihua ZHOU, Xinyu HU, Meiqi LI, Yuguang YANG. Searchable encryption scheme based on attribute policy hiding in a cloud environment[J]. Chinese Journal of Network and Information Security, 2022, 8(2): 112-121.

Figures/Tables 7

符号	说明
γ	系统公共参数
Z_p	一个有限域，其中 p是一个大的素整数
G ,G_T	素数阶 p的两个循环群
PP	系统公共参数
MSK	系统主密钥
H₁,H₂	哈希函数
k	用户密钥，解密存储地址密文
k₁	用户密钥，加密关键字
$D_{x_{1}}, D_{x_{2}}$	用户属性密钥
T	用户生成关键字查询密文
F_i	文件明文
D_i	文件密文
$Y_{0, i}, Y_{1, i}$	文件密钥，用户解密文件密文
C₂	文件存储地址密文
$C_{4, j}, {C^{'}}_{4, j}$	数据拥有者属性密钥
C_w	数据拥有者生成关键字索引密文
Z	部分解密密钥，解密存储地址Add和文件F

方案	Setup	KeyGen	Encrypt	Trapdoor
文献[11]方案	$5 \| G \| + \| G_{T} \| + 5 \| Z_{P} \|$	$(2 \| S \| + 2) \| G \|$	$(2 \| X \| + 2 W + 1) \| G \|$	$(2 \| S \| + 3 + L) \| G \|$
文献[12]方案	$3 \| G \| + \| G_{T} \| + 3 \| Z_{P} \|$	$(2 \| S \| + 3) \| G \|$	$2 \| G_{T} \| + (2 \| X \| + 2 W + 1) \| G \|$	$(L + 2 \| S \|) \| G \|$
文献[13]方案	$4 \| G \| + 2 \| Z_{P} \|$	$(\| S \| + 5) \| G \|$	$\| G_{T} \| + (\| X \| + W + 4) \| G \|$	$(\| S \|) \| G \| + (L + 1) \| G_{T} \|$
文献[8]方案	$(4 + \| N \|) \| G \| + (1 + \| N \|) \| Z_{P} \|$	$(2 \| S \| + 3) \| G \|$	$\| G_{T} \| + (3 \| X \| + W + 3) \| G \|$	$(\| S \| + 3 + 2 L) \| G \|$
本文方案	$4 \| G \| + \| G_{T} \| + 3 \| Z_{P} \|$	$(2 \| S \| + 2) \| G \|$	$\| G_{T} \| + (2 \| X \| + 2 W + 1) \| G \|$	$(L + 2 \| S \|) \| G \|$

References 13

[14]	YAN X X , NI H , LIU Y ,et al. Privacy-preserving multi-authority attribute-based encryption with dynamic policy updating in PHR[J]. Computer Science and Information Systems, 2019,13(6): 831-847.
[15]	WATERS B . Ciphertext-policy attribute-based encryption:an expressive,efficient,and provably secure realization[J]. Lecture Notes in Computer Science, 2011,(6571): 53-70.
[16]	BONEH D , FRANKLIN M . Identity-based encryption from the weil pairing[J]. Lecture Notes in Computer Science, 2001,(2139): 213-229.
[17]	ZHANG W , ZHANG Z S , XIONG H ,et al. PHAS-HEKR-CP-ABE:partially policy-hidden CP-ABE with highly efficient key revocation in cloud data sharing system[J]. Journal of Ambient Intelligence and Humanized Computing, 2021(4): 1-15.
[18]	MA M M , LUO M , FAN S Q ,et al. An efficient pairing-free certicateless searchable public key encryption for cloud-based IIoT[J]. Wireless Communications and Mobile Computing, 2020: 1-11.
[19]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine grained access control of encrypted data[C]// Proceedings of the 13th ACM Conference on Computer and Communication Security, 2006: 89-98.
[1]	SONG D , WAGNER D , PERRIG A . Practical techniques for searches on encrypted data[C]// Proceeding 2000 IEEE Symposium on Security and Privacy. 2000: 44-55.
[2]	LIU Z Y , XU C G , YAO Z G . Forward secure searchable encryption with conjunctive-keyword supporting multi-user[C]// 3rd International Conference on Security and Privacy in New Computing Environments. 2021: 423-440.
[3]	GE X R , YU J , HU C ,et al. Enabling efficient verifiable fuzzy keyword search over encrypted data in cloud computing[J]. IEEE Access, 2018(6): 45725-45739.
[4]	LIN W Y , CUI H L , LI B C ,et al. Privacy-preserving similarity search with efficient updates in distributed key-value stores[J]. IEEE Transactions on Parallel and Distributed Systems, 2021,32(5): 1072-1084.
[5]	AHMED MA , RAMACHANDRAM S , KHAN KUR . Conjunctive keyword forward secure ranked dynamic searchable encryption over outsourced encrypted data[C]// 8th International Symposium on Security in Computing and Communications (SSCC 2020). 2020: 197-212.
[6]	ZHANG Y , LI Y , WANG Y F . Efficient searchable symmetric encryption supporting dynamic multikeyword ranked search[J]. Security and Communication Networks, 2020.
[7]	高诗尧, 陈燕俐, 许玉岚 . 云环境下基于属性的多关键字可搜索加密方案[J]. 计算机科学, 2021,9(6): 1-15.
	GAO S Y , CHEN Y L , XU Y L . Property-based multi-keyword searchable encryption schemes in a cloud environment[J]. Computer Science, 2021,9(6): 1-15.
[8]	LIU X Y , LU T T , HE X M ,et al. Verifiable attribute-based keyword search over encrypted cloud data supporting data deduplication[J]. IEEE Access, 2020(8): 52062-52074.
[9]	张玉磊, 刘文静, 刘祥震 ,等. 基于授权的多服务器可搜索密文策略属性基加密方案[J]. 电子与信息学报, 2019,41(8): 1808-1814.
	ZHANG Y L , LIU W J , LIU X Z ,et al. Authorization-based mul-ti-server can search for a cipheric policy attribute-based encryption scheme[J]. Journal of Electronics and Informatics, 2019,41(8): 1808-1814.
[10]	SONG X Y , ZHOU Z , DUAN W J ,et al. Attribute-based searchable encryption scheme with fuzzy keywords[J]// Computer Science, 2021: 44-61.
[11]	牛淑芬, 谢亚亚, 杨平平 ,等. 区块链上基于云辅助的属性基可搜索加密方案[J]. 计算机研究与发展, 2021,58(4): 811-821.
	NIU S F , XIE Y Y , YANG P P ,et al. Cloud-based attribute bases on the blockchain are searchable for encryption schemes[J]. Computer Research and Development, 2021,58(4): 811-821.
[12]	MIAO Y B , MA J F , LIU X M ,et al. Attribute-based keyword search over hierarchical data in cloud computing[J]. IEEE Transactions on Services Computing, 2020,13(6): 985-998.
[13]	WU A , ZHENG D , ZHANG Y ,et al. Hidden policy attribute-based data sharing with direct revocation and keyword search in cloud computing[J]. Sensors, 2018,18(7).

Metrics

Recommended 0

No Suggested Reading articles found!

方案	访问策略	可搜索加密	策略隐藏	文件解密
文献[11]	“AND”门	√	×	对称密钥
文献[12]	访问树	√	×	对称密钥
文献[13]	“AND”门	√	√	对称密钥
方案[8]	LSSS	√	√	对称密钥
本文方案	LSSS	√	√	聚合密钥
注：“×”表示不具有特定功能或未使用某种技术;“√”表示满足。

方案	Setup	KeyGen	Encrypt	Trapdoor
文献[11]方案	$5 \| G \| + \| G_{T} \| + 5 \| Z_{P} \|$	$(2 \| S \| + 2) \| G \|$	$(2 \| X \| + 2 W + 1) \| G \|$	$(2 \| S \| + 3 + L) \| G \|$
文献[12]方案	$3 \| G \| + \| G_{T} \| + 3 \| Z_{P} \|$	$(2 \| S \| + 3) \| G \|$	$2 \| G_{T} \| + (2 \| X \| + 2 W + 1) \| G \|$	$(L + 2 \| S \|) \| G \|$
文献[13]方案	$4 \| G \| + 2 \| Z_{P} \|$	$(\| S \| + 5) \| G \|$	$\| G_{T} \| + (\| X \| + W + 4) \| G \|$	$(\| S \|) \| G \| + (L + 1) \| G_{T} \|$
文献[8]方案	$(4 + \| N \|) \| G \| + (1 + \| N \|) \| Z_{P} \|$	$(2 \| S \| + 3) \| G \|$	$\| G_{T} \| + (3 \| X \| + W + 3) \| G \|$	$(\| S \| + 3 + 2 L) \| G \|$
本文方案	$4 \| G \| + \| G_{T} \| + 3 \| Z_{P} \|$	$(2 \| S \| + 2) \| G \|$	$\| G_{T} \| + (2 \| X \| + 2 W + 1) \| G \|$	$(L + 2 \| S \|) \| G \|$

Searchable encryption scheme based on attribute policy hiding in a cloud environment

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 13

Related Articles 14

Metrics

Recommended 0

[1]	Chenghao YUAN, Yong LI, Shuang REN. Dynamic multi-keyword searchable encryption scheme [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 143-153.
[2]	Fuyuan SONG, Zheng QIN, Jixin ZHANG, Yu LIU. Efficient and secure multi-user outsourced image retrieval scheme with access control [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 29-39.
[3]	Ying WU,Xuan LI,Biao JIN,Rongrong JIN. Survey on the privacy-preserving content based image retrieval [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 14-28.
[4]	Yan ZHANG,Jinfan WANG,Zhuyun QI,Rongwei YANG,Yi WANG. Decentralized searchable encryption scheme based on dynamic accumulator [J]. Chinese Journal of Network and Information Security, 2019, 5(2): 23-29.
[5]	Xinglan ZHANG,Yao CUI. Attribute-based encryption schema with group signatures [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 15-21.
[6]	Suqing LIN. Verifiable outsourced attribute-based encryption with access update [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 37-49.
[7]	Ying LI, Chunguang MA. Overview of searchable encryption research [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 13-21.
[8]	Yuanhao WANG,Hongbo LI,Yuzhao CUI,Qingwen GUO,Qiong HUANG. Survey on public key encryption with equality test [J]. Chinese Journal of Network and Information Security, 2018, 4(11): 13-22.
[9]	Yang LI,Jiang-hua LIU,Wei WU. Group-oriented ciphertext-policy attribute-based encryption with expressive access policy [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 54-61.
[10]	Zhi-qiang ZHU,Hang SU,Lei SUN,Zuo-hui LI. Research on attribute-based encryption with keyword search for cloud storage [J]. Chinese Journal of Network and Information Security, 2017, 3(11): 1-11.
[11]	Tao FENG,Xiao-yu YIN. Research on privacy preserving mechanism of attribute-based encryption cloud storage [J]. Chinese Journal of Network and Information Security, 2016, 2(7): 8-17.
[12]	Su-qing LIN. Outsourced attribute-based encryption with policy update [J]. Chinese Journal of Network and Information Security, 2016, 2(5): 39-49.
[13]	Liang-xuan ZHANG,Hui LI. Multi-authority attribute-based encryption with efficient user revocation in cloud computing [J]. Chinese Journal of Network and Information Security, 2016, 2(2): 62-74.
[14]	Peng XU,Hai JIN. Research on the searchable encryption [J]. Chinese Journal of Network and Information Security, 2016, 2(10): 8-16.