通信学报 ›› 2021, Vol. 42 ›› Issue (4): 139-149.doi: 10.11959/j.issn.1000-436x.2021054

• 学术论文 • 上一篇    下一篇

云环境下安全的可验证多关键词搜索加密方案

张键红1,2, 武梦龙1, 王晶3,4, 刘沛3,4, 姜正涛4, 彭长根2   

  1. 1 北方工业大学信息学院,北京 100144
    2 贵州大学公共大数据国家重点实验室,贵州 贵阳 550025
    3 京东集团财税创新部,北京 100176
    4 中国传媒大学计算机与网络空间安全学院,北京 100024
  • 修回日期:2021-02-22 出版日期:2021-04-25 发布日期:2021-04-01
  • 作者简介:张键红(1975- ),男,河北石家庄人,博士,北方工业大学教授,主要研究方向为密码学、云安全、物联网安全。
    武梦龙(1972- ),男,山西太原人,博士,北方工业大学副教授,主要研究方向为无线通信、信息安全、信号处理技术等。
    王晶(1988- ),男,山东烟台人,京东集团财税创新部工程师,主要研究方向为计算机软件、网络安全、电子商务等。
    刘沛(1982- ),男,北京人,京东集团财税创新部工程师,主要研究方向为国家税收治理、区块链、税务数智化转型、财税安全管理。
    姜正涛(1976- ),男,山东青岛人,博士,中国传媒大学副教授,主要研究方向为密码学、信息安全、物联网安全等。
    彭长根(1963- ),男,贵州锦屏人,博士,贵州大学教授,主要研究方向为密码学、信息安全、物联网安全等。
  • 基金资助:
    北京市自然科学基金资助项目(4212019);北京市自然科学基金资助项目(L182039);广西密码学与信息安全重点实验室研究课题基金资助项目(GCIS201808);贵州省公共大数据重点实验室开放课题基金资助项目(2019BDKFJJ012);国家重点研发计划基金资助项目(2018YFB0803900)

Secure and verifiable multi-keyword searchable encryption scheme in cloud

Jianhong ZHANG1,2, Menglong WU1, Jing WANG3,4, Pei LIU3,4, Zhengtao JIANG4, Changgen PENG2   

  1. 1 School of Information Sciences and Technology, North China University of Technology, Beijing 100144, China
    2 Guizhou Provincial Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China
    3 Finance and Tax Innovation Department of JD Group, Beijing 100176, China
    4 School of Computer and Cyber Sciences, Communication University of China, Beijing 100024, China
  • Revised:2021-02-22 Online:2021-04-25 Published:2021-04-01
  • Supported by:
    The Natural Science Foundation of Beijing(4212019);The Natural Science Foundation of Beijing(L182039);Guangxi Key Laboratory of Crypto-graphy and Information Security(GCIS201808);Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2019BDKFJJ012);The National Key Research and Development Program of China(2018YFB0803900)

摘要:

云计算的高虚拟化与高可扩展性等优势,使个人和企业愿意外包加密数据到云端服务器。然而,加密后的外包数据破坏了数据间的关联性。尽管能够利用可搜索加密(SE)进行加密数据的文件检索,但不可信云服务器可能篡改、删除外包数据或利用已有搜索陷门来获取新插入文件相关信息。此外,现有单关键词搜索由于限制条件较少,导致搜索精度差,造成带宽和计算资源的浪费。为了解决以上问题,提出一种高效的、可验证的多关键词搜索加密方案。所提方案不仅能够支持多关键词搜索,也能实现搜索模式的隐私性和文件的前向安全性。此外,还能实现外包数据的完整性验证。通过严格的安全证明,所提方案在标准模型下被证明是安全的,能够抵抗不可信云服务器的离线关键词猜测攻击(KGA)。最后,通过与最近 3 种方案进行效率和性能比较,实验结果表明所提方案在功能和效率方面具有较好的综合性能。

关键词: 云计算, q-ABDHE安全假设, 多关键词搜索, 安全证明

Abstract:

Due to the advantages of cloud computing, such as virtualization and high scalability, individuals and enterprises are willing to outsource local data storage and computing to cloud servers.However, encryption breaks the linkability between the data.Although searchable encryption (SE) enables cloud servers to provide retrieval services of the encrypted data for data owners, cloud servers who are untrusted, may tamper and delete data, or learn information of the newly added encrypted files with previous trapdoors.Besides, single-keyword search inevitably incurs many unrelated results, resulting in a waste of bandwidth and computing resources.To address the problems above, an efficient and verifiable multi-keyword search encryption scheme was proposed, which could not only supported multiple-keyword search, but also realized the privacy of search pattern and forward security of the outsourced files.In the meanwhile, it also ensured the integrity check of the outsourced data.Through rigorous security verification, the proposed scheme was proved to be secure under the standard mode, and could resist offline keyword guesswork attack (KGA) on untrusted cloud servers.Finally, by comparing the efficiency and performance with the recent three searchable encryption schemes, the experimental results show that the proposed scheme has the best comprehensive performance in terms of function and efficiency among the four schemes.

Key words: cloud computing, q-ABDHE security assumption, multi-keyword search, security proof

中图分类号: 

No Suggested Reading articles found!