边缘计算模式下密文搜索与共享技术研究

doi:10.11959/j.issn.1000-436x.2022039

摘要/Abstract

摘要：

针对边缘计算数据安全问题，提出一种密文搜索与共享方案，在不改变边缘计算架构的和云计算架构的情况下，借助上述边缘计算诸多优势实现用户隐私数据保护，利用边缘节点构建加密倒排索引，在边缘节点和云计算平台之间安全地分享索引和密钥，实现密文搜索、数据安全共享及索引动态更新等功能。最后，与现有方案相比，对性能和安全性进行分析讨论，表明所提方案在密文搜索攻击模型下具有可证明的高安全强度，基于加密倒排索引兼顾了密文搜索效率和文档动态更新功能。

关键词: 边缘计算, 隐私保护, 密文搜索, 安全共享

Abstract:

Aiming at the problem of edge computing data security, a ciphertext search and sharing solution was proposed, where the above-mentioned edge computing advantages were used to achieve user privacy data protection, edge nodes were used to construct encrypted inverted indexes, indexes and keys between edge nodes and cloud computing platforms were securely shared, and ciphertext search, secure data sharing, and dynamic index update were realized without changing the edge computing architecture and cloud computing architecture.Finally, compared to existing schemes, performance and security were analyzed and discussed, which proves that the proposed scheme has high security strength under ciphertext search attack model, and the ciphertext search efficiency and document dynamic update function are taken into account based on encrypted inverted index.

Key words: edge computing, privacy protection, ciphertext search, secure sharing

中图分类号:

TP302

王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238.

Jifeng WANG, Guofeng WANG. Research on ciphertext search and sharing technology in edge computing mode[J]. Journal on Communications, 2022, 43(4): 227-238.

图/表 8

图1

图2

图3

图4

图5

图6

图7

表1

参考文献 47

[1]	RGHIOUI A . Internet of things:visions,technologies,and areas of application[J]. Automation,Control and Intelligent Systems, 2017,5(6): 83.
[2]	智研咨询. 2020 年全球及中国物联网产业发展现状及未来发展趋势分析[R]. 2021.
	Zhiyan. 2020 global and Chinese Internet of things industry development status and future development trend analysis[R]. 2021.
[3]	西南证券. 2021年物联网产业链全梳理[R]. 2021.
	Southwest Securities. 2021 review on the IoT industry chain[R]. 2021.
[4]	头豹. 2021 年中国物联网指数系列报告一:物联网概览-万物互联路在何方[R]. 2021.
	Leadleo. 2021 China Internet of things index series report 1:overview of the Internet of things - where is the Internet of everything road[R]. 2021.
[5]	GSMA智库. 2021中国移动经济发展报告[R]. 2021.
	GSMA Intelligence. Report on 2021 China mobile economic development[R]. 2021.
[6]	GRAY J . Distributed computing economics[J]. Queue, 2008,6(3): 63-68.
[7]	赵梓铭, 刘芳, 蔡志平 ,等. 边缘计算:平台、应用与挑战[J]. 计算机研究与发展, 2018,55(2): 327-337.
	ZHAO Z M , LIU F , CAI Z P ,et al. Edge computing:platforms,applications and challenges[J]. Journal of Computer Research and Development, 2018,55(2): 327-337.
[8]	李林哲, 周佩雷, 程鹏 ,等. 边缘计算的架构、挑战与应用[J]. 大数据, 2019,5(2): 3-16.
	LI L Z , ZHOU P L , CHENG P ,et al. Architecture,challenges and applications of edge computing[J]. Big Data Research, 2019,5(2): 3-16.
[9]	施巍松, 孙辉, 曹杰 ,等. 边缘计算:万物互联时代新型计算模型[J]. 计算机研究与发展, 2017,54(5): 907-924.
	SHI W S , SUN H , CAO J ,et al. Edge computing:an emerging computing model for the Internet of everything era[J]. Journal of Computer Research and Development, 2017,54(5): 907-924.
[10]	HE W , AKHAWE D , JAIN S ,et al. ShadowCrypt:encrypted web applications for everyone[C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2014: 1028-1039.
[11]	POPA R A , STARK E , HELFER J ,et al. Building Web applications on top of encrypted data using Mylar[J]. IACR Cryptology EPrint Archive,2016, 2016:893.
[12]	方晨, 郭渊博, 王一丰 ,等. 基于区块链和联邦学习的边缘计算隐私保护方法[J]. 通信学报, 2021,42(11): 28-40.
	FANG C , GUO Y B , WANG Y F ,et al. Edge computing privacy protection method based on blockchain and federated learning[J]. Journal on Communications, 2021,42(11): 28-40.
[13]	巫光福, 王影军 . 基于区块链与云-边缘计算混合架构的车联网数据安全存储与共享方案[J]. 计算机应用, 2021,41(10): 2885-2892.
	WU G F , WANG Y J . Secure storage and sharing scheme of Internet of vehicles data based on hybrid architecture of blockchain and cloud-edge computing[J]. Journal of Computer Applications, 2021,41(10): 2885-2892.
[14]	KUMARI K A , SHARMA A , CHAKRABORTY C ,et al. Preserving health care data security and privacy using Carmichael’s theorem-based homomorphic encryption and modified enhanced homomorphic encryption schemes in edge computing systems[J]. Big Data, 2022,10(1): 1-17.
[15]	LU R X , HEUNG K , LASHKARI A H ,et al. A lightweight privacy-preserving data aggregation scheme for fog computing-enhanced IoT[J]. IEEE Access, 2017,5: 3302-3312.
[16]	WANG H Q , WANG Z W , DOMINGO-FERRER J , . Anonymous and secure aggregation scheme in fog-based public cloud computing[J]. Future Generation Computer Systems, 2018,78: 712-719.
[17]	GUAN Z T , ZHANG Y , WU L F ,et al. APPA:an anonymous and privacy preserving data aggregation scheme for fog-enhanced IoT[J]. Journal of Network and Computer Applications, 2019,125: 82-92.
[18]	ZHANG R , ZHANG Y C , SUN J Y ,et al. Fine-grained private matching for proximity-based mobile social networking[C]// 2012 Proceedings IEEE INFOCOM. Piscataway:IEEE Press, 2012: 1969-1977.
[19]	LIANG X H , LI X , ZHANG K ,et al. Fully anonymous profile matching in mobile social networks[J]. IEEE Journal on Selected Areas in Communications, 2013,31(9): 641-655.
[20]	LYU L J , NANDAKUMAR K , RUBINSTEIN B ,et al. PPFA:privacy preserving fog-enabled aggregation in smart grid[J]. IEEE Transactions on Industrial Informatics, 2018,14(8): 3733-3744.
[21]	YAO A C , . Protocols for secure computations[C]// Proceedings of the 23rd Annual Symposium on Foundations of Computer Science (SFCS 1982). Piscataway:IEEE Press, 1982: 160-164.
[22]	周俊, 沈华杰, 林中允 ,等. 边缘计算隐私保护研究进展[J]. 计算机研究与发展, 2020,57(10): 2027-2051.
	ZHOU J , SHEN H J , LIN Z Y ,et al. Research advances on privacy preserving in edge computing[J]. Journal of Computer Research and Development, 2020,57(10): 2027-2051.
[23]	SADEGHI A R , SCHNEIDER T , WEHRENBERG I . Efficient privacy-preserving face recognition[C]// International Conference on Information Security and Cryptology. Berlin:Springer, 2009: 229-244.
[24]	BRICKELL J , PORTER D E , SHMATIKOV V ,et al. Privacy-preserving remote diagnostics[C]// Proceedings of the 14th ACM conference on Computer and communications security - CCS’07. New York:ACM Press, 2007: 498-507.
[25]	DAMG?RD I , FITZI M , KILTZ E ,et al. Unconditionally secure constant-rounds multi-party computation for equality,comparison,bits and exponentiation[C]// Theory of Cryptography. Berlin:Springer, 2006: 285-304.
[26]	NISHIDE T , OHTA K . Multiparty computation for interval,equality,and comparison without bit-decomposition protocol[C]// International Workshop on Public Key Cryptography. Berlin:Springer, 2007: 343-360.
[27]	DINUR I , KELLER N , KLEIN O . An optimal distributed discrete log protocol with applications to homomorphic secret sharing[C]// Advances in Cryptology – CRYPTO 2018. Berlin:Springer, 2018: 824-873.
[28]	SONG D X , WAGNER D , PERRIG A . Practical techniques for searches on encrypted data[C]// Proceedings of 2000 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2000: 44-55.
[29]	CURTMOLA R , GARAY J , KAMARA S ,et al. Searchable symmetric encryption:improved definitions and efficient constructions[J]. Journal of Computer Security, 2011,19(5): 895-934.
[30]	王娜, 郑坤, 付俊松 ,等. 基于分块的移动边缘计算密文检索方法[J]. 通信学报, 2020,41(7): 95-102.
	WANG N , ZHENG K , FU J S ,et al. Method of ciphertext retrieval in mobile edge computing based on block segmentation[J]. Journal on Communications, 2020,41(7): 95-102.
[31]	LI J Y , MA J F , MIAO Y B ,et al. Verifiable semantic-aware ranked keyword search in cloud-assisted edge computing[J]. IEEE Transactions on Services Computing,2021:doi.org/10.1109/TCS.2021. 3098864.
[32]	LIU Q . Fog/edge computing for security,privacy,and applications[M]. Berlin: Springer, 2021.
[33]	KAMARA S , PAPAMANTHOU C , ROEDER T . Dynamic searchable symmetric encryption[C]// Proceedings of the 2012 ACM Conference on Computer and Communications Security. New York:ACM Press, 2012: 965-976.
[34]	BONEH D , CRESCENZO G D , OSTROVSKY R ,et al. Public key encryption with keyword search[C]// International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2004: 506-522.
[35]	LIU Q , WANG G J , WU J . Secure and privacy preserving keyword searching for cloud storage services[J]. Journal of Network and Computer Applications, 2012,35(3): 927-933.
[36]	SHAMIR A , . Identity-based cryptosystems and signature schemes[C]// Advances in Cryptology. Berlin:Springer, 1984: 47-53.
[37]	BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing[C]// Advances in Cryptology - CRYPTO 2001. Berlin:Springer, 2001: 213-229.
[38]	GENTRY C , . Certificate-based encryption and the certificate revocation problem[C]// Proceedings of the 22nd International Conference on Theory and applications of Cryptographic Techniques. Berlin:Springer, 2003: 272-293.
[39]	AL-RIYAMI S S , PATERSON K G . Certificateless public key cryptography[C]// Advances in Cryptology - ASIACRYPT 2003. Berlin:Springer, 2003: 452-473.
[40]	LEWKO A , WATERS B . Decentralizing attribute-based encryption[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2011: 568-588.
[41]	SAIDI A , NOUALI O , AMIRA A . SHARE-ABE:an efficient and secure data sharing framework based on ciphertext-policy attribute-based encryption and fog computing[J]. Cluster Computing, 2022,25(1): 167-185.
[42]	ZHANG J H , WU M L , ZHANG Q J ,et al. A lightweight data sharing scheme with resisting key abuse in mobile edge computing[C]// Proceedings of IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops. Piscataway:IEEE Press, 2021: 1-6.
[43]	ISLAM M S , KUZU M , KANTARCIOGLU M . Access pattern disclosure on searchable encryption:ramification,attack and mitigation[J]. Ndss, 2012,20: 1-15.
[44]	CASH D , GRUBBS P , PERRY J ,et al. Leakage-abuse attacks against searchable encryption[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2015: 668-679.
[45]	MICALI S , . Scalable certificate validation and simplified PKI management[C]// Proceedings of the 1st Annual PKI Research Workshop.Dartmouth:[s.n. ], 2002: 15-25.
[46]	TRIDGELL A , MACKERRAS P . The RSYNC algorithm[R]. 1996.
[47]	刘子杰, 王凯, 王亚刚 ,等. 工业互联网端边云协同数据同步方案设计与实现[J]. 计算机应用研究, 2022,39(3): 821-825.
	LIU Z J , WANG K , WANG Y G ,et al. Design and implementation of end-to-end cloud collaborative data synchronization scheme for industrial Internet[J]. Application Research of Computers, 2022,39(3): 821-825.

方案	加密方式	是否索引	索引大小	搜索时间	动态更新	安全级别
文献[28]	哈希	非索引	非索引	anE_t	非索引	CPA
文献[29]	对称	倒排索引	O(vm)	R(w)D_t	不支持	CKA1
本文方案	对称	倒排索引	O(lm)	R(w)D_t+?D_t	支持	CKA2