支持属性撤销的可验证多关键词搜索加密方案

近年来,可搜索加密技术及细粒度访问控制的属性加密在云存储环境下得到广泛应用。考虑到现存的基于属性的可搜索加密方案存在仅支持单关键词搜索而不支持属性撤销的问题,以及单关键词搜索可能造成返回搜索结果部分错误并导致计算和宽带资源浪费的缺陷,该文提出一种支持属性撤销的可验证多关键词搜索加密方案。该方案允许用户检测云服务器搜索结果的正确性,同时在细粒度访问控制结构中支持用户属性的撤销,且在属性撤销过程中不需要更新密钥和重加密密文。该文在随机预言机模型下基于判定性线性假设被证明具有抵抗选择关键词集攻击安全性及关键词隐私性,同时从理论和实验两方面分析验证了该方案具有较高的计算效率与存储效率。

     

一种基于云存储的多服务器多关键词可搜索加密方案

在可搜索加密的云服务中,数据拥有者往往更希望将数据文件以密文的形式分别存储到多个云服务器,从而提高授权用户对云端数据的检索效率以及对大型数据的处理能力。基于此,该文提出一种基于云存储的多服务器多关键词多用户可搜索加密方案,该方案被证明是IND-CKA(adaptive Chosen Keyword Attack)安全的,且同时具备关键词陷门的安全性。相对于单服务器可搜索加密,该方案在保证数据机密性的前提下能够对其进行高效检索,并能够在关键字索引中不完全包含所检索的多个关键词或者不存在某个文件包含所有被检索的多个关键词的情况下,更精确地进行检索。     

云环境下关键词搜索加密算法研究

现有方案将关键词搜索加密和属性基加密相结合,解决了云环境下访问控制问题,但是未充分考虑信道安全以及关键词猜测攻击等安全问题。针对上述问题,提出了一种指派搜索服务器的关键词搜索属性加密方案,实现了关键词搜索访问权限控制,且检索不需要安全信道,可抵抗离线/在线关键词猜测攻击。实验结果表明,方案性能方面可取得较好结果,可应用于云环境。     

抗关键词猜测的授权可搜索加密方案

大多数可搜索加密方案仅支持对单关键词集的搜索,且数据使用者不能迅速对云服务器返回的密文进行有效性判断,同时考虑到云服务器具有较强的计算能力,可能会对关键词进行猜测,且没有对数据使用者的身份进行验证。针对上述问题,该文提出一个对数据使用者身份验证的抗关键词猜测的授权多关键词可搜索加密方案。方案中数据使用者与数据属主给授权服务器进行授权,从而验证数据使用者是否为合法用户;若验证通过,则授权服务器利用授权信息协助数据使用者对云服务器返回的密文进行有效性检测;同时数据使用者利用服务器的公钥和伪关键词对关键词生成陷门搜索凭证,从而保证关键词的不可区分性。同时数据属主在加密时,利用云服务器的公钥、授权服务器的公钥以及数据使用者的公钥,可以防止合谋攻击。最后在随机预言机模型下证明了所提方案的安全性,并通过仿真实验验证,所提方案在多关键词环境下具有较好的效率。     

基于区块链的多关键词模糊搜索加密方案

针对1对多数据密文共享中多关键词模糊匹配和用户公平性问题,该文提出一种基于区块链的多关键词模糊搜索加密方案。该文提出一种R-HashMap索引结构,通过使用对偶编码函数和位置敏感哈希函数来构建安全索引,并采用K最近邻算法来加密索引,通过计算欧式距离度量查询关键词向量与索引节点之间的相似性,实现多关键词模糊密文搜索。该文除了消除预定义词典和降低存储开销外,还在不增加搜索复杂度的前提下实现对安全索引的更新。此外,将以太坊区块链技术与可搜索加密方案相结合避免了恶意服务器对数据的篡改,使用智能合约作为可信第三方进行检索工作,不仅可以防止云服务器内部的关键词猜测攻击,还可以解决检索结果不正确的问题。通过安全性证明分析,该文不但满足自适应选择关键词语义安全性,还可以保护用户隐私和数据安全。将该文与其他方案进行实验对比,证明该文在保证精确度的前提下,时间开销上具有更好的效率优势。     

云存储环境下多服务器的密钥聚合可搜索加密方案

密钥聚合可搜索加密不仅可以通过关键字检索密文,还可以减少用户密钥管理的代价和安全风险。该文分析了一个可验证的密钥聚合可搜索加密方案,指出该方案不满足关键字猜测攻击,未经授权的内部用户可以猜测其他用户的私钥。为了提高原方案的安全性,提出了云存储环境下多服务器的密钥聚合可搜索加密方案。所提方案不仅改进了原方案的安全性问题,还增加了多服务的特性,提高了上传和存储的效率,更适合一对多的用户环境。

     

云环境下加密图上top-k最近模糊关键词查询

随着云计算的快速发展,将图数据外包给云成为趋势。为保护数据隐私,用户需在外包前对其加密,并保留查询和处理数据的能力。考虑到用户容易出现拼写错误,文章基于标记图提出top-k最近模糊关键词查询的图加密方案,方案基于2-Hop标签构造加密索引结构计算最短距离,使用基于通配符的方法为关键词生成模糊集,构造模糊关键词索引实现模糊关键词查询,最终返回距给定节点最近的k个可能被所需关键词标记的节点。经安全性分析和性能评估,表明方案是安全有效的。     

云存储环境下多用户可搜索加密方案

可搜索加密技术用来检索存储在云端的加密数据,既能够保证数据的安全性,同时又能够使得加密数据不失可用性.多用户可搜索加密技术使得用户在对云服务器保密的情况下与其他用户进行数据分享.在现有的基于Elgamal代理加密的多用户可搜索加密方案的基础上,本文对原有方案中的数据加密方式做出了更改,使得经过用户加密的数据只会在必要的时候才会被重新加密,而且加密的计算量比原方案小.本文改变了令牌的产生方式,使得客户端计算令牌的计算量更小,在云服务器端进行搜索的开销更少.     

支持关键词任意连接搜索的属性加密方案

构建一种基于素数阶双线性群的可搜索加密方案。基于属性加密,实现每个关键词密文能够被多个用户私钥搜索,显著降低细粒度访问控制带来的网络带宽和发送节点的处理开销。基于多项式方程,支持对关键词的任意连接搜索,显著提高连接搜索的灵活性。对方案的性能进行了分析,并与现有的连接关键词搜索方案进行了比较。     

云环境下对称可搜索加密研究综述

云存储技术是解决大容量数据存储、交互、管理的有效途径,加密存储是保护远程服务器中用户数据隐私安全的重要手段,而可搜索加密技术能在保证用户数据安全前提下提高系统可用性。对称可搜索加密以其高效的搜索效率得到人们的广泛关注。总体而言,相关研究可归纳为系统模型、效率与安全、功能性3个层次。该文首先介绍了对称可搜索加密(SSE)系统典型模型,然后深入分析了搜索效率优化、安全性分析的常用手段和方法,最后从场景适应能力、语句表达能力、查询结果优化3个方面对方案功能性研究进行了梳理,重点对当前研究的热点和难点进行了总结。在此基础上,进一步分析了未来可能的研究方向。     

Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing

Cloud computing provides a convenient way of content trading and sharing. In this paper, we propose a secure and privacy-preserving digital rights management （DRM） scheme using homomorphic encryption in cloud computing. We present an efficient digital rights management framework in cloud computing, which allows content provider to outsource encrypted contents to centralized content server and allows user to consume contents with the license issued by license server. Further, we provide a secure content key distribution scheme based on additive homomorphic probabilistic public key encryption and proxy re-encryption. The provided scheme prevents malicious employees of license server from issuing the license to unauthorized user. In addition, we achieve privacy preserving by allowing users to stay anonymous towards the key server and service provider. The analysis and comparison results indicate that the proposed scheme has high efficiency and security.     

Verifiable multi-keyword search scheme based on improved Merkle-Tree authentication method

Aiming at the problem that the result verification method in the searchable encryption scheme was complicated,the search cost was high and the efficiency was low,it was difficult to meet the requirements of efficient verification and security of multi-keyword search results,a multi-keyword search scheme based on the improved Merkle-Tree authentication method was proposed.Firstly,a multi-keyword searchable algorithm was built to achieve efficient and accurate multi-keyword search by the bilinear mapping.Secondly,based on the improved Merkle-Tree authentication method of Bawa,the verification and dynamic update algorithm of the search scheme was constructed to reduce the calculation cost of the classic MHT to prevent the efficient verification and update of illegal operations such as data tampering,deletion,and forgery.Under the decision-type linear hypothesis and CDH hypothesis,the proof scheme meets the indistinguishability and unforgeability of ciphertext.     

基于区块链的结果可追溯的可搜索加密方案

在可搜索加密方案中,无论是云端服务器还是用户,都可能存在欺骗行为。为了解决这种安全问题,给出公平性安全的定义,提出基于区块链的可搜索加密方案。通过第三方可信机构（trusted authority,TA）验证数据传输过程中数据的一致性,区块链记录完整验证结果以防止篡改,使所涉及的实体达成一致的安全共识,从而实现公平性安全。安全性与复杂性分析表明,该方案是可行的。当该方案与搜索结果可验证的可搜索加密方案相结合时,可优化成基于区块链的搜索结果可验证的可搜索加密方案,其安全性将得到进一步的提高。     

用于云存储的安全容错编码

针对当前基于RC编码的容错技术的安全缺陷,提出了一种安全编码——SRCS编码,以保证在云计算以及云存储这种高度开放环境下,存储系统容错过程中数据的安全性。该编码将门限体制引入到了传统的RC编码当中,利用基于公钥的门限体制保护编码矩阵,在确保基于传统RC编码的容错技术高效、低冗余优势的前提下,解决了其在开放环境下编码矩阵存在的安全问题。最后利用判定性BDHE假设,在部分适应性攻击模型下证明了SRCS编码的安全性。     

云环境下基于属性加密体制算法加速方案

云计算为租户提供存储、计算和网络服务,数据安全保护和租户间的数据共享与访问控制是其必不可少的能力。基于属性的加密体制是一种一对多的加密体制,可以根据用户属性实现细粒度访问控制,适用于云计算环境多租户数据共享。但现有的基于属性加密体制的算法效率较低,难以在实际环境中应用。分析了基于属性的加密体制的两种类型及其应用场景,提出一个基于属性加密体制算法的加速方案。通过实验表明,提出的方案可提高基于属性加密体制的密钥生成算法、加密算法和解密算法的效率。     

A based on blinded CP‐ABE searchable encryption cloud storage service scheme

Cloud computing has great economical advantages and wide application, more and more data owners store their data in the cloud storage server (CSS) to avoid tedious local data management and insufficient storage resources. But the privacy of data owners faces enormous challenges. The most recent searchable encryption technology adopts the ciphertext‐policy attribute‐based encryption (CP‐ABE), which is one good method to deal with this security issue. However, the access attributes of the users are transmitted and assigned in plaintext form. In this paper, we propose a based on blinded CP‐ABE searchable encryption cloud storage service (BCP‐ABE‐SECSS) scheme, which can blind the access attributes of the users in order to prevent the collusion attacks of the CSS and the users. Data encryption and keyword index generation are performed by the data owners; meanwhile, we construct that CSS not only executes the access control policy of the data but also performs the pre‐decryption operation about the encrypted data to solve higher time cost of decryption calculation to the data users. Security proof results show that this scheme has access attribute security, data confidentiality, indistinguishable security against chosen keyword attack, and resisting the collusion attack between the data user and the CSS. Performance analysis and the experimental results show that this scheme can effectively reduce the computation time cost of the data owners and the data users.     

指定测试者的基于身份可搜索加密方案

对指定测试者的基于身份可搜索加密(dIBEKS)方案进行了研究。指出Tseng等人所提dIBEKS方案并不是完全定义在基于身份密码系统架构上,而且方案不能满足dIBEKS密文不可区分性。首次提出了基于身份密码系统下的指定测试者可搜索加密方案的定义和安全需求,并设计了一个高效的dIBEKS新方案。证明了dIBEKS密文不可区分性是抵御离线关键字猜测攻击的充分条件,并证明了新方案在随机预言模型下满足适应性选择消息攻击的dIBEKS密文不可区分性、陷门不可区分性,从而可以有效抵御离线关键字猜测攻击。     

云计算在高校云服务中安全相关技术分析

随着云计算技术的逐渐成熟,云计算的安全问题越来越被重视。首先介绍云安全及相关概念,分析云计算安全研究现状,然后对云计算的安全性进行分析,并给出了云计算安全参考模型,最后对高校云安全的相关技术进行研究探讨。     

FETCH: A cloud-native searchable encryption scheme enabling efficient pattern search on encrypted data within cloud services

Searchable encryption (SE) is considered important as it provides both confidentiality and searchability for the data stored in semi-trusted environments such as cloud. However, it is rarely deployed because most SE schemes are not native to cloud services as they require database modifications. In this paper, we present an SE scheme called Frequency-Eliminated Trapdoor-Character Hopping (FETCH) that, based on novel common-conditioned-subsequence-preserving (CCSP) techniques, is able to work natively with off-the-shelf databases and supports wildcard-based pattern search on encrypted data thereof. In fact, with the CCSP techniques, we transform the problem of wildcard SE searching into a problem of subsequence searching, which is solved fast in most databases and thus fits well with cloud services in general. Although in our security analysis, CCSP removes the possibility of obtaining theoretical indistinguishability between indexed items, we show that FETCH does provide adequate confidentiality protection and fares much better than other existing wildcard SE schemes in terms of query performance, storage overhead, and deployment complexity. In particular, FETCH is able to efficiently handle data sets whose size is multiple orders of magnitude larger than those that existing schemes can comfortably support.     

Dynamic searchable encryption with privacy protection for cloud computing

The dynamic searchable encryption schemes generate search tokens for the encrypted data on a cloud server periodically or on a demand. With such search tokens, a user can query the encrypted data whiles preserving the data's privacy; ie, the cloud server can retrieve the query results to the user but do not know the content of the encrypted data. A framework DSSE with Forward Privacy (dynamic symmetric searchable encryption [DSSE] with forward privacy), which consists of Internet of Things and Cloud storage, with the attributes of the searchable encryption and the privacy preserving are proposed. Compared with the known DSSE schemes, our approach supports the multiusers query. Furthermore, our approach successfully patched most of the security flaws related to the sensitive information's leakage in the DSSE schemes. Both security analysis and simulations show that our approach outperforms other DSSE schemes with respect to both effectiveness and efficiency.