对称可搜索加密技术研究进展

具有前向隐私和后向隐私的动态对称可搜索加密(dynamic searchable symmetric encryption, DSSE)方案能够支持动态添加和删除密文索引且具有较高的搜索效率,一直是近年来研究的热点. 针对Aura方案中存在密文存储开销大和误删除的问题,给出了对称可撤消加密（symmetric revokable encryption,SRE）原语更严格的正确性定义,从理论上分析了误删除发生的条件,通过设计穿刺密钥位置选择算法,避免了哈希碰撞导致的节点位置重用. 在此基础上,构造了基于SRE对称可搜索加密方案. 方案利用多点可穿刺伪随机函数实现一次穿刺所有未使用节点,既有效降低了搜索时服务器的计算开销,又可避免提前暴露未使用密钥,提高方案的安全性. 最后,从搜索效率、存储开销、通信开销和安全性等方面对方案进行了分析. 理论分析和实验结果表明,所提方案不仅能够减小服务器密文存储时的空间开销,避免误删除索引,而且在大规模节点下具有更高的搜索效率.

     

一般存取结构上抗内存泄露的多级秘密共享

在多级秘密共享方案中,每级存取结构里的授权集中参与者可联合重构对应的秘密.但在实际中,腐化了非授权集的攻击者可通过内存攻击获取部分或全部其余参与者的份额信息,从而非法得到部分甚至是全部的秘密信息.面对这样的内存泄漏,现有的多级秘密共享方案都不再安全.基于此,首先给出了抗内存泄漏的多级秘密共享对选择秘密攻击不可区分的形式化的计算安全模型.然后,利用物理不可克隆函数及模糊提取器的联合作用,基于极小线性码构造了一个适用于一般存取结构的抗内存泄露的可验证多级秘密共享方案.同时,在内存攻击者存在的情况下,证明方案在随机预言模型下是计算安全的.最后,将所提出方案与现有方案在性能和计算复杂度两方面进行了比较分析.     

A general transformation from KP-ABE to searchable encryption

Users are inclined to share sensitive data in a remote server if no strong security mechanism is in place. Searchable encryption satisfies the need of users to execute a search encrypted data. Previous searchable encryption methods such as “public key encryption with keyword search (PEKS)” restricted the data access to certain users, because only the assigned users were able to search the encrypted data. In this paper we will discuss the relation between Attribute Based Encryption (ABE) and searchable encryption and define a weak anonymity of the ABE scheme, named “attribute privacy”. With this weak anonymity, we propose a general transformation from ABE to Attribute Based Encryption with Keyword Search (ABEKS) and a concrete attribute private key-policy ABE (KP-ABE) scheme. We present an ABEKS scheme based on this KP-ABE scheme and permit multi-users to execute a flexible search on the remote encrypted data.     

Verifiable searchable symmetric encryption for conjunctive keyword queries in cloud storage

Searchable symmetric encryption (SSE) has been introduced for secure outsourcing the encrypted database to cloud storage, while maintaining searchable features. Of various SSE schemes, most of them assume the server is honest but curious, while the server may be trustless in the real world. Considering a malicious server not honestly performing the queries, verifiable SSE (VSSE) schemes are constructed to ensure the verifiability of the search results. However, existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification. To address this challenge, we present an efficient VSSE scheme, built on OXT protocol (Cash et al., CRYPTO 2013), for conjunctive keyword queries with sublinear search overhead. The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator, by leveraging a well-established cryptographic primitive, Symmetric Hidden Vector Encryption (SHVE). Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations, thus greatly reducing the computational cost in the verification process. Besides, the proposed VSSE scheme can still provide a proof when the search result is empty. Finally, the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.     

改进的高效动态可搜索加密方案

为解决云存储环境下加密数据的安全检索问题,对现有算法进行改进,提出一种高效且安全的可搜索加密方案。该方案利用哈希链表构建三个索引表：文件索◢引表γ▼f▽、搜索索引表γ▼w▽、删除索引表γ▼d▽,后两者是在每次搜索过程中根据搜索凭证和访问格式逐渐建立的,有效分摊了总的搜索时间,且关键词二次搜索的时间消耗为常量。为提高◣更新效率,与原算法相比,增加了删除索引表,测试结果表明,改进后的方案删除操作的时间消耗一般可减少30%~60%。通过泄露函数证明在更新过程中不会泄露访问格式外的更多信息,安全性较高。     

一种基于对称加密的范围数据查询算法

为了弥补保序加密算法的隐私泄漏问题,结合对称可搜索加密技术基本思想,提出一种新型的具有隐私保护功能的范围数据加密查询算法.在该算法中,将数字范围转换为特殊关键字并放入布隆过滤器进行存储与命中判定,其中密文信息仅与值域相关,与具体数据无关,从而保证了语义安全性.实验结果表明,该算法计算负载仅为线性增长.综合而言,该算法具有更高的安全性与良好的运行效率.     

基于错误学习的自适应等级可搜索加密方案

针对现有分等级可搜索加密方案存在不能有效抵抗量子攻击以及不能灵活添加与删除等级的问题,提出一种基于错误学习的自适应等级可搜索加密（AHSE）方案。首先,利用格的多维特点并基于格上错误学习（LWE）问题,使该方案能有效抵抗量子攻击;其次,构造条件键对用户进行明确的等级划分,使用户只能搜索其所属等级下的文件,实现有效的等级访问控制;同时,设计一种分段式索引结构,其等级能够灵活添加与删除,具有良好的自适应性,可以满足不同粒度访问控制的需求,并且,该方案中所有用户仅共享一张分段式索引表即可实现搜索,从而有效提高搜索效率;最后,理论分析表明,该方案中用户和文件的更新、删除以及等级变动简单、易于操作,适用于动态的加密数据库、云医疗系统等环境。     

Privacy leakage of certificateless public key authenticated searchable encryption via frequency analysis: Attacks and revises

Certificateless public key authenticated searchable encryption (CLPASE) is a versatile asymmetric searchable encryption that enables ciphertext retrieval, resists inside keyword guessing attacks, and avoids both certificate management problem and key escrow problem. However, most existing CLPASE schemes are vulnerable to frequency analysis which can extract keywords from user-generated trapdoors (i.e., search queries) and thus compromise user’s search privacy.In this paper, we give a detailed analysis showing that most CLPASE schemes reveal the underlying frequency distribution of the target keywords in the trapdoors searched by users, regardless of whether the trapdoor generation algorithm is deterministic or not. The analysis shows that frequency analysis has become a significant threat to users’ search privacy in the CLPASE system. To address this issue, we provide a concrete CLPASE scheme against frequency analysis. We then compare our scheme with previous CLPASE schemes in terms of features and performance evaluation. As a result, our scheme provides higher guarantee for user’s search privacy with comparable efficiency.     

Construction of a key-dependent message secure symmetric encryption scheme in the ideal cipher model

Key-dependent message （KDM） security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal cipher model （ICM）; we prove that our scheme is KDM secure against active attacks with respect to arbitrary polynomialtime challenge functions. Our main idea is to introduce a universal hash function （UHF） h as a random value for each encrypfion, and then use s = h（sk） as the key of the ideal cipher F, where sk is the private key of our symmetric encryption scheme. Although many other schemes that are secure against KDM attacks have already been proposed, in both the ideal standard models, the much more significance of our paper is the simplicity in which we implement KDM security against active attacks.     

Construction of a key-dependent message secure symmetric encryption scheme in the ideal cipher model

Key-dependent message (KDM) security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal cipher model (ICM); we prove that our scheme is KDM secure against active attacks with respect to arbitrary polynomialtime challenge functions. Our main idea is to introduce a universal hash function (UHF) h as a random value for each encryption, and then use s = h(sk) as the key of the ideal cipher F, where sk is the private key of our symmetric encryption scheme. Although many other schemes that are secure against KDM attacks have already been proposed, in both the ideal standard models, the much more significance of our paper is the simplicity in which we implement KDM security against active attacks.     

物联网中移动节点抗克隆攻击的UC安全认证协议

物联网中的感知网一般由计算、通信和存储能力极差的感知节点通过移动节点和静态节点相结合的方式构成,以采集信息;而传输网通常利用现有互联网的基础设施,提供强大的计算、通信和存储服务。为了满足物联网中移动节点漫游时实施接入认证的访问控制要求,同时兼顾实际应用中可行性与移动节点轻量级、抗物理克隆攻击等的安全性需求,基于物理不可克隆函数(Physical Unclonable Function,PUF),提出了移动节点抗克隆攻击的UC(Universally Composable)安全认证协议,其可实现移动节点漫游到其他区域时与接入基站之间的双向认证与密钥交换过程。分析表明,所提出的协议在UC安全模型下是可证明安全的。     

一种精确缩略图保持的图像加密方案

手机电脑平板等的普及,使得照片在日常生活中更容易获得,并且人们习惯将大量照片存储在云端。但是,在享受云存储带来的便利的同时,用户也容易受到隐私泄露的威胁。虽然学者们设计出许多图像加密方案用来防止隐私泄露,然而往往忽略了图像的可用性。最近,Tajik等人提出了一种精确缩略图保持的加密方案,能够很好地平衡图像的隐私与可用性。但是,该方案在加密过程中仅以2个像素为一组,效率较低。为此提出一种利用分割法加密图像的方案,该方案以3个像素为一组进行加密,用于保持密文图像的缩略图与明文图像的缩略图一致,并且该方案相比Tajik方案具有更高的效率。实验表明,这个方案能够使密文图像精确地保持与明文相同的缩略图,平衡了隐私和可用性。     

基于PUF的轻量级RFID安全认证协议

针对现有的RFID(Radio Frequency Identification)认证协议存在的安全隐私保护弱点以及成本过高问题,提出一个基于PUF(Physical Unclonable Functions)的轻量级RFID安全认证协议。利用PUF与LFSR(Linear Feedback Shift Register)实现阅读器和标签之间强的安全认证。另外,协议中增加了阅读器二次验证安全机制,为了保证阅读器与标签共享密钥同步,添加了不良攻击标识M等手段,解决了已有认证协议存在的多种安全漏洞。安全性分析表明该认证协议不仅成本低,而且能够有效地抵抗物理攻击、DoS攻击、同步破坏攻击等多种攻击,满足了认证协议的正确性、安全性、隐私性。     

Lattice-based certificateless encryption scheme

Certificateless public key cryptography (CL-PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL-PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be certificated by certification authority (CA). At present, however, most certificateless encryption schemes are based on large integer factorization and discrete logarithms that are not secure in a quantum environment and the computation complexity is high. To solve these problems, we propose a new certificate-less encryption scheme based on lattices, more precisely, using the hardness of the learning with errors (LWE) problem. Compared with schemes based on large integer factorization and discrete logarithms, the most operations are matrixvector multiplication and inner products in our scheme, our approach has lower computation complexity. Our scheme can be proven to be indistinguishability chosen ciphertext attacks (IND-CPA) secure in the random oracle model.     

基于ECC与同态加密的加密算法

针对目前RSA (Rivest-Shamir-Adleman)同态加密方法计算效率低、公钥尺寸大、计算复杂度高的缺点,结合ECC (elliptic curve cryptography)与同态加密方法,提出一种改进的同态加密算法。在椭圆曲线加密算法的基础上,使用不同的私钥生成公钥并构造乘法同态加密方法,通过公钥对嵌入椭圆曲线中的点集加密并上传密文到云端。理论分析与实验结果表明,相对于目前的同态加密方法,改进后的加密算法在保证安全性的同时,解决了公钥尺寸大和计算复杂度高的问题,可直接对云中密文操作无需解密成明文。     

A tamper-proof and lightweight authentication scheme

We present a tamper-proof and lightweight challenge-response authentication scheme, based on 2-level noisy Physically Unclonable Functions (PUF). We present a security reduction, which shows the scheme to be secure against passive attacks, provided that it is hard to learn a threshold of halfspaces under the uniform distribution. Furthermore, we provide an extensive analysis of PUFs. In particular, we thoroughly derive a linear model for delay based PUFs, and finally we explore extensions of PUFs to produce efficient and tamper-resilient n-to-n mappings.     

PEC-V: 基于RISC-V协处理器的内存溢出防御机制

内存溢出攻击是计算机系统中历史悠久且依旧广泛存在的攻击手段,而指针加密技术可以有效阻止此攻击.通过软件手段实现这一技术的方式将导致程序运行效率的显著降低并且产生额外的内存开销.所以本文基于RocketChip的RoCC(Rocket Custom Coprocessor)接口实现一个加解密指针的协处理器PEC-V.其通过RISC-V的自定义指令控制协处理器加解密返回地址和函数指针等值达到阻止溢出攻击的目的.PEC-V主要使用PUF(Physical Unclonable Function)来避免在内存中储存加密指针的键值,所以此机制在保证了加密键值的随机性的同时也减少了访问内存的次数.实验结果显示,PEC-V能够有效防御各类缓冲区溢出攻击,且程序平均运行效率仅下降3％,相对既往方案显著提高了性能.     

高效的身份基多用户全同态加密方案

针对传统的身份基全同态加密（IBFHE）方案无法对不同身份标识（ID）下的密文进行同态运算的问题,提出一个基于误差学习（LWE）问题的分层身份基多用户全同态加密方案。该方案利用Clear等（CLEAR M,McGOLDRICK C.Multi-identity and multi-key leveled FHE from learning with errors.Proceedings of the 2015 Annual Cryptology Conference,LNCS 9216.Berlin：Springer,2015：630-656）在2015年提出的身份基多用户全同态加密方案（[CM15]方案）的转化机制,结合Cash等（CASH D,HOFHEINZ D,KILTZ E,et al.Bonsai trees,or how to delegate a lattice basis.Proceedings of the 2010 Annual International Conference on the Theory and Applications of Cryptographic Techniques,LNCS 6110.Berlin：Springer,2010：523-552）在2010年提出的身份基加密（IBE）方案（[CHKP10]方案）,实现了不同身份标识下的密文同态运算,应用前景更加广阔,在随机预言机模型下为基于身份匿名的选择明文攻击下的不可区分性（IND-ID-CPA）安全。与[CM15]方案相比,该方案在公钥规模、私钥规模、密文尺寸、分层性质和密钥更新周期方面都具有优势。     

基于环上容错学习和GSW的层次型全同态加密方案

针对目前全同态加密方案效率不高的问题,对GSW同态加密方案进行改进,提出基于环上容错学习和GSW的层次型全同态加密方案。首先,构造基于环上容错学习困难问题的基本公钥加密方案,利用近似特征向量方法使其具有加法、乘法同态性,进一步为简化噪声增长过程的分析而引入随机化函数技术;其次,证明了基本加密方案的正确性、安全性,并详细分析了同态加法、同态乘法和同态与非门操作的正确性;最后,根据密文对应噪声项的增长情况及困难问题的安全性设置方案安全参数,并利用快速傅里叶变换降低多项式乘法运算的计算复杂度,构造出层次型(Leveled)全同态加密方案。与GSW方案相比,新方案具有更小的公钥尺寸,且同态计算每个与非门的复杂度从Õ((nL)^2.37)降低到Õ(nL²)。     

基于细胞神经网络超混沌特性的图像加密新算法

针对一般流密码对明文变化不敏感的缺陷,基于细胞神经网络（CNN）,提出一种图像加密新算法。以一个6维CNN产生的超混沌系统作为密钥源,并根据明文图像各点像素值的逻辑运算结果选取密钥;同时使用像素位置置乱和像素值替代两种方法对数字图像进行加密。实验表明,该算法加密效果好,NPCR值和密钥敏感性高(>0.996),满足数字图像加密安全性的要求,同时具有计算简单、易于实现、能提高数字图像传输的安全性等特点。