云存储中多层次索引可搜索加密的研究与实现

发布时间：2018-04-14 02:23

本文选题：可搜索加密 + 索引结构　；参考：《电子科技大学》2016年硕士论文

【摘要】：云服务提供了便捷、高效的访问与管理。随着云计算的快速发展,越来越多的企业与用户将他们的数据存储到云中。安全与隐私问题是云存储服务中一个重要的问题,阻碍了云计算的广泛应用。为了保护自己的数据,数据拥有者选择将重要数据传输到云服务器上之前进行加密。但是如何使用加密的数据成为了一个挑战,为此出现了可搜索加密技术。可搜索加密是指在加密的数据上进行查找的一种技术,只返回与查询相关的一部分数据,而无需下载全部数据,可以显著的降低开销。本文以可搜索加密中的数据库模型为基础,以多维数据范围查询出发点,提出了两个方案来分别解决可搜索加密中的两个问题:第一个问题是如何建立一个高效的索引来执行可搜索加密,第二个问题是如何验证服务器是否返回了正确的结果。本文的主要贡献和创新如下:(1)首先针对可搜索加密中多维数据的查询问题,提出一种基于BSS树的可搜索加密方案。该方案使用基于坐标系的数据划分方式,将包含所有数据的坐标矩形区域划分成多个小区域,并生成二进制序列用来建立索引。在查询时,用户依据划分规则生成陷门,然后交给服务器进行查询。本方案中的索引是基于二叉树的一种树形结构,能够显著的提高查询效率。同时本方案能够有效的减少用户的存储开销,这对于那些拥有较低计算性能和存储空间的硬件设备非常适用。此外,本方案支持数据的动态更新并可以在并行算法模型下进行操作。在服务器端,我们通过加密数据和加密索引来保证数据的安全。(2)在第一个方案的基础上,提出可搜索加密中的可验证问题。可验证是近年来比较重要的研究课题。本文将采用一种叫做不可区分混淆的方法,构建一个用于服务器查询索引的算法,服务器无法获知该算法的具体内容,因此无法伪造该算法的输出,因而保证了服务器只需执行该算法,然后客户端验证并判断服务器的输出,就可知道返回的结果是否正确。最后,我们证明了两个方案的安全性,对系统的检索、验证算法的性能进行了分析。
[Abstract]:Cloud services provide convenient, efficient access and management.With the rapid development of cloud computing, more and more enterprises and users store their data in the cloud.Security and privacy is an important problem in cloud storage service, which hinders the wide application of cloud computing.To protect their data, the data owner chooses to encrypt important data before transferring it to the cloud server.But how to use encrypted data has become a challenge, for which a searchable encryption technology has emerged.Searchable encryption is a technique for searching encrypted data. It only returns part of the data related to the query without downloading all the data, which can significantly reduce the overhead.Based on the database model in searchable encryption, this paper starts from the multidimensional data range query.Two schemes are proposed to solve the two problems in searchable encryption: the first is how to build an efficient index to perform searchable encryption, and the second is how to verify that the server returns the correct result.The main contributions and innovations of this paper are as follows: (1) aiming at the query problem of multidimensional data in searchable encryption, a searchable encryption scheme based on BSS tree is proposed.In this scheme, the coordinate rectangular region containing all the data is divided into several small regions by using the method of data partitioning based on coordinate system, and binary sequences are generated to build the index.In the query, the user generates the trap door according to the partition rule, and then gives it to the server for query.The index in this scheme is a tree structure based on binary tree, which can improve query efficiency significantly.At the same time, this scheme can effectively reduce the storage cost of users, which is very suitable for those hardware devices with low computing performance and storage space.In addition, the scheme supports the dynamic updating of data and can be operated under the parallel algorithm model.On the server side, we guarantee the security of data by encrypting data and encrypting index.) on the basis of the first scheme, we propose the problem of verifiability in searchable encryption.Verifiability is an important research topic in recent years.In this paper, a method called indiscernibility confusion is used to construct an algorithm for querying the index of the server. The server can not know the exact contents of the algorithm, so it can not forge the output of the algorithm.Therefore, the server only needs to execute the algorithm, then the client verifies and judges the output of the server, and then can know whether the returned results are correct or not.Finally, we prove the security of the two schemes and analyze the performance of the retrieval and verification algorithms.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP333;TP309.7

【相似文献】