基于无证书密码系统的关键字搜索加密算法研究
发布时间:2019-02-16 03:17
【摘要】:目前很多云储存平台都只关注于内容存储和共享服务(如百度云),这些云平台为了提供共享服务都使用明文形式存储,所以这类云平台都缺乏对用户信息的隐私保护。而另一类云平台(如坚果云)为了保证用户的隐私数据不被泄漏,会在用户数据上传到服务器后进行加密存储。对于这种存储机制,一旦攻击者将存储服务器攻破并拿到服务器的私钥,攻击者便可以解密用户的所有数据。国外有些云存储平台(如Wuala云)是将数据在本地加密后再上传到服务器进行存储,但由于服务器没有用户私钥,无法解密用户数据,所以无法提供线上搜索功能。也就是说在现有的云存储平台中,没有一种平台即以密文形式存储又提供了关键字搜索功能。考虑到无证书密码系统所具有的优点和目前云存储中存在的问题,我们将无证书密码系统与关键字搜索加密相结合,设计一个基于无证书公钥密码系统的关键字搜索加密方案,希望可以将其应用到现有云存储平台中,帮助云平台在保护用户隐私的同时提供关键字搜索服务。在本文中,我们先对关键字搜索加密和无证书密码系统进行了深入研究,发现在2014年Peng等学者提出了一个将无证书密钥系统与关键字搜索加密相结合的具体方案。经过分析我们发现这个方案并不能抵抗离线关键字猜测攻击,在本文中我们指出了这篇文章存在的安全漏洞,并提出了具体的改进算法。之后我们基于Peng的安全模型对我们的改进算法进行了理论安全证明,证明了我们的改进算法是安全的。但是经过分析其效能,我们发现这个算法的计算量偏大,影响了算法效率。所以我们提出了一个新的基于无证书的关键字搜索加密方案,建立了新的安全模型,并进行了理论分析和效能分析,证明了我们的新方案在随机寓言模型和双线性Diffie-Hellman以及计算Diffie-Hellman难题下的安全性。最后我们在Windows系统中搭建云平台进行仿真实验,经过实验分析我们发现相对我们新提出的方案,我们对Peng的改进算法虽然在安全方面得到了足够的保证,但在运算效率及搜索时间上并不理想。我们提出的新方法具有更高的搜索效率和更低的运算成本。实验结果表明,我们的新方法有较好的效能并且解决了传统公钥系统中繁琐的证书管理和基于身份密钥系统中的密钥托管问题。
[Abstract]:At present, many cloud storage platforms only focus on content storage and shared services (such as Baidu cloud), these cloud platforms use plaintext to provide shared services, so these cloud platforms lack privacy protection for user information. Another kind of cloud platform (such as nut cloud) will encrypt and store the user data after uploading it to the server to ensure that the user's privacy data is not disclosed. For this storage mechanism, once an attacker breaks the storage server and gets the private key of the server, the attacker can decrypt all the user's data. Some overseas cloud storage platforms (such as Wuala cloud) encrypt the data locally and upload it to the server for storage. However, because the server does not have the private key of the user, it can not decrypt the user data, so it can not provide the function of online search. In other words, none of the existing cloud storage platforms provide keyword search function by ciphertext storage. Considering the advantages of certificate free cryptography system and the existing problems in cloud storage, we design a key search encryption scheme based on the certificate free public key cryptosystem by combining the certificate free cryptography system with keyword search encryption. It is hoped that it can be applied to the existing cloud storage platform to help the cloud platform provide keyword search service while protecting users' privacy. In this paper, we study keyword search encryption and certificate free cryptography, and find out that in 2014, Peng and other scholars put forward a concrete scheme which combines certificate free key system with keyword search encryption. After analysis, we find that this scheme can not resist the offline keyword guessing attack. In this paper, we point out the security holes in this paper, and propose a specific improved algorithm. Then we prove that our improved algorithm is safe based on the security model of Peng. However, by analyzing its efficiency, we find that the computational complexity of the algorithm is too large, which affects the efficiency of the algorithm. So we propose a new encryption scheme based on non-certificate keyword search, establish a new security model, and carry out theoretical analysis and efficiency analysis. The security of our new scheme under stochastic fable model bilinear Diffie-Hellman and computational Diffie-Hellman problem is proved. Finally, we build a cloud platform in the Windows system for simulation experiments. Through the analysis of the experiment, we find that compared with our new scheme, our improved algorithm of Peng has been fully guaranteed in terms of security. However, the computational efficiency and search time are not ideal. The new method has higher search efficiency and lower computational cost. The experimental results show that our new method has good performance and solves the problem of certificate management and key escrow in traditional public key system.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309.7
本文编号:2423987
[Abstract]:At present, many cloud storage platforms only focus on content storage and shared services (such as Baidu cloud), these cloud platforms use plaintext to provide shared services, so these cloud platforms lack privacy protection for user information. Another kind of cloud platform (such as nut cloud) will encrypt and store the user data after uploading it to the server to ensure that the user's privacy data is not disclosed. For this storage mechanism, once an attacker breaks the storage server and gets the private key of the server, the attacker can decrypt all the user's data. Some overseas cloud storage platforms (such as Wuala cloud) encrypt the data locally and upload it to the server for storage. However, because the server does not have the private key of the user, it can not decrypt the user data, so it can not provide the function of online search. In other words, none of the existing cloud storage platforms provide keyword search function by ciphertext storage. Considering the advantages of certificate free cryptography system and the existing problems in cloud storage, we design a key search encryption scheme based on the certificate free public key cryptosystem by combining the certificate free cryptography system with keyword search encryption. It is hoped that it can be applied to the existing cloud storage platform to help the cloud platform provide keyword search service while protecting users' privacy. In this paper, we study keyword search encryption and certificate free cryptography, and find out that in 2014, Peng and other scholars put forward a concrete scheme which combines certificate free key system with keyword search encryption. After analysis, we find that this scheme can not resist the offline keyword guessing attack. In this paper, we point out the security holes in this paper, and propose a specific improved algorithm. Then we prove that our improved algorithm is safe based on the security model of Peng. However, by analyzing its efficiency, we find that the computational complexity of the algorithm is too large, which affects the efficiency of the algorithm. So we propose a new encryption scheme based on non-certificate keyword search, establish a new security model, and carry out theoretical analysis and efficiency analysis. The security of our new scheme under stochastic fable model bilinear Diffie-Hellman and computational Diffie-Hellman problem is proved. Finally, we build a cloud platform in the Windows system for simulation experiments. Through the analysis of the experiment, we find that compared with our new scheme, our improved algorithm of Peng has been fully guaranteed in terms of security. However, the computational efficiency and search time are not ideal. The new method has higher search efficiency and lower computational cost. The experimental results show that our new method has good performance and solves the problem of certificate management and key escrow in traditional public key system.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309.7
【参考文献】
相关期刊论文 前2条
1 彭延国;崔江涛;彭长根;应作赋;;无证书公钥关键词可搜索加密(英文)[J];中国通信;2014年11期
2 沈志荣;薛巍;舒继武;;可搜索加密机制研究与进展[J];软件学报;2014年04期
相关博士学位论文 前1条
1 方黎明;带关键字搜索公钥加密的研究[D];南京航空航天大学;2012年
相关硕士学位论文 前2条
1 刘文;无证书公钥密码算法的研究与分析[D];西安电子科技大学;2013年
2 邹静;基于双线性配对函数的密码协议的研究[D];山东大学;2005年
,本文编号:2423987
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2423987.html
