关键字搜索公钥加密方案的分析与设计
发布时间:2018-09-04 10:27
【摘要】:云计算是信息领域正在发生的深刻变革,它将大量计算资源、存储资源和软件资源链接在一起为用户提供了按需、易扩展的信息服务。云存储服务作为其中最重要的服务之一,允许企业和个人将其数据外包到云服务器上,并以按使用付费的原则为其管理和维护数据。然而,云存储在提高资源的利用效率和节约用户成本的同时,却给数据的保密性和用户的隐私性带来了巨大的挑战。加密技术已经成为云计算中保护敏感数据和防止信息泄漏的重要工具,而随之而来的加密数据的搜索与回取却成了一大难题。因此,如何解决数据加密和数据搜索之间的冲突已经成为亟需解决的重要问题,这是本文的研究动机。正对上述问题,本文利用关键字搜索公钥加密技术解决云存储中加密数据的搜索问题,研究现有的关键字搜索公钥加密方案的安全性,同时结合密码学新技术,构造了两个适用于云存储环境的安全高效的实用关键字搜索公钥加密方案。具体工作包括:1.分析了Hu等提出的两个指定搜索者的关键字搜索公钥加密方案的安全性,发现其无法抵抗离线关键字猜测攻击,即恶意服务器可以猜测陷门中的关键字,从而区分用户搜索的关键字。同时,我们证明了如果关键字集合取自多项式大小的关键字字典,那么构造抵抗离线关键字猜测攻击的指定搜索者关键字搜索公钥加密方案是不可能的。2.提出了可撤销的关键字搜索公钥加密概念,利用系统的时间周期划分成若干时间片段的方法撤销服务器的搜索能力;同时,基于Fan等的匿名多接收者基于身份加密,利用Abdalla等的匿名基于身份加密到关键字搜索公钥加密方案的一般性转化方法,结合拉格朗日差值多项式提出新型高效可撤销的关键字搜索公钥加密方案的实用构造方法。据我们所知,我们的方案是第一个可撤销拥有陷门的服务器的搜索能力的可搜索加密方案。3.基于Zhao等的动态非对称群密钥协商,Canetti等的代理重加密和Boneh等的关键字搜索公钥加密方案提出了支持动态群的关键字搜索公钥加密方案。为了减轻用户的计算负担,我们利用服务器辅助计算技术将双线性对运算外包给服务器来进行。新方案实现了群用户的数据共享、用户加入和撤销、群用户的身份隐私、关键字搜索以及群外用户的数据源提供功能,此方案适用于云存储环境,特别是移动云存储中。
[Abstract]:Cloud computing is a profound change in the field of information. It links a large number of computing resources, storage resources and software resources together to provide users with on-demand and extensible information services. As one of the most important services, cloud storage services allow enterprises and individuals to outsource their data to cloud servers, and manage and maintain data according to the principle of payment for use. However, cloud storage not only improves the efficiency of resource utilization and saves the cost of users, but also brings great challenges to the confidentiality of data and the privacy of users. Encryption technology has become an important tool to protect sensitive data and prevent information leakage in cloud computing, but the search and retrieval of encrypted data has become a major problem. Therefore, how to solve the conflict between data encryption and data search has become an important problem, which is the motivation of this paper. To solve the above problems, this paper uses keyword search public key encryption technology to solve the search problem of encrypted data in cloud storage, studies the security of the existing key search public key encryption scheme, and combines with the new cryptography technology. Two secure and efficient public key encryption schemes for cloud storage environment are proposed. Specific tasks include: 1. This paper analyzes the security of two key search public key encryption schemes proposed by Hu et al., and finds that they can not resist off-line keyword guessing attacks, that is, malicious servers can guess the keywords in the trap door. This distinguishes the keyword of user search. At the same time, it is proved that if the keyword set is taken from a polynomial size keyword dictionary, it is impossible to construct a public key encryption scheme for designated searchers to resist off-line keyword guessing attacks. In this paper, the concept of revocation keyword search public key encryption is proposed, and the search ability of the server is revoked by dividing the time cycle of the system into several time segments. At the same time, the anonymous multi-receiver based on Fan and so on is based on identity encryption. Using the general transformation method of anonymous identity-based encryption to keyword search public key encryption scheme proposed by Abdalla et al., combined with Lagrange difference polynomial, a practical construction method of a new efficient and revocable keyword search public key encryption scheme is proposed. As far as we know, our scheme is the first searchable encryption scheme. The proxy reencryption scheme based on Zhao et al. And the key search public key encryption scheme based on Boneh et al. A key search public key encryption scheme supporting dynamic group is proposed. In order to reduce the computational burden of users, we outsource bilinear pairings to the server using server aided computing technology. The new scheme realizes the functions of data sharing, user join and revocation, identity privacy, keyword search and data source of out-of-group users. This scheme is suitable for cloud storage environment, especially mobile cloud storage.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN918.4
本文编号:2221808
[Abstract]:Cloud computing is a profound change in the field of information. It links a large number of computing resources, storage resources and software resources together to provide users with on-demand and extensible information services. As one of the most important services, cloud storage services allow enterprises and individuals to outsource their data to cloud servers, and manage and maintain data according to the principle of payment for use. However, cloud storage not only improves the efficiency of resource utilization and saves the cost of users, but also brings great challenges to the confidentiality of data and the privacy of users. Encryption technology has become an important tool to protect sensitive data and prevent information leakage in cloud computing, but the search and retrieval of encrypted data has become a major problem. Therefore, how to solve the conflict between data encryption and data search has become an important problem, which is the motivation of this paper. To solve the above problems, this paper uses keyword search public key encryption technology to solve the search problem of encrypted data in cloud storage, studies the security of the existing key search public key encryption scheme, and combines with the new cryptography technology. Two secure and efficient public key encryption schemes for cloud storage environment are proposed. Specific tasks include: 1. This paper analyzes the security of two key search public key encryption schemes proposed by Hu et al., and finds that they can not resist off-line keyword guessing attacks, that is, malicious servers can guess the keywords in the trap door. This distinguishes the keyword of user search. At the same time, it is proved that if the keyword set is taken from a polynomial size keyword dictionary, it is impossible to construct a public key encryption scheme for designated searchers to resist off-line keyword guessing attacks. In this paper, the concept of revocation keyword search public key encryption is proposed, and the search ability of the server is revoked by dividing the time cycle of the system into several time segments. At the same time, the anonymous multi-receiver based on Fan and so on is based on identity encryption. Using the general transformation method of anonymous identity-based encryption to keyword search public key encryption scheme proposed by Abdalla et al., combined with Lagrange difference polynomial, a practical construction method of a new efficient and revocable keyword search public key encryption scheme is proposed. As far as we know, our scheme is the first searchable encryption scheme. The proxy reencryption scheme based on Zhao et al. And the key search public key encryption scheme based on Boneh et al. A key search public key encryption scheme supporting dynamic group is proposed. In order to reduce the computational burden of users, we outsource bilinear pairings to the server using server aided computing technology. The new scheme realizes the functions of data sharing, user join and revocation, identity privacy, keyword search and data source of out-of-group users. This scheme is suitable for cloud storage environment, especially mobile cloud storage.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN918.4
【共引文献】
相关期刊论文 前2条
1 李双;;一种安全的具有匿名性的可搜索加密方案[J];计算机工程与应用;2013年16期
2 王智弘;涂泰源;;Keyword Search Encryption Scheme Resistant Against Keyword-Guessing Attack by the Untrusted Server[J];Journal of Shanghai Jiaotong University(Science);2014年04期
相关博士学位论文 前2条
1 袁科;Timed-Release加密及其应用中的关键问题研究[D];南开大学;2014年
2 周旭华;加密搜索和数据完整性检测及其云存储安全中的应用[D];上海交通大学;2014年
相关硕士学位论文 前2条
1 赵远杰;云计算中的公钥可搜索加密方案研究[D];西安电子科技大学;2013年
2 孙婷;基于模糊关键字搜索的代理重加密的研究[D];南京航空航天大学;2012年
,本文编号:2221808
本文链接:https://www.wllwen.com/kejilunwen/wltx/2221808.html
