广义保序加密研究

发布时间：2018-01-02 00:33

本文关键词：广义保序加密研究　出处：《中国科学技术大学》2017年博士论文　论文类型：学位论文

【摘要】：近年来,随着云计算和云存储技术的高速发展与广泛运用,云计算和云存储中的安全问题越来越引起用户的重视。为了保护数据的隐私性,有必要对数据进行加密,但传统加密会阻碍数据的有效使用,因此在云存储的场景下,需要使用可搜索加密。可搜索加密是不需要解密就可以在密文上搜索的加密方法,而保序加密是其中的关键技术之一,可以解决在密文上进行区间查询的问题。保序加密的密文保留了与明文相同的序关系,因而在密文上执行区间查询有与明文相同的查询速度。但同时,保序加密也存在缺陷与不足。一对一保序加密的密文会泄露明文的序关系,因而安全性不足,容易遭受攻击。一对多保序加密将同一个明文映射到不同的密文,为了保证安全性,每一个明文对应的密文区间需要足够大,会造成严重的密文扩张。同时,保序加密用于多维数据时,除了序关系之外,还会额外泄露不同维度数据之间的相关性。针对以上问题,本文提出并研究了广义保序加密算法。广义保序加密算法在保持保序加密高查询速度的同时,对保序加密进行了改进,以提高其他方面的性能。本文的主要工作和创新成果如下:1.针对一对一保序加密的安全性问题,提出了一种一对一广义保序加密算法——p概率保序加密。p概率保序加密是一对一保序加密的一种扩展算法,其密文以概率p保持序关系,以提高安全性。通过对保序概率p与安全性、精度之间的关系进行理论分析,得到了安全性与精度间的制约关系。模拟实验验证了理论分析的结果以及该算法的性能。理论分析和实验结果表明,当增大保序概率p时,查询精度提升,但安全性会下降;当减小保序概率p时,安全性增加,但精度会降低。通过动态调节p,该算法可以在安全性和精度之间达到一个折中。2.针对一对多保序加密的密文扩张问题,提出了一种一对多广义保序加密算法——半保序加密。半保序加密将不同的明文映射到重叠的密文区间来抑制密文扩张。对于半保序加密的性能,可以采用安全性、精度、密文扩张这三个指标来刻画。通过对半保序度与安全性、精度、密文扩张之间的关系进行理论分析,得到了安全性、精度、密文扩张这三者间的制约关系。模拟实验验证了理论分析的结果以及该算法的性能。理论分析和实验结果表明,当增大半保序度时,密文扩张会得到抑制,同时安全性提高,查询精度下降;当减小半保序度时,查询精度提高,但同时密文扩张增加,安全性降低。通过动态调节半保序度,该算法可以在安全性、精度、密文扩张之间达到一个折中。3.针对保序加密应用于多维数据时泄露不同维数据之间相关性的问题,提出了一种用于多维数据的广义保序加密算法。首先对保序加密应用于多维数据时的场景进行了分析,定义了分位数指示量来描述信息泄露的情况。分位数指示量是与分布有关的统计量。提出了分位数攻击,这一攻击算法利用分位数指示量的泄露来区分不同的分布。然后提出了一种安全性指标来衡量分位数指示量的泄露情况,并提出了一种基于哑元填充的改进算法。在真实数据上通过实验对分位数攻击和哑元填充的性能进行了验证。实验结果表明,基于哑元填充的改进算法能有效地降低分位数攻击的精度,从而提高系统的安全性。
[Abstract]:In recent years, with the rapid development and widely application of cloud computing and cloud storage technology, the security problem of cloud computing and cloud storage in more and more users attention. In order to protect the privacy of data, it is necessary to encrypt the data, but the traditional encryption will hinder the effective use of data, so the cloud storage scenarios that requires the use of searchable encryption. Searchable encryption encryption decryption method does not need to search for in the ciphertext, and order preserving encryption is one of the key technologies that can solve the problem of range query in the ciphertext. Order preserving encryption cipher preserves the order relations and express the same, so the query execution interval with the same query speed in plaintext ciphertext. But at the same time, order preserving encryption also has defects and shortcomings. The order of one to one relationship order preserving encryption ciphertext plaintext will leak, and the lack of security, vulnerable to Attack. To order preserving encryption with a plaintext mapped to different ciphertext, in order to ensure the safety of each plaintext corresponding to the ciphertext interval is large enough, can cause serious ciphertext expansion. At the same time, order preserving encryption for multidimensional data, in addition to ordering, the correlation between the additional disclosure the different dimensions of data. To solve the above problems, this paper proposes and studies the generalized order preserving encryption algorithm. The generalized order preserving encryption algorithm maintains the order preserving encryption high query speed at the same time, the order preserving encryption has been improved, in order to improve the performance of other aspects. The main work and innovation are as follows: 1. for safety the problem of order preserving encryption, proposes a generalized one order preserving encryption algorithm P probability order preserving encryption.P probability order preserving encryption is an extension of an order preserving encryption algorithm, the ciphertext with probability p. To order, in order to improve the safety and security of P. By preserving probability, theoretical analysis of relationship between the control precision, safety and accuracy. Simulation results verify the theoretical analysis results and the performance of the algorithm. Theoretical analysis and experimental results show that with the increase of order preserving probability p, the query precision upgrade, but the security will decline; with the decrease of order preserving probability p, and increase the security, but the accuracy will be reduced. Through the dynamic regulation of P, the algorithm can reach a compromise for the.2. problem of a ciphertext expansion order preserving encryption between safety and accuracy, put forward a a kind of generalized order preserving encryption algorithm - order preserving encryption. Semi order preserving encryption will clear the mapping to different overlapping interval to suppress the ciphertext ciphertext expansion. The performance of semi order preserving encryption, can be used in security, accuracy, secret Wen Kuozhang three Indicators to describe. Through the semi order preserving reliability and security, accuracy, theoretical analysis of the relationship between the safety of ciphertext expansion, and get the accuracy of ciphertext expansion restricts the relationship between these three. Simulation results verify the theoretical analysis results and the performance of the algorithm. Theoretical analysis and experimental results show that when the increasing the half order preserving degree, ciphertext expansion will be curbed, and improve the security, the query accuracy decreased; with the decrease of half order preserving degree, improve the query precision, but also increase the safety of the ciphertext expansion, reduced. By dynamically adjusting the half order preserving degree, the algorithm accuracy in safety, the ciphertext expansion between reach a compromise for.3. order preserving encryption applied to multidimensional data reveal the correlations between different dimensions of data, proposes an encryption algorithm for multidimensional data generalized isotonic. First order preserving encryption for multidimensional number According to the scene were analyzed, the definition of quantile indicating quantity to describe information leaks. Quantile indicates the amount and distribution of the relevant statistic is proposed. Quantile attacks, this attack algorithm using quantile indicates the amount of leakage to distinguish different distribution. Then put forward a security index to measure the amount of quantile indicating leaks, and proposed an improved algorithm of dummy fill based on real data. Through the experiment of quantile attack and the performance of dummy fill is verified. The experimental results show that the dummy fill improved algorithm can effectively reduce the attack precision based on quantile, and to improve the security of the system.

【学位授予单位】：中国科学技术大学
【学位级别】：博士
【学位授予年份】：2017
【分类号】：TP309.7

【相似文献】