Searchable Multi-server CP-ABE Scheme Based on Authorization
-
摘要: 针对现有属性基可搜索加密方案缺乏对云服务器授权的服务问题,该文提出一种基于授权的可搜索密文策略属性基加密(CP-ABE)方案。方案通过云过滤服务器、云搜索服务器和云存储服务器协同合作实现搜索服务。用户可将生成的授权信息和陷门信息分别发送给云过滤服务器和云搜索服务器,在不解密密文的情况下,云过滤服务器可对所有密文进行检测。该方案利用多个属性授权机构,在保证数据机密性的前提下能进行高效的细粒度访问,解决数据用户密钥泄露问题,提高数据用户对云端数据的检索效率。通过安全性分析,证明方案在提供数据检索服务的同时无法窃取数据用户的敏感信息,且能够有效地防止数据隐私的泄露。Abstract: Considering that the existing attribute-based searchable encryption scheme lacks the authorization service to the cloud server, a multi-server searchable Ciphertext Polity Attribute Base Encryption (CP-ABE) scheme is proposed based on authorization. The scheme implements search services through a cloud filter server, cloud search server and cloud storage server cooperation mechanism. The users send the authorization information to the cloud filter server at once, then the server creates the authorization information; The cloud search server creates the trapdoor information based on the trapdoor information sent by the users. Without decrypting the cipher text, the cloud filter server can detect all the cipher texts. Multiple attribute authorities can be used to ensure efficient and fine-grained access under the premise of ensuring data confidentiality, solving the problem of leakage of data user keys. It can improve the data retrieval efficiency when people use the cloud server. Through security analysis, it is proved that the scheme can not steal sensitive information of data users while providing data retrieval services, and it can effectively prevent the leakage of data privacy.
-
表 2 计算开销表
方案 加密运算量 陷门检测运算量 解密运算量 文献[16] 3+P(2n+5)E+(3n+3)M 4P+6E+6M (n+5)P+(3n+3)E+(5n+4)M 本文方案 +P+(2n+1)E+(2n+1)M ①3+P+(4n+2)E+(4n+2)M②4+P+(8n+4)E+(2n+3)M 2+P+(2n+5)E+(n+1)M -
BONEH D, DI CRESCENZO G, OSTROVSKY R, et al. Public key encryption with keyword search[C]. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2004: 506–522. 李经纬, 贾春福, 刘哲理, 等. 可搜索加密技术研究综述[J]. 软件学报, 2015, 26(1): 109–128. doi: 10.13328/j.cnki.jos.004700LI Jingwei, JIA Chunfu, LIU Zheli, et al. Survey on the searchable encryption[J]. Journal of Software, 2015, 26(1): 109–128. doi: 10.13328/j.cnki.jos.004700 BAEK J, SAFAVI-NAINI R, and SUSILO W. On the integration of public key data encryption and public key encryption with keyword search[C]. The 9th International Conference on Information Security, Samos Island, Greece, 2006: 217–232. doi: 10.1007/11836810_16. BAEK J, SAFAVI-NAINI R, and SUSILO W. Public key encryption with keyword search revisited[C]. Computational Science and Its Applications – ICCSA 2008, Berlin, Heidelberg, 2008: 1249–1259. YANG Ce, ZHANG Weiming, XU Jun, et al. A fast privacy-preserving multi-keyword search scheme on cloud data[C]. 2012 International Conference on Cloud and Service Computing, Shanghai, China, 2012: 104–110. 王保民, 何智灵, 罗文俊. 基于云存储的多用户可搜索加密方案[J]. 信息网络安全, 2013(12): 33–36.WANG Baomin, HE Zhiling, and LUO Wenjun. An efficient scheme of multi-user searchable encryption with keyword in cloud storage[J]. Netinfo Security, 2013(12): 33–36. 张楠, 陈兰香. 一种高效的支持排序的关键词可搜索加密系统研究[J]. 信息网络安全, 2017(2): 43–50. doi: 10.3969/j.issn.1671-1122.2017.02.007ZHANG Nan and CHEN Lanxiang. Research on an efficient ranked keywords searchable encryption system[J]. Netinfo Security, 2017(2): 43–50. doi: 10.3969/j.issn.1671-1122.2017.02.007 SAHAI A and WATERS B. Fuzzy identity-based encryption[C]. The 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 2005: 457–473. WANG Hao, ZHENG Zhihua, WU Lei, et al. New directly revocable attribute-based encryption scheme and its application in cloud storage environment[J]. Cluster Computing, 2017, 20(3): 2385–2392. doi: 10.1007/s10586-016-0701-7 李双, 徐茂智. 基于属性的可搜索加密方案[J]. 计算机学报, 2014, 37(5): 1017–1024.LI Shuang and XU Maozhi. Attribute-based public encryption with keyword search[J]. Chinese Journal of Computers, 2014, 37(5): 1017–1024. ZHENG Qingji, XU Shouhuai, and ATENIESE G. VABKS: Verifiable attribute-based keyword search over outsourced encrypted data[C]. 2014 IEEE Conference on Computer Communications, Toronto, Canada, 2014: 522–530. doi: 10.1109/INFOCOM.2014.6847976. SUN Wenhai, YU Shucheng, LOU Wenjing, et al. Protecting your right: Verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[J]. IEEE Transactions on Parallel and Distributed Systems, 2016, 27(4): 1187–1198. doi: 10.1109/TPDS.2014.2355202 IBRAIMI L, NIKOVA S, HARTEL P, et al. Public-key encryption with delegated search[C]. The 9th International Conference on Applied Cryptography and Network Security, Nerja, Spain, 2011: 532–549. doi: 10.1007/978-3-642-21554-4_31. 林鹏, 江颉, 陈铁明. 云环境下关键词搜索加密算法研究[J]. 通信学报, 2015, 36(S1): 259–265.LIN Peng, JIANG Jie, and CHEN Tieming. Application of keyword searchable encryption in cloud[J]. Journal on Communications, 2015, 36(S1): 259–265. 苏航, 朱智强, 孙磊. 移动云存储中基于属性的搜索加密方案研究[J]. 计算机应用研究, 2017, 34(12): 3753–3757, 3766. doi: 10.3969/j.issn.1001-3695.2017.12.053SU Hang, ZHU Zhiqiang, and SUN Lei. Research on searchable attribute based encryption in mobile cloud storage[J]. Application Research of Computers, 2017, 34(12): 3753–3757, 3766. doi: 10.3969/j.issn.1001-3695.2017.12.053 伍祈应, 马建峰, 苗银宾, 等. 多数据拥有者认证的密文检索方案[J]. 通信学报, 2017, 38(11): 161–170.WU Qiying, MA Jianfeng, Miao Yinbin, et al. Multi-owner accredited keyword search over encrypted data[J]. Journal on Communications, 2017, 38(11): 161–170. 黄海平, 杜建澎, 戴华, 等. 一种基于云存储的多服务器多关键词可搜索加密方案[J]. 电子与信息学报, 2017, 39(2): 389–396. doi: 10.11999/JEIT160338HUANG Haiping, DU Jianpeng, DAI Hua, et al. Multi-sever multi-keyword searchable encryption scheme based on cloud storage[J]. Journal of Electronics &Information Technology, 2017, 39(2): 389–396. doi: 10.11999/JEIT160338 PBC Library. The pairing-based cryptography library[EB/OL]. http://crypto.stanford.edu/pbc/, 2010.