基于访问代理的数据加密及搜索技术研究

王国峰; 刘川意; 韩培义; 潘鹤中; 方滨兴

doi:10.11959/j.issn.1000-436x.2018114

您当前的位置：

首页 >

文章列表页 >

基于访问代理的数据加密及搜索技术研究

学术论文 | 更新时间：2024-06-05

- 基于访问代理的数据加密及搜索技术研究
- Research on technology of data encryption and search based on access broker
- 通信学报 2018年39卷第7期页码：1-14
- 作者机构：
  
  1. 北京邮电大学网络空间安全学院，北京 100876
  2. 哈尔滨工业大学（深圳）计算机科学与技术学院，广东深圳 518055
- 作者简介：
  
  [ "王国峰（1988-），男，山东济宁人，北京邮电大学博士生，主要研究方向为数据安全、云计算与云安全。" ]
  [ "刘川意（1982-），男，四川乐山人，哈尔滨工业大学（深圳）副教授，主要研究方向为云计算与云安全、大规模存储系统、数据保护与数据安全。" ]
  [ "韩培义（1992-），男，山西吕梁人，北京邮电大学博士生，主要研究方向为数据安全、云安全。" ]
  [ "潘鹤中（1991-），男，辽宁本溪人，北京邮电大学博士生，主要研究方向为数据安全、云安全。" ]
  [ "方滨兴（1960-），男，江西上饶人，中国工程院院士，哈尔滨工业大学（深圳）教授，主要研究方向为网络与信息安全、内容安全。" ]
- 基金信息：
  
  国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016001);国家重点研发计划基金资助项目(2017YFB0801801);国家科技重大专项基金资助项目(BB29100002);国家科研发展咨询基金资助项目(BA25500031);国家科研发展咨询基金资助项目(BB25500019)
- DOI：10.11959/j.issn.1000-436x.2018114
  中图分类号： TP302
- 网络出版日期：2018-07，
  
  纸质出版日期：2018-07-25
- 稿件说明：
移动端阅览
王国峰, 刘川意, 韩培义, 等. 基于访问代理的数据加密及搜索技术研究[J]. 通信学报, 2018,39(7):1-14.

Guofeng WANG, Chuanyi LIU, Peiyi HAN, et al. Research on technology of data encryption and search based on access broker[J]. Journal on communications, 2018, 39(7): 1-14.
王国峰, 刘川意, 韩培义, 等. 基于访问代理的数据加密及搜索技术研究[J]. 通信学报, 2018,39(7):1-14. DOI： 10.11959/j.issn.1000-436x.2018114.

Guofeng WANG, Chuanyi LIU, Peiyi HAN, et al. Research on technology of data encryption and search based on access broker[J]. Journal on communications, 2018, 39(7): 1-14. DOI： 10.11959/j.issn.1000-436x.2018114.

摘要

针对云应用程序数据机密性问题，提出一种访问代理执行的密文搜索方案。此方案不需要修改云应用程序且不改变用户使用习惯，具有很强的可适用性。首先从功能性、效率性和安全性等方面分析了基于访问代理的密文搜索方案，并指出其所面临的关键问题，包括代理间索引和密文的安全分享，并设计解决方案。实验结果表明，此方案可有效保护云服务用户数据，实现多种搜索功能，且具有很高的效率性和安全性。

Abstract

Broker executed searchable encryption (BESE) scheme was proposed for the confidentiality issues of cloud application data.The scheme did not need to modify the cloud application or user habits

thus had strong applicability.Firstly

systematic and quantitative analysis on BESE scheme was conducted in terms of query expressiveness

performance and security.Then

the main challenges of BESE scheme including securely sharing index and encrypted data between brokers were pointed out

and corresponding schemes were proposed to address the above challenges.The experimental results show that the BESE scheme can effectively protect the user data in the cloud

achieve a variety of search functions

and has high efficiency and security.

关键词

Keywords

references

Cloud Security Alliance,Top Threats Working Group . CSA’s cloud computing top threats in 2016 [R ] . 2016 .

It’s all about identity theft - first half findings from the 2016 breach level index [R ] . 2016 .

王国峰 , 刘川意 , 潘鹤中 , 等 . 云计算模式内部威胁综述 [J ] . 计算机学报 , 2017 , 40 ( 2 ): 296 - 316 .

WANG G F , LIU C Y , PAN H Z , et al . Survey on insider threats to cloud computing [J ] . Chinese Journal of Computers , 2017 , 40 ( 2 ): 296 - 316 .

GOLDREICH O , OSTROVSKY R . Software protection and simulation on oblivious RAMs [J ] . Journal of the ACM , 1996 , 43 ( 3 ): 431 - 473 .

BÖSCH C , HARTEL P , JONKER W , et al . A survey of provably secure searchable encryption [J ] . ACM Computing Surveys (CSUR) , 2015 , 47 ( 2 ):18.

Gartner report:how to evaluate and operate a cloud access security broker [R ] . 2015 .

SCHÜTZE H , . Introduction to information retrieval [C ] // International Communication of Association for Computing Machinery Conference . 2008 .

HE W , AKHAWE D , JAIN S , et al . Shadowcrypt:encrypted Web applications for everyone [C ] // The 2014 ACM SIGSAC Conference on Computer and Communications Security . 2014 : 1028 - 1039 .

LAU B , CHUNG S , SONG C , et al . Mimesis aegis:a mimicry privacy shield–a system’s approach to data privacy on public cloud [C ] // 23rd USENIX Security Symposium (USENIX Security 14) . 2014 : 33 - 48 .

POPA R A , STARK E , VALDEZ S , et al . Building Web applications on top of encrypted data using Mylar [C ] // 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14) . 2014 : 157 - 172 .

POPA R A , REDFIELD C , ZELDOVICH N , et al . CryptDB:protecting confidentiality with encrypted query processing [C ] // The Twenty-Third ACM Symposium on Operating Systems Principles . 2011 : 85 - 100 .

SONG D X , WAGNER D , PERRIG A . Practical techniques for searches on encrypted data [C ] // 2000 IEEE Symposium on Security and Privacy . 2000 : 44 - 55 .

GOH E J . Secure indexes [J ] . International Association for Cryptologic Research Cryptology ePrint Archive , 2003 :216.

CURTMOLA R , GARAY J , KAMARA S , et al . Searchable symmetric encryption:improved definitions and efficient constructions [J ] . Journal of Computer Security , 2011 , 19 ( 5 ): 895 - 934 .

XIA Z , WANG X , SUN X , et al . A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data [J ] . IEEE Transactions on Parallel and Distributed Systems , 2016 , 27 ( 2 ): 340 - 352 .

LI J , WANG Q , WANG C , et al . Fuzzy keyword search over encrypted data in cloud computing [C ] // INFOCOM . 2010 : 1 - 5 .

KAMARA S , PAPAMANTHOU C , ROEDER T . Dynamic searchable symmetric encryption [C ] // The 2012 ACM Conference on Computer and Communications Security . 2012 : 965 - 976 .

BONEH D , CRESCENZO G D , OSTROVSKY R , et al . Public key encryption with keyword search [C ] // International Conference on the Theory and Applications of Cryptographic Techniques . 2004 : 506 - 522 .

LIU Q , WANG G , WU J . Secure and privacy preserving keyword searching for cloud storage services [J ] . Journal of Network and Computer Applications , 2012 , 35 ( 3 ): 927 - 933 .

GENTRY C , . Certificate-based encryption and the certificate revocation problem [C ] // International Conference on the Theory and Applications of Cryptographic Techniques . 2003 : 272 - 293 .

MICALI S , . Scalable certificate validation and simplified pki management [C ] // 1st Annual PKI Research Workshop . 2002 :15.

SHAMIR A , . Identity-based cryptosystems and signature schemes [C ] // Workshop on the Theory and Application of Cryptographic Techniques . 1984 : 47 - 53 .

BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing [C ] // Annual International Cryptology Conference . 2001 : 213 - 229 .

AL-RIYAMI S S , PATERSON K G . Certificateless public key cryptography [C ] // International Conference on the Theory and Application of Cryptology and Information Security . 2003 : 452 - 473 .

LEWKO A , WATERS B . Decentralizing attribute-based encryption [C ] // Annual International Conference on the Theory and Applications of Cryptographic Techniques . 2011 : 568 - 588 .

SCHULZ K U , MIHOV S . Fast string correction with Levenshtein automata [J ] . International Journal on Document Analysis and Recognition , 2002 , 5 ( 1 ): 67 - 85 .

ISLAM M S , KUZU M , KANTARCIOGLU M . Access pattern disclosure on searchable encryption:ramification,attack and mitigation [C ] // NDSS . 2012 :12.

CASH D , GRUBBS P , PERRY J , et al . Leakage-abuse attacks against searchable encryption [C ] // The 22nd ACM SIGSAC Conference on Computer and Communications Security . 2015 : 668 - 679 .

浏览量

895

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向云存储的数据加密系统与技术研究

TCCL：安全高效的拓展云桌面架构

深度学习在僵尸云检测中的应用研究

面向物联网搜索的数据隐私保护研究综述

面向DaaS应用的数据集成隐私保护机制研究