基于授权的多服务器可搜索密文策略属性基加密方案

针对现有属性基可搜索加密方案缺乏对云服务器授权的服务问题,该文提出一种基于授权的可搜索密文策略属性基加密(CP-ABE)方案。方案通过云过滤服务器、云搜索服务器和云存储服务器协同合作实现搜索服务。用户可将生成的授权信息和陷门信息分别发送给云过滤服务器和云搜索服务器,在不解密密文的情况下,云过滤服务器可对所有密文进行检测。该方案利用多个属性授权机构,在保证数据机密性的前提下能进行高效的细粒度访问,解决数据用户密钥泄露问题,提高数据用户对云端数据的检索效率。通过安全性分析,证明方案在提供数据检索服务的同时无法窃取数据用户的敏感信息,且能够有效地防止数据隐私的泄露。     

支持策略隐藏且密文长度恒定的可搜索加密方案

属性加密体制是实现云存储中数据灵活访问控制的关键技术之一,但已有的属性加密方案存在密文存储开销过大和用户隐私泄露等问题,并且不能同时支持云端数据的公开审计。为了解决这些问题,该文提出一个新的可搜索属性加密方案,其安全性可归约到q-BDHE问题和CDH问题的困难性。该方案在支持关键词搜索的基础上,实现了密文长度恒定;引入策略隐藏思想,防止攻击者获取敏感信息,确保了用户的隐私性;通过数据公开审计机制,实现了云存储中数据的完整性验证。与已有的同类方案相比较,该方案有效地降低了数据的加密开销、关键词的搜索开销、密文的存储成本与解密开销,在云存储环境中具有较好的应用前景。     

支持策略隐藏且密文长度恒定的可搜索加密方案

属性加密体制是实现云存储中数据灵活访问控制的关键技术之一,但已有的属性加密方案存在密文存储开销过大和用户隐私泄露等问题,并且不能同时支持云端数据的公开审计.为了解决这些问题,该文提出一个新的可搜索属性加密方案,其安全性可归约到q-BDHE问题和CDH问题的困难性.该方案在支持关键词搜索的基础上,实现了密文长度恒定;引入策略隐藏思想,防止攻击者获取敏感信息,确保了用户的隐私性;通过数据公开审计机制,实现了云存储中数据的完整性验证.与已有的同类方案相比较,该方案有效地降低了数据的加密开销、关键词的搜索开销、密文的存储成本与解密开销,在云存储环境中具有较好的应用前景.     

具有隐私保护的云存储访问控制方案

针对传统的访问控制方案无法在云计算环境下保护用户的属性隐私,提出了具有隐私保护的云存储访问控制方案。采用混合加密体制实现了数据的机密性,即利用对称密钥加密明文数据,再利用公钥密码体制对对称密钥进行加密。在新的访问控制方案中,公钥加密采用了匿名的密文策略下基于属性的加密技术。安全性分析表明,新方案在保护用户属性隐私的同时,达到了选择明文安全性,可抵抗恶意用户及云存储服务器的合谋攻击。     

区块链上基于云辅助的密文策略属性基数据共享加密方案

针对云存储的集中化带来的数据安全和隐私保护问题,该文提出一种区块链上基于云辅助的密文策略属性基(CP-ABE)数据共享加密方案。该方案采用基于属性加密技术对加密数据文件的对称密钥进行加密,并上传到云服务器,实现了数据安全以及细粒度访问控制;采用可搜索加密技术对关键字进行加密,并将关键字密文上传到区块链(BC)中,由区块链进行关键字搜索保证了关键字密文的安全,有效地解决现有的云存储共享系统所存在的安全问题。该方案能够满足选择明文攻击下的不可区分性、陷门不可区分性和抗串联性。最后,通过性能评估,验证了该方案的有效性。     

区块链上基于云辅助的密文策略属性基数据共享加密方案

针对云存储的集中化带来的数据安全和隐私保护问题,该文提出一种区块链上基于云辅助的密文策略属性基(CP-ABE)数据共享加密方案.该方案采用基于属性加密技术对加密数据文件的对称密钥进行加密,并上传到云服务器,实现了数据安全以及细粒度访问控制;采用可搜索加密技术对关键字进行加密,并将关键字密文上传到区块链(BC)中,由区块链进行关键字搜索保证了关键字密文的安全,有效地解决现有的云存储共享系统所存在的安全问题.该方案能够满足选择明文攻击下的不可区分性、陷门不可区分性和抗串联性.最后,通过性能评估,验证了该方案的有效性.     

基于优化加密的云存储安全数据检索方法研究

针对传统检索方法在云存储加密数据中的检索效率过低的问题,提出属性基加密技术的安全数据检索方案。通过使用属性基加密技术的索引词表达能力,提高数据的安全系数,再通过较为完善综合的云服务提供商所提供的运行开销以及参与云存储信息索引的其他用户的信息检索服务,让穷尽的搜索转变为加密运算,让整个云存储系统的搜索过程与存储管理系统机制更加完善。通过对云存储数据检索方案中属性基加密技术的研究,将属性基加密技术与其他几种新方案进行比较,属性基加密方案在访问控制和快速搜索中具有十分优异的性能,而且在数据检索过程中可以有效保护数据的安全,保障用户的隐私安全,十分符合拥有大量数据的云存储系统。     

基于身份的具有否认认证的关键字可搜索加密方案

云存储技术的发展实现了资源共享,为用户节省了数据管理开销.可搜索加密技术,既保护用户隐私又支持密文检索,方便了用户查找云端密文数据.现有的公钥关键字可搜索加密方案虽然支持身份认证,但未实现否认的属性.为了更好地保护发送者的身份隐私,该文将否认认证与公钥关键字可搜索加密技术相结合,提出一种基于身份的具有否认认证的关键字可...     

基于区块链的细粒度云数据安全存储与删除方案

在基于云计算的存储与删除服务中,由于外包数据所有权和管理分离,现有的逻辑删除机制使云上的数据很容易暴露给未经授权的用户,甚至云服务器可能未遵循用户要求删除相应数据。为此,该文提出一种细粒度的安全云端数据存储与删除方案。基于椭圆曲线构造了基于密文策略的属性基加密以实现外包数据细粒度访问控制,应用区块链实现可公开验证的安全数据删除。该文方案具有责任可追踪性以及两方删除与可验证性等特性。理论分析与实验结果表明该文方案具有较好的安全性和较高的性能,能够满足云数据共享与安全删除的需求。     

基于区块链的细粒度云数据安全存储与删除方案

在基于云计算的存储与删除服务中,由于外包数据所有权和管理分离,现有的逻辑删除机制使云上的数据很容易暴露给未经授权的用户,甚至云服务器可能未遵循用户要求删除相应数据.为此,该文提出一种细粒度的安全云端数据存储与删除方案.基于椭圆曲线构造了基于密文策略的属性基加密以实现外包数据细粒度访问控制,应用区块链实现可公开验证的安全数据删除.该文方案具有责任可追踪性以及两方删除与可验证性等特性.理论分析与实验结果表明该文方案具有较好的安全性和较高的性能,能够满足云数据共享与安全删除的需求.     

Electronic medical record data sharing scheme based on searchable encryption via consortium blockchain

Considering that it was difficult to share medical record data among different medical institutions in cloud storage,an electronic medical record data sharing scheme based on searchable encryption on blockchain was proposed.In order to realize the secure storage and sharing of electronic medical records in the scheme,the patient’s electronic medical record ciphertext was stored in the hospital server,the ciphertext hash value was stored in the private blockchain,and the keyword index was stored in the consortium blockchain.Searchable encryption was used to implement secure search of keywords in the consortium blockchain,and proxy re-encryption technology was used to realize the sharing of electronic medical records of patients by other data users.Security analysis shows that the proposed scheme can achieve ciphertext security and keyword security.Moreover,the performance of the scheme was analyzed by function analysis,computational efficiency analysis and numerical simulation.The performance analysis shows that the scheme can achieve high computational efficiency.     

Hybrid cloud approach for block-level deduplication and searchable encryption in large universe

Ciphertext-policy attribute-based searchable encryption (CP-ABSE) can achieve fine-grained access control for data sharing and retrieval, and secure deduplication can save storage space by eliminating duplicate copies. However, there are seldom schemes supporting both searchable encryption and secure deduplication. In this paper, a large universe CP-ABSE scheme supporting secure block-level deduplication are proposed under a hybrid cloud mechanism. In the proposed scheme, after the ciphertext is inserted into bloom filter tree (BFT), private cloud can perform fine-grained deduplication efficiently by matching tags, and public cloud can search efficiently using homomorphic searchable method and keywords matching. Finally, the proposed scheme can achieve privacy under chosen distribution attacks block-level (PRV-CDA-B) secure deduplication and match-concealing (MC) searchable security. Compared with existing schemes, the proposed scheme has the advantage in supporting fine-grained access control, block-level deduplication and efficient search, simultaneously.     

支持属性撤销的可验证多关键词搜索加密方案

近年来,可搜索加密技术及细粒度访问控制的属性加密在云存储环境下得到广泛应用。考虑到现存的基于属性的可搜索加密方案存在仅支持单关键词搜索而不支持属性撤销的问题,以及单关键词搜索可能造成返回搜索结果部分错误并导致计算和宽带资源浪费的缺陷,该文提出一种支持属性撤销的可验证多关键词搜索加密方案。该方案允许用户检测云服务器搜索结果的正确性,同时在细粒度访问控制结构中支持用户属性的撤销,且在属性撤销过程中不需要更新密钥和重加密密文。该文在随机预言机模型下基于判定性线性假设被证明具有抵抗选择关键词集攻击安全性及关键词隐私性,同时从理论和实验两方面分析验证了该方案具有较高的计算效率与存储效率。     

Verifiable attribute-based searchable encryption scheme based on blockchain

For the problem that the shared decryption key lacks of fine-grained access control and the search results lacks of correctness verification under one-to-many search model,a verifiable attribute-based searchable encryption scheme based on blockchain was proposed.The ciphertext policy attribute-based encryption mechanism was used on the shared key to achieve fine-grained access control.Ethereum blockchain technology was combined to solve the problem of incorrect search results returned by the semi-honest and curious cloud server model,so it could prompt both the cloud server and the user to follow the rules of the contract honestly and achieved service-payment fairness between the user and the cloud server in the pay-per-use cloud environment.In addition,based on the irreversible modification of the blockchain,the cloud server was guaranteed to receive the service fee,and the user was assured to obtain the correct retrieval results without additional verification which reduced the computational overhead of the user.The security analysis shows that the scheme satisfies the semantic security against adaptive chosen keyword attack and can protect the privacy of users and the security of data.The performance comparison and experimental results show that the scheme has certain optimizations in security index generation,search token generation,retrieval efficiency and transaction quantity,so it is more suitable for one-to-many search scenarios such as smart medical.     

基于区块链的多关键词模糊搜索加密方案

针对1对多数据密文共享中多关键词模糊匹配和用户公平性问题,该文提出一种基于区块链的多关键词模糊搜索加密方案。该文提出一种R-HashMap索引结构,通过使用对偶编码函数和位置敏感哈希函数来构建安全索引,并采用K最近邻算法来加密索引,通过计算欧式距离度量查询关键词向量与索引节点之间的相似性,实现多关键词模糊密文搜索。该文除了消除预定义词典和降低存储开销外,还在不增加搜索复杂度的前提下实现对安全索引的更新。此外,将以太坊区块链技术与可搜索加密方案相结合避免了恶意服务器对数据的篡改,使用智能合约作为可信第三方进行检索工作,不仅可以防止云服务器内部的关键词猜测攻击,还可以解决检索结果不正确的问题。通过安全性证明分析,该文不但满足自适应选择关键词语义安全性,还可以保护用户隐私和数据安全。将该文与其他方案进行实验对比,证明该文在保证精确度的前提下,时间开销上具有更好的效率优势。     

Multiuser access control searchable privacy‐preserving scheme in cloud storage

Searchable encryption scheme‐based ciphertext‐policy attribute‐based encryption (CP‐ABE) is a effective scheme for providing multiuser to search over the encrypted data on cloud storage environment. However, most of the existing search schemes lack the privacy protection of the data owner and have higher computation time cost. In this paper, we propose a multiuser access control searchable privacy‐preserving scheme in cloud storage. First, the data owner only encrypts the data file and sets the access control list of multiuser and multiattribute for search data file. And the computing operation, which generates the attribute keys of the users' access control and the keyword index, is given trusted third party to perform for reducing the computation time of the data owner. Second, using CP‐ABE scheme, trusted third party embeds the users' access control attributes into their attribute keys. Only when those embedded attributes satisfy the access control list, the ciphertext can be decrypted accordingly. Finally, when the user searches data file, the keyword trap door is no longer generated by the user, and it is handed to the proxy server to finish. Also, the ciphertext is predecrypted by the proxy sever before the user performs decryption. In this way, the flaw of the client's limited computation resource can be solved. Security analysis results show that this scheme has the data privacy, the privacy of the search process, and the collusion‐resistance attack, and experimental results demonstrate that the proposed scheme can effectively reduce the computation time of the data owner and the users.     

Multi-owner accredited keyword search over encrypted data

A sharing multi-owner setting where data was owned by a fixed number of data owners,the existing searchable encryption schemes could not support ciphertext retrieval and fine-grained access control at the same time.For this end,an efficient cryptographic primitive called as multi-owner accredited keyword search over encrypted data scheme was designed,through combining linear secret-sharing technique with searchable encryption schemes,only the data users authorized bymulti-owner by could decrypt the returned results.The formal security analysis shows that the scheme can protect security and privacy under the bilinear Diffie-Hellman assumption.As a further contribution,an empirical study over real-world dataset was conelucted to show the effectiveness and practicability of the scheme.     

A based on blinded CP‐ABE searchable encryption cloud storage service scheme

Cloud computing has great economical advantages and wide application, more and more data owners store their data in the cloud storage server (CSS) to avoid tedious local data management and insufficient storage resources. But the privacy of data owners faces enormous challenges. The most recent searchable encryption technology adopts the ciphertext‐policy attribute‐based encryption (CP‐ABE), which is one good method to deal with this security issue. However, the access attributes of the users are transmitted and assigned in plaintext form. In this paper, we propose a based on blinded CP‐ABE searchable encryption cloud storage service (BCP‐ABE‐SECSS) scheme, which can blind the access attributes of the users in order to prevent the collusion attacks of the CSS and the users. Data encryption and keyword index generation are performed by the data owners; meanwhile, we construct that CSS not only executes the access control policy of the data but also performs the pre‐decryption operation about the encrypted data to solve higher time cost of decryption calculation to the data users. Security proof results show that this scheme has access attribute security, data confidentiality, indistinguishable security against chosen keyword attack, and resisting the collusion attack between the data user and the CSS. Performance analysis and the experimental results show that this scheme can effectively reduce the computation time cost of the data owners and the data users.