云环境下基于属性策略隐藏的可搜索加密方案

基于属性的可搜索加密技术可以实现对数据的细粒度访问控制，但现有的可搜索加密方案，关键字的搜索、访问控制、文件加密基本上是分别执行的，导致攻击者可能跳过访问策略直接进行关键字索引匹配或文件解密；其次，现有方案中数据拥有者需将加密文件的密钥以安全通道传给用户，增加了数据拥有者的开销；此外，大多基于树型的访问控制策略是公开的，容易造成隐私泄露。因此，基于线性秘密分享（LSSS，linear secret sharing schemes）访问结构，提出了一种云环境下基于属性策略隐藏的可搜索加密方案。通过将策略秘密值嵌入关键字加密与文件存储加密，实现访问控制、关键字搜索与文件加密的有机结合；通过聚合密钥技术实现用户无须与数据拥有者交互，即可对文件进行解密的功能，减轻了密钥管理的负担，存储空间提高约30%。实验结果及安全性分析表明，所提方案具有数据存储的安全性、访问策略的隐私性、陷门的不可连接性等功能，具有较高的密文检索效率，与已有主流方案相比，检索效率提高至20%以上。

Searchable encryption scheme based on attribute policy hiding in a cloud environment

Attribute-based searchable encryption technology can achieve fine-grained access control of data, but the existing searchable encryption scheme, keyword search, access control and file encryption are basically performed separately, causing the attacker to directly skip the access policy for keyword index matching and file decryption.Besides, the data owners in the existing schemes need to pass the key of the encrypted file to the user in a secure channel, which increases the cost of the data owner.Furthermore, most tree-based access control policies are open and easy to cause privacy leakage.Therefore, based on the LSSS (linear secret sharing schemes) access architecture, the searchable encryption scheme based on attribute policy hiding in a cloud environment was proposed.Through the embedding of policy secret values into keyword encryption and file storage encryption, the combination of access control, keyword search and file encryption were realized.The aggregate key technology enables users to decrypt files without interacting with the data owner, reducing the burden of key management and increasing storage space by approximately 30%.The experimental results and security analysis show that the proposed scheme guarantees the security of stored data, privacy of access strategy and non-connectivity of trap gate.Compared with the existing mainstream scheme, the retrieval efficiency of the proposed scheme has improved to more than 20%.