加密云数据下的关键词模糊搜索方案

对于加密云数据的搜索,传统的关键词模糊搜索方案虽然能搜索到相关文档,但是搜索的结果并不令人满意。在用户输入正确的情况下,无法完成近似搜索,当用户出现拼写错误时,返回的结果中包含大量无关关键词文档,严重浪费了带宽资源。针对目前在加密云数据下关键词模糊搜索的缺陷,提出了一种新型的关键词模糊搜索方案,通过对关键词计算相关度分数并对文档根据相关度分数进行排序,将top-k（即相关度最高的k个文档）个文档返回给搜索用户,减少了不必要的带宽浪费和用户寻找有效文档的时间消耗,提供了更加有效的搜索结果,并且通过引入虚假陷门集,增大了云服务器对文档关键词的分析难度,增加了系统的隐私性保护。     

云计算中加密数据的模糊关键字搜索方法

传统的可搜索加密方案仅支持精确匹配的搜索,在效率和性能上都不能适应云计算环境。用支持多种字符串相似性操作的R+树构建索引,实现了云计算中对加密数据的模糊关键字搜索;用编辑距离来量化关键字的相似度,提出了一种可以返回与关键字更接近的文件检索方法。通过字符串聚类提高了模糊关键字搜索的效率。     

面向属性加密数据的可验证细粒度关键字密文搜索

为实现加密数据的细粒度密文搜索,并确保第三方服务器诚实可靠地执行搜索过程,同时尽可能降低用户端的计算和通信代价,提出支持密文搜索可验证的属性基可搜索加密方案。通过引入对称密钥加密体制,承诺方案和强一次性消息认证码,以经典的属性加密方案为基础构造算法,实现密文关键字的细粒度搜索以及搜索过程的可验证性,并证明方案具有选择性的数据安全性和搜索索引安全性,以及验证可靠性。与同类方案相比,该方案在达到同等安全性要求的情况下,进一步提高了终端用户的计算和通信效率。     

VKSE-MO: verifiable keyword search over encrypted data in multi-owner settings

Searchable encryption (SE) techniques allow cloud clients to easily store data and search encrypted data in a privacy-preserving manner, where most of SE schemes treat the cloud server as honest-but-curious. However, in practice, the cloud server is a semi-honest-but-curious third-party, which only executes a fraction of search operations and returns a fraction of false search results to save its computational and bandwidth resources. Thus, it is important to provide a results verification method to guarantee the correctness of the search results. Existing SE schemes allow multiple data owners to upload different records to the cloud server, but these schemes have very high computational and storage overheads when applied in a different but more practical setting where each record is co-owned by multiple data owners. To address this problem, we develop a verifiable keyword search over encrypted data in multi-owner settings (VKSE-MO) scheme by exploiting the multisignatures technique. Thus, our scheme only requires a single index for each record and data users are assured of the correctness of the search results in challenging settings. Our formal security analysis proved that the VKSE-MO scheme is secure against a chosen-keyword attack under a random oracle model. In addition, our empirical study using a real-world dataset demonstrated the efficiency and feasibility of the proposed scheme in practice.     

An efficient privacy-preserving multi-keyword search over encrypted cloud data with ranking

Information search and retrieval from a remote database (e.g., cloud server) involves a multitude of privacy issues. Submitted search terms and their frequencies, returned responses and order of their relevance, and retrieved data items may contain sensitive information about the users. In this paper, we propose an efficient multi-keyword search scheme that ensures users’ privacy against both external adversaries including other authorized users and cloud server itself. The proposed scheme uses cryptographic techniques as well as query and response randomization. Provided that the security and randomization parameters are appropriately chosen, both search terms in queries and returned responses are protected against privacy violations. The scheme implements strict security and privacy requirements that essentially disallow linking queries featuring identical search terms. We also incorporate an effective ranking capability in the scheme that enables user to retrieve only the top matching results. Our comprehensive analytical study and extensive experiments using both real and synthetic datasets demonstrate that the proposed scheme is privacy-preserving, effective, and highly efficient.     

Preferred search over encrypted data

Cloud computing provides elastic data storage and processing services. Although existing research has proposed preferred search on the plaintext files and encrypted search, no method has been proposed that integrates the two techniques to efficiently conduct preferred and privacy-preserving search over large datasets in the cloud.In this paper, we propose a scheme for preferred search over encrypted data (PSED) that can take users’ search preferences into the search over encrypted data. In the search process, we ensure the confidentiality of not only keywords but also quantified preferences associated with them. PSED constructs its encrypted search index using Lagrange coefficients and employs secure inner-product calculation for both search and relevance measurement. The dynamic and scalable property of cloud computing is also considered in PSED. A series of experiments have been conducted to demonstrate the efficiency of the proposed scheme when deploying it in real-world scenarios.     

VMKDO: Verifiable multi-keyword search over encrypted cloud data for dynamic data-owner

The advantages of cloud computing encourage individuals and enterprises to outsource their local data storage and computation to cloud server, however, data security and privacy concerns seriously hinder the practicability of cloud storage. Although searchable encryption (SE) technique enables cloud server to provide fundamental encrypted data retrieval services for data-owners, equipping with a result verification mechanism is still of prime importance in practice as semi-trusted cloud server may return incorrect search results. Besides, single keyword search inevitably incurs many irrelevant results which result in waste of bandwidth and computation resources. In this paper, we are among the first to tackle the problems of data-owner updating and result verification simultaneously. To this end, we devise an efficient cryptographic primitive called as verifiable multi-keyword search over encrypted cloud data for dynamic data-owner scheme to protect both data confidentiality and integrity. Rigorous security analysis proves that our scheme is secure against keyword guessing attack (KGA) in standard model. As a further contribution, the empirical experiments over real-world dataset show that our scheme is efficient and feasible in practical applications.     

Efficient wildcard search over encrypted data

Searchable encryption is an important technique that allows the data owners to store their encrypted data in the cloud. It also maintains the ability to search a keyword over encrypted data. In practice, searchable encryption scheme supporting wildcard search is very important and widely used. In this paper, we propose a new wildcard search technique to use one wildcard to represent any number of characters. Based on Bloom filter with a novel specified characters position technique, we construct a new searchable symmetric scheme to support wildcard search over encrypted data. This scheme is more efficient than prior schemes, and it can be strengthened to be secure against an adaptive attacker (CKA-2 security). Moreover, this scheme can be dynamic to support file addition and deletion. Our wildcard search technique is of independent interest.     

Path-oriented keyword search over graph-modeled Web data

Keyword based search systems are becoming increasingly popular and are considered a key feature in many information management systems. Keyword based search approaches have the significant advantage of not requiring users to know how data is organized or stored. Typical approaches assume the dataset to be modeled as a graph, where answers to queries are sub-graphs ranked according to some criteria. Exploring the graph and building and ranking quality pose a number of challenges. In this paper, we discuss Yaanii, an approach for effective Keyword Search over graph-modeled Web data. Yaanii contains a novel approach to keyword search, by extracting the best results from the first set of answers and then combining a solution building algorithm with a ranking technique. In addition to the algorithms and the processes for building result sets, we provide a detailed study of the computational and ranking complexity of Yaanii and compare it with other approaches. We show that Yaanii is superior in terms of efficiency and quality of returned results from both the experimental and theoretical aspects.     

Privacy-preserving conjunctive keyword search on encrypted data with enhanced fine-grained access control

Cloud storage over the internet gives opportunities for easy data sharing. To preserve the privacy of sharing data, the outsourced data is usually encrypted. The searchable encryption technique provides a solution to find the target data in the encrypted form. And the public-key encryption with keyword search is regarded as a major approach for the searchable encryption technique. However, there are still several privacy leakage challenges for the further adoption of these major schemes. One is how to resist the keyword guessing attack which still leaks data user’s keywords privacy. Another is how to construct the access control policy to prevent illegal access of outsourced data sharing since illegal access always leak the privacy of user’s attribute. In our paper, we firstly try to design a novel secure keyword index to resist the keyword guessing attack from access pattern and search pattern. Second, we propose an attribute-based encryption scheme which supports an enhanced fine-grained access control search. This allows the authenticated users to access different data although their searching request contains the same queried keywords, and meanwhile unauthenticated users cannot get any attribute privacy information. Third, we give security proofs to show that the construction of keyword index is against keyword guessing attack from the access pattern and search pattern, and our scheme is proved to be IND-CPA secure (the indistinguishability under chosen plaintext attack) under the standard model. Finally, theoretical analyses and a series of experiments are conducted to demonstrate the efficiency of our scheme.

     

Multi-Keyword search over encrypted data with scoring and search pattern obfuscation

Search over encrypted data recently became a critical operation that raised a considerable amount of interest in both academia and industry. Especially, as outsourcing, sensitive data to cloud prove to be a strong trend to benefit from the unmatched storage and computing capacities thereof. Indeed, privacy-preserving search over encrypted data, an apt term to address privacy-related issues concomitant in outsourcing sensitive data, have been widely investigated in the literature under different models and assumptions. In this work, we propose an efficient scheme that allows privacy-preserving search over encrypted data using queries with multiple keywords. Most important contributions of this work are as follows. Firstly, using a property referred as \(\delta \)-mean query obfuscation, the proposed scheme hides the search patterns, which are allowed to leak in many works in the literature including our preliminary work on the subject Orencik et al. (2013) [1]. Secondly, a two-server setting is employed to eliminate the correlation between the queries and matching documents sent to the user under the assumption that the two servers are not colluding. Thirdly, we propose a novel compression scheme that reduces both the communication cost between the two servers and the computation cost of the search operation more than 55 times compared to the standard approach. And finally, the proposed scheme also provides an effective scoring and ranking capability that is based on term frequency–inverse document frequency (tf-idf) weights of keyword–document pairs. Our analyses demonstrate that the proposed scheme is privacy-preserving, efficient and effective.     

Semantic and secure search over encrypted outsourcing cloud based on BERT

Searchable encryption provides an effective way for data security and privacy in cloud storage. Users can retrieve encrypted data in the cloud under the premise of protecting their own data security and privacy. However, most of the current content-based retrieval schemes do not contain enough semantic information of the article and cannot fully reflect the semantic information of the text. In this paper, we propose two secure and semantic retrieval schemes based on BERT (bidirectional encoder representations from transformers) named SSRB-1, SSRB-2. By training the documents with BERT, the keyword vector is generated to contain more semantic information of the documents, which improves the accuracy of retrieval and makes the retrieval result more consistent with the user’s intention. Finally, through testing on real data sets, it is shown that both of our solutions are feasible and effective.     

Efficiently enumerating results of keyword search over data graphs

Various approaches for keyword search in different settings (e.g., relational databases and XML) actually deal with the problem of enumerating K-fragments. For a given set of keywords K, a K-fragment is a subtree T of the given data graph, such that T contains all the keywords of K and no proper subtree of T has this property. There are three types of K-fragments: directed, undirected and strong. This paper describes efficient algorithms for enumerating K-fragments. Specifically, for all three types of K-fragments, algorithms are given for enumerating all K-fragments with polynomial delay and polynomial space. It is shown how these algorithms can be enhanced to enumerate K-fragments in a heuristic order. For directed K-fragments and acyclic data graphs, an algorithm is given for enumerating with polynomial delay in the order of increasing weight (i.e., the ranked order), assuming that K is of a fixed size.     

Efficient multi-keyword ranked query over encrypted data in cloud computing

Cloud computing infrastructure is a promising new technology and greatly accelerates the development of large scale data storage, processing and distribution. However, security and privacy become major concerns when data owners outsource their private data onto public cloud servers that are not within their trusted management domains. To avoid information leakage, sensitive data have to be encrypted before uploading onto the cloud servers, which makes it a big challenge to support efficient keyword-based queries and rank the matching results on the encrypted data. Most current works only consider single keyword queries without appropriate ranking schemes. In the current multi-keyword ranked search approach, the keyword dictionary is static and cannot be extended easily when the number of keywords increases. Furthermore, it does not take the user behavior and keyword access frequency into account. For the query matching result which contains a large number of documents, the out-of-order ranking problem may occur. This makes it hard for the data consumer to find the subset that is most likely satisfying its requirements. In this paper, we propose a flexible multi-keyword query scheme, called MKQE to address the aforementioned drawbacks. MKQE greatly reduces the maintenance overhead during the keyword dictionary expansion. It takes keyword weights and user access history into consideration when generating the query result. Therefore, the documents that have higher access frequencies and that match closer to the users’ access history get higher rankings in the matching result set. Our experiments show that MKQE presents superior performance over the current solutions.     

Approaches and challenges of privacy preserving search over encrypted data

More and more data owners are encouraged to outsource their data onto cloud servers for reducing infrastructure, maintenance cost and also to get ubiquitous access to their stored data. However, security is one issue that discourages data owners from adopting cloud servers for data storage. Searchable Encryption (SE) is one of the few ways of assuring privacy and confidentiality of such data by storing them in encrypted form at the cloud servers. SE enables the data owners and users to search over encrypted data through trapdoors. Most of the user information requirements are fulfilled either through Boolean or Ranked search approaches. This paper aims at understanding how the confidentiality and privacy of information can be guaranteed while processing single and multi-keyword queries over encrypted data using Boolean and Ranked search approaches. This paper presents all possible leakages that happen in SE and also specifies which privacy preserving approach to be adopted in SE schemes to prevent those leakages to help the practitioners and researchers to design and implement secure searchable encryption systems. It also highlights various application scenarios where SE could be utilized. This paper also explores the research challenges and open problems that need to be focused in future.     

可验证的多用户云加密关键字搜索方案

针对云环境下多用户访问和大数据量存储的特点,提出了一种云环境下加密关键字搜索方案。与已有的大多数方案相比,该方案使用签名绑定关键字索引和其关联加密文件,实现了查询结果完备性和完整性的验证,使用重加密技术实现了多用户隐查询,并动态更新用户查询权限。此外,该方案在查询过程中使用哈希查询优化索引结构,实现了对云数据的快速访问。安全性分析表明,该方案是安全的;性能分析及仿真实验结果表明该方案和已有的一些算法相比有了较大的性能提升。     

不确定性区域上的多维关键词搜索

随着在线地图应用的普及,基于地图的空间对象检索成为一个重要的工具而被广泛使用,技术也比较成熟。人们在地图上经常进行确定性目标点查询,例如用户提交关键词“咖啡店”,地图应用会在地图上标记所有的咖啡店,用户还可以通过进一步操作获取咖啡店的详细信息。但实际生活中存在另一种需求,例如用户想找到一个区域,在这个区域内要有“咖啡店”、“学校”和“旅店”这三类对象,称这样的查询为不确定性区域检索查询。目前对地图应用的研究无法解决不确定性区域检索的问题。而利用矩形剪枝和top-k推荐能够通过用户提交的关键字,给用户返回若干候选区域。     

支持语义扩展的动态多关键词密文排序检索

针对云存储环境下已有的动态多关键词密文排序检索方案不支持关键词语义扩展、不具备前向安全和后向安全的问题，提出一种支持语义检索且具备前向安全和后向安全的动态多关键词密文排序检索方案。该方案通过构建语义关系图实现查询关键词的语义扩展；使用树索引结构实现数据的检索和动态更新；利用向量空间模型实现多关键词排序搜索；基于安全K近邻算法对维度扩展后的索引和查询向量进行加密。安全性分析表明，该方案在已知密文模型下是安全的且具有动态更新时的前向安全和后向安全。效率分析及仿真实验结果表明，该方案在服务器检索效率方面优于目前同类型具有相同安全性或相同功能的方案。     

基于Simhash的安全密文排序检索方案

针对密文检索中存在的计算量大、检索效率不高的问题，提出一种基于Simhash的安全密文排序检索方案。该方案基于Simhash的降维思想构建安全多关键词密文排序检索索引（SMRI），将文档处理成指纹和向量，利用分段指纹和加密向量构建B+树，并采用"过滤-精化"策略进行检索和排序，首先通过分段指纹的匹配进行快速检索，得到候选结果集；然后通过计算候选结果集与查询陷门的汉明距离和向量内积进行排序，带密钥的Simhash算法和安全k近邻（SkNN）算法保证了检索过程的安全性。实验结果表明，与基于向量空间模型（VSM）的方案相比，基于SMRI的排序检索方案计算量小，能节约时间和空间成本，检索效率高，适用于海量加密数据的快速安全检索。