共查询到20条相似文献,搜索用时 31 毫秒
1.
Attribute-based encryption with keyword search (ABKS) enables data owners to grant their search capabilities to other users by enforcing an access control policy over the outsourced encrypted data. However, existing ABKS schemes cannot guarantee the privacy of the access structures, which may contain some sensitive private information. Furthermore, resulting from the exposure of the access structures, ABKS schemes are susceptible to an off-line keyword guessing attack if the keyword space has a polynomial size. To solve these problems, we propose a novel primitive named hidden policy ciphertext-policy attribute-based encryption with keyword search (HP-CPABKS). With our primitive, the data user is unable to search on encrypted data and learn any information about the access structure if his/her attribute credentials cannot satisfy the access control policy specified by the data owner. We present a rigorous selective security analysis of the proposed HP-CPABKS scheme, which simultaneously keeps the indistinguishability of the keywords and the access structures. Finally, the performance evaluation verifies that our proposed scheme is efficient and practical. 相似文献
2.
Attribute-based encryption with keyword search (ABKS) achieves both fine-grained access control and keyword search. However, in the previous ABKS schemes, the search algorithm requires that each keyword to be identical between the target keyword set and the ciphertext keyword set, otherwise the algorithm does not output any search result, which is not conducive to use. Moreover, the previous ABKS schemes are vulnerable to what we call a peer-decryption attack, that is, the ciphertext may be eavesdropped and decrypted by an adversary who has sufficient authorities but no information about the ciphertext keywords.In this paper, we provide a new system in fog computing, the ciphertext-policy attribute-based encryption with dynamic keyword search (ABDKS). In ABDKS, the search algorithm requires only one keyword to be identical between the two keyword sets and outputs the corresponding correlation which reflects the number of the same keywords in those two sets. In addition, our ABDKS is resistant to peer-decryption attack, since the decryption requires not only sufficient authority but also at least one keyword of the ciphertext. Beyond that, the ABDKS shifts most computational overheads from resource constrained users to fog nodes. The security analysis shows that the ABDKS can resist Chosen-PlaintextAttack (CPA) and Chosen-Keyword Attack (CKA). 相似文献
3.
可搜索属性基加密能够让属性满足访问控制策略(或用来加密关键词的属性满足用户私钥指定的访问控制策略)的用户搜索加密文件。但是,现有的方案不能抵抗关键词猜测攻击。外部攻击者可以生成若干关键词密文上传到云服务器,侦测云服务器将这些密文返回给哪些用户,进而获取这些用户的搜索信息。因此,提出一种可以抵抗关键词猜测攻击的可搜索属性基加密方案。基于DBDH困难问题,该方案在选择安全模型中被证明是选择明文攻击安全的。 相似文献
4.
Searchable encryption (SE) is a promising technique which enables cloud users to conduct search over encrypted cloud data in a privacy-preserving way, especially for the electronic health record (EHR) system that contains plenty of medical history, diagnosis, radiology images, etc. In this paper, we focus on a more practical scenario, also named as the shared multi-owner settings, where each e-health record is co-owned by a fixed number of parties. Although the existing SE schemes under the unshared multi-owner settings can be adapted to this shared scenario, these schemes have to build multiple indexes, which definitely incur higher computational overhead. To save bandwidth and computing resources in cloud servers and guarantee the correctness of search results, we present a secure cryptographic primitive, namely verifiable conjunctive keyword search over mobile e-health cloud scheme, in the shared multi-owner settings by utilizing multisignatures technique. Formal security analysis proves that our scheme is secure against the keyword guessing attacks in standard model. Empirical study using a real-world dataset justifies that our scheme is efficient and feasible in practical applications. 相似文献
5.
Cloud storage over the internet gives opportunities for easy data sharing. To preserve the privacy of sharing data, the outsourced data is usually encrypted. The searchable encryption technique provides a solution to find the target data in the encrypted form. And the public-key encryption with keyword search is regarded as a major approach for the searchable encryption technique. However, there are still several privacy leakage challenges for the further adoption of these major schemes. One is how to resist the keyword guessing attack which still leaks data user’s keywords privacy. Another is how to construct the access control policy to prevent illegal access of outsourced data sharing since illegal access always leak the privacy of user’s attribute. In our paper, we firstly try to design a novel secure keyword index to resist the keyword guessing attack from access pattern and search pattern. Second, we propose an attribute-based encryption scheme which supports an enhanced fine-grained access control search. This allows the authenticated users to access different data although their searching request contains the same queried keywords, and meanwhile unauthenticated users cannot get any attribute privacy information. Third, we give security proofs to show that the construction of keyword index is against keyword guessing attack from the access pattern and search pattern, and our scheme is proved to be IND-CPA secure (the indistinguishability under chosen plaintext attack) under the standard model. Finally, theoretical analyses and a series of experiments are conducted to demonstrate the efficiency of our scheme.
相似文献6.
云存储技术发展非常迅速,用户能高效地共享数据、便捷地处理数据,但是不能保证不会外泄用户的敏感信息。带关键字搜索的公钥加密(PEKS)方案能在不解密的情况下对关键字进行搜索,但PEKS存在管理证书的问题。它的变体,即基于身份的可搜索加密方案(IBEKS)能简化公钥基础设施中证书的管理,然而,大多数的方案都不能抵抗内部敌手的关键字猜测攻击。因此提出一个安全的指定发送者的基于身份的可搜索加密,能同时满足陷门不可区分性和密文不可区分性。与已有方案相比,该方案的存储和计算的代价较低,保证了使用性和效率。 相似文献
7.
带关键字搜索的公钥加密(PEKS)是一种有用的加密原语,它允许用户将在加密数据上搜索的功能委托给不可信的第三方服务器,而不影响原始数据的安全性和隐私性。但是,由于缺乏对于数据的加密以及解密能力,PEKS方案不能单独进行使用,必须与标准的公钥加密方案(PKE)相结合。因此,Baek等人在2006年引入了一种新的加密原语,称为结合PKE和PEKS的加密方案(PKE+PEKS),它同时提供了PKE和PEKS的功能。目前,已有文献提出了几种PKE+PEKS方案。然而,他们都没有考虑关键字猜测攻击的问题。本文提出一个新的高效且能够抵抗关键字猜测攻击的PKE+PEKS方案,与已有方案相比,该方案在性能上有很大的提升,并且在生成关键字和数据密文时,不需要使用双线性对,极大地降低了计算和存储成本。安全性分析表明,本文中所提出的方案能够满足密文隐私安全性、陷门不可区分性和抗关键字猜测攻击的安全性。效率分析表明,本分提出的方案更加高效。 相似文献
8.
随着云计算的发展,以密文检索为核心技术的安全搜索问题日益成为国内外研究的热点.为了提高密文检索方案的安全性,提出了基于倒排索引的可验证混淆关键字密文检索方案.首先,在构建陷门时插入混淆关键字抵抗恶意云服务器的关键字攻击,同时引入数据缓存区,利用Pailliar加密技术对包含混淆关键字搜索结果进行盲计算,过滤掉包含目标关键字以外的密文数据,减少通信开销;其次,利用双线性映射生成标签验证搜索结果,并对方案在正确性、安全性和可靠性这3个方面进行了验证.在真实数据集上进行反复实验,理论分析和实验结果表明,该方案在保证检索效率的同时,比现有的密文检索方案有效地提高了密文检索的安全性. 相似文献
9.
Public Key Encryption with Keyword Search (PEKS) makes it possible for a cloud server (CS) to match a trapdoor and a ciphertext. However, with the upgrowth of quantum techniques, most of the existing PEKS schemes will be broken by quantum computers in the coming future. Moreover, they are also under the threat of potential key exposure. Lattice-based forward secure PEKS scheme (FS-PEKS) overcomes the two problems above by combining the techniques of forward security and lattice-based cryptography. However, FS-PEKS schemes work in public key infrastructure (PKI), which will incur complicated certificate management procedures. In this work, to overcome the key management issue but still guarantee security even when attackers corrupt the keys, we extend the FS-PEKS scheme into the identity-based framework and present a forward secure identity-based encryption with keyword search (FS-IBEKS) scheme from lattice. The proposed scheme is secured under the selective identity against chosen plaintext attack (IND-sID-CPA) in the random oracle model. To further improve the security, we present another FS-IBEKS scheme into the standard model and give concrete security proof under the adaptive identity against chosen plaintext attack (IND-ID-CPA). The comprehensive performance evaluation demonstrates that our FS-IBEKS schemes are feasible for cloud computing. 相似文献
10.
11.
Data sharing and searching are important functionalities in cloud storage. In this paper, we show how to securely and flexibly search and share cloud data among a group of users without a group manager. We formalize a novel cryptosystem: secure channel free searchable encryption in a peer-to-peer group, which features with the secure cloud data sharing and searching for group members in an identity-based setting. Our scheme allows group members to join or leave the group dynamically. We present two schemes: basic scheme and enhanced scheme. We formally prove that our basic scheme achieves consistency and indistinguishability against the chosen keyword and ciphertext attack and the outsider’s keyword guessing attack, respectively. An enhanced scheme is also proposed to achieve forward secrecy, which allows to revoke user search right over the former shared data. 相似文献
12.
为保证云端敏感数据安全性的同时提高数据共享效率,提出了一种安全、灵活、高效的基于属性的关键词搜索加密方案。方案中设计了一种需要数据拥有者私钥参与的索引生成机制抵抗关键词猜测攻击,基于线性秘密共享访问结构描述用户的搜索权限,支持一对多应用场景,借鉴连接子集关键词搜索技术和在线/离线思想提高搜索的灵活性和效率。理论分析与实验评估结果表明,该方案具有较高的效率。 相似文献
13.
可搜索加密技术在不解密的情况下搜索加密数据.针对现有的可搜索加密技术没有考虑数据用户细粒度搜索权限的问题,以及现有的可搜索加密方案中因云存储的集中化对数据安全和隐私保护带来的问题,提出了区块链上基于云辅助的属性基可搜索加密方案.该方案利用可搜索加密技术实现加密数据在区块链上的安全搜索,利用基于属性的加密技术实现数据的细... 相似文献
14.
针对现有可搜索加密方案中密文检索效率低、搜索结果不精确以及不支持数据使用者身份验证等问题,在无证书密码体制下,提出一种指定使用者且多服务器多关键字的可搜索加密方案。使用多服务器和多关键字技术在降低服务器负荷的同时提高用户检索密文的速度,使搜索结果更加精确。在搜索验证阶段,搜索服务器验证数据使用者的身份,若身份合法则存储服务器根据关键字向数据使用者返回相应密文。性能分析结果表明,在随机预言机模型下该方案可以抵抗内外关键字猜测攻击,且能够在降低计算开销的同时提高搜索效率,在安全性和效率方面均具备一定优势。 相似文献
15.
16.
针对云计算环境下已有的密文检索方案不支持检索关键词语义扩展、精确度不够、检索结果不支持排序的问题,提出一种支持检索关键词语义扩展的可排序密文检索方案。首先,使用词频逆文档频率(TF-IDF)方法计算文档中关键词与文档之间的相关度评分,并对文档不同域中的关键词设置不同的位置权重,使用域加权评分方法计算位置权重评分,将相关度评分与位置权重评分的乘积设置为关键词在文档索引向量上相应位置的取值;其次,根据WordNet语义网对授权用户输入的检索关键词进行语义扩展,得到语义扩展检索关键词集合,使用编辑距离公式计算语义扩展检索关键词集合中关键词之间的相似度,并将相似度值设置为检索关键词在文档检索向量上相应位置的取值;最后,加密产生安全索引和文档检索陷门,在向量空间模型(VSM)下进行内积运算,以内积运算的结果为密文检索文档的排序依据。理论分析和实验仿真表明,所提方案在已知密文模型和已知背景知识模型下是安全的,且具备对检索结果的排序能力;与多关键字密文检索结果排序(MRSE)方案相比,所提方案支持关键词语义扩展,查询准确率比MRSE方案更加准确可靠,而检索时间则与MRSE方案相差不大。 相似文献
17.
越来越多的企业和个人用户将大量的数据存储在云服务器。为了保障数据隐私,重要数据以密文形式存储在云端,但却给数据检索操作带来严峻挑战。传统的基于明文的检索方案不再适用,已有的基于密文的检索方案存在不支持模糊检索或多关键词检索、效率较低、空间开销较大、不支持检索结果排序等问题。因此,研究安全高效的密文检索方法具有重要意义。提出了一种新的云环境中密文数据的模糊多关键词检索方案,该方案能够从云服务器上检索出包含有指定多个关键词的密文,支持模糊关键词检索,并且不会向云服务器和其他攻击者泄露与数据和检索相关的任何明文信息;使用计数型布隆过滤器和MinHash算法构建索引向量和查询向量,使得索引构建和查询过程更加高效,且排序结果更加准确。安全性分析和性能评估表明该方案具有高安全性、可靠性、检索效率和准确率。 相似文献
18.
针对属性基密文搜索方案多数只支持单调访问结构,且对搜索结果缺乏有效检验等问题,提出支持非单调访问结构且搜索可验证的密文关键字搜索属性加密方案。首先,由属性值构造多项式,根据多项式整除性质实现密文细粒度搜索的权限设置;然后,在确保不泄露隐私信息的前提下,由云服务器完成密文搜索和外包解密;最后,借助所提承诺方案实现对搜索结果的正确性检验。所提方案支持非单调访问结构且具备密文细粒度搜索、数据共享、外包解密和搜索可验证等多项功能。在随机预言机模型中,基于扩展多指数序列判定Diffie-Hellman (aMSE-DDH)假设,可证明该方案在选择密文攻击和选择关键字攻击情况下均具有选择性的不可区分安全性。实验结果表明,所提方案的终端解密时间与属性个数无关,仅需约12.9 ms。 相似文献
19.
基于属性的加密机制能够实现细粒度的访问控制,支持多用户数据共享。针对大部分基于属性的可搜索加密方案存在效率低下、密钥易泄露以及仅支持单关键词搜索的问题,提出了一个支持连接关键词搜索的属性加密方案。该方案采用线性秘密共享矩阵实现访问控制,将秘密共享和恢复操作在一个与参与方属性关联的矩阵中进行,通过矩阵运算减少了计算量。在陷门生成阶段,避免直接将用户密钥提交给云服务器,保证了用户密钥的安全性。基于多项式方程实现了连接关键词搜索,缩小了搜索范围,提升了用户的搜索体验,严格的安全性分析证明方案能够达到抵抗关键字攻击安全。 相似文献
20.
Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester
The first searchable public key encryption scheme with designated testers (dPEKS) known to be secure against keyword guessing attacks was due to Rhee et al. [H.S. Rhee, W. Susilo, and H.J. Kim, Secure searchable public key encryption scheme against keyword guessing attacks, IEICE Electron. Express 6(5) (2009), pp. 237–243]. Recently, some dPEKS schemes, including the Rhee et al. scheme, were found to be vulnerable to keyword guessing attacks by a malicious server. However, the Rhee et al. dPEKS scheme and its improved variants are still known to be secure against keyword guessing attack by the outsider attacker to date. In this paper, we present a keyword guessing attack by the outsider attacker on the existing dPEKS schemes. We first describe the attack scenario which is possible in the current nature of the Internet and public key encryption with keyword search applications, e.g. email routing. We then demonstrate the detailed attack steps on the Rhee et al. scheme as an attack instance. We emphasize that our attack is generic and it equally applies to all existing dPEKS schemes that claim to be secure against keyword guessing attacks by the outsider attacker. 相似文献