数值型云外包数据范围查询隐私保护方法

随着云计算的发展,在数据即服务的模式下,数据托管业务越来越普遍。将数据保存在半可信任的云服务器上存在隐私泄露的可能性,所以需要在存储前加密被托管的数据。然而大量加密的数据需要在服务器返回后再解密,无疑占用大量带宽和计算开销,因此,可搜索加密技术的应用价值日益凸显。综合考虑目前可搜索加密对范围查询的支持情况以及安全和效率,提出一个带关键字的面向数值型数据的加密和查询的方案。该方案基于对称加密设计和实现,相比公钥加密效率更高。云服务器可在加密数据上进行任意范围的检索并返回符合查询方案的结果,降低带宽且提高查询效率。另外,该方案有效对抗频率、顺序等多种攻击,解决云存储环境下的多种安全隐患问题。     

支持策略隐藏且密文长度恒定的可搜索加密方案

属性加密体制是实现云存储中数据灵活访问控制的关键技术之一,但已有的属性加密方案存在密文存储开销过大和用户隐私泄露等问题,并且不能同时支持云端数据的公开审计.为了解决这些问题,该文提出一个新的可搜索属性加密方案,其安全性可归约到q-BDHE问题和CDH问题的困难性.该方案在支持关键词搜索的基础上,实现了密文长度恒定;引入策略隐藏思想,防止攻击者获取敏感信息,确保了用户的隐私性;通过数据公开审计机制,实现了云存储中数据的完整性验证.与已有的同类方案相比较,该方案有效地降低了数据的加密开销、关键词的搜索开销、密文的存储成本与解密开销,在云存储环境中具有较好的应用前景.     

云存储环境下多服务器的密钥聚合可搜索加密方案

密钥聚合可搜索加密不仅可以通过关键字检索密文,还可以减少用户密钥管理的代价和安全风险。该文分析了一个可验证的密钥聚合可搜索加密方案,指出该方案不满足关键字猜测攻击,未经授权的内部用户可以猜测其他用户的私钥。为了提高原方案的安全性,提出了云存储环境下多服务器的密钥聚合可搜索加密方案。所提方案不仅改进了原方案的安全性问题,还增加了多服务的特性,提高了上传和存储的效率,更适合一对多的用户环境。     

云存储应用中的加密存储及其检索技术

云计算自身的数据安全问题阻碍其推广应用。通过对数据进行加密可以保护企业及个人用户的数据隐私。对加密数据有效检索难以通过传统信息检索方式实现。文章在分析云存储应用中的存储安全技术基础上,针对加密存储的需求,基于常见的加密检索方法和相关技术,结合自己的研究成果,提出了一种基于全同态加密的检索方法,该方法能在一种程度上提高检索效率。     

基于f-mOPE的数据库密文检索方案

在云数据库环境下,为保证云存储数据的安全性,通常将数据加密存储。针对加密存储数据查询开销大,不支持密文排序,查询等缺点,该文提出一种 f-mOPE数据库密文检索方案。该方案基于可变保序编码(mOPE),采用二叉排序树数据结构思想,生成明文一一对应的保序编码;基于AES加密方案将数据明文转化为密文存储;采用改进的部分同态加密算法提升保序加密方案的安全性。通过安全性分析及实验结果表明,该方案在保证数据隐私的基础上,不但能抵御统计型攻击,而且能够有效地降低服务器计算开销,提高数据库处理效率。     

智慧医疗中基于属性加密的云存储数据共享

在电子病历系统中,为了实现多用户环境下的数据搜索,该文提出一种属性基可搜索加密方案。该文将密文和安全索引存储在医疗云,当用户请求医疗数据时,利用属性基可搜索加密算法进行数据搜索,实现了细粒度访问控制。同时方案引入了密文验证算法,解决了半诚实且好奇的云服务器模型下搜索结果不正确的问题。利用数据去重技术实现了重复数据的消除,减少占用医疗云的存储空间。方案同时实现了访问策略的隐藏,保证了数据用户的隐私安全。安全性分析表明,所提方案能很好地保护用户的隐私以及数据的安全。性能分析表明,该方案具有较好的性能,更加适用于智慧医疗等多对多应用场景,有效实现了医生和第三方数据用户在不侵犯患者隐私的前提下共享患者电子病历。     

支持策略隐藏且密文长度恒定的可搜索加密方案

属性加密体制是实现云存储中数据灵活访问控制的关键技术之一,但已有的属性加密方案存在密文存储开销过大和用户隐私泄露等问题,并且不能同时支持云端数据的公开审计.为了解决这些问题,该文提出一个新的可搜索属性加密方案,其安全性可归约到q-BDHE问题和CDH问题的困难性.该方案在支持关键词搜索的基础上,实现了密文长度恒定;引入...     

具有关键字搜索功能的外包属性基加密方案

随着云计算的发展,云计算模式变得越来越受到推崇:数据拥有者外包他们的数据给公共云服务提供者并使得特定用户能够恢复出存储在云端的这些数据。然后,这种计算模式也给云端数据的安全和隐私带来了挑战。基于属性的加密(ABE)技术能够被用来设计细粒度的访问控制系统,它提供了解决云端数据安全和隐私的方法。具有细粒度访问控制系统的外包属性基加密方案(OABE)能够通过外包繁重的计算给云服务提供者(CSP),极大地减少访问云端加密数据的用户的计算代价。然而,随着存储在云端的数据量变得越来越大,高效地查询过程遇到了阻碍。提出一个新的密码学概念,称之为具有外包密钥生成以及外包解密的能实现关键字搜索功能的属性基加密方案(KSF-OABE)。     

区块链上基于云辅助的密文策略属性基数据共享加密方案

针对云存储的集中化带来的数据安全和隐私保护问题,该文提出一种区块链上基于云辅助的密文策略属性基(CP-ABE)数据共享加密方案。该方案采用基于属性加密技术对加密数据文件的对称密钥进行加密,并上传到云服务器,实现了数据安全以及细粒度访问控制;采用可搜索加密技术对关键字进行加密,并将关键字密文上传到区块链(BC)中,由区块链进行关键字搜索保证了关键字密文的安全,有效地解决现有的云存储共享系统所存在的安全问题。该方案能够满足选择明文攻击下的不可区分性、陷门不可区分性和抗串联性。最后,通过性能评估,验证了该方案的有效性。     

具有隐私保护的云存储访问控制方案

针对传统的访问控制方案无法在云计算环境下保护用户的属性隐私,提出了具有隐私保护的云存储访问控制方案。采用混合加密体制实现了数据的机密性,即利用对称密钥加密明文数据,再利用公钥密码体制对对称密钥进行加密。在新的访问控制方案中,公钥加密采用了匿名的密文策略下基于属性的加密技术。安全性分析表明,新方案在保护用户属性隐私的同时,达到了选择明文安全性,可抵抗恶意用户及云存储服务器的合谋攻击。     

云计算环境下支持排名的关键词加密检索方法

随着云计算的出现,越来越多的数据开始集中存储到云端,为了保护数据隐私,敏感数据需要在外包到云端之前进行加密,使在加密数据上进行有效检索成为一个挑战性任务。尽管传统的加密检索模型支持在加密数据上进行关键词检索,但是它们没有描述检索结果的相关度,导致返回所有包含关键词的检索结果占用了大量的网络带宽,并且用户从返回的检索结果中再次选择最相关的结果也会产生大量的时间开销,为此,提出了云计算环境下支持排名的关键词加密检索方法。该方法根据相关度返回排序后的检索结果,其中的保序对称加密模型不仅防止了相关度信息的泄漏,而且提供了高效的检索性能。实验表明了该方法的有效性。     

Secure and privacy‐preserving keyword search retrieval over hashed encrypted cloud data

Cloud computing (CC) is the universal area in which the data owners will contract out their pertinent data to the untrusted public cloud that permits the data users to retrieve the data with complete integrity. To give data privacy along with integrity, majority of the research works were concentrated on single data owner for secure searching of encrypted data via the cloud. Also, searchable encryption supports data user to retrieve the particular encrypted document from encrypted cloud data via keyword search (KS). However, these researches are not efficient for keyword search retrieval. To trounce such drawbacks, this paper proposes efficient secure and privacy‐preserving keyword search retrieval (SPKSR) system, in which the user retrieves the hashed encrypted documents over hashed encrypted cloud data. The proposed system includes three entities explicitly, (a) data owner (DO), (b) cloud server (CS), and (c) data users (DU). The owner outsources hashed encrypted documents set, along with generated searchable index tree to the CS. The CS hoards the hashed encrypted document collection and index tree structure. DU performs the “search” over the hashed encrypted data. Experimental results of the proposed system are analyzed and contrasted with the other existent system to show the dominance of the proposed system.     

Dynamic searchable encryption with privacy protection for cloud computing

The dynamic searchable encryption schemes generate search tokens for the encrypted data on a cloud server periodically or on a demand. With such search tokens, a user can query the encrypted data whiles preserving the data's privacy; ie, the cloud server can retrieve the query results to the user but do not know the content of the encrypted data. A framework DSSE with Forward Privacy (dynamic symmetric searchable encryption [DSSE] with forward privacy), which consists of Internet of Things and Cloud storage, with the attributes of the searchable encryption and the privacy preserving are proposed. Compared with the known DSSE schemes, our approach supports the multiusers query. Furthermore, our approach successfully patched most of the security flaws related to the sensitive information's leakage in the DSSE schemes. Both security analysis and simulations show that our approach outperforms other DSSE schemes with respect to both effectiveness and efficiency.     

Chaotic map‐based time‐aware multi‐keyword search scheme with designated server

The cloud storage service has been widely used in daily life because of its convenience. However, the service frequently suffers confidentiality problems. To address this problem, some efforts have been made on keyword search over encrypted data schemes. For instance, the chaotic‐based keyword search scheme over encrypted data has been proposed recently. However, the scheme just only support single‐ keyword search each time, which severely limits its utilization in cloud storage. This article proposes a novel chaotic‐based time‐aware multi‐keyword search scheme with designated server. Inner product similarity is adopted in our scheme to realize multiple keyword search and remove the constraint of single‐keyword search each time. Timed‐release encryption is integrated into the proposed scheme at the same time, which enables the data sender to specify the time when the cloud servers can search the encrypted data. Analysis indicates that our scheme not only can counter off‐line guessing attacks to the ciphertext and trapdoor, but also supports ranked search with a reasonable computational cost. Copyright © 2015 John Wiley & Sons, Ltd.     

Trapdoor Security Lattice-Based Public-Key Searchable Encryption with a Designated Cloud Server

Cloud storage technique has becoming increasingly significant in cloud service platform. Before choosing to outsource sensitive data to the cloud server, most of cloud users need to encrypt the important data ahead of time. Recently, the research on how to efficiently retrieve the encrypted data stored in the cloud server has become a hot research topic. Public-key searchable encryption, as a good candidate method, which enables a cloud server to search on a collection of encrypted data with a trapdoor from a receiver, has attracted more researchers’ attention. In this paper, we propose the frist efficient lattice-based public-key searchable encryption with a designated cloud server, which can resist quantum computers attack. In our scheme, we designate a unique cloud server to test and return the search results, thus can remove the secure channel between the cloud server and the receiver. We have proved that our scheme can achieve ciphertext indistinguishability under the hardness of learning with errors, and can achieve trapdoor security in the random oracle model. Moreover, our scheme is secure against off-line keyword guessing attacks from outside adversary.     

云环境下安全的可验证多关键词搜索加密方案

云计算的高虚拟化与高可扩展性等优势,使个人和企业愿意外包加密数据到云端服务器.然而,加密后的外包数据破坏了数据间的关联性.尽管能够利用可搜索加密(SE)进行加密数据的文件检索,但不可信云服务器可能篡改、删除外包数据或利用已有搜索陷门来获取新插入文件相关信息.此外,现有单关键词搜索由于限制条件较少,导致搜索精度差,造成带...     

Multiuser access control searchable privacy‐preserving scheme in cloud storage

Searchable encryption scheme‐based ciphertext‐policy attribute‐based encryption (CP‐ABE) is a effective scheme for providing multiuser to search over the encrypted data on cloud storage environment. However, most of the existing search schemes lack the privacy protection of the data owner and have higher computation time cost. In this paper, we propose a multiuser access control searchable privacy‐preserving scheme in cloud storage. First, the data owner only encrypts the data file and sets the access control list of multiuser and multiattribute for search data file. And the computing operation, which generates the attribute keys of the users' access control and the keyword index, is given trusted third party to perform for reducing the computation time of the data owner. Second, using CP‐ABE scheme, trusted third party embeds the users' access control attributes into their attribute keys. Only when those embedded attributes satisfy the access control list, the ciphertext can be decrypted accordingly. Finally, when the user searches data file, the keyword trap door is no longer generated by the user, and it is handed to the proxy server to finish. Also, the ciphertext is predecrypted by the proxy sever before the user performs decryption. In this way, the flaw of the client's limited computation resource can be solved. Security analysis results show that this scheme has the data privacy, the privacy of the search process, and the collusion‐resistance attack, and experimental results demonstrate that the proposed scheme can effectively reduce the computation time of the data owner and the users.     

云环境中抵御内部关键字猜测攻击的快速公钥可搜索加密方案

随着云计算的发展,以密文检索为核心的安全和搜索性能问题成为研究的重点。在传统的加密方案中,大多只解决了抵御外部关键字猜测攻击问题,往往忽视了诚实且好奇的云服务器问题。为了提高密文安全性,该文提出快速搜索的抵御内部关键字攻击方案。首先,引入高效的加密倒排索引结构的公钥密文搜索方案,实现关键字的并行搜索任务。其次,在构建密文倒排索引时加入数据拥有者的私钥抵御恶意云服务器的关键字攻击。与传统的公钥可搜索加密相比,该方案在很大程度上增强了搜索系统的安全性和搜索效率。