没有合适的资源?快使用搜索试试~ 我知道了~
首页云计算中布尔查询的多客户端搜索加密方案优化
云计算中布尔查询的多客户端搜索加密方案优化
需积分: 8 1 下载量 101 浏览量
更新于2024-08-12
收藏 1.76MB PDF 举报
“布尔查询的多客户端可搜索加密方案的改进” 这篇研究论文主要关注的是在云计算环境中电子健康系统所面临的安全风险,特别是数据隐私保护的问题。可搜索加密(Searchable Encryption, SE)技术被提出作为一种解决方案,它能够在保护数据机密性的同时,使得加密数据仍然可以被有效利用,特别是对于支持布尔查询的场景。 Cash等人在Crypto2013和CCS2013会议上提出的SE方案是目前最实用的支持布尔查询的加密方案。然而,这个方案存在一定的局限性。在他们的原始方案中,数据用户需要通过计数器逐个生成搜索令牌,并反复与服务器交互,直到找到正确的令牌,或者在没有搜索结果时生成大量令牌来证明这一事实。这个过程既耗时又效率低下。 针对这个问题,本文提出了对Cash等人方案的改进。改进的核心在于允许服务器在搜索阶段回传一些信息,帮助用户精确地生成所需的搜索令牌,从而减少了用户与服务器之间的交互次数,提升了搜索效率。这种优化降低了用户的工作负担,提高了系统的整体性能,并且保持了原有的安全性。 此外,文章可能还涉及了如何设计和实现这种改进机制,包括如何确保信息回传的安全性,以及如何在不泄露未加密数据的情况下,使服务器能够协助用户生成有效的搜索令牌。这可能涉及到更复杂的密码学技术,如混淆电路、零知识证明等。 这篇论文为云存储中的安全搜索提供了一个更高效的方法,对于云计算环境下的隐私保护和数据安全具有重要的理论和实践意义。改进后的方案不仅提高了用户体验,也加强了系统的实用性,有助于推动可搜索加密技术在实际应用中的进一步发展。
资源详情
资源推荐
JMedSyst (2016) 40:255 Page 3 of 11 255
Generally, a SSE scheme can be constructed by Fully
Homomorphic Encryption(FHE, first achieved by Gentry
[10] in 2009), Oblivious RAM(ORAM, proposed by Ostro-
vsky [19] in 1990), and Private Information Retrieval(PIR,
proposed by Ostrovsky [7] in 1998). Those methods can
get a high level security in theory, but they are too ineffi-
cient for practice. There are also other ways to build SSE
scheme, for example, the CryptDB [20]. The CryptDB is
proposed by Popa et al. in 2011, which is based on the con-
ception of Order-Preserving symmetric Encryption(OPE,
introduced by Agrawal et al. [1] in 2004), it is practical but
has significant information leakage [18].
There are many works make trade-offs among secu-
rity,functionality and performance, the more details can be
seen in the work of BOSCH et al. [4], which reviews the SE
works before 2014. There are also many works such as [9,
22, 23] after 2014.
The papers mentioned above focused on single-keyword
searches, extending single-keyword SSE to search by con-
junctions of keywords was considered in [2, 5, 11], but all
these schemes has O(|DB|) search complexity.
In 2013, Cash et al. [6] provided a Oblivious Cross-Tags
(OXT) Protocol, and use it to build a SSE schemes for
boolean keyword search, which supports arbitrary boolean
queries on encrypted index, and it is practical for large
databases. But in their scheme, only the data owner can
make a query to cloud server, so it is single writer/single
reader architecture. Based on [6], Jarecki et al. make some
improvements [15], one of them is Multi-Client OXT(MC-
OXT) protocol, which can be used to construct a Multi-
Client SSE(MC-SSE) scheme. Our work is main based
these two works and make some improvement.
Our work
Both [6]and[15] suppose boolean query. In their scheme,
they bind the keyword w and document identifier
ind
together to justify that document ind contains keyword w,
and encrypt pair (w,
ind) by a blind factor. The blind fac-
tor is derivated by a counter c that denote the serial no.
of
ind in the list of documents which contain the keyword
w. In the case of boolean query, for example a conjunctive
w
1
∧ w
2
∧ w
2
,
1
they finds the inds that contains the w
1
,and
for each
ind in inds, verifies if both (w
2
, ind) and (w
3
, ind)
are existed. Then they must eliminate the blind factor. The
data user encrypting the (w, ind) has no ideal of blind fac-
tor c, moreover, the blind factor c
2
for (w
2
, ind) and c
3
for
(w
3
, ind) are often defferent, because the serial no. of ind) in
the list of documents which contain the keyword w is often
diffrent in lists of documents which contain keyword w
3
’s.
So the user has to try c = 1, 2, ··· one by one until he meets
1
handle arbitrary Boolean query expressions is decribed in [6]
the correct one. Those attemptions significantly increase the
computation and communication costs of the scheme. We
improve their scheme by asign a random number as blind
factor for each (w,
ind) pair, and upload those blind factor
to the cloud server. In the search phase in our scheme, we
design two round interaction b etween server and user, which
allow cloud server sends back necessary blinder factors,
then the data user can generate the exactly search tokens.
This will decreate the computation and comunication cost
remarkable.
Preliminaries and notations
Notions of boolean queries
Database
DB(Forward Index) Suppose that the data
owner has d documents. Let
IND ={ind
1
, ind
2
, ··· , ind
d
}
denotes the set of the document identifiers. Each document
ind
i
is comprised of a set of keywords W
ind
i
={w
ind
i
1
, w
ind
i
2
,
···, w
ind
i
|W
ind
i
|
},where|·|denotes the order of the set. We
will take identifiers and keywords as bit strings. Let λ be the
security parameter, then for i = 1, ···, d,
ind
i
∈{0, 1}
λ
and
W
ind
i
⊆{0, 1}
∗
. A database DB = (ind
i
, W
ind
i
)
d
i=1
is a list of
identifier/keyword-set pairs. By this definition, the database
DB is actually a forward index of the documents set. Table 1
shows the structure of
DB.
Inverted index I From the DB, we can figure out the set
of all keywords W =∪
d
i=1
W
ind
i
. Suppose that |W|=m,
then we can write W ={w
1
,w
2
, ··· ,w
m
}. For each w
i
∈
W,letI
w
i
={ind
w
i
1
, ind
w
i
2
, ··· , ind
w
i
|I
w
i
|
} denotes the iden-
tifier set of documents that contain the keyword w
i
.Then
the inverted index of the documents set is a list of keyword/
identifier-set pairs that can be written as
I = (w
i
,I
w
i
)
m
i=1
.
Table 2 shows the structure of the inverted index
I.
Boolean query ψ(
¯
w) Suppose ¯w = ( ¯w
1
, ··· , ¯w
n
) is a
n-tuple of keywords, where ¯w
i
∈ W for i = 1, ··· ,n. ψ is
Tabl e 1 The data structure of Database
DB(Forward Index)
Document identifier List of keywords in the document
ind
1
W
ind
1
={w
ind
1
1
, w
ind
1
2
, ···, w
ind
1
|W
ind
1
|
}
ind
2
W
ind
2
={w
ind
2
1
, w
ind
2
2
, ···, w
ind
2
|W
ind
2
|
}
.
.
.
.
.
.
ind
i
W
ind
i
={w
ind
i
1
, w
ind
i
2
, ···, w
ind
i
|W
ind
i
|
}
.
.
.
.
.
.
ind
d
W
ind
d
={w
ind
d
1
, w
ind
d
2
, ···, w
ind
d
|W
ind
d
|
}
剩余10页未读,继续阅读
weixin_38667408
- 粉丝: 8
- 资源: 896
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 最优条件下三次B样条小波边缘检测算子研究
- 深入解析:wav文件格式结构
- JIRA系统配置指南:代理与SSL设置
- 入门必备:电阻电容识别全解析
- U盘制作启动盘:详细教程解决无光驱装系统难题
- Eclipse快捷键大全:提升开发效率的必备秘籍
- C++ Primer Plus中文版:深入学习C++编程必备
- Eclipse常用快捷键汇总与操作指南
- JavaScript作用域解析与面向对象基础
- 软通动力Java笔试题解析
- 自定义标签配置与使用指南
- Android Intent深度解析:组件通信与广播机制
- 增强MyEclipse代码提示功能设置教程
- x86下VMware环境中Openwrt编译与LuCI集成指南
- S3C2440A嵌入式终端电源管理系统设计探讨
- Intel DTCP-IP技术在数字家庭中的内容保护
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功