支持灵活访问控制的多关键字搜索加密方案

doi:10.19665/j.issn1001-2400.2022.01.006

西安电子科技大学学报 ›› 2022, Vol. 49 ›› Issue (1): 55-66.doi: 10.19665/j.issn1001-2400.2022.01.006

• 隐私计算与数据安全专题 • 上一篇下一篇

支持灵活访问控制的多关键字搜索加密方案

闫玺玺(),赵强(),汤永利(),李莹莹(),李静然()

河南理工大学计算机科学与技术学院,河南焦作 454003

收稿日期:2021-03-26 出版日期:2022-02-20 发布日期:2022-04-27
通讯作者: 李莹莹
作者简介:闫玺玺(1985—),女,副教授,博士,E-mail: yanxx@hpu.edu.cn;|赵强(1996—),男,河南理工大学硕士研究生,E-mail: zhaoqiang_1213@163.com;|汤永利(1972—),男,教授,博士,E-mail: yltang@hpu.edu.cn;|李静然(1995—),女,河南理工大学硕士研究生,E-mail: JRan_7@163.com
基金资助:
国家自然科学基金(61802117);河南省高校科技创新团队项目(20IRTSTHN013);河南省青年人才托举工程项目(2021HYTP008);河南省高校基本科研业务费专项资金(NSFRF210312)

Multi-keyword search encryption scheme supporting flexible access control

YAN Xixi(),ZHAO Qiang(),TANG Yongli(),LI Yingying(),LI Jingran()

School of Computer Science and Technology,Henan Polytechnic University,Jiaozuo 454003,China

Received:2021-03-26 Online:2022-02-20 Published:2022-04-27
Contact: Yingying LI

摘要/Abstract

摘要：

大多数的可搜索加密方案中,云服务器在执行搜索操作时将陷门与数据库中所有的索引进行对比,造成开销过大的问题。针对此问题,提出一种具有访问控制功能的高效可搜索加密方案。在敏感数据加密上传至云服务器之前,使用k均值聚类算法对数据进行聚类,将数据分配到各个簇中,并通过潜在狄雷克利分布为每个簇生成相应的索引。云服务器在搜索阶段,首先根据陷门中的关键字集合与每个簇索引的杰卡德距离,寻找关联度最高的簇,并在相匹配的簇中进行检索,减少陷门与索引的对比次数;其次使用基于B +树的数据结构来获取文件列表,大大地提高了搜索效率。此外,该方案结合广播加密机制实现加密文件共享,允许用户在被授权访问的文件子集内搜索关键字,通过聚类将数据分为若干个簇,将每个簇的关键字集合作为用户访问权限。经过性能对比和实验分析表明,该方案提供了恒定大小的用户私钥,通信代价和存储代价与被授权访问文件的用户数量无关,性能得到优化,且搜索精确率达到90%左右。

关键词: 可搜索加密, k均值聚类算法, 广播加密, 访问权限

Abstract:

In most searchable encryption schemes,the cloud server would compare the trapdoor with all secure indexes in the database during the search operation,which will cause excessive overhead.To address this problem,an efficient multi-keyword search encryption scheme supporting flexible access control is proposed.Before the sensitive data is encrypted and uploaded to the cloud server,it is clustered using the k-means to get several segmentation clusters,each of which would be given a different index through the Latent Dirichlet Allocation.In the search phase,the cloud server finds the cluster with the highest correlation through the Jaccard distance between the key set in the trapdoor and each cluster index,and searches the matched clusters in order to reduce the comparisons between the trapdoor and the index.And then the cloud server obtains the file list using the B+ tree-based data structure to improve the search efficiency.In addition,the scheme achieves encrypted file sharing by combining the broadcast encryption mechanism,which allows users to search for keywords in the authorized file subset,and takes the keyword set of each cluster as the user access rights.The performance comparison and experimental analysis show that a constant size of the user private key would be provided,and the communication cost and storage cost are independent of the number of authorized users,with the precision of search reaching about 90%.

Key words: searchable encryption, k-means clustering algorithm, broadcast encryption, access control

中图分类号:

TP309.7

闫玺玺,赵强,汤永利,李莹莹,李静然. 支持灵活访问控制的多关键字搜索加密方案[J]. 西安电子科技大学学报, 2022, 49(1): 55-66.

YAN Xixi,ZHAO Qiang,TANG Yongli,LI Yingying,LI Jingran. Multi-keyword search encryption scheme supporting flexible access control[J]. Journal of Xidian University, 2022, 49(1): 55-66.

图/表 7

表1

表2

表3

图1

图2

图3

图4

参考文献 16

[1]	SONG D X, WAGNER D, PERRIG A. Practical Techniques for Searches on Encrypted Data[C]// 2000 IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2000:44-55.
[2]	GOH E J. Secure Indexes[EB/OL]. [2021-02-20]. https://www.researchgate.net/publication/2889193_Secure_Indexes.
[3]	LIU X, YANG G, MU Y, et al. Multi-User Verifiable Searchable Symmetric Encryption for Cloud Storage[J]. IEEE Transactions on Dependable and Secure Computing, 2018(99):1.
[4]	DAI H, DAI X, YI X, et al. Semantic-Aware Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data[J]. Journal of Network and Computer Applications, 2019, 147:102442. doi: 10.1016/j.jnca.2019.102442
[5]	FU S, ZHANG Q, JIA N, et al. A Privacy-Preserving Fuzzy Search Scheme Supporting Logic Query over Encrypted Cloud Data[J/OL]. [2021-03-01].DOI: 10.1007/s11036-019-01493-3. doi: 10.1007/s11036-019-01493-3
[6]	GAGAN, KRISHNAC R,HANDA R. Dynamic Cluster based Privacy-Preserving Multi-Keyword Search over Encrypted Cloud Data[C/OL]. [2021-03-05].DOI: 10.1109/CONFLUENCE.2016.7508104. doi: 10.1109/CONFLUENCE.2016.7508104
[7]	ZHU X, CHEN C, TIAN X, et al. HCSF:A Hierarchical Clustering Algorithm based on Swarm Intelligence and Fuzzy Logic for Ciphertext Search[C/OL]. [2021-03-06]. DOI: 10.1109/ICIEA.2015.7334127. doi: 10.1109/ICIEA.2015.7334127
[8]	MANASRAH A M, NASIR M A, SALEM M. A Privacy-Preserving Multi-Keyword Search Approach in Cloud Computing[J]. Soft Computing, 2020, 24(8):5609-5631. doi: 10.1007/s00500-019-04033-z
[9]	闫玺玺, 刘媛, 李子臣, 等. 策略半隐藏且支持更新的多机构属性加密方案[J]. 西安电子科技大学学报, 2018, 45(2):122-128.
	YAN Xixi, LIU Yuan, LI Zichen, et al. Multi-Authority Attribute-Based Encryption Scheme with Policy Semi-Hidden and Dynamic Updating[J]. Journal of Xidian University, 2018, 45(2):122-128.
[10]	于金霞, 何旭, 闫玺玺. 机构可验证的密文策略属性基加密方案[J]. 西安电子科技大学学报, 2019, 46(4):49-57.
	YU Jinxia, HE Xu, YAN Xixi. Ciphertext-Policy Attribute-Based Encryption Scheme with Verifiability on Authority[J]. Journal of Xidian University, 2019, 46(4):49-57.
[11]	王荣荣. 基于属性的可搜索加密方案研究与实现[D]. 西安: 西安电子科技大学, 2018.
[12]	DU L, LI K, LIU Q, et al. Dynamic Multi-Client Searchable Symmetric Encryption with Support for Boolean Queries[J]. Information Sciences, 2020, 506:234-257. doi: 10.1016/j.ins.2019.08.014
[13]	KIAYIAS A, OKSUZ O, RUSSELL A, et al. Efficient Encrypted Keyword Search for Multi-User Data Sharing[C]// European Symposium on Research in Computer Security.Heidelberg:Springer, 2016:173-195
[14]	PASUPULETI S K, RAMALINGAM S, BUYYA R. An Efficient and Secure Privacy-Preserving Approach for Outsourced Data of Resource Constrained Mobile Devices in Cloud Computing[J/OL]. [2021-03-10].DOI: 10.1016/j.jnca.2015.11.023. doi: 10.1016/j.jnca.2015.11.023
[15]	崔海涛, 李玲娟. 基于Jaccard和LPA的社团划分算法[J]. 南京邮电大学学报:自然科学版, 2019, 39(6):79-85.
	CUI Haitao, LI Lingjuan. Community Division Algorithm Based on Jaccard Similarity Algorithm and LPA[J]. Journal of Nanjing University of Posts and Telecommunication:Natural Sicence Edition, 2019, 39(6):79-85.
[16]	ZHU X, DAI H, YI X, et al. MUSE:An Efficient and Accurate Verifiable Privacy-Preserving Multikeyword Text Search over Encrypted Cloud Data[J]. Security & Communication Networks, 2017, 2017:1-17.

方案	关键词类型	查询类型	访问控制	多客户端	陷门与索引对比方式
文献[8]	多关键词	排名关键字搜索	×	×	部分对比
文献[13]	单关键词		√	√	全部对比
文中的方案	多关键词	排名关键字搜索	√	√	部分对比

方案	加密	解密	陷门	验证
文献[8]	3M+2X	(2n+5)M+2E+X	t(H+E)
文献[13]	2P+11E+(j+4)M	2P+jM	8M+13E	6P+jM
文中的方案	2P+11E+(j+4)M	2P+jM	t(H+E)	6P+jM

支持灵活访问控制的多关键字搜索加密方案

Multi-keyword search encryption scheme supporting flexible access control

RichHTML

PDF (PC)

赞

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 16

相关文章 12

Metrics

本文评价

推荐阅读 10

[1]	王凯文,王树兰,王海燕,丁勇. 一种支持属性撤销的top-k多关键词密文检索方案[J]. 西安电子科技大学学报, 2022, 49(1): 26-34.
[2]	李涵,张晨,黄荷姣,郭宇. 一种支持前向安全更新和验证的加密搜索算法[J]. 西安电子科技大学学报, 2020, 47(5): 48-56.
[3]	苗银宾;马建峰;张俊伟;刘志全. 高效的可验证多关键字密文检索[J]. 西安电子科技大学学报, 2017, 44(4): 18-23+68.
[4]	伍祈应;马建峰;李辉;苗银宾. 无证书连接关键字密文检索[J]. 西安电子科技大学学报, 2017, 44(3): 55-60.
[5]	苗银宾;马建峰;刘志全;魏福山;王绪安. 关键字域可变的可验证密文检索[J]. 西安电子科技大学学报, 2017, 44(1): 52-58.
[6]	李昊星;李凤华;宋承根;苏铓;刘歆. 支持多关键字的可搜索公钥加密方案[J]. J4, 2015, 42(5): 20-25.
[7]	朱旭东;李晖;郭祯. 云计算环境下加密图像检索[J]. J4, 2014, 41(2): 151-158.
[8]	孙瑾;胡予濮. 完全安全的基于属性的广播加密方案[J]. J4, 2012, 39(4): 23-28+154.
[9]	杨晨;马文平;王新梅. 可动态加入的基于身份的群密钥分发方案 [J]. J4, 2007, 34(7): 14-17.
[10]	吕锡香(1);杨波(2);裴昌幸(1). 基于双线性映射的公钥叛逆者追踪 [J]. J4, 2006, 33(6): 935-938.
[11]	马华(1);杨波(2). 改进的基于修改RSA的叛逆者追踪方案[J]. J4, 2006, 33(3): 422-424.
[12]	马华1;曹正文2. 基于RSA加密算法的叛逆者追踪方案[J]. J4, 2004, 31(4): 611-613.