【摘要】：云計算是信息領域正在發(fā)生的深刻變革,它將大量計算資源、存儲資源和軟件資源鏈接在一起為用戶提供了按需、易擴展的信息服務。云存儲服務作為其中最重要的服務之一,允許企業(yè)和個人將其數(shù)據(jù)外包到云服務器上,并以按使用付費的原則為其管理和維護數(shù)據(jù)。然而,云存儲在提高資源的利用效率和節(jié)約用戶成本的同時,卻給數(shù)據(jù)的保密性和用戶的隱私性帶來了巨大的挑戰(zhàn)。加密技術已經成為云計算中保護敏感數(shù)據(jù)和防止信息泄漏的重要工具,而隨之而來的加密數(shù)據(jù)的搜索與回取卻成了一大難題。因此,如何解決數(shù)據(jù)加密和數(shù)據(jù)搜索之間的沖突已經成為亟需解決的重要問題,這是本文的研究動機。正對上述問題,本文利用關鍵字搜索公鑰加密技術解決云存儲中加密數(shù)據(jù)的搜索問題,研究現(xiàn)有的關鍵字搜索公鑰加密方案的安全性,同時結合密碼學新技術,構造了兩個適用于云存儲環(huán)境的安全高效的實用關鍵字搜索公鑰加密方案。具體工作包括:1.分析了Hu等提出的兩個指定搜索者的關鍵字搜索公鑰加密方案的安全性,發(fā)現(xiàn)其無法抵抗離線關鍵字猜測攻擊,即惡意服務器可以猜測陷門中的關鍵字,從而區(qū)分用戶搜索的關鍵字。同時,我們證明了如果關鍵字集合取自多項式大小的關鍵字字典,那么構造抵抗離線關鍵字猜測攻擊的指定搜索者關鍵字搜索公鑰加密方案是不可能的。2.提出了可撤銷的關鍵字搜索公鑰加密概念,利用系統(tǒng)的時間周期劃分成若干時間片段的方法撤銷服務器的搜索能力;同時,基于Fan等的匿名多接收者基于身份加密,利用Abdalla等的匿名基于身份加密到關鍵字搜索公鑰加密方案的一般性轉化方法,結合拉格朗日差值多項式提出新型高效可撤銷的關鍵字搜索公鑰加密方案的實用構造方法。據(jù)我們所知,我們的方案是第一個可撤銷擁有陷門的服務器的搜索能力的可搜索加密方案。3.基于Zhao等的動態(tài)非對稱群密鑰協(xié)商,Canetti等的代理重加密和Boneh等的關鍵字搜索公鑰加密方案提出了支持動態(tài)群的關鍵字搜索公鑰加密方案。為了減輕用戶的計算負擔,我們利用服務器輔助計算技術將雙線性對運算外包給服務器來進行。新方案實現(xiàn)了群用戶的數(shù)據(jù)共享、用戶加入和撤銷、群用戶的身份隱私、關鍵字搜索以及群外用戶的數(shù)據(jù)源提供功能,此方案適用于云存儲環(huán)境,特別是移動云存儲中。
[Abstract]:Cloud computing is a profound change in the field of information. It links a large number of computing resources, storage resources and software resources together to provide users with on-demand and extensible information services. As one of the most important services, cloud storage services allow enterprises and individuals to outsource their data to cloud servers, and manage and maintain data according to the principle of payment for use. However, cloud storage not only improves the efficiency of resource utilization and saves the cost of users, but also brings great challenges to the confidentiality of data and the privacy of users. Encryption technology has become an important tool to protect sensitive data and prevent information leakage in cloud computing, but the search and retrieval of encrypted data has become a major problem. Therefore, how to solve the conflict between data encryption and data search has become an important problem, which is the motivation of this paper. To solve the above problems, this paper uses keyword search public key encryption technology to solve the search problem of encrypted data in cloud storage, studies the security of the existing key search public key encryption scheme, and combines with the new cryptography technology. Two secure and efficient public key encryption schemes for cloud storage environment are proposed. Specific tasks include: 1. This paper analyzes the security of two key search public key encryption schemes proposed by Hu et al., and finds that they can not resist off-line keyword guessing attacks, that is, malicious servers can guess the keywords in the trap door. This distinguishes the keyword of user search. At the same time, it is proved that if the keyword set is taken from a polynomial size keyword dictionary, it is impossible to construct a public key encryption scheme for designated searchers to resist off-line keyword guessing attacks. In this paper, the concept of revocation keyword search public key encryption is proposed, and the search ability of the server is revoked by dividing the time cycle of the system into several time segments. At the same time, the anonymous multi-receiver based on Fan and so on is based on identity encryption. Using the general transformation method of anonymous identity-based encryption to keyword search public key encryption scheme proposed by Abdalla et al., combined with Lagrange difference polynomial, a practical construction method of a new efficient and revocable keyword search public key encryption scheme is proposed. As far as we know, our scheme is the first searchable encryption scheme. The proxy reencryption scheme based on Zhao et al. And the key search public key encryption scheme based on Boneh et al. A key search public key encryption scheme supporting dynamic group is proposed. In order to reduce the computational burden of users, we outsource bilinear pairings to the server using server aided computing technology. The new scheme realizes the functions of data sharing, user join and revocation, identity privacy, keyword search and data source of out-of-group users. This scheme is suitable for cloud storage environment, especially mobile cloud storage.
【學位授予單位】：電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TN918.4

【共引文獻】

相關期刊論文 前2條

1 李雙;;一種安全的具有匿名性的可搜索加密方案[J];計算機工程與應用;2013年16期

2 王智弘;涂泰源;;Keyword Search Encryption Scheme Resistant Against Keyword-Guessing Attack by the Untrusted Server[J];Journal of Shanghai Jiaotong University(Science);2014年04期

相關博士學位論文 前2條

1 袁科;Timed-Release加密及其應用中的關鍵問題研究[D];南開大學;2014年

2 周旭華;加密搜索和數(shù)據(jù)完整性檢測及其云存儲安全中的應用[D];上海交通大學;2014年

相關碩士學位論文 前2條

1 趙遠杰;云計算中的公鑰可搜索加密方案研究[D];西安電子科技大學;2013年

2 孫婷;基于模糊關鍵字搜索的代理重加密的研究[D];南京航空航天大學;2012年

，

本文編號：2221808