本文選題：存儲安全 + 屬性加密��； 參考：《山東大學》2015年博士論文

【摘要】：隨著互聯(lián)網(wǎng)技術(shù)的飛速發(fā)展和用戶數(shù)據(jù)的急速膨脹,用戶慢慢傾向于在線存儲個人數(shù)據(jù)。雖然這一方式帶來了靈活的存儲能力和低廉的存儲開支,但也使得用戶無法像本地存儲一樣對維護自己的數(shù)據(jù),因此喪失了對數(shù)據(jù)的物理保護,用戶的數(shù)據(jù)存在著極大的泄露風險。用戶可以使用加密手段對在線數(shù)據(jù)進行保護,然而這也使用戶喪失了對數(shù)據(jù)進行直接在線操作的能力,如用戶無法對在線數(shù)據(jù)進行直接訪問、搜索和計算等數(shù)據(jù)操作。搜索是用戶訪問互聯(lián)網(wǎng)時最頻繁的操作之一。如何在用戶對數(shù)據(jù)進行檢索時保護用戶和數(shù)據(jù)存儲方的隱私,即檢索密文數(shù)據(jù),成為近幾年安全存儲領(lǐng)域研究的一個熱點,這就是可搜索加密所要解決的問題�？伤阉骷用軈f(xié)議分為公鑰環(huán)境下的可搜索加密協(xié)議(可搜索公鑰加密)和私鑰環(huán)境下的可搜索加密(可搜索私鑰加密)。第一篇可搜索加密協(xié)議是Song等提出的”Practical techniques for searches on encrypted data",屬于可搜索私鑰加密協(xié)議。其采用流密碼(Steam Cipher)的思想,采用偽隨機數(shù)生成器生成隨機密鑰與數(shù)據(jù)文件進行異或生成密文,搜索過程通過異或操作決定是否能夠解密。而后出現(xiàn)的可搜索加密協(xié)議多以生成安全索引的方法來實現(xiàn)搜索。根據(jù)私鑰加密協(xié)議的性質(zhì),可搜索私鑰加密協(xié)議中數(shù)據(jù)文件的索引密文和搜索過程中的待搜索關(guān)鍵詞使用相同的密鑰進行運算。因此可搜索私鑰加密協(xié)議多應(yīng)用于個人的存儲等服務(wù)中,當然如果結(jié)合密鑰分發(fā)等技術(shù)可以適用于多用戶檢索的場景。可搜索公鑰加密協(xié)議最早由Boneh, Crescenzo, Ostr-ovsky和Persiano在歐密會Eurocrypt2004年會上提出,其協(xié)議主要以郵件系統(tǒng)為應(yīng)用場景,允許發(fā)信者使用收信方的公鑰加密郵件和關(guān)鍵詞,收信方使用自身的私鑰生成搜索請求,由郵件服務(wù)器進行計算,將包含某個關(guān)鍵詞的郵件返回給收信方。協(xié)議保證了搜索過程中用戶和存儲服務(wù)器均不泄露自身的隱私信息。根據(jù)公鑰加密系統(tǒng)的性質(zhì),可搜索公鑰加密的安全索引和待搜索關(guān)鍵詞使用不同的密鑰進行加密,因此可以實現(xiàn)用戶加密后提供給第三方或多方實施搜索的能力。這一能力極大的拓展了可搜索加密的適用范圍,可以很好的適應(yīng)數(shù)據(jù)共享場景。在研究可搜索加密之前,我們首先對一個新型的公鑰加密系統(tǒng)-屬性加密進行了研究。屬性加密最早由Sahai和Waters在2005年提出,是一個擴展的基于身份的加密協(xié)議。它將用戶的身份信息拆分成一個屬性集合,從而使每個用戶擁有標明自身身份的屬性集合,這種方式使得身份的定義更加靈活,將存取結(jié)構(gòu)引入了加密協(xié)議中,使得協(xié)議具有彈性的解密能力。屬性加密協(xié)議除了具有基于身份加密的優(yōu)勢外,因其具有獨特的訪問控制結(jié)構(gòu)和屬性集合,使得加密者能夠更靈活的確定解密用戶的身份。屬性加密協(xié)議可以分為密文策略的屬性加密協(xié)議(CP-ABE)和密鑰策略的屬性加密協(xié)議(KP-ABE),在KP-ABE協(xié)議中,訪問控制策略存在于密鑰中,而屬性集合包含在密文中。在CP-ABE中卻恰恰相反,密鑰中包含了屬性集合,而密文中包含了訪問控制策略。從兩者區(qū)別來看,作為一個密碼協(xié)議,CP-ABE的性質(zhì)明顯優(yōu)于KP-ABE.這是因為,在CP-ABE中,加密者在密文中定義了訪問控制策略,而解密者使用自身屬性生成的私鑰驗證是否滿足訪問控制策略以確定能否成功解密。作為一個加密協(xié)議,這顯然更適合通常的加密場景。然而,在KP-ABE中,訪問控制策略由解密者來定義,使得加密者無法完全控制解密過程,無法適應(yīng)加密場景。而這一性質(zhì)能夠?qū)崿F(xiàn)網(wǎng)絡(luò)中保密的訪問控制、外包計算和密文檢索等功能。本文中,我們將主要關(guān)注可搜索加密協(xié)議,因此我們在此主要研究KP-ABE協(xié)議。為保證加密者的身份保密,匿名性也是公鑰系統(tǒng)的一個重要性質(zhì)。屬性加密的匿名性能夠保證攻擊者無法區(qū)分用戶加密所使用的屬性信息,從而有效的保護用戶的隱私。以往的屬性加密協(xié)議都沒有關(guān)注這一重要性質(zhì)。本文中,我們對密鑰策略的屬性加密協(xié)議進行了研究和改進,提出了具有屬性保密的屬性加密協(xié)議,并具備了完全安全性。文中,我們使用了對偶系統(tǒng)加密的思想,使用合數(shù)階雙線性群這一工具為協(xié)議提供足夠的安全性,該雙線性群的階為四個素數(shù)的乘積,也就是由四個素數(shù)階子群構(gòu)成,第一個子群用于正常的加解密操作,第二個子群為半功能空間,用于協(xié)議的證明,第三個子群可以保障密鑰的隨機性,而第四個子群用于保護用戶的屬性保密,屬性保密性屬于一種弱化的匿名性。我們屬性保密性部分解決了屬性加密的匿名性。這一性質(zhì)雖然無法完全保障用戶的屬性安全,但足以在后文構(gòu)造可搜索加密協(xié)議時提供關(guān)鍵詞的保密。為構(gòu)造一個安全的公鑰可搜索加密協(xié)議,我們提出了一個由屬性加密協(xié)議構(gòu)造基于屬性的可搜索加密協(xié)議的一般方法,同時證明了可搜索加密協(xié)議的相容性和安全性可以分別歸約到屬性加密協(xié)議的安全性和屬性保密性。并根據(jù)這一方法,使用上述的屬性加密協(xié)議構(gòu)造了一個安全的可搜索屬性加密協(xié)議。關(guān)鍵詞猜測攻擊是針對可搜索加密協(xié)議的一個有效的攻擊手段。如何抵抗這一攻擊,是可搜索加密研究領(lǐng)域的一個熱點。關(guān)鍵詞猜測攻擊的攻擊是因為有效關(guān)鍵詞在明文空間的熵值過低而引起的。為關(guān)鍵詞索引提供一定的隨機性是抵抗這個攻擊的有效手段,從而攻擊者無法猜測有效的關(guān)鍵詞以攻擊協(xié)議。首先受Boneh, Raghunathan和Segev提出的函數(shù)保密的基于身份加密協(xié)議的啟發(fā),我們構(gòu)造了一個具有函數(shù)保密性的屬性加密協(xié)議,這一性質(zhì)使攻擊者無法區(qū)分用戶屬性生成的私鑰,從而保證用戶的身份保密。文中,我們使用”生成-附加-合成”三步法對原始的屬性加密協(xié)議進行了改進,在生成階段,添加一個隨機數(shù)以增強私鑰的隨機性,在附加階段,修改解密算法,隨后對這些改動進行合成,保證協(xié)議正常解密的同時,保障了函數(shù)保密性。通過上述的構(gòu)造可搜索加密的一般方法,我們以此協(xié)議為基礎(chǔ)構(gòu)造了一個可搜索加密協(xié)議,證明了可搜索加密協(xié)議抵抗關(guān)鍵詞猜測攻擊的能力可以歸約為屬性加密的函數(shù)保密性,使得我們的協(xié)議能夠抵抗關(guān)鍵詞猜測攻擊。
[Abstract]:With the rapid development of Internet technology and the rapid expansion of user data, users tend to store personal data online. Although this way brings flexible storage capacity and low cost of storage, it also makes users unable to maintain their own data like local storage, thus losing the physical protection of data. The user's data has a great risk of leakage. Users can use encryption to protect online data. However, it also loses the user's ability to operate directly online, such as users can not direct access to online data, search and compute data operations. Search is the most frequent user access to the Internet. One of the operations. How to protect the privacy of the user and data store when the user retrieves the data, that is, to retrieve the encrypted data, has become a hot spot in the security storage field in recent years. This is the problem that can be solved by the search encryption. The first searchable encryption protocol is "Practical techniques for searches on encrypted data", which is a search private key encryption protocol, which uses the idea of stream cipher (Steam Cipher) and uses pseudo random number generator to generate random keys and numbers. According to the nature of private key encryption protocol, it can search the index ciphertext of the data files in private key encryption protocol and the search process in the search process. Key words use the same key, so the search private key encryption protocols are mostly used in personal storage and other services, of course, if combination of key distribution and other technologies can be applied to multi user retrieval scenarios. The earliest search public key encryption protocols are Boneh, Crescenzo, Ostr-ovsky and Persiano at the Eurocrypt2004 annual meeting of the European secret conference It is proposed that the protocol mainly uses the mail system as the application scene, allows the sender to use the public key of the receiver to encrypt the mail and key words, the receiver uses its own private key to generate the search request, calculates the mail server, and returns the message containing a key word to the receiver. The protocol guarantees the user and the storage in the search process. The server does not disclose its own privacy information. According to the nature of the public key encryption system, it can search the secure index of public key encryption and the key to be encrypted with different keys to the search key. Therefore, the ability to implement the search for third party or multi party after the user is encrypted. This ability greatly expands the search for encryption. Before we study searchable encryption, we first study a new public key encryption system - attribute encryption. First, the attribute encryption was proposed by Sahai and Waters in 2005. It is an extended identity based encryption protocol. It divides user's identity information into one. A set of attributes so that each user has a set of attributes that indicate its own identity, which makes the definition more flexible and introduces an access structure to an encryption protocol that makes the protocol have an elastic decryption ability. The attribute encryption protocol has unique access control, in addition to the advantage of identity based encryption. The structure and attribute set can make the encrypted person more flexible to determine the identity of the decryption user. The attribute encryption protocol can be divided into the attribute encryption protocol (CP-ABE) and the attribute encryption protocol (KP-ABE) of the key strategy. In the KP-ABE protocol, the access control strategy is stored in the key, and the attribute set is contained in the ciphertext. In CP-ABE On the contrary, the key contains the set of attributes, and the ciphertext contains access control strategy. As a cryptographic protocol, the nature of CP-ABE is obviously better than that of KP-ABE. because in CP-ABE, the cipher defines the access control strategy in the ciphertext, and the decryption uses the private key generated by its own property to verify it. Whether or not the access control strategy is met to determine whether or not it can be decrypted successfully. As an encryption protocol, it is obviously more suitable for the usual encryption scene. However, in KP-ABE, the access control strategy is defined by the decryption, so that the cipher can not fully control the decryption process and can not adapt the encrypted scene. This nature can achieve secrecy in the network. In this paper, we will mainly focus on the searchable encryption protocol, so we mainly study the KP-ABE protocol. In order to ensure the identity of the encrypted person, anonymity is also an important property of the public key system. The anonymity of the attribute encryption can guarantee that the attacker can not distinguish the user encryption. The attribute information is used to protect the user's privacy effectively. The previous attribute encryption protocol has not paid attention to this important nature. In this paper, we have studied and improved the attribute encryption protocol of key policy, and put forward the attribute encryption protocol with attribute secrecy, and have complete security. In this paper, we used the protocol The idea of dual system encryption, using a complex order bilinear group, provides sufficient security for the protocol. The order of the bilinear group is the product of four prime numbers, which is made up of four prime subgroups, the first subgroup is used for normal encryption and decryption operations, and second subgroups are semi functional space, used for protocol proof, third Subgroups can guarantee the randomness of the key, and the fourth subgroups are used to protect the privacy of the user's attributes. The property privacy is a weakening anonymity. Our attribute secrecy partly solves the anonymity of the attribute encryption. This nature can not fully guarantee the user's property security, but it is sufficient to construct a search encryption protocol in the later text. In order to construct a secure public key search encryption protocol, we propose a general method of constructing an attribute based search encryption protocol by attribute encryption protocol. At the same time, it is proved that the compatibility and security of the searchable encryption protocol can be divided into the security and genera of the attribute encryption protocol. And according to this method, a secure and searchable attribute encryption protocol is constructed using the above attribute encryption protocol. The keyword guessing attack is an effective attack means for the searchable encryption protocol. How to resist this attack is a hot spot in the domain of searchable encryption research. The attack is caused by the low entropy value of the valid keyword in the plaintext space. A certain randomness for the keyword index is an effective means to resist the attack, and the attacker can not guess the effective key words to attack the protocol. First, the identity based encryption protocol of the function secrecy proposed by Boneh, Raghunathan and Segev We construct an attribute encryption protocol with function confidentiality, which makes it impossible for an attacker to distinguish the private key generated by the user's attribute, thus ensuring the identity of the user. In this paper, we use the "generation - add - synthesis" three step method to improve the original attribute encryption protocol, and add one in the generation phase. Random numbers to enhance the randomness of the private key, modify the decryption algorithm in the additional stage, then synthesize these changes, ensure the normal decryption of the protocol, and ensure the function secrecy. Through the above construction, we can search for the general encryption method, and we construct a searchable encryption protocol based on this protocol, proving that the search can be searched. The ability of encryption protocol to resist keyword guess attack can be reduced to the function confidentiality of attribute encryption, making our protocol able to resist keyword guess attack.

【學位授予單位】：山東大學
【學位級別】：博士
【學位授予年份】：2015
【分類號】：TN918.4;TP393.04

【相似文獻】

相關(guān)期刊論文 前10條

1 張穎;通信權(quán)限加密協(xié)議的結(jié)構(gòu)與實現(xiàn)[J];湖北工學院學報;1997年02期

2 ;高手教你如何防止無線網(wǎng)絡(luò)受到非法攻擊[J];計算機與網(wǎng)絡(luò);2011年01期

3 蔣德榮;陶冬霞;史小宏;;基于三重加密的移動Agent保護機制[J];電腦知識與技術(shù)(學術(shù)交流);2007年17期

4 桑田,黃連生,張磊;改進的加密協(xié)議形式化驗證模型和算法[J];清華大學學報(自然科學版);2002年01期

5 張建中;鏈路層加密協(xié)議研究[J];通信保密;1993年02期

6 楊致偉;;一種安全審計技術(shù)新模型[J];信息安全與通信保密;2008年02期

7 肖德琴,周權(quán),張煥國,劉才興;基于時序邏輯的加密協(xié)議分析[J];計算機學報;2002年10期

8 陸超;周顥;陳波;趙保華;;基于串空間的Kao Chow加密協(xié)議形式化驗證[J];中國科學技術(shù)大學學報;2007年12期

9 丁一強;基于CCS的加密協(xié)議分析[J];軟件學報;1999年10期

10 曾克彬;;WEP有線對等加密協(xié)議安全分析[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2006年09期

相關(guān)重要報紙文章 前1條

1 邊韻;安全審計漫談[N];網(wǎng)絡(luò)世界;2006年

相關(guān)博士學位論文 前1條

1 韓斐;基于屬性的可搜索加密協(xié)議研究[D];山東大學;2015年

相關(guān)碩士學位論文 前3條

1 呂曉冬;加密協(xié)議的一種分析方法[D];鄭州大學;2001年

2 朱志軍;基于模糊測試的加密協(xié)議漏洞挖掘方法研究[D];華中科技大學;2012年

3 吳杰;雙方不可否認的小公鑰RSA加密協(xié)議及其應(yīng)用[D];暨南大學;2005年

，

本文編號：1772767