可搜索加密机制研究与进展

doi:10.13328/j.cnki.jos.004554

微信服务号

微信订阅号

2025年5月1日 7:24 星期四

首页 > 过刊浏览>2014年第25卷第4期 >880-895. DOI:10.13328/j.cnki.jos.004554

PDF HTML阅读 XML下载导出引用引用提醒

可搜索加密机制研究与进展
DOI:
                        10.13328/j.cnki.jos.004554
                    
CSTR:
                        
                    
作者:
                        沈志荣沈志荣
清华大学 计算机科学与技术系, 北京 100084
在期刊界中查找
在百度中查找
在本站中查找
薛巍薛巍
清华大学 计算机科学与技术系, 北京 100084;信息科学与技术国家实验室(清华大学), 北京 100084
在期刊界中查找
在百度中查找
在本站中查找
舒继武舒继武
清华大学 计算机科学与技术系, 北京 100084;信息科学与技术国家实验室(清华大学), 北京 100084
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:国家自然科学基金（61232003）；国家科技重大专项（2013ZX03002004-003）；中美软件合作研究项目（61361120098）

Survey on the Research and Development of Searchable Encryption Schemes

Author:

SHEN Zhi-Rong
SHEN Zhi-Rong
Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
在期刊界中查找
在百度中查找
在本站中查找
XUE Wei
XUE Wei
Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China;Tsinghua National Laboratory for Information Science and Technology (Tsinghua University), Beijing 100084, China
在期刊界中查找
在百度中查找
在本站中查找
SHU Ji-Wu
SHU Ji-Wu
Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China;Tsinghua National Laboratory for Information Science and Technology (Tsinghua University), Beijing 100084, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [49]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

随着云计算的迅速发展，用户开始将数据迁移到云端服务器，以此避免繁琐的本地数据管理并获得更加便捷的服务.为了保证数据安全和用户隐私，数据一般是以密文存储在云端服务器中，但是用户将会遇到如何在密文上进行查找的难题.可搜索加密（searchable encryption，简称SE）是近年来发展的一种支持用户在密文上进行关键字查找的密码学原语，它能够为用户节省大量的网络和计算开销，并充分利用云端服务器庞大的计算资源进行密文上的关键字查找.介绍了SE机制的研究背景和目前的研究进展，对比阐述了基于对称密码学和基于公钥密码学而构造的SE机制的不同特点，分析了SE机制在支持单词搜索、连接关键字搜索和复杂逻辑结构搜索语句的研究进展.最后阐述了其所适用的典型应用场景，并讨论了SE机制未来可能的发展趋势.

关键词:可搜索加密;数据安全;隐私;密码学;云计算;云存储

Abstract:

With the rapid development of cloud computing, users are beginning to move their data to the cloud servers in order to avoid troublesome data management at local machines and enjoy convenient service. To protect data security and user privacy, data are usually stored in encrypted form in the cloud, but it activates the inconvenience when the user tries to retrieve the files containing some interested keywords. Searchable encryption (SE) is a recently developed cryptographic primitive that supports keyword search over encrypted data, which not only saves huge network bandwidth and computation capacity for users, but also migrates the cumbersome search operation to the cloud server to utilize its vast computational resources. This paper first introduces the research background and the current development of SE schemes and compares the different features between symmetric key cryptography based SE schemes and public key cryptography based SE schemes. The research status of the search query supported in SE schemes is then provided. The discussion includes the support of single keyword search query, conjunctive (and multi-keyword) search query and complex search query, respectively. Finally, this study presents the typical application scenario of SE schemes, and discusses the possible development tendency.

Key words:searchable encryption;data security;privacy;cryptography;cloud computing;cloud storage

参考文献

[1] Chen K, Zheng WM. Cloud computing: System instances and current research. Ruan Jian Xue Bao/Journal of Software, 2009,20(5): 1337-1348 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3493.htm [doi: 10.3724/SP.J.1001.2009.03493]

[2] Feng DG, Zhang M, Zhang Y, Xu Z. Study on cloud computing security. Ruan Jian Xue Bao/Journal of Software, 2011,22(1): 71-83 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3958.htm [doi: 10.3724/SP.J.1001.2011.03958]

[3] Su JS, Cao D, Wang XF, Sun YM, Hu QL. Attribute-Based encryption schemes. Ruan Jian Xue Bao/Journal of Software, 2011, 22(6):1299-1315 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3993.htm [doi: 10.3724/SP.J.1001.2011. 03993]

[4] Dropbox. hhtp://www.dropbox.com/

[5] Amazon. Amazon S3. http://aws.amazon.com/s3/

[6] Windows azure. http://www.microsoft.com/windowsazure/

[7] Weber T. Cloud computing after Amazon and Sony: Ready for primetime? 2011. http://www.bbc.co.uk/news/business-13451990

[8] Song D, Wagner D, Perrig A. Practical techniques for searches on encrypted data. In: Proc. of the 2000 IEEE Symp. on Security and Privacy. Berkeley: IEEE Computer Society, 2000. 44-55. [doi: 10.1109/SECPRI.2000.848445]

[9] Waters B, Balfanz D, Durfee G, Smetters D. Building an encrypted and searchable audit log. In: Proc. of the 11th Annual Network and Distributed System Security Symp. San Diego: The Internet Society, 2004. http://www.isoc.org/isoc/conferences/ndss/04/ proceedings/

[10] Goh E. Secure Indexes. In: Cryptology ePrint Archive. 2003. http://eprint.iacr.org/2003/216.pdf

[11] Golle P, Staddon J, Waters B. Secure conjunctive keyword search over encrypted data. In: Proc. of the 2nd Int'l Conf. on Applied Cryptography and Network Security (ACNS). Berlin, Heidelberg: Springer-Verlag, 2004. 31-45. [doi: 10.1007/978-3-540-24852- 1_3]

[12] Wang C, Cao N, Li J, Ren K, Lou WJ. Secure ranked keyword search over encrypted cloud data. In: Proc. of the IEEE 30th Int'l Conf. on Distributed Computing Systems (ICDCS). Genoa: IEEE Computer Society, 2010. 253-262. [doi: 10.1109/ICDCS. 2010.34]

[13] Li J, Wang Q, Wang C, Cao M, Ren K, Lou WJ. Fuzzy keyword search over encrypted data in cloud computing. In: Proc. of the IEEE INFOCOM Mini-Conf. San Diego: IEEE Computer Society, 2010. 1-5. [doi: 10.1109/INFCOM.2010.5462196]

[14] Li M, Yu S, Cao N Lou W. Authorized private keyword search over encrypted data in cloud computing. In: Proc. of the IEEE Int'l Conf. on Distributed Computing Systems (ICDCS). Minneapolis: IEEE Computer Society, 2011. 383-392. [doi: 10.1109/ICDCS. 2011.55]

[15] Chang YC, Mitzenmacher M. Privacy preserving keyword searches on remote encrypted data. In: Proc. of the 3rd Int'l Conf. on Applied Cryptography and Network Security (ACNS). Berlin, Heidelberg: Springer-Verlag, 2005. 442-455. [doi: 10.1007/ 11496137_30]

[16] Boneh D, Crescenzo G, Ostrovsky R, Persiano G. Public key encryption with keyword search. In: Proc. of the EUROCRYPT. Berlin, Heidelberg: Springer-Verlag, 2004. 506-522. [doi: 10.1007/978-3-540-24676-3_30]

[17] Shi E, Bethencourt J, Chan T, Song D, Perrig A. Multi-Dimensional range query over encrypted data. In: Proc. of the IEEE Symp. on Security and Privacy. Berkeley: IEEE Computer Society, 2007. 350-364. [doi: 10.1109/SP.2007.29]

[18] Shi E, Waters B. Delegating capabilities in predicate encryption systems. In: Proc. of the 35th Int'l Colloquium on Automata, Languages and Programming (ICALP). Berlin, Heidelberg: Springer-Verlag, 2008. 560-578. [doi: 10.1007/978-3-540-70583-3_46]

[19] Yang Z, Zhong S, Wright R. Privacy-Preserving queries on encrypted data. In: Proc. of the 11th European Conf. on Research in Computer Security. Berlin, Heidelberg: Springer-Verlag, 2006. 479-495. [doi: 10.1007/11863908_29]

[20] Boneh D, Waters B. Conjunctive, subset, and range queries on encrypted data. In: Proc. of the 4th Conf. on Theory of Cryptography. Berlin, Heidelberg: Springer-Verlag, 2007. 535-554. [doi: 10.1007/978-3-540-70936-7_29]

[21] Cao N, Wang C, Li M, Ren K, Lou W. Privacy-Preserving multi-keyword ranked search over encrypted cloud data. In: Proc. of the IEEE INFOCOM. Shanghai: IEEE Computer Society, 2011. 829-837. [doi: 10.1109/INFCOM.2011.5935306]

[22] Curtmola R, Garay J, Kamara S, Ostrovsky R. Searchable symmetric encryption: Improved definitions and efficient constructions. In: Proc. of the 13th ACM Conf. on Computer and Communications Security (CCS). New York: ACM Press, 2006. 79-88. [doi: 10.1145/1180405.1180417]

[23] Dong C, Russello G, Dulay N. Shared and searchable encrypted data for untrusted servers. In: Proc. of the 22nd Annual IFIP WG 11.3 Working Conf. on Data and Applications Security. Berlin, Heidelberg: Springer-Verlag, 2008. 127-143. [doi: 10.1007/978-3- 540-70567-3_10]

[24] Hwang Y, Lee P. Public key encryption with conjunctive keyword search and its extension to a multi-user system. In: Proc. of the Int'l Conf. on Pairing-Based Cryptography. Berlin, Heidelberg: Springer-Verlag, 2007. 2-22. [doi: 10.1007/978-3-540-73489-5_]

[25] Shen E, Shi E, Waters B. Predicate privacy in encryption systems. In: Proc. of the 6th Theory of Cryptography Conf. on Theory of Cryptography. Berlin, Heidelberg: Springer-Verlag, 2009. 4570-473. [doi: 10.1007/978-3-642-00457-5_27]

[26] Ballard J, Kamara S, Monrose F. Achieving efficient conjunctive keyword searches over encrypted data. In: Proc. of the 7th Int'l Conf. on Information and Communications Security. Berlin, Heidelberg: Springer-Verlag, 2005. 414-426. [doi: 10.1007/ 11602897_35]

[27] Baek J, Safavi-Naini R, Susilo W. Public key encryption with keyword search revisited. In: Proc. of the Int'l Conf. on Computational Science and Its Applications. Berlin, Heidelberg: Springer-Verlag, 2008. 1249-1259. [doi: 10.1007/978-3-540- 69839-5_96]

[28] Bao F, Deng R, Ding X, Yang Y. Private query on encrypted data in multi-user settings. In: Proc of the 4th Int'l Conf. on Information Security Practice and Experience. Berlin, Heidelberg: Springer-Verlag, 2008. 71-85. [doi: 10.1007/978-3-540- 79104-1_6]

[29] Okamoto T, Takashima W. Hierarchical predicate encryption for inner-products. In: Proc. of the ASIACRYPT. Berlin, Heidelberg: Springer-Verlag, 2009. 214-231. [doi: 10.1007/978-3-642-10366-7_13]

[30] Katz J, Sahai A, Waters B. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Proc. of the EUROCRYPT. Berlin, Heidelberg: Springer-Verlag, 2008. 146-162. [doi: 10.1007/978-3-540-78967-3_9]

[31] Goldreich O, Ostrovsky R. Software protection and simulation on oblivious RAMs. Journal of the ACM, 1996,43(3):431-473. [doi: 10.1145/233551.233553]

[32] Cao N, Yang Z, Wang C, Ren K, Lou W. Privacy-Preserving query over encrypted graph-structured data in cloud computing. In: Proc. of the IEEE Int'l Conf. on Distributed Computing Systems (ICDCS). Minneapolis: IEEE Computer Society, 2011. 393-402. [doi: 10.1109/SP.2007.11]

[33] Goldreich O, Ostrovsky R. Software protection and simulations on oblivious RAMs [Ph.D. Thesis]. MIT, 1992.

[34] Boneh D, Kushilevitz E, Ostrovsky R, Skeith W. Public key encryption that allows PIR queries. In: Proc. of the 27th Annual Int'l Cryptology Conf. on Advances in Cryptology. Berlin, Heidelberg: Springer-Verlag, 2007. 50-67. [doi: 10.1007/978-3-540- 74143-5_4]

[35] Kamara S, Lauter K. Cryptographic cloud storage. In: Proc. of the 14th Int'l Conf. on Financial Cryptograpy and Data Security. Berlin, Heidelberg: Springer-Verlag, 2010. 136-149. [doi: 10.1007/978-3-642-14992-4_13]

[36] WIKIPEDIA. http://en.wikipedia.org/wiki/Symmetric-key_algorithm

[37] Bloom BH. Space/Time trade-offs in hash coding with allowable errors. Communications of the ACM, 1970,13(7):422-426. [doi: 10.1145/362686.362692]

[38] Agrawal R, Kiernan J, Srikant R, Xu Y. Order preserving encryption for numeric data. In: Proc. of the ACM SIGMOD. New York: ACM Press, 2004. 563-574. [doi: 10.1145/1007568.1007632]

[39] Wong KK, Cheung DW, Kao B, Mamoulis N. Secure kNN computation on encrypted databases. In: Proc. of the 35th SIGMOD Int'l Conf. on Management of Data. New York: ACM Press, 2009. 139-152. [doi: 10.1145/1559845.1559862]

[40] Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Proc. of the IEEE Symp. on Security and Privacy. Berkeley: IEEE Computer Society, 2007. 321-334. [doi: 10.1109/SP.2007.11]

[41] Goyal V, Pandey O, Sahai A, Waters B. Attribute-Based encryption for fine-grained access control of encrypted data. In: Proc. of the ACM Conf. on Computer and Communications Security. New York: ACM Press, 2006. 89-98. [doi: 10.1145/1180405. 1180418]

[42] Boneh D, Franklin M. Identity-Based encryption from the weil pairing. In: Proc. of the Advances in Cryptology-CRYPTO. Berlin, Heidelberg: Springer-Verlag, 2001. 213-229. [doi: 10.1007/3-540-44647-8_13]

[43] Reeman D. Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: Proc. of the EUROCRYPT. Berlin, Heidelberg: Springer-Verlag, 2010. 44-61. [doi: 10.1007/978-3-642-13190-5_3]

[44] Zhang Y, Xue C, Wong D, Mamoulis N, Yiu S. Acceleration of composite order bilinear pairing on graphics hardware. IACR Cryptology ePrint Archive. 2011. http://eprint.iacr.org/2011/196.pdf

[45] The Java pairing based cryptography library (jPBC). 2011. http://gas.dia.unisa.it/projects/jpbc/

[46] Salama D, Minaam A, Abdual-Kader H, Hadhoud M. Evaluating the effects of symmetric cryptography algorithms on power consumption for different data types. Int'l Journal of Network Security, 2010,11(2):78-87.

[47] The Elliptic Semiconductor (clp-17). High performance elliptic curvecryptography point multiplier core. http://www.internetsociety. org/privacy-preserving-logarithmic-time-search-encrypted-data-cloud

[48] Wang C, Ren K, Yu S, Urs K.Achieving usable and privacy-assured similarity search over outsource cloud data. In: Proc. of the IEEE INFOCOM. Orlando: IEEE Computer Society, 2012. 451-459. [doi: 10.1109/INFCOM.2012.6195784]

[49] Shen Z, Xue W, Shu J. Preferred keyword search over encrypted data in cloud computing. In: Proc. of the ACM/IEEE IWQoS. Montreal: IEEE Computer Society, 2013. 1-6. [doi: 10.1109/IWQoS.2013.6550283]

引用本文

沈志荣,薛巍,舒继武.可搜索加密机制研究与进展.软件学报,2014,25(4):880-895

复制

文章指标

点击次数:8168
下载次数: 10923
HTML阅读次数: 4175
引用次数: 0

历史

收稿日期:2012-09-08
最后修改日期:2013-12-05
录用日期:
在线发布日期: 2014-01-14
出版日期:

微信服务号

微信订阅号

引用本文

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

分享

微信扫一扫：分享

文章指标

历史

文章二维码