可搜索加密机制研究与进展
作者:
基金项目:

国家自然科学基金(61232003);国家科技重大专项(2013ZX03002004-003);中美软件合作研究项目(61361120098)


Survey on the Research and Development of Searchable Encryption Schemes
Author:
  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [49]
  • |
  • 相似文献 [20]
  • | | |
  • 文章评论
    摘要:

    随着云计算的迅速发展,用户开始将数据迁移到云端服务器,以此避免繁琐的本地数据管理并获得更加便捷的服务.为了保证数据安全和用户隐私,数据一般是以密文存储在云端服务器中,但是用户将会遇到如何在密文上进行查找的难题.可搜索加密(searchable encryption,简称SE)是近年来发展的一种支持用户在密文上进行关键字查找的密码学原语,它能够为用户节省大量的网络和计算开销,并充分利用云端服务器庞大的计算资源进行密文上的关键字查找.介绍了SE机制的研究背景和目前的研究进展,对比阐述了基于对称密码学和基于公钥密码学而构造的SE机制的不同特点,分析了SE机制在支持单词搜索、连接关键字搜索和复杂逻辑结构搜索语句的研究进展.最后阐述了其所适用的典型应用场景,并讨论了SE机制未来可能的发展趋势.

    Abstract:

    With the rapid development of cloud computing, users are beginning to move their data to the cloud servers in order to avoid troublesome data management at local machines and enjoy convenient service. To protect data security and user privacy, data are usually stored in encrypted form in the cloud, but it activates the inconvenience when the user tries to retrieve the files containing some interested keywords. Searchable encryption (SE) is a recently developed cryptographic primitive that supports keyword search over encrypted data, which not only saves huge network bandwidth and computation capacity for users, but also migrates the cumbersome search operation to the cloud server to utilize its vast computational resources. This paper first introduces the research background and the current development of SE schemes and compares the different features between symmetric key cryptography based SE schemes and public key cryptography based SE schemes. The research status of the search query supported in SE schemes is then provided. The discussion includes the support of single keyword search query, conjunctive (and multi-keyword) search query and complex search query, respectively. Finally, this study presents the typical application scenario of SE schemes, and discusses the possible development tendency.

    参考文献
    [1] Chen K, Zheng WM. Cloud computing: System instances and current research. Ruan Jian Xue Bao/Journal of Software, 2009,20(5): 1337-1348 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3493.htm [doi: 10.3724/SP.J.1001.2009.03493]
    [2] Feng DG, Zhang M, Zhang Y, Xu Z. Study on cloud computing security. Ruan Jian Xue Bao/Journal of Software, 2011,22(1): 71-83 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3958.htm [doi: 10.3724/SP.J.1001.2011.03958]
    [3] Su JS, Cao D, Wang XF, Sun YM, Hu QL. Attribute-Based encryption schemes. Ruan Jian Xue Bao/Journal of Software, 2011, 22(6):1299-1315 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3993.htm [doi: 10.3724/SP.J.1001.2011. 03993]
    [4] Dropbox. hhtp://www.dropbox.com/
    [5] Amazon. Amazon S3. http://aws.amazon.com/s3/
    [6] Windows azure. http://www.microsoft.com/windowsazure/
    [7] Weber T. Cloud computing after Amazon and Sony: Ready for primetime? 2011. http://www.bbc.co.uk/news/business-13451990
    [8] Song D, Wagner D, Perrig A. Practical techniques for searches on encrypted data. In: Proc. of the 2000 IEEE Symp. on Security and Privacy. Berkeley: IEEE Computer Society, 2000. 44-55. [doi: 10.1109/SECPRI.2000.848445]
    [9] Waters B, Balfanz D, Durfee G, Smetters D. Building an encrypted and searchable audit log. In: Proc. of the 11th Annual Network and Distributed System Security Symp. San Diego: The Internet Society, 2004. http://www.isoc.org/isoc/conferences/ndss/04/ proceedings/
    [10] Goh E. Secure Indexes. In: Cryptology ePrint Archive. 2003. http://eprint.iacr.org/2003/216.pdf
    [11] Golle P, Staddon J, Waters B. Secure conjunctive keyword search over encrypted data. In: Proc. of the 2nd Int'l Conf. on Applied Cryptography and Network Security (ACNS). Berlin, Heidelberg: Springer-Verlag, 2004. 31-45. [doi: 10.1007/978-3-540-24852- 1_3]
    [12] Wang C, Cao N, Li J, Ren K, Lou WJ. Secure ranked keyword search over encrypted cloud data. In: Proc. of the IEEE 30th Int'l Conf. on Distributed Computing Systems (ICDCS). Genoa: IEEE Computer Society, 2010. 253-262. [doi: 10.1109/ICDCS. 2010.34]
    [13] Li J, Wang Q, Wang C, Cao M, Ren K, Lou WJ. Fuzzy keyword search over encrypted data in cloud computing. In: Proc. of the IEEE INFOCOM Mini-Conf. San Diego: IEEE Computer Society, 2010. 1-5. [doi: 10.1109/INFCOM.2010.5462196]
    [14] Li M, Yu S, Cao N Lou W. Authorized private keyword search over encrypted data in cloud computing. In: Proc. of the IEEE Int'l Conf. on Distributed Computing Systems (ICDCS). Minneapolis: IEEE Computer Society, 2011. 383-392. [doi: 10.1109/ICDCS. 2011.55]
    [15] Chang YC, Mitzenmacher M. Privacy preserving keyword searches on remote encrypted data. In: Proc. of the 3rd Int'l Conf. on Applied Cryptography and Network Security (ACNS). Berlin, Heidelberg: Springer-Verlag, 2005. 442-455. [doi: 10.1007/ 11496137_30]
    [16] Boneh D, Crescenzo G, Ostrovsky R, Persiano G. Public key encryption with keyword search. In: Proc. of the EUROCRYPT. Berlin, Heidelberg: Springer-Verlag, 2004. 506-522. [doi: 10.1007/978-3-540-24676-3_30]
    [17] Shi E, Bethencourt J, Chan T, Song D, Perrig A. Multi-Dimensional range query over encrypted data. In: Proc. of the IEEE Symp. on Security and Privacy. Berkeley: IEEE Computer Society, 2007. 350-364. [doi: 10.1109/SP.2007.29]
    [18] Shi E, Waters B. Delegating capabilities in predicate encryption systems. In: Proc. of the 35th Int'l Colloquium on Automata, Languages and Programming (ICALP). Berlin, Heidelberg: Springer-Verlag, 2008. 560-578. [doi: 10.1007/978-3-540-70583-3_46]
    [19] Yang Z, Zhong S, Wright R. Privacy-Preserving queries on encrypted data. In: Proc. of the 11th European Conf. on Research in Computer Security. Berlin, Heidelberg: Springer-Verlag, 2006. 479-495. [doi: 10.1007/11863908_29]
    [20] Boneh D, Waters B. Conjunctive, subset, and range queries on encrypted data. In: Proc. of the 4th Conf. on Theory of Cryptography. Berlin, Heidelberg: Springer-Verlag, 2007. 535-554. [doi: 10.1007/978-3-540-70936-7_29]
    [21] Cao N, Wang C, Li M, Ren K, Lou W. Privacy-Preserving multi-keyword ranked search over encrypted cloud data. In: Proc. of the IEEE INFOCOM. Shanghai: IEEE Computer Society, 2011. 829-837. [doi: 10.1109/INFCOM.2011.5935306]
    [22] Curtmola R, Garay J, Kamara S, Ostrovsky R. Searchable symmetric encryption: Improved definitions and efficient constructions. In: Proc. of the 13th ACM Conf. on Computer and Communications Security (CCS). New York: ACM Press, 2006. 79-88. [doi: 10.1145/1180405.1180417]
    [23] Dong C, Russello G, Dulay N. Shared and searchable encrypted data for untrusted servers. In: Proc. of the 22nd Annual IFIP WG 11.3 Working Conf. on Data and Applications Security. Berlin, Heidelberg: Springer-Verlag, 2008. 127-143. [doi: 10.1007/978-3- 540-70567-3_10]
    [24] Hwang Y, Lee P. Public key encryption with conjunctive keyword search and its extension to a multi-user system. In: Proc. of the Int'l Conf. on Pairing-Based Cryptography. Berlin, Heidelberg: Springer-Verlag, 2007. 2-22. [doi: 10.1007/978-3-540-73489-5_]
    [25] Shen E, Shi E, Waters B. Predicate privacy in encryption systems. In: Proc. of the 6th Theory of Cryptography Conf. on Theory of Cryptography. Berlin, Heidelberg: Springer-Verlag, 2009. 4570-473. [doi: 10.1007/978-3-642-00457-5_27]
    [26] Ballard J, Kamara S, Monrose F. Achieving efficient conjunctive keyword searches over encrypted data. In: Proc. of the 7th Int'l Conf. on Information and Communications Security. Berlin, Heidelberg: Springer-Verlag, 2005. 414-426. [doi: 10.1007/ 11602897_35]
    [27] Baek J, Safavi-Naini R, Susilo W. Public key encryption with keyword search revisited. In: Proc. of the Int'l Conf. on Computational Science and Its Applications. Berlin, Heidelberg: Springer-Verlag, 2008. 1249-1259. [doi: 10.1007/978-3-540- 69839-5_96]
    [28] Bao F, Deng R, Ding X, Yang Y. Private query on encrypted data in multi-user settings. In: Proc of the 4th Int'l Conf. on Information Security Practice and Experience. Berlin, Heidelberg: Springer-Verlag, 2008. 71-85. [doi: 10.1007/978-3-540- 79104-1_6]
    [29] Okamoto T, Takashima W. Hierarchical predicate encryption for inner-products. In: Proc. of the ASIACRYPT. Berlin, Heidelberg: Springer-Verlag, 2009. 214-231. [doi: 10.1007/978-3-642-10366-7_13]
    [30] Katz J, Sahai A, Waters B. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Proc. of the EUROCRYPT. Berlin, Heidelberg: Springer-Verlag, 2008. 146-162. [doi: 10.1007/978-3-540-78967-3_9]
    [31] Goldreich O, Ostrovsky R. Software protection and simulation on oblivious RAMs. Journal of the ACM, 1996,43(3):431-473. [doi: 10.1145/233551.233553]
    [32] Cao N, Yang Z, Wang C, Ren K, Lou W. Privacy-Preserving query over encrypted graph-structured data in cloud computing. In: Proc. of the IEEE Int'l Conf. on Distributed Computing Systems (ICDCS). Minneapolis: IEEE Computer Society, 2011. 393-402. [doi: 10.1109/SP.2007.11]
    [33] Goldreich O, Ostrovsky R. Software protection and simulations on oblivious RAMs [Ph.D. Thesis]. MIT, 1992.
    [34] Boneh D, Kushilevitz E, Ostrovsky R, Skeith W. Public key encryption that allows PIR queries. In: Proc. of the 27th Annual Int'l Cryptology Conf. on Advances in Cryptology. Berlin, Heidelberg: Springer-Verlag, 2007. 50-67. [doi: 10.1007/978-3-540- 74143-5_4]
    [35] Kamara S, Lauter K. Cryptographic cloud storage. In: Proc. of the 14th Int'l Conf. on Financial Cryptograpy and Data Security. Berlin, Heidelberg: Springer-Verlag, 2010. 136-149. [doi: 10.1007/978-3-642-14992-4_13]
    [36] WIKIPEDIA. http://en.wikipedia.org/wiki/Symmetric-key_algorithm
    [37] Bloom BH. Space/Time trade-offs in hash coding with allowable errors. Communications of the ACM, 1970,13(7):422-426. [doi: 10.1145/362686.362692]
    [38] Agrawal R, Kiernan J, Srikant R, Xu Y. Order preserving encryption for numeric data. In: Proc. of the ACM SIGMOD. New York: ACM Press, 2004. 563-574. [doi: 10.1145/1007568.1007632]
    [39] Wong KK, Cheung DW, Kao B, Mamoulis N. Secure kNN computation on encrypted databases. In: Proc. of the 35th SIGMOD Int'l Conf. on Management of Data. New York: ACM Press, 2009. 139-152. [doi: 10.1145/1559845.1559862]
    [40] Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Proc. of the IEEE Symp. on Security and Privacy. Berkeley: IEEE Computer Society, 2007. 321-334. [doi: 10.1109/SP.2007.11]
    [41] Goyal V, Pandey O, Sahai A, Waters B. Attribute-Based encryption for fine-grained access control of encrypted data. In: Proc. of the ACM Conf. on Computer and Communications Security. New York: ACM Press, 2006. 89-98. [doi: 10.1145/1180405. 1180418]
    [42] Boneh D, Franklin M. Identity-Based encryption from the weil pairing. In: Proc. of the Advances in Cryptology-CRYPTO. Berlin, Heidelberg: Springer-Verlag, 2001. 213-229. [doi: 10.1007/3-540-44647-8_13]
    [43] Reeman D. Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: Proc. of the EUROCRYPT. Berlin, Heidelberg: Springer-Verlag, 2010. 44-61. [doi: 10.1007/978-3-642-13190-5_3]
    [44] Zhang Y, Xue C, Wong D, Mamoulis N, Yiu S. Acceleration of composite order bilinear pairing on graphics hardware. IACR Cryptology ePrint Archive. 2011. http://eprint.iacr.org/2011/196.pdf
    [45] The Java pairing based cryptography library (jPBC). 2011. http://gas.dia.unisa.it/projects/jpbc/
    [46] Salama D, Minaam A, Abdual-Kader H, Hadhoud M. Evaluating the effects of symmetric cryptography algorithms on power consumption for different data types. Int'l Journal of Network Security, 2010,11(2):78-87.
    [47] The Elliptic Semiconductor (clp-17). High performance elliptic curvecryptography point multiplier core. http://www.internetsociety. org/privacy-preserving-logarithmic-time-search-encrypted-data-cloud
    [48] Wang C, Ren K, Yu S, Urs K.Achieving usable and privacy-assured similarity search over outsource cloud data. In: Proc. of the IEEE INFOCOM. Orlando: IEEE Computer Society, 2012. 451-459. [doi: 10.1109/INFCOM.2012.6195784]
    [49] Shen Z, Xue W, Shu J. Preferred keyword search over encrypted data in cloud computing. In: Proc. of the ACM/IEEE IWQoS. Montreal: IEEE Computer Society, 2013. 1-6. [doi: 10.1109/IWQoS.2013.6550283]
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

沈志荣,薛巍,舒继武.可搜索加密机制研究与进展.软件学报,2014,25(4):880-895

复制
分享
文章指标
  • 点击次数:8168
  • 下载次数: 10923
  • HTML阅读次数: 4175
  • 引用次数: 0
历史
  • 收稿日期:2012-09-08
  • 最后修改日期:2013-12-05
  • 在线发布日期: 2014-01-14
文章二维码
您是第19892615位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号