The Research Of Multi-Value Attribute And Secure Trapdoor On Attribute-Based Searchable Encryption

With the increasing of the amount of information in the Internet,there are some disadvantages such as redundancy and insufficient storage.Because of the rapid development of cloud computing,more and more individual move their private data to the cloud.To protect the privacy of sensitive information,data owners usually encrypt their private data.Secure encryption is an efficient way to achieve the security goal.However,with the encrypted data,how to obtain a part of the encrypted data which contain some special keyword? To alleviate such concerns,a common solution is to employ a searchable encryption(SE)scheme.In SE schemes,data owner has to encrypt the potential keywords as index and uploads them to cloud server together with the document ciphertext.In the future,a search user may want to get partly encrypted data contain some certain keyword.The search user can generate a trapdoor with his secret key,and submit the trapdoor to cloud server.With the trapdoor,cloud server can operate keyword search over the encrypted data.A SE scheme allows the cloud server to search over encrypted data on behalf of user without learning information about the keyword or plaintext.So,it is a hot topic of the study on secure storage.In this thesis,we mainly focus on the researches of multi-value attribute and secure trapdoor generation in the attribute-based searchable encryption system.The main work and contributions of the present thesis are as follows:(1)Multi-Value-Independent Ciphertext-Policy Attribute Based Encryption with User discretionary Keyword Search.The traditional symmetric searchable encryption technology is suitable for single-user scenario,which greatly limits the development of searchable encryption in multi-user scenario.Some scholars adopt the way of sharing keys for the purpose of keyword search on shared data,while others adopt the way in which data owners stay online and authorize tokens in real time.However,these methods present a significant security risk and single point of attack.Attribute based encryption cryptography provides fine-grained access control of encrypted data.In Han's doctoral dissertation [1],the author proposed a universal conversion method from ABE scheme to SE scheme,but the method was to submit the decryption key directly to the cloud server as a search token which obviously is not desirable.We analyze the existing security model in attribute based searchable encryption scheme and propose a new security model for the problem of strong restriction.In the new security model,challenger can ask for search tokens about challenge policy with non-challenge keywords.Under this enhanced security model,we propose two cipher-based policy attribute-based encryption schemes that support user discretionary keyword search.With the ”aggregation” technology,our schemes improve the search efficiency,which makes our system more suitable for lightweight applications.(2)Hidden Policy Attribute Based Searchable Encryption with Constant Size Ciphertext and Constant Size Secret Key.Most recent research has focused on developing efficient attribute based searchable encryption schemes at the expense of leakage some information.Although the conventional security notion IND-CKA guarantees that a searchable ciphertext leaks no information about keywords,it gives no guarantee concerning leakage of a secret key from the trapdoor.We study trapdoor malleability attack where the malicious user can deduce a valid trapdoor of keyword w?when given a trapdoor of keyword w.We show such attack violates secret key privacy,which is important in the whole system.Most of the existing ABSE schemes can not resist the secret key recovery attack where the adversary can extract secret key from trapdoors.To deal with the above problems,we propose a new ciphertext policy attribute based encryption scheme with probabilistic generation of trapdoors.Our scheme preserves the fine-grained access control inherited from the ABE system while supporting hidden policy and fast keyword search.Our scheme features constant-size ciphertext compared with the existing attribute based searchable encryption schemes.(3)Attribute Based Proxy Searchable Re-encryption Scheme with Hidden Condition.Attribute based proxy re-encryption mechanism combines the attribute based encryption and proxy re-encryption.It is widely used in practical applications such as cloud storage and social network due to its effective features of ciphertext access control and ciphertext conversion.Conditional proxy re-encryption mechanism limits the proxy server's ability to achieve a fine-grained ciphertext conversion.Unfortunately,in existing schemes,the proxy condition need to be sent in plain text to the proxy server in order to perform ciphertext conversion.In addition,most attribute based proxy re-encryption schemes do not support keyword search.In order to solve the above problems,we first propose an efficient attribute based encryption.Based on this scheme,we propose an attribute based proxy searchable reencryption with hidden condition scheme.We use the search trapdoor to achieve condition hidden.The scheme not only realizes the fine-grained access control of ciphertext,But also realize the fine-grained ciphertext proxy re-encryption.(4)Secure Key-Aggregation Authorized Searchable Encryption.The popularity of searchable encryption mechanism makes more and more users upload their encrypted files to the cloud server.For security reasons,data owners use different keys to encrypt different files.This means that in order to share data,the data owner needs to send the entire keys to the shared user.The distribution of a large number of keys brings huge communication overhead to the entire system.Key aggregation searchable encryption enable the data owner only needs to distribute one aggregated searchable key to achieve authorization for subset search permission.Therefore,the key aggregation searchable encryption mechanism effectively reduces the size of the authorization key.First,we discuss security issues of scheme [2] by proposing ”Collusion Attack”,indicating that the system is not completely secure.Second,we build a secure key-aggregation authorized searchable encryption scheme with short private key size and low computational overhead.