Research On Access Control And Search Technologies Over The Encrypted Data In Mobile Cloud Computing

Mobile cloud computing could provide storing and computing ability to promote resourceconstrained mobile smart devices to be widely used.People can access the data stored in cloud servers through mobile smart devices from anywhere at any time,which provides convenience for our work and life.However,cloud servers may cause privacy leakage because the ownership and management of the data are separated.It is a challenge to make full use of the mobile cloud computing without compromising data privacy and security.In this dissertation,we will focus on access control and search techniques over the encrypted data in mobile cloud computing,and propose access control and keyword search schemes to protect data privacy and security in different scenarios.The main contributions are summarized as follows.(1)For the high computing complexity and the limited expression of attributes in different CP-ABE(Ciphertext-policy attribute-based encryption)access control schemes based on lattices,we first propose an access control scheme with Boolean attributes.The proposed scheme is CPA secure under the R-LWE(Learning with errors over rings)hardness assumption.To enhance the expression of attributes to describe arbitrary states,a FRD(Full-rank differences)function is used to extend the proposed scheme to support multivalued attributes.In the access control scheme with multi-valued attributes,the public key which is associated with attributes does not impose additional restriction on the values of attributes used for key generation and encryption,thus the flexibility of attribute expression is improved.Simultaneously,a low norm randomization matrix is applied to ensure that attackers cannot distinguish between pseudorandom and true randomness in the encryption algorithm.Thus,the CPA security of the scheme can be reduced to the R-LWE hardness assumption.(2)For the attribute update and the high computing complexity in CP-ABE access control schemes based on bilinear pairing,considering fog computing has the advantages of strong computing ability and low latency,an access control scheme with outsourcing and attribute update for cloud and fog computing is proposed.In the encryption and decryption phases,the computation operations associating with attributes are outsourced to fog nodes,while some simple computations are left for the data owner or user.In order to address the problem of attribute update,the key authority assigns different updated information for cloud servers and each system user to update the ciphertext that related to the updated attribute.The security analysis shows that the proposed scheme is CPA secure under the decisional bilinear Diffie-Hellman(DBDH)assumption.The experimental results show that the proposed scheme is efficient,and the computation load for the data owner to encrypt and the user to decrypt are small,which are suitable to perform on the resourceconstrained mobile smartphones.(3)Considering the problems of the search authorization control,search efficiency and the verifiability of search results in mobile clouds,we propose a verifiable keyword search scheme with authorization control.To enforce search authorization control,a user needs to check whether he or she has the right to search over the encrypted data,when sending a search request to cloud servers for the first time.And only authorized users can generate valid trapdoors for searching.For improving search efficiency,the trapdoor is generated by using the result of authorization control and part of the user's secret key.And then the search algorithm only requires one bilinear pairing to check whether the trapdoor matches the current ciphertext.Based on a Merkle hash tree and an invertible Bloom lookup table,a verification technique is constructed to verify that whether the cloud servers return all the matched search results.The security analysis shows that the proposed scheme is CPA secure under the DBDH assumption.The experimental results indicate that the proposed scheme is efficient.(4)Aiming at the problems of Boolean query and ranked search in mobile clouds,we propose a keyword search scheme supporting Boolean query and fast ranking,which consists of Boolean keyword search and ranking search results.To achieve Boolean search on the encrypted data,an efficient Boolean keyword search protocol is proposed,which eliminates query interactions between users and the data owner.To rank search results and protect the privacy of relevance scores between files and keywords,we design a new homomorphic cryptosystem with partial decryption,which could be used as a basis for constructing a fast ranking search protocol.The protocol permits cloud servers and mobile users together to rank search results without revealing any sensitive information to cloud servers.The security analysis shows that the proposed scheme is secure.The experimental results demonstrate that the proposed scheme is efficient and suitable for using on mobile devices.