Research And Implementation Of Attribute Based Searchable Encryption Scheme

With the arrival of the era of big data,cloud storage technology solves the problem of storage and sharing of large amounts of data.However,after experiencing a series of "user's privacy data leakage" incidents,people began to realize that the server is not completely trustworthy and the best storage method is to encrypt data for storage.But how can we allow users to retrieve the data they want on a server that stores a large amount of ciphertext.Searchable encryption can solve the above problems well,but the SSE solution is suitable for personal database outsourcing scenarios.That is,users can only retrieve their own ciphertext stored in the database and cannot achieve data sharing.The PEKS solution can achieve the retrieval of ciphertext data on the server,but it is a "one-to-one" communication mode,suitable for early mail systems.To achieve "one-to-many" communication and truly achieve data sharing,that is,encryption can be used for multi-person searching,it is necessary to find a breakthrough from the attribute-based encryption system.Attribute-based encryption can not only realize the "one-to-many" communication mode,but also achieve fine-grained access control.Based on these characteristics,combining it with the concept of searchable encryption,propose the concept of searchable encryption based on attributes.Therefore,it is of great significance to research on attribute-based searchable encryption schemes.In this paper,three kinds of searchable encryption schemes based on attributes are proposed,and a system prototype application based on attribute-based searchable encryption is implemented.The specific description of these schemes and prototype implementation is as follows:First,for the sensitive data access control needs such as important notifications,broadcast messages in cloud storage environments,a searchable encryption scheme suitable for cloud storage environments supporting keyword updates is proposed and designed.Encryption once can be implemented for multiple search.The use of counting bloom filter to generate a keyword index,allowing users to add or delete keywords in the index cipher text,achieve the dynamic update of the file index.At last,the correctness analysis,safety analysis andefficiency analysis of the scheme are given.The analysis results show that this scheme achieves the above functions and has a low computational complexity and strong adaptability.Second,previous attribute searchable encryption schemes use ABE algorithm to encrypt or decrypt files or keywords.When the file data volume is large,it will inevitably cause a lot of computational overhead,and cannot support the dynamic file update operation.For the above problems,propose and design a multi-keyword searchable encryption scheme that supports file dynamic update in a cloud storage environment.The idea is to use SSE ideology to create an index.This way of storing index information via arrays and linked lists can find all files containing keywords at once,with high search efficiency;and by adding extra arrays and lists to delete,it can be implemented that adding or deleting files to facilitate dynamic file updates.And encrypt the symmetric key using the ABE algorithm,which not only enable data sharing but also provide fine-grained access control for users.Finally,the security analysis and performance analysis of the scheme are given and compared with several schemes.The comparison shows that this solution has high search efficiency and fewer index lengths.It achieves a higher security level(CKA-2)while dynamically updating files and sharing data,and has better applicability and scalability.Third,access policies once acquired by curious and untrustworthy server attackers may result in disclosure of confidential information.Therefore,in order to solve the problem that the attribute-searchable encryption scheme does not hide the access strategy,an attribute-searchable encryption scheme for completely hiding the strategy is proposed,and a specific algorithm structure is given;security and performance analysis of the scheme are also provided.The result proves that the scheme can achieve the security against attack under the attribute set model,and can guarantee the confidentiality of the index and the keyword with the less calculation.So it can be used in scenarios such as video-on-demand.Fourth,aiming at solving this problem of no related practical applications of searchable encryption at present,the prototype of the attribute-based searchable encryption system for sensitive information such as important messages and notifications in the cloud storage environment is established for the first time.The ABE algorithm used by the system can support the encryption and decryption of multidimensional attributes.The system mainly has search and file upload functions.Users can encrypt then upload data files and search for ciphertext with permission to download.Through system tests,it was found that this system can indeed achieve the major module functions it has.