| With the rapid development of cloud computing,more and more users or enterprises are accustomed to storing data in the cloud.Since cloud servers are not completely trusted and user's data is not stored locally,we need to consider the security of the data.The simplest way to solve this problem is to encrypt the data and then send it to the cloud server.Although encryption can provide data confidentially,it is not conducive to secure sharing and retrieval of ciphertext data.At present,ciphertext-policy attribute-based searchable encryption system not only supports ciphertext search,but also can establish fine-grained access authorization for search users,so it is very suitable for one-to-many ciphertext retrieval scenarios in a cloud storage environment.Since the access structure needs to send to the server along with the keyword ciphertext,but in some high scenarios such as medical treatment,the access structure itself contains sensitive information,and the simple access structure is difficult to meet the increasingly complex cloud storage environment.In addition,the user's attribute set can represent the user's identity in the attribute-based searchable encryption system,so the searcher's attribute set is also seem as the leakage of the user identity information.Therefore,based on existing attribute-based searchable encryption,this paper mainly focuses on the implementation of complex access control policies hiding and the searcher's attribute set anonymity.We propose three schemes,mainly as follows:(1)An attribute-based searchable encryption scheme is presented to realize policies hiding in complex access structures.The traditional hidden policy attribute-based searchable encryption scheme only supports the AND gate access structure and cannot implement complex access control policies.Access control trees can express complex access control policies,but they are difficult to hide.We realize partially policies hiding by improving the access control tree and using the idea of AND gate access structure.If the searcher is an authorized user,the cloud server only knows the searcher' s attribute set,and does not know any other authorized attribute information that satisfies the access control policy,thereby realizing the partially hiding of the policy.Finally,we give the formal security proof of this scheme under the general group model.(2)An anonymous attribute-based searchable encryption scheme is presented to realize the anonymity of the searcher.In higher secure scenario,except for viewing access control policies as sensitive information,the searcher's attribute set also needs to be secret.Therefore,under the premise of classifying attributes,we construct an anonymous attribute-based searchable encryption scheme using polynomial equations.This scheme not only completely hides the access control policies,but also implements the searcher's attribute set anonymity.Therefore,in addition to knowing whether the searcher is an authorized user,the cloud server does not know the searcher's attribute set and any authorization attribute information of access tree,so we implement complete hiding of the policies and anonymity of the searcher.Similarly,we give the formal security proof of this scheme under the general group model.(3)An fully secure attribute-based searchable encryption scheme is presented.In addition to the access control tree,the linear secret sharing scheme access structure can also express complex access control policies.We construct an attribute-based searchable encryption scheme with policy partial hiding function and providing searcher anonymity through attribute classification and composite order bilinear group.Since the previous two schemes only achieved selective,the attacker must declare the target of the attack before the attack.Although the composite order bilinear group has lower computational overhead,we can combine the Waters dual encryption idea to give the formal security proof of the scheme under the standard model. |
PDF Full Text Request