Research On Attribute-based Searchable Encryption In Cloud Storage

In recent years,in the new generation of information technology revolution,cloud computing technology is subverting the traditional industries.An increasing number of organizations choose to store user's data in the cloud,and most of these data include personal privacy data such as health care,sports,pictures,and medical prescriptions,which poses security risk of data leakage and abuse.In order to protect the privacy of user's data,the data is usually encrypted and uploaded to the cloud server.The honest but curious cloud server cannot obtain any useful information in the ciphertext.However,encrypted data will seriously reduce its usability.How to adopt secure and efficient technologies,reduce security risks in the cloud storage,and design more features and high-availability solutions is still a challenge.Searchable Encryption(SE)can realize keyword retrieval in ciphertext to ensure the confidentiality of data.In addition to confidentiality protection,attribute-based searchable encryption(ABSE)also implements fine-grained access control of data,thereby achieving controllable search of encrypted data.Therefore,the ABSE scheme is particularly suitable for data sharing scenarios such as mobile medical system and Internet of Things.It provides data availability while also protecting privacy of user's data.This thesis first proposes a blockchain-based medical data sharing scheme with attribute-based searchable encryption,and then designs an efficient multi-keyword attribute-based searchable encryption scheme.The main contributions of this thesis are as follows:First of all,the existing solutions have many problems in terms of functional features and computational overhead,and it is difficult to realize the data secure sharing and privacy preservation between different medical institutions.In order to solve this problem,this thesis proposes a blockchain-based medical data sharing scheme with attribute-based searchable encryption,named BMDS.By combining the permissioned blockchain and the Interplanetary File System(IPFS)distributed network to form an on-chain and off-chain storage model,this solution not only ensures the confidentiality and availability of medical data,and realizes the keyword retrieval and access control of ciphertext,it also has advantages such as tamper-proof,secure key management,no single point of failure problem.In addition,security analysis shows that the index keywords in the BMDS have indistinguishability against the chosen keyword attack(IND-CKA)security,and achieve the privacy preservation of search trapdoors,and can also resist collusion attacks.Through comprehensive evaluation,the BMDS not only realizes data secure sharing and privacy preservation between different medical institutions,but also has more comprehensive functions and lower performance overhead.Secondly,in view of the limitations of single-keyword attribute-based searchable encryption schemes and the huge computational overhead of multi-keyword attribute-based searchable encryption schemes,this thesis designs an efficient multi-keyword attribute-based searchable encryption scheme,called EMK-ABSE.The scheme introduces the idea of online/offline encryption mechanism and edge computing,which reduces the computational overhead of encryption and decryption.Besides,security analysis shows that the index keywords in EMK-ABSE have IND-CKA security.Comprehensive evaluation shows that EMK-ABSE not only realizes multi-keyword search and fine-grained access control,but also has lower computational overhead in the three phases of encryption,trapdoor generation and decryption.Therefore,this scheme has efficient performance and practicality.Finally,the two schemes proposed in this thesis and several similar schemes selected were simulated and tested in Linux system respectively.Analysis and comparison show that BMDS and EMK-ABSE have the lowest total computational overhead in the three user-side phases of encryption,trapdoor generation and decryption,and these two schemes have lower constant computational overhead in the trapdoor generation and decryption phase.The comprehensive results show that the two schemes proposed in this thesis not only have efficient computing performance,but also have more comprehensive functional characteristics and practical value while realizing the security requirements in specific scenarios.