| As a representative application for data outsourcing model, cloud storage attracts more and more users. However, if the users directly store their data to the cloud with plaintext, the attacker or the cloud service provider will be able to read and use the data directly, which threatens the user’s privacy and the data security. However, if the data are encrypted, traditional functions will be hard to execute, such as document search and content preview. Therefore, the natural security risks and the lack of functionalities become the bottleneck for the development of cloud storage. How to protect the documents while the outsourced data could be securely and efficiently utilized plays an important role in the development of cloud security.Based on searchable encryption, homomorphic encryption, private information retrieval, order preserving encryption techniques, in this thesis, we research the data protection schemes and the methods of operating encrypted data. The main contributions of this thesis are summarized as follows.(1) The author proposes a dynamic preview scheme over the ciphertext. The encryption structure of the file is redesigned, and a previewable and divided encrypted structure is constructed, while the new structure keeps compatible with traditional data encryption methods; Based on searchable encryption and homomorphic encryption techniques, a secure index for searching the encrypted snippets is constructed; Based on the private information retrieval technique, a protocol for securely retrieving a matched snippet is designed. In comparison with the prior works based on static preview, the author is the first to propose dynamic solution. The new scheme is more like a preview functionality used in a modern search engine, therefore the search process is more intuitive, and the results are more accurate.(2) The author proposes a comparing method for encrypted digital number while hiding the comparing result. A method for transforming digital number to keywords is designed such that a secure comparing scheme could be constructed based on searchable encryption technique. As a result, the new scheme achieves the same effect by using order preserving encryption, and supports both precise query and range query. In comparison with the prior works based on order preserving encryption, the new scheme hides comparing result for the server, therefore it harder for the attacker to infer the relation among the plaintexts and the security is guaranteed.(3) The author proposes an incremental multi-keyword searchable encryption scheme. A new structure called random bloom filter which supports multiple elements is proposed. It grants randomness for the testing in the bloom filter such that statistical attack could be prevented. Based on the new bloom filter, independent searchable structure for each document is constructed, in such a way, reconstruction of the whole index while updating file is avoided. In comparison with the prior works, the new scheme supports updating files incrementally and has higher accuracy(error rating approximates 0) for the search results.(4) The author proposes a layered searchable encryption scheme. The possibility of the transformation between the symmetric searchable structure and the asymmetric searchable structure is illustrated; A principle for separating the searchable structure and the functions(e.g., fuzzy keyword query, phrase query etc.) is proposed; A transform model for symmetric and asymmetric searchable encryption schemes is constructed; A uniform interface for searchable structure and functions is designed; As a result, a single searchable encryption scheme supports multiple functions is realized. Finally, as representative functions under symmetric and asymmetric encryption models, a compatible ranked order query module and a range query module are constructed. In comparison with the prior works with relatively less functionalities(usually supports at most three functions), the new scheme achieves more compatibility(supports at least six functions).
|
PDF Full Text Request