| With the development of computer science and network infrastructure,cloud com-puting has been widely used,and the security of cloud computing and cloud storage has attracted the attention of more and more users.To protect the data privacy,it is a necessity to encrypt the outsourced data.However,conventional encryption will cause problem to the use of data,thus,the user should use searchable encryption in the scene of cloud service.Searchable encryption supports search on the ciphertext without decryp-tion.Order-Preserving Encryption(OPE),which supports range query on the ciphertext,is one of the key technology of searchable encryption.The ciphertext of OPE preserves the order relationship of plaintext,thus range query on the ciphertext has the same speed of plaintext.Nevertheless,OPE suffers from the problem of security.One-to-one OPE leaks the order of ciphertext,thus it is vulnerable to attacks.One-to-many OPE maps the same plaintext to different cipher-texts.To ensure security,the ciphertext space should be large enough and will cause severe ciphertext expansion.Besides,when applying to multi-dimensional data,OPE leaks not only the order but also the relationship between data of different dimension.This dissertation concentrates on improving the performance of OPE while preserving the high search efficiency.The main work and innovation points of this dissertation are listed as follows:1.This dissertation proposes a generalized one-to-one OPE scheme,probability-p Order-Preserving Encryption(p-OPE),to address the security issue of one-to-one OPE.p-OPE is an extension of OPE.The ciphertext of p-OPE preserves the plaintext order with probability p to improve the security.Analysis of the relationship among order-preserving probability p,security and precision illustrates the constraints on se-curity and precision.Simulations are conducted to verify the theoretical analysis and performance of p-OPE.The theoretical analysis and results of experiments show that the security improves with the increase of p while the precision decreases.p-OPE can get a balance between security and precision by adjusting order-preserving probability P.2.This dissertation proposes a generalized one-to-many OPE scheme,semi-order preserving encryption(SOPE),to address the ciphertext expansion issue of one-to-many OPE.SOPE maps different plaintexts to overlapped ciphertext inter-vals to reduce ciphertext expansion.The performance of SOPE can be illustrated by security,precision and ciphertext expansion.The relationship among semi-order pre-serving degree,security,precision and ciphertext expansion is analysed theoretically.Simulations are conducted to verify the theoretical analysis and performance of SOPE.The theoretical analysis and results of experiments show that the ciphertext expansion and precision decreases and the security improves when the order-preserving degree increases.SOPE can get a balance among security,precision and ciphertext expansion by adjusting semi-order degree.3.This dissertation proposes a generalized OPE to address the correlation leakage issue of multi-dimensional data.The scenario of OPE on multi-dimensional data is analyzed,and quantile indicator is defined to measure the leakage.Quantile indi-cator is a statistics related with distribution.Quantile attack,which utilizes the leakage of quantile indicator to distinguish different distributions,is proposed.Then a secu-rity metric is proposed to measure the leakage of quantile indicator,and an algorithm based on dummy data is proposed to improve security.The results of experiments on real world dataset show that the improved algorithm can enhance security and lower the accuracy of quantile attack. |
PDF Full Text Request