Research On Privacy-preserving Keyword Search And Set Operations Over Encrypted Data

With the raise of big data,it greatly increases the requirement of data storage and computation.Cloud computing,a new technology for a long dreamed vision of com-puting as a utility,has been gaining a great deal with offering enough storage and vast computation capabilities for different cloud users,such as individuals,enterprises and governments.The cloud users only need to pay a little cost to delegate the huge and com-plex tasks to cloud servers,and enjoy the on-demand high quality data storage services and computing resources.Despite such benefits,data outsourcing deprives data owners of directly controlling over their outsourced data,which could lead to the leakage of some sensitively private information,such as Personal Health Records(PHRs),facebook pho-tos,financial transactions or business documents.Therefore,it is desirable and necessary to guarantee data security and privacy preserving in recent years.Data encryption is one of main methods to preserve the privacy of outsourced data.All the data can be directly stored into the cloud server after encryption.However,tradi-tional encryption hinds some useful functions so that the cloud server is unable to carry out the computation over those encrypted data,such as the secure keyword search,effec-tive set operations and so on.Therefore,it is desirable and necessary to achieve secure keyword search and set operations in a privacy-preserving manner.In this paper,we focus on how to design effective privacy-preserving schemes over the massive encrypted datasets from the following:1.How to achieve secure and effective keyword search over the encrypted cloud data is one of our work in this paper.All data are stored in the cloud with an encrypted form,and the key study point is to realize keyword search and encrypted data sharing simul-taneously.All the schemes of keyword search over outsourced encrypted data based on traditional encryption are unable to achieve data sharing.In attribute-based cryptosystem,all data users whose attribute credentials satisfy access control policy specified by the da-ta owner can conduct decryption on the encrypted data.Therefore,the combination of attribute-based encryption and keyword search can effectively realize the access control of encrypted data on top of keyword search,that is attribute-based encryption with key-word search(ABKS).Existing ABKS schemes cannot guarantee the privacy of the access structures,which may contain sensitive private information.Furthermore,resulting from the exposure of the access structures,ABKS schemes are susceptible to an off-line key-word guessing attack.To solve this problem,we propose hidden policy ciphertext-policy attribute-based encryption with keyword search(HP-CPABKS),and present rigorous se-curity analysis and performance evaluation.Our HP-CPABKS scheme adopts access structure with AND-gates and asymmetric bilinear map to make the following contribu-tions:(i)The data owner has a fine-grained authorization for the users by specifying an access control policy.Specifically,only the users whose attributes satisfy the data own-er's access control policy can successfully search on the outsourced encrypted data,(ii)The authorized users,whose credentials satisfy the access control policy,can delegate the costly computation to the cloud by sending a legitimate search token.Once receiving the search token,the cloud server conducts the keyword search without knowing any pri-vate information except the search results in an encrypted form,(iii)Our HP-CPABKS scheme preserves the privacy of the access control policy via hiding it in the ciphertexts,and the hidden policy makes our scheme secure against keyword guessing attack.2.How to mine the same or similar records from different datasets in a privacy-preserving manner is another key issue we focused in this paper.Private set intersection is a fundamental operation on datasets and extensively used into the electronic medical databases or online recommendation systems.Moreover,with the dramatic increasing of big data,effective set similarity computation has been extensively applied in many scenar-ios,such as discovering similar images,plagiarism detection and so on.So it is desirable to design efficient privacy-preserving similarity computation protocols over large-scale datasets.In this paper,we focus on two studies,including private set intersection and set similarity computation in a privacy-preserving manner,and we aim to enhance their functionalities and improve the efficiency with the following three contributions:· All the previous private set intersection schemes based on traditional public key encryption need expensive cost to manage the public certificates.We combine identity-based encryption and proxy re-encryption mechanism,and thus simplify the certificate management.Meanwhile,in existing symmetric private set intersec-tion protocols,lots of interactions are required between two parties.To reduce huge interactions,we propose identity-based symmetric private set intersection protocol(IBSPSI)in this paper.Our IBSPSI avoids the complex pairing operations since we adopt the combined public key technique,and thus enhance the computation efficiency of the protocol.· Combining the computation and storage advantage of the cloud service,we pro-pose an identity-based private matching scheme over the outsourced encrypted data(IBPM).Our IBPM scheme delegates the complex set operations on ciphertexts to cloud server,and reduces the communication overhead of the cloud users.What's more,IBPM achieves the fine-grained authorization of datasets,that is to say,the cloud server only can conduct private set intersection over the authorized users'sets.·With dramatic increasing of the big data,we present an effective algorithm with the Minhashing technique,which greatly boosts the computation efficiency of set simi-larity over large-scale datasets.Furthermore,we propose a verification mechanism to verify the correctness the returned result from the server.Experimental results show that our protocol and verification mechanism are efficient and effective.