Research On Keyword Privacy Of Ciphertext Retrieval In The Cloud Storage

With the development of cloud computing and the emergence of big data era, the cloud storage system has been widely adopted in data outsourcing services due to its large space. Data storage and sharing are available on a pay-per-user basis, and this releases local data management cost. For confidentiality, data is stored with the ciphertext form on the cloud platform, which makes retrieving specific data difficult. On the other hand, the cloud server is not fully trusted and stands in a different domain from the user, and attempts to learn some sensitive information. This might compromise user privacy and incur economic loss.This thesis focuses on the essential issues of the ciphertext retrieval starting from public key encryption with keyword search (PEKS),including: 1) How to achieve searchable encrypted keywords against insider attacks to improve keyword privacy; 2) How to generate the trapdoor for search quickly, such that the lightweight ciphertext retrieval is suitable for resource constrained devices; 3) How to conduct keyword authorization to control search privilege management; 4) How to design the dual-direction ciphertext retrieval to support manager-user searching and verify the data integrity and search result correctness.Regarding above issues, our contributions are summarized as follows:1) Searchable Encrypted Keywords against Insider Attacks (SEK-IA):The security of the previous PEKS schemes were only weakly defined in presence of outsider attacks and therefore suffer from keyword guessing attacks from the server as an insider. How to resist insider attacks remains a challenging problem. We define the SEK-IA framework to unallow the public generation of the searchable ciphertext and the insider attacks fail to work. Then we propose a concrete SEK-IA scheme featured with the constant-size trapdoor. The bandwidth between the receiver and the server is independent of the size of the sender-identity set.2) Online/Offline Ciphertext Retrieval on Resource Constrained Devices:Traditional PEKS schemes need at least one exponentiation operation in group G for each keyword to generate the trapdoor, which is quite burdensome for mobile devices with constrained resource to support such computational cost. We propose online/offline ciphertext retrieval (OOCR), where the trapdoor generation is split into two phases: offline phase and online phase. Most of the computation of the trapdoor could be performed in the offline phase prior to knowing the keyword. The generation of the real trapdoor with keyword can be done efficiently in the online phase. We propose two schemes in terms of attackers, i.e., OOCR against outsider attacks (OOCR-OA) and OOCR against insider attacks (OOCR-IA). For online trapdoor,OOCR-OA needs only one modular multiplication operation in Z*p while OOCR-IA costs two modular multiplication operations in Zp*.3) Keyword Authorization in PEKS: For the keyword authorization, we consider privilege assignment and oblivious search. To address the key buse and bandwidth consumption caused by PEKS, we propose public key encryption with authorized keyword search (PEAKS),where the authority assigns the constant-size search right over a distinct keyword set to the user. We extend PEAKS to secure channel free PEAKS (SCF-PEAKS) to support the outsider attack resistance.On the other hand, we propose oblivious keyword search with authorization (OKSA), augmenting the traditional oblivious keyword search (OKS) by providing assurance of keyword authorization besides oblivious search. We design a provably secure OKSA protocol featured with one-round interaction and constant-size communication in the transfer phase.4) Delegated Verifiable Ciphertext Retrieval: In a cloud-based centralized system, the manager as a center delegates a group of users.We propose centralized keyword search on encrypted data (CKSE) to allow that the manager can search and access all the encrypted data from authorized users while each user can only search and access his or her own data. We present a CKSE scheme with short ciphertext,integrity checking and search result verification. To mitigate the deployment burden and enhance the efficiency of the server, we additionally construct a secure channel free CKSE (SCF-CKSE) by removing the secure channel and enabling batch authentication on uploaded data.