Secure Query Protocols In Cloud Computing

Due to the advantages of strong computability,flexible resource management,scalability,low expense,and quick deployment,cloud computing has attracted great interests from both the academica and the industry.However,the security and privacy concerns obsolete its wide development and deployment.Therefore,how to make full use of the cloud computing without compromising data security and privacy is a very challenging problem.In this paper,we focus on proposing secure storage and privacy preserving query schemes in the cloud computing.The main contributions are summarized as follows.:(1)We propose a protocol called Privacy preserving Ranked Multi-keyword Search for Multiple data owners in cloud computing(PRMSM).To enable cloud servers to perform secure search without knowing the actual data of both keywords and trapdoors,we systematically construct a novel secure search protocol,which includes the keyword encryption algorithm,the trapdoor generation algorithm,and the query algorithm.To rank the search results and preserve the privacy of relevance scores between keywords and files,we propose a novel Additive Order and Privacy Preserving Function family.To prevent the attackers from eavesdropping secret keys and pretending to be legal data users to submit searches,we propose a novel dynamic secret key generation protocol and a new data user authentication protocol.Furthermore,PRMSM supports efficient data user revocation.Rigorious analyses and extensive experiments on real-world datasets confirm the efficacy and efficiency of PRMSM.(2)We propose a secure and verifiable distributed keyword search protocol in a multi-cloud paradigm.We first define a distributed keyword search model.Then we propose our schemes based on this model.To preserve the security of data files,we propose a two-fold file encryption strategy.Consequently,even if all cloud servers collude with each other,and one of the protection strategy fails,the security of data files is still well preserved.To retrieve these data files efficiently without revealing any sensitive information,we systematically construct a distributed keyword search protocol,which also achieves convenient search and strong security requirements.Moreover,we design an efficient search results verification scheme,when any of the cloud servers misbehave,our proposed scheme can not only detect the misbehavior,but also identify the malicious cloud servers who should be responsible for it.Finally,we give rigorous security analyses and conduct extensive experiments on real-world datasets which confirm the efficacy and efficiency of our schemes.(3)We consider a more challenging model,where the cloud server would probably behave dishonestly.Based on this model,we explore the problem of result verification for the secure ranked keyword search.Different from previous data verification schemes,we propose a novel deterrent-based scheme,i.e.,we will deter the cloud not to behave dishonstestly with low overhead.Once the cloud behaves maliciously,our scheme can detect it with high probability.With our carefully devised verification data,the cloud server cannot know which data owners,or how many data owners exchange anchor data which will be used for verifying the cloud server's misbehavior.With our systematically designed verification construction,the cloud server cannot know which data owners' data are embedded in the verification data buffer,or how many data owners' verification data are actually used for verification.All the cloud server knows is that,once he behaves dishonestly,he would be discovered with a high probability,and punished seriously once discovered.Furthermore,we propose to optimize the value of parameters used in the construction of the secret verification data buffer.Finally,with thorough analysis and extensive experiments,we confirm the efficacy and efficiency of our proposed schemes.(4)We design an inference attack-resistant query protocol over the e-healthcare cloud data with fine-grained access control.We first propose a two-layer encryption scheme.To ensure an efficient and fine-grained access control over the EHR data,we design the first-layer encryption,where we define a specialized access structure for each data attribute in the EHR,and encrypt them individually with high efficiency.To enable the cloud to return roughly-matched EHR and execute computationally intensive works on behalf of the data user,while preserving the privacy of role attributes and access structures used in the first-layer encryption,we systematically construct the second-layer encryption.To prevent the cloud from knowing the access pattern of data attributes in the EHR,we further construct a blind data retrieving protocol based on the Paillier encryption.Finally,we conduct extensive security analyses and performance evaluations,which confirm the efficacy and efficiency of our schemes.