Secure Search Over Encrypted Data In Cloud Environment

Data security is the foundation in fields of big data,network security and information secu-rity.Along with the development and popularization of cloud computing,secure manage-ment of data is extensively subcontracted to a third cloud service providers,which provide uninterrupted,on-demand,and efficient services of data security.However,in spite of a beautiful vision that the cloud providers depict,due to the untrustworthiness and profitabil-ity,they suffer massive questions from sensitive institutions and organizations.In fact,the accidents to the third cloud service providers are ongoing frequently.It has raised security concerns to an unpredictable level,and attracted more and more attention in related fields.Secure search technologies over encrypted data are the kernel components of secure data management,in order to simultaneously provide availability,controllability and confiden-tiality of data.Hence,the research of secure searching over encrypted data in cloud era is increasingly important.To address challenges of searching over encrypted data,this dissertation focuses on four key technologies in secure search over encrypted data,including public key encryption with key-word search,secure approximate k-nearest neighbor search,secure range query,and multi-functional computation over encrypted data.Also,several urgent problems are resolved through the researches in this dissertation.The main contributions are as follows.· There is serious drawback of key escrow in existing public key encryption schemes with keyword search(PEKS schemes).That is,the public key infrastructure needs an additional trusted third party to manage and publish public keys,in order to confirm user's identity.Due to resolve such a drawback,a model of certificateless public key cryptography with keyword search(CLPEKS)is designed by introduc-ing the characteristics of certificateless public key cryptography(CLPKC)at the beginning.Following that,based on bilinear pairing,a concrete CLPEKS is con-structed with rigorous proofs of correctness and security.Finally,the concrete CLPEKS is evaluated over real Email data set,Enron,to illustrate the superiority.· To resolve the problem of low efficiency and fragile security in existing secure search schemes over data of high dimensionalities,locality sensitive hashing(LSH)is introduced to map original data into ordered single-dimensional hashing value,which is the foundation of secure index and secure partition.Then,two different approaches are proposed to resolve secure approximate k-nearest neighbor search:-By leveraging both comparable encryption and B+-tree,Bc-tree is carefully designed to index high-dimensional data.Following that,a novel reusable and single-interactive secure approximate k-nearest neighbor(SANN)over encrypted data is constructed.Additionally,multi-index strategy and boost-ing refine strategy,as two refinements,are proposed to promote accuracy and reduce dependence of bandwidth respectively.Finally,extensive exper-iments are conducted over four real and synthetic data sets.Compared with traditional insecure schemes,our proposed schemes are secure and the de-generation of efficiency is limited to a low level.-Based on the linear order,a novel greedy partition method is proposed to partition high-dimensional data securely.Following that,by leveraging the framework of partition-based SANN and appropriate symmetric cryptogra-phy,the data and query is protected from information leakage.Through ex-tensive simulations over real and synthetic data sets,the experimental study shows that the proposed SANN can efficiently obtains the ANN results while guarantees the security,and reduce the computation cost distinctly for the third cloud service provider.·Existing secure range query schemes own low utilization of the third cloud service provider.To improve the utilization,a secure k-d tree(SKD tree)is designed by leveraging comparable encryption and k-dimensional tree.Then,a concrete secure range query is proposed based on SKD tree with the analyses of security and complexity.Finally,extensive experimental studies over real data sets show that SKD tree based secure range query reduce communication cost and round trips between consumer and the third cloud service provider dramatically.·Through deep investigation on large scale indexes over encrypted data,we have found that secure index is not only designed based on orders of ciphertexts,but also based on computations(i.e.,addition and product)over encrypted data,which is specifically metric computation.However,existing computation technologies over encrypted data provide either order preserving or the computability of addi-tion and product.It is still a challenge to provide both characteristics simultane-ously,since the huge semantic gap between their ciphertexts.To bridge the gap,we introduce a security model of indistinguishability under operated and ordered chosen-plaintext attack(IND-O2CPA),in which homomorphic operations are em-bedded into security model on condition that the characteristic of order preserving encryptiob is completely preserved.Also,ILJ-O2CPA model is proved reason-able and practical.Based on the security model,homomorphic order preserving encryptions(hOPEs)with preserving homomorphic addition and homomorphic product are constructed respectively,by leveraging addition preserving lookup ta-ble,product preserving lookup table and code tree.Next,by introducing trusted third party,the cost to maintain such mechanisms is reduced and the efficiency is promoted without the sacrifice of security.Finally,several metric computation over encrypted data are resolved theoretically,which illustrates the effectiveness of the proposed schemes.