Research On Privacy-Preserving Secure Search Technologies In Cloud Computing

With the rapid development and popularization of cloud computing,more and more individual users and enterprises are beginning to consider to migrate their private data to the cloud center for enjoying low-cost storage and computation service.However,once the sensitive data is stored to the cloud server in the form of plaintext,whose security would face double-threat of external malicious attackers and internal cloud server provider.On the other hand,query operation is a basic and important way to obtain information.If a query user submits plaintext query keywords to retrieve information from cloud platform,correspondingly,the user's query privacy is exposed to the cloud server.Encryption is a fundamental solution to protect data confidentiality and user's query privacy.However,data encryption makes traditional keyword-based search a very challenging task.Therefore,researching how to perform effective and efficient query over encrypted cloud data in a privacy-preserving manner bears great theoretical and practical significance to promote the further development and widespread adoption of cloud computing.In this thesis,we research privacy-preserving secure search techniques over encrypted cloud data.The main contributions of this thesis are summarized as follows.(1)Aiming at the data security and query privacy in the multi-data owner scenario,we propose a secure conjunctive multi-keyword ranked search over encrypted cloud data for multiple data owners.To meet the data security and query privacy under multiple data owners model,we make full use of elliptic curve group with composite order and bilinear map to design a secure index construction algorithm,a query keyword encryption algorithm,and a secure search algorithm.In the index construction phase,different data owners adopt different random keys to build secure indexes for their own data files;in the query trapdoor generation phase,an authorized data user is allowed to use randomly chosen keys to encrypt query keywords without requiring to know index encryption keys;finally,the cloud sever can perform correct keyword matching between query trapdoor and secure indexes.To rank the query results of a conjunctive multi-keyword query to implement top-k query,we propose a secure similarity computation method,by which the cloud server can compute similarity scores between a query and corresponding query results according to encrypted relevance scores of keywords and return the most relevant k query results to the data user.In the whole query processes,the cloud server cannot obtain any plaintext information about data files,query keywords,and relevance scores of keywords.(2)To achieve flexible query permission control over encrypted data,we propose a fine-grained authorized keyword secure search scheme over encrypted cloud data with efficient and flexible user attributes update.To achieve fine-grained keyword query authorization,we take advantage of ciphertext-policy attribute-based encryption to embed an access control policy to an encrypted index keyword.When a data user submits a query trapdoor containing his attribute information,the secure query algorithm first judges whether the user's attribute information satisfies the access control policy embedded in certain index keyword or not.If the user's attribute set satisfies the access control policy,the secure query algorithm continues to perform keyword matching between query trapdoor and the index keyword.In addition,a data user's role may often change due to dynamics of cloud users,which would lead to the change of data users keyword query permissions.This means that the data owner needs to dynamically update a data user's attributes including attribute revocation and attribute addition when the data user's role changes.Based on above fact,we design a fine-grained data user attribute update protocol with minimum communication and computation overhead,by which the data owner is able to flexibly control data users' keyword query permissions by updating users' attributes.(3)In the dishonest cloud environment,the cloud server may tamper query results,which causes query results to be incorrect or incomplete.We propose a secure,universal,and fine-grained query results verification mechanism,which allows an authorized data user to verify the correctness and completeness of query results returned from the cloud server in a fine-grained manner.The main idea is to construct verification object for outsourcing data files by leveraging counting bloom filter and pseudo-random function,by which,given an encrypted query results set,the data user not only can verify the correctness of each data file in the set but also can further check how many or which qualified data files are not returned if the set is incomplete without data decryption.The proposed verification scheme is loose-coupling to concrete secure search techniques and can be very easily integrated into any secure query scheme to provide query result verification service.Furthermore,a short signature technique with extremely small storage cost is proposed to guarantee the authenticity of verification object and a verification object request technique is presented to allow the query user to securely obtain the desired verification object,which guarantee that the cloud server returns the correct verification object to the data user without knowing any useful information.