Research On Searchable Encryption Technology In Cloud Computing

In modern information technology,cloud computing is used as a virtualized resource,which can dispatch configurable computing and storage resources with high efficiency and low management costs,and provides users with convenient network access.To reduce the heavy burdens of data management and maintenance,more and more users are motivated to outsource their sensitive data to the cloud server.Though cloud storage services have strong data management capabilities,they are faced with threats of compromising data privacy.To reduce the risks of data breaches,data owners typically encrypt their sensitive data before outsourcing it to the cloud.Nevertheless,data encryption makes the efficient data retrieval a challenging problem.The searchable encryption technology enables users to directly retrieve the encrypted data stored on the cloud server without compromising the privacy of queries and data.And it has become one of the hot spots in the field of cryptography.In this thesis,we investigate the designs of searchable encryption schemes,which includes general searchable public key encryption,a searchable encryption scheme in multi-user setting,an attribute-based keyword search scheme,and inverted index based searchable symmetric encryption.The main research contents are specified as follows:1.Research on searchable public key encryption:(1)We propose a secure searchable public key encryption scheme against insider keyword guessing attacks from indistinguishability obfuscation.The scheme can be built based on any public key cryptosystem,and the trapdoor is created by using only a symmetric encryption algorithm.Furthermore,two types of inside attackers are considered in the scheme,namely,an honest-but-curious server and a malicious server.(2)Furthermore,to tackle the problem of key transmission when different files are encrypted with different secret keys in existing searchable public key encryption schemes,we present a three-party password authenticated key exchange(3PAKE)protocol.The protocol eliminates the security vulnerabilities of off-line dictionary attacks and undetectable on-line dictionary attacks that exist in a simple 3PAKE protocol.2.Research on searchable encryption schemes in multi-user setting: Based on the blind signature and traditional searchable public key encryption scheme,we construct a server-aided searchable encryption in multi-user setting.The scheme allows multiple data owners to write their encrypted data to the database,and each user with a keyword trapdoor can retrieve the corresponding encrypted data uploaded by all data owners.In addition,no interactive key distribution is required between the data owner and authorized users,which avoids the building of an expensive secure channel.Moreover,the scheme allows to efficiently add or revoke users,and achieves the trapdoor unlinkability.3.Research on ciphertext-policy attribute based encryption with keyword search:We propose a ciphertext-policy attribute based encryption with conjunctive keyword search scheme,which enriches the keyword query type and also hides the access policy.Additionally,a match technique is used in the test algorithm to improve the test efficiency.Also,the scheme can resist outsider keyword guessing attacks,since the test algorithm can only be performed by a designated server.Moreover,we give the provable security of our proposed scheme against chosen keyword attacks and keyword guessing attacks in the standard model.4.Research on inverted index based searchable symmetric encryption schemes:(1)First,we give an effective T-set instantiation from the clear storage system to build secure indexes,which can support the updates of encrypted index files.Then,based on Cash et al.'s OXT protocol,we propose a dynamic and multi-user boolean searchable symmetric encryption scheme.In the scheme,a user does not need to interact with the data owner when performing each query.Moreover,we demonstrate the provable security of the scheme against adaptive honest-but-curious server and malicious users in the standard model.(2)Furthermore,users may not want to read the files that has been damaged with respect to the data integrity,while retrieving and decrypting these files will cause users to extra communication overheads and computational costs.Therefore,it is necessary for users to perform public data integrity verification on the corresponding files,after obtaining the file identifiers that satisfy the search requests through retrieving the ciphertext files.Based on indistinguishability obfuscation,we construct a novel public cloud data integrity verification scheme with minimal storage overhead.Meanwhile,a user only needs to use symmetric key operations to process the data to be outsourced.