The Study Of Multi-Keyword Searchable Encryption Based On Group Key Distribution

Third-party platforms attract more and more users and enterprises with the advantages of the low eost,high stability,strong sealability and high performanee.The third-party platforms provide two kinds of services.The first one is business services,such as hospital registration and payment,and the representative platforms are WeChat and alipay.The second one is data storage,backup and other services,and the representative platforms are cloud storages.Although third-party platforms provide great convenience for enterprises and users,however,the data leakage events of third-party platform have occurred frequently.The main reason is that the user's data is stored in the form of plaintext in the third-party platform,which directly exposes to external attackers or the service provider of the third-party platform.In order to solve the problem of the security of user's data,data encryption can effectively ensure the confidentiality of the data However,the traditional encryption method not only makes the data lose its original searchability,but also prevents the third-party platform from providing some common services,such as data sharing.Therefore,combined with the searchable encryption and group key distribution technology,this thesis studies how to ensure multiple users to search on the encrypted data.The main research contents and results are as follows:(1)In order to improve the flexibility of searching,this thesis proposes a searchable encryption scheme which supports users to customize the relevancy of the keywords in the search expression.The proposed scheme establishes a security index based on multiple keywords,which are extracted from the encrypted document.Then the user sets the relevancy of the keywords.Here,the relevancy means the matching number between the keywords in the index and the keywords in the search expression.In the proposed scheme,the search token(which is the encrypted search expression)is generated by using the idea of attribute encryption.At the same time,under the security model defined in the proposed scheme,it also can resist the chosen keyword attack and keyword guessing attack.Compared with the existing multi-keyword searchable encryption schemes which only support Boolean seaches,this scheme enables users to set the keyword relevancy flexibly according to the requirements,and thus it improves the flexibility of search queries.(2)For the access control of the multi-user searching on the encrypted data,this thesis proposes a hierarchical group key distribution protocol.This protocol uses a tree structure to manage the key,and uses the hierarchical identity-based encryption as the underlying encryption algorithm to enable the multi-level server to manage the group.Meanwhile,the replacement mechanism of the subgroup controller designed in this thesis can quickly find new subgroup controller to replace the broken controller.In terms of security,this thesis mathematically proves that the proposed protocol staisfies four security requirements:communication confidentiality,forward security,backward security and resistance to collusion attacks.Compared with the existing group key distribution protocols,this protocol can solve the problem of single point server of failure and achieve load balancing.In addition,this protocol also supports users to spontaneously establish temporary dynamic groups without a server,so that users can freely establish groups as required.(3)For the problem of searching on encrypted data by multiple users,this thesis proposes a multiple users searchable encryption scheme combined with the above two parts.In the proposed scheme,all legitimate members within the group can upload and search on encrypted data.This thesis constructs three different groups of searching on encryption data:long-term stable groups,temporary dynamic groups and groups established between groups.Compared with the existing multiple users searchable encryption scheme(generally only supporting the long-term stable groups),this scheme can realize more flexible groups.In terms of security,the scheme can resist more types of collusion attacks.Above all,,this thesis mainly studies the problem of searching on encrypted data by multiple users,and focusing on how to improve the flexibility of searching queries,how to ensure the reliability of the access control when multiple users share data,and how to enrich the diversity of the ways in which multiple users establish search groups.To solve these problems,the proposed schemes which are proved secure,could provide a theoretical basis for the implementation of multi-user searching on the encrypted data,and provide beneficial support for the promotion of third-party platforms.