Cloud storage is developing fast these years.Relevant applications have spread in all kinds of fields due to the convenience,flexibility and low cost of cloud storage.However,the separation of data ownership and administration have led to many security risks,which keep cloud users from trusting the cloud service provider.In order to protect user privacy and data security,data need to be encrypted before uploading,which undoubtedly make some traditional data services based on plaintext search unable to carry out normally.How to support efficient and accurate search over ciphertext with multiple query conditions while guaranteeing data security and providing data access control at the same time becomes an urgent problem.This thesis is focused to research the complex query supporting searchable encryption technique in cloud storage environment.Main contributions are summarized below:1.Aiming at the limitations of blind storage which could only support single keyword search under the single-owner single-user service model,this thesis proposes an index file oriented blind storage mechanism called IBS.IBS can provide complex-condition search including arbitrary multidimensional keyword query and range query for the multi-owner multi-user model with strong security.This scheme uses three polynomial time algorithms to generate keys and implement data storage and access.The utilization of pseudorandom algorithms and confusion mechanism solves the problems of original scheme about the communication rounds and the correlation between blocks.Analysis and experiments show that IBS is able to provide stable security and great usability with low overhead.2.Based on IBS,considering the multi-owner multi-user application model in medical cloud storage scenario,this thesis constructs a symmetric searchable encryption scheme called IBS-SSE.Furthermore,combining IBS-SSE with a Bloom Filter based access control method IBE-CP-AC,this paper designs and realizes an authorized electronic medical record management prototype system EMRM,and emphasizes on the eight key algorithms.EMRM can simultaneously satisfy complex search conditions including arbitrary multidimensional keyword query and range query while supporting access authorization for different types of users.Security analysis shows that EMRM is able to achieve confidentiality of documents,trapdoors and user privacy,and completely conceal the access pattern.Relevant experiments prove that EMRM can perform great usability,efficiency and extensibility.Finally,this thesis completes the work above and achieves good results.Based on the completed work,future research is going to further enrich the query conditions of ciphertext search,and enhance the flexibility of access authorization control by introducing a hierarchical structure. |