| Due to the elastic computing and pay-as-you-go features of cloud computing,more and more enterprises and users store private data in cloud storage system to save the cost of data storage.However the introduction of cloud computing has also made users worry about data security,such as the credibility of internal managers of cloud services.In order to protect data security,users usually encrypt data before uploading it to cloud,but traditional encryption technology undermines the availability of ciphertext data.So it is great significance to study the ciphertext search in the cloud and improving the availability of ciphertext data in cloud.For numerical data,equivalent search and range search are the basic functions that cloud storage must provide,and most of the current research focuses on equivalent or fuzzy equivalent search for keywords.Ideal orderpreserving encryption leaks the order information of sensitive data and then sacrifices some security to improve efficiency of ciphertext search,however it is vulnerable to the threat of inference attacks,and the client involves the whole process of search processing.Although other searchable encryption schemes do not disclose the order information of sensitive data,internal attackers can obtain the partial order information of sensitive data through analysis of access pattern,so that its security will be compromised to the same level as the ideal orderpreserving encryption.This paper focuses on the range search for numerical data in cloud storage.Based on the feature that homomorphic encryption can separate data operation and operation result judgment,two ciphertext index schemes are proposed to meet different security requirements,which can reduce the computing and bandwidth overhead of the client and reduce the leakage of sensitive information.The main work and results of this paper are as follows:First,propose an ideal order preserving ciphertext range index scheme that is light on the client-side.The sensitive data is divided into two parts: original ciphertext and the order relationship of ciphertext,which are stored in different servers.The two servers cooperate to search and maintain the index by exchanging comparison requests and results.In this scheme,the ideal order preserving encryption scheme m OPE is improved,and the client only needs to submit the operation request and receive the operation result and does not need to participate in the whole operation process,which effectively reduces the computing and communication costs of the client.Second,propose a hidden order ciphertext range index scheme.Sensitive data is grouped by modular operation,and then an encrypted B+ tree established by the modular order of the grouping,in which the data in the grouping is indistinguishable.The search process is divided into two stages.In the first stage,the storage server and the search server cooperate to search for the grouping elements containing the wrong data.Due to the existence of wrong data,the storage server can not get the real order information and data access mode of sensitive data.In the second stage,the storage server confuses the results of the first stage,and then the search server filters out the wrong data and returns the accurate results to the user.Confusion can make the same record become different ciphertext records,and the search server can only obtain intermediate results unrelated to the search history.While filting error tuples,the search server can not obtain the access pattern of real data,and reduces information leakage.The analysis and experimental results show that these schemes in this paper can reduce the computing and communication costs user terminals,hide the order information and access pattern of sensitive data,reduce the information leakage to internal attackers,and has good performance in security and search performance. |
PDF Full Text Request