Research On Secure And Efficient Searchable Symmetric Encryption

The problem of privacy leakage has become a hidden hazard for societal progress in the age of big data.To strengthen the protection of privacy,public awareness must be raised about the issue,and robust privacy protection technologies must be in place to support it.Searchable Symmetric Encryption(SSE)is of great research importance as an important tool for data utilization and sharing under privacy protection,as it may safeguard data owners’privacy throughout the query process while keeping the data’s searchability.The basic working process of SSE as an important tool to achieve ciphertext retrieval is that given an uploaded dataset,an index is built to record keywords and matching document sets,and the index is encrypted using cryptographic primitives,and the search and update operations on the index and the data set are implemented in the encrypted state.Research in recent years has focused on the improvement of SSE in terms of function,efficiency and security,such as implementing Dynamic Searchable Symmetric Encryption(DSSE)that can insert and delete operations;providing stronger security features such as forward privacy,backward privacy and verifiability and optimization of the scheme in terms of search update efficiency,storage capacity,and I/O efficiency.As a trade-off between security and efficiency,SSE will inevitably leak some information in the search,and in cryptography,the specific definition of this information is derived from the relevant leakage functions.In recent years,the research on leakage abuse attacks shows that with certain prior knowledge,the adversary can analyze the corresponding query through the allowed leakage patterns in SSE.These leakages not only affect the security of data stored in the cloud,but also may be maliciously used by adversaries to obtain personal and corporate private information.Based on this,how to achieve leakage compression and security enhancement in SSE schemes while efficiently completing search tasks has become the focus of researchers in recent years.At the same time,the server performing the search operation may provide users with incorrect search results.In order to defend against adversary behavior under the malicious model,a Verifiable Searchable Symmetric Encryption(VSSE)scheme needs to be designed to identify tampering or falsification with search results and ensure data integrity.In order to solve the above problems,this paper studies the leakage compression and verifiability of SSE schemes.The main contributions of the thesis are as follows:1.It introduces the leakage function existing in the DSSE scheme,and introduces a new leakage volume pattern.The security definition of volume pattern is given,and the current proposed leakage abuse attack and volume-hiding methods are summarized.Then,based on differential privacy,a new padding method-Differential Privacy Padding(DPP)is proposed,and its dynamic usage mechanism in the scheme is designed.2.It proposes a DSSE scheme MDSSE under a multi-server framework.The scheme uses a third-party server to store updates and uses DPP for padding.By transforming the existing security leakage,a new leakage function is defined,and then it is proved that the capacity leakage of the scheme satisfies differential privacy security in the process of query and update,and the scheme satisfies both forward privacy and backward privacy.Experiments show that our proposal is able to resist volume-pattern leakage attacks while having a lower filling rate and better defense performance.3.It proposes a verifiable forward and backward privacy scheme VMDSSE.On the basis of inheriting the good search update efficiency and security guarantee of the previous scheme,the correctness and integrity of the query results are verified.Set the aggregated message authentication code for the keyword as the unique identification of verification,use the updateable message authentication code instantiation scheme,and use the nature of incremental update during the epoch to efficiently update the verification identification while resisting replay attacks,improving the verification efficiency,to achieve the verifiability of the scheme.MDSSE is innovative in its ability to simultaneously meet dynamic volume-hiding with minimal communication load;VMDSSE is one of the few schemes that can simultaneously satisfy forward privacy,type-II backward privacy and verifiability.