| The emergence of cloud storage solves the problems of limited local storage resources and difficult sharing.In order to protect the security of data on the cloud,encryption and access control have become an important means.Attribute-based searchable encryption has been widely studied because of its realization of "one-tomany" ciphertext data sharing and fine-grained retrieval control,but it still faces some problems such as the difficulty of multi-person collaborative retrieval,the complexity of attribute and user retracement,the updating of user search authority and the insufficient search accuracy.To solve the above problems,this paper focuses on the permission control problems existing in the collaborative search process,based on the related theories and technologies such as searchable encryption,attribute password,agent re-encryption and permission reauthorization,and aims to construct fine-grained,flexible,controllable and secure collaborative searchable encryption schemes,and researches three schemes including multi-user attribute collaborative retrieval,permission reauthorization and permission time controllable.Specific research contents are as follows:(1)A multi-user searchable encryption scheme based on attribute collaboration.In view of the problem that the user’s search authority is not flexible enough in the current attribute-based searchable encryption scheme,that is,the search authority is all concentrated on one person,while there are many cooperative searches in the real medical field,based on the traditional searchable encryption scheme,the collaborative scheme is used to improve it,and the attributes in the search strategy are divided into common attributes and collaborative attributes,and their formal expression and implementation are carried out.Theoretical analysis shows that the proposed scheme has IND-CKA security,unforgery of trap door and resistance to collusive attacks,which is more suitable for real scenarios.(2)Second,propose a searchable encryption scheme that supports attribute and user revocation.On the basis of scheme 1,considering the change of search authority caused by user attribute change or joining or exiting a system in the actual scenario,the user attribute key and part of ciphertext data are updated by re-encryption technology,which not only supports user-level attribute revocation and user revocation,but also realizes system-level attribute revocation.Theoretical analysis proves that this scheme not only realizes the security of keyword selection but also has a more efficient revocation mechanism.(3)Finally,a time-controllable proxy multi-keyword searchable encryption scheme is implemented.Based on scheme 1,considering the problem that user permissions are based on uncontrollable time and coarse search granularity in real scenarios,combined with multi-keyword search and proxy re-encryption technology,a time server is introduced to generate the time re-encryption key and time parameter,and embedded in user keys and ciphertext,so as to realize the time control of search permissions.At the same time,there is no extra storage cost in the process of ciphertext re-encryption. |
