摘要
由于在数据库服务(Database as a Service,DaaS)模式下,数据库服务提供者是半可信的(Honest-But-Curious),因此,为了保证外包数据的机密性和安全可查询,数据拥有者通常采用特定的加密技术加密外包数据,如采用可搜索加密技术、同态加密技术等实现外包加密数据上的安全查询.然而,且当前提出的大多数方法都基于关键字精确匹配查询,即使存在少量针对加密数据上的模糊查询,也在查询效率、存储开销和安全性方面存在一定的局限性,不适用于DaaS数据库服务模式.文中首次提出了融合具有高编码效率的Huffman编码和具有数据存储优势的布鲁姆过滤器,并结合现有的安全加密方法,实现了DaaS模式下保护隐私的模糊关键字查询处理.一方面,基于Huffman编码的树型索引提供了较高的查找效率;另一方面,基于布鲁姆过滤器的模糊关键字集合实现了较小的存储开销.安全分析、性能分析以及真实论文集上的实验结果进一步验证了文中查询算法的安全性、存储开销和查询效率.
The database service provider is Honest-But-Curious in a Database as a Service (DaaS) paradigm. Thus, to guarantee the confidentiality and searchability of all outsourced data, the owners always encrypt them by using particular encryption techniques, such as the searchable encryption, homomorphic encryption, etc. However, most of these proposed works are designed for searching on outsourced data by accurate keyword matching. Only a few research works are concerning about encrypted-database fuzzy keyword search, while they also have limitations in the query efficiency, storage consumption and security. Therefore they are not suitable to the DaaS paradigm. In this paper, a privacy preserving fuzzy keyword search mechanism is proposed by combining the high coding-efficiency Huffman codes with high storage-efficiency Bloom filters under the support of existing secure encryption algorithms. On one hand, the Huffman coding based index tree provides high search efficiency; on the other hand, the similarity keyword set based Bloom filters achieves low storage consumption. Analysis of security and performance, and real data set based experiments further confirm the security, storage consumption and search efficiency of proposed search techniques.
出处
《计算机学报》
EI
CSCD
北大核心
2016年第2期414-428,共15页
Chinese Journal of Computers
基金
国家"九七三"重点基础研究发展规划项目基金(2010CB328106)
国家自然科学基金(61202020
61370226)
上海市自然科学基金(12ZR1411900)
上海电力学院引进人才启动基金(K2015-008)资助~~