基于授权的多服务器可搜索密文策略属性基加密方案

Searchable Multi-server CP-ABE Scheme Based on Authorization

针对现有属性基可搜索加密方案缺乏对云服务器授权的服务问题,该文提出一种基于授权的可搜索密文策略属性基加密(CP-ABE)方案。方案通过云过滤服务器、云搜索服务器和云存储服务器协同合作实现搜索服务。用户可将生成的授权信息和陷门信息分别发送给云过滤服务器和云搜索服务器,在不解密密文的情况下,云过滤服务器可对所有密文进行检测。该方案利用多个属性授权机构,在保证数据机密性的前提下能进行高效的细粒度访问,解决数据用户密钥泄露问题,提高数据用户对云端数据的检索效率。通过安全性分析,证明方案在提供数据检索服务的同时无法窃取数据用户的敏感信息,且能够有效地防止数据隐私的泄露。

Considering that the existing attribute-based searchable encryption scheme lacks the authorization service to the cloud server, a multi-server searchable Ciphertext Polity Attribute Base Encryption(CP-ABE)scheme is proposed based on authorization. The scheme implements search services through a cloud filter server, cloud search server and cloud storage server cooperation mechanism. The users send the authorization information to the cloud filter server at once, then the server creates the authorization information;The cloud search server creates the trapdoor information based on the trapdoor information sent by the users. Without decrypting the cipher text, the cloud filter server can detect all the cipher texts. Multiple attribute authorities can be used to ensure efficient and fine-grained access under the premise of ensuring data confidentiality,solving the problem of leakage of data user keys. It can improve the data retrieval efficiency when people use the cloud server. Through security analysis, it is proved that the scheme can not steal sensitive information of data users while providing data retrieval services, and it can effectively prevent the leakage of data privacy.