摘要
针对高敏数据上云后造成数据孤岛,从而导致数据无法互相搜索、互相发现,进而无法共享的问题,提出了一种分布式的隐私保护数据搜索方案,该方案实现了分布式场景下数据和搜索条件双向保密,并能够建立可信的搜索存证。首先对数据模型进行定义,明确了方案保护的目标和应用场景;其次提出了方案的设计框架和协议流程,重点对基于区块链的可信数据交互通道、可信密钥共享模块和密文搜索引擎3个部分的整体性流程进行描述;然后提出了一种基于可信执行环境的密文态下的全文搜索引擎Tantivy-SGX,重点对原理和实现方法进行详细分析;最后对整体流程和核心部分进行实现与验证。实验结果表明,该方案高效可行,能够有效增强分布式环境下的数据发现与搜索安全。
Aiming at the problem of data island caused by high-sensitivity data in the cloud, which makes the data unable to search, discover and share with each other, a distributed privacy protection data search scheme is proposed to realize the two-way confidentiality of data and search conditions in distributed scenarios, and a trusted search certificate could be established.Firstly, the data model, the objectives and application scenarios of scheme protection are defined.Next, the design framework and protocol flow of the scheme are proposed, focusing on the overall flow of three parts: trusted data interaction channel based on blockchain, trusted key sharing module and ciphertext search engine.Then, a full-text search engine tantivy SGX in ciphertext state based on trusted execution environment is proposed, and the principle and implementation method are analyzed in detail.Finally, the overall process and core methods are implemented and verified.Experiments show that the scheme is efficient and feasible, and can effectively enhance the security of data discovery and search in distributed environment.
作者
刘明达
拾以娟
饶翔
范磊
LIU Ming-da;SHI Yi-juan;RAO Xiang;FAN Lei(Jiangnan Institute of Computing Technology,Wuxi,Jiangsu 214083,China;School of Cyber Science and Engineering,Shanghai Jiao Tong University,Shanghai 200240,China)
出处
《计算机科学》
CSCD
北大核心
2022年第10期291-296,共6页
Computer Science
关键词
分布式环境
密文搜索
可信执行
区块链
Distributed environment
Ciphertext search
Trusted execution
Blockchain
