摘要
云存储服务的出现可将文件上传至云服务器,节约了本地的信息存储空间以及管理开销。文件以明文的形式存储显然无法满足隐私保护和安全需求,但若将加密后的文件上传至云服务器,将失去搜索原文件的能力。因此,可搜索加密技术的出现解决了用户如何在文件不解密的情况下搜索加密数据。目前现有的单关键字可搜索加密方案会产生许多与检索内容不符合的信息,没有考虑数据用户细粒度搜索权限和搜索效率,以及因云存储的集中化带来的数据安全和隐私保护等问题。针对以上问题,该文提出了基于区块链的多关键字属性基可搜索加密方案。该方案使用多关键字可搜索加密技术实现了加密数据的有效搜索;利用基于属性的加密技术实现加密数据的细粒度访问控制;结合区块链的智能合约技术,经过多笔交易获得搜索结果。并且利用区块链的不可篡改性,满足了方案中相关性质的公平性,保证了在方案中三方的公平性和安全性并进行了相关分析。在随机预言机模型下,基于困难问题假设证明了方案的关键字安全及陷门安全,即所提方案满足在选择关键字攻击下的关键字密文不可区分性安全和陷门不可区分性安全。最后通过数值分析表明该方案在关键字密文生成阶段和关键字搜索阶段具有较高的效率。并展望了在未来的工作中考虑将其应用于电子病历数据共享等场景中,以获得更实用的价值。
The emergence of cloud storage services, now files can be uploaded to cloud servers, it saves local storage space and management overhead. The storage of files in plaintext obviously cannot meet the privacy and security requirements. However, if the encrypted files are uploaded to the server by traditional encryption, the server will lose the ability to search them by keywords. Therefore, the emergence of searchable encryption technology can effectively solve how to search encrypted data without decryption. At the moment, the existing traditional searchable encryption scheme supporting single keyword will produce many information that is not consistent with the retrieval content. And it does not consider the problem of fine-grained search permission and search efficiency of data users, as well as the problem of data security and privacy preservation caused by the centralization of cloud storage in the existing searchable encryption scheme. According to the above problems, an attribute-based searchable encryption scheme supporting multiple keywords based on blockchain was proposed. In this scheme, multi-keyword searchable encryption technology is used to achieve effective search of encrypted data, attributed-based encryption technology is used to realize fine-grained access control of data. Through combining the smart contract technology of blockchain, the search results are obtained through multiple transactions to guarantee the fairness and security of the scheme. The scheme should also satisfy the fairness of the relevant property, so the immutability property of blockchain is used to ensure the fairness and security of data users, the data owner and the cloud server in the scheme. In addition, we conducted a relevant analysis. Under the random oracle model, based on the decisional bilinear Diffie-Hellman assumption and decisional Diffie-Hellman assumption of difficult problems, it is proved that the scheme can guarantee the security of keyword and trapdoor. The numerical experimental results show that the proposed scheme is more efficient in the ciphertext generation phase and keyword search phase. In the future work, it is considered to be applied to electronic medical record data sharing and other scenarios in order to obtain more practical value.
作者
牛淑芬
韩松
谢亚亚
王彩芬
NIU Shufen;HAN Song;XIE Yaya;WANG Caifen(College of Computer Science and Engineering,Northwest Normal University,Lanzhou 730070,China;College of Big Data and Internet,Shenzhen Technology University,Shenzhen 518118,China)
出处
《信息安全学报》
CSCD
2023年第1期131-143,共13页
Journal of Cyber Security
基金
国家自然科学基金资助项目(No.61662069,No.61662071,No.61772022)。
关键词
区块链
云存储
可搜索加密
属性基加密
blockchain
cloud storage
searchable encryption
attribute-based encryption