基于vORAM的前向和后向安全动态可搜索加密方案

Forward and Backward Secure Dynamic Searchable Encryption Schemes Based on vORAM

为了解决将敏感数据加密存储在云平台所带来的关键字检索问题,引进vORAM提出新的前向和后向安全动态可搜索加密方案--FBDSE-Ⅰ方案。该方案利用茫然数据结构的历史独立性以及安全删除性,实现了关键词/文件标识符对的直接删除,在保证数据更新安全的同时,简化了动态更新过程。为了实现更加高效的查询操作,进一步提出方案FBDSE-Ⅱ,利用映射字典结构解耦茫然原语与检索结果,减少查询过程中对vORAM的访问次数。给出了形式化的安全证明,证明了FBDSE-Ⅰ和FBDSE-Ⅱ方案在保证前向安全的同时,分别满足Type-Ⅰ和Type-Ⅲ后向安全。仿真实验结果显示,相对于同等安全级别的前向和后向安全动态可搜索加密方案,FBDSE-I和FBDSE-Ⅱ方案具有更高的查询和更新效率,而且数据集合规模越大,优势越显著。

To solve the problem of keyword retrieval caused by encrypting and storing sensitive data on the cloud platform,a forward and backward secure dynamic searchable encryption scheme FBDSE-Ⅰ is proposed by introducing a new oblivious data structure.By using the history-independence and secure deletion of the oblivious data structure,FBDSE-Ⅰ scheme realizes the direct deletion of keyword/file-identifier pairs,ensures the security of data updating,and simplifies the dynamic update process.Furthermore,an improved scheme,FBDSE-Ⅱ,is proposed to achieve more efficient query operation.The map dictionary structure is used to decouple the oblivious primitives and search results,so as to reduce the number to access vORAM in the query process.In addition,the formal security proof is given.It is proved that FBDSE-Ⅰ and FBDSE-Ⅱ schemes respectively satisfy Type-Ⅰ and Type-Ⅲ backward security while ensuring forward security.Experimental results show that FBDSE-Ⅰ and FBDSE-Ⅱ schemes are more efficient than the forward and backward secure dynamic searchable encryption schemes at the same level.In particular,the larger the scale of data sets,the more significant the advantage becomes.