信息网络安全 ›› 2024, Vol. 24 ›› Issue (6): 843-854.doi: 10.3969/j.issn.1671-1122.2024.06.003

• 密码专题 • 上一篇    下一篇

面向尺寸模式保护的高效对称可搜索加密方案

李强1,2, 沈援海2, 刘天旭3(), 黄晏瑜3, 孙建国3   

  1. 1.西安电子科技大学计算机科学与技术学院,西安 710071
    2.中移(杭州)信息技术有限公司,杭州 310023
    3.西安电子科技大学杭州研究院,杭州 311231
  • 收稿日期:2024-02-28 出版日期:2024-06-10 发布日期:2024-07-05
  • 通讯作者: 刘天旭 23151214343@stu.xidian.edu.cn
  • 作者简介:李强(1986—),男,陕西,高级工程师,博士研究生,主要研究方向为智慧家庭、光通信和人工智能|沈援海(1986—),男,江苏,工程师,硕士,主要研究方向为智慧家庭、人工智能和信息安全|刘天旭(2000—),男,陕西,硕士研究生,主要研究方向为密码学、人工智能和信息安全|黄晏瑜(1993—),女,浙江,讲师,博士,CCF会员,主要研究方向为密码学和信息安全|孙建国(1981—),男,浙江,教授,博士,CCF高级会员,主要研究方向为工业信息安全和智能安全
  • 基金资助:
    国家自然科学基金(62302365);网络与信息安全安徽省重点实验室开放课题(AHNIS2022004);中移(杭州)2023-2024年工业互联网标识与平台互通中间件联合测试验收项目(CMHY-202300856)

Efficient Searchable Symmetric Encryption Scheme for Size Pattern Protection

LI Qiang1,2, SHEN Yuanhai2, LIU Tianxu3(), HUANG Yanyu3, SUN Jianguo3   

  1. 1. School of Computer Science and Technology, Xidian University, Xi’an 710071, China
    2. China Mobile (Hangzhou) Information Technology Co., Ltd., Hangzhou 310023, China
    3. Hangzhou Research Institute, Xidian University, Hangzhou 311231, China
  • Received:2024-02-28 Online:2024-06-10 Published:2024-07-05

摘要:

近年来,随着云服务的普及以及对数据安全保护需求的增加,动态对称可搜索加密(DSSE)由于可以在加密数据库中进行更新和查询的特点而受到学界广泛关注。由于考虑搜索和更新效率,DSSE通常需要泄露一些信息,主要包括搜索模式、访问模式和尺寸模式。目前,主要使用不经意随机访问机(ORAM)来保护搜索模式和访问模式,但ORAM无法保证尺寸模式泄露的安全性。文章说明了尺寸模式泄露的危害,并基于现有DSSE隐私概念提出了强前后向隐私,以达到对尺寸模式的保护目的。基于这种增强的安全性目标,文章提出了一种面向尺寸模式保护的高效对称可搜索加密方案Eurus,旨在解决现有方案中的尺寸模式泄露问题。Eurus通过结合多服务器ORAM架构、更新槽机制和细树路径淘汰技术,提供了强正向和反向隐私保护,防止敏感关键字和文件信息被泄露。多服务器ORAM隐藏了搜索和访问模式,更新槽机制混淆了文件标识符,细树路径淘汰技术打乱了文件的实际排列顺序。实验结果表明,Eurus在实现隐私保护的同时,提高了搜索和更新效率,搜索性能较现有方案提升了约46%,更新性能提升了4.73倍。

关键词: 可搜索加密, 尺寸模式, ORAM

Abstract:

In recent years, with the popularity of cloud services and the increasing demand for data security protection, dynamic searchable symmetric encryption (DSSE) has attracted widespread attention from academia due to its ability to update and query in encrypted databases. Due to considerations of search and update efficiency, DSSE often needs to disclose some information, mainly search pattern, access pattern, and size pattern. At present, the main use of oblivious random access machine (ORAM) is to protect search and access pattern, but ORAM cannot guarantee the security of size pattern leakage. The article explained the harm of size pattern leakage to security and extended the existing DSSE privacy concept to achieve protection of size patterns, namely proposing strong forward backward privacy. Based on this enhanced security objective, the article proposed an efficient searchable symmetric encryption scheme for size pattern protection named Eurus, aiming to solve the size pattern leakage problem in existing solutions. By combining multi-server ORAM architecture, update slot mechanism and fine tree path elimination technology, Eurus provided strong forward and reversed privacy protection to prevent the disclosure of sensitive keywords and file information. Multi-server ORAM hided search and access patterns, update slots confuse file identifiers, and fine tree path elimination techniques disrupted the actual order of files. The experimental results show that Eurus improves the search and update efficiency while maintaining privacy, improving the search performance by about 46% compared with the existing scheme, and improving the update performance by 4.73 times.

Key words: searchable encryption, size pattern, ORAM

中图分类号: