基于同态加密的HBase二级密文索引方法研究

doi:10.3969/j.issn.1671-1122.2020.04.007

信息网络安全 ›› 2020, Vol. 20 ›› Issue (4): 55-64.doi: 10.3969/j.issn.1671-1122.2020.04.007

基于同态加密的HBase二级密文索引方法研究

傅智宙^1,², 王利明¹(), 唐鼎¹, 张曙光¹

1.中国科学院信息工程研究所,北京 100093
2.中国科学院大学,北京 100039

收稿日期:2019-11-10 出版日期:2020-04-10 发布日期:2020-05-11
通讯作者: 王利明 E-mail:wangliming@iie.ac.cn
作者简介:
作者简介：傅智宙（1992—）,男,福建,硕士研究生,主要研究方向为大数据安全;王利明（1978—）,男,北京,研究员,博士,主要研究方向为云计算安全、网络安全、大数据安全、5G安全、区块链安全;唐鼎（1976—）,男,北京,副研究员,博士,主要研究方向为移动通信与安全、网络体系结构与安全防护;张曙光（1991—）,男,北京,硕士研究生,主要研究方向为云计算安全、大数据安全、区块链安全。
基金资助:
国家重点研发计划[2017YFB1010000]

HBase Secondary Ciphertext Indexing Method Based on Homomorphic Encryption

FU Zhizhou^1,², WANG Liming¹(), TANG Ding¹, ZHANG Shuguang¹

1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
2. University of Chinese Academy of Sciences, Beijing 100039, China

Received:2019-11-10 Online:2020-04-10 Published:2020-05-11
Contact: Liming WANG E-mail:wangliming@iie.ac.cn

摘要/Abstract

摘要：

大数据时代,数据存储模式发生巨大变革。作为数据处理载体的传统关系型数据库,因其具有单一的存储结构与较差扩展性等特点,已无法满足对海量数据的高效查询和存储需求。HBase存储方案能够满足海量数据的存储需求,并使用LSM树结构加快数据查询效率。但随着大数据安全事件不断发生,只针对明文数据设计的LSM树如何在保证数据语义安全的前提下,实现加密数据高效率查询,是亟需解决的问题。文章提出了一种基于同态加密的HBase密文索引方法,结合改进后的同态加密算法与协处理器,构建二级密文索引机制,无需解密密文数据,即可对密文进行索引。在保证索引与数据明文语义安全的前提下,实现了加密数据查询效率的最大化。通过安全性分析与效率评估,证明该方法具有较高安全性与可用性。

关键词: 同态加密, 数据安全, HBase二级索引, 密文检索

Abstract:

In the era of big data, the data storage model is drastically changing. As a data processing carrier, the traditional relational database has no capability to meet the requirements of efficient storage and query of massive data because of its single storage structure and poor scalability. Storage Raster HBase can meet the storage requirement of massive data and use LSM tree structure to improve data query efficiency. However, since big data security events continue to occur, how to achieve efficient query of encrypted data under the premise of ensuring data semantic security is an urgent problem to be solved for the LSM tree which is only for plaintext data. In this paper, a HBase ciphertext indexing method based on homomorphic encryption is proposed. Combining the improved homomorphic encryption algorithm and coprocessor, a second ciphertext indexing mechanism is constructed. Our method enable ciphertext to be indexed without decrypting ciphertext data and maximize the encryption data query efficiency with ensuring the semantic security of the index and the data. Extensive experimental evalutions shows that the method has high safety and availability.

Key words: homomorphic encryption, data security, HBase secondary indexing, ciphertext search

中图分类号:

TP309

傅智宙, 王利明, 唐鼎, 张曙光. 基于同态加密的HBase二级密文索引方法研究[J]. 信息网络安全, 2020, 20(4): 55-64.

FU Zhizhou, WANG Liming, TANG Ding, ZHANG Shuguang. HBase Secondary Ciphertext Indexing Method Based on Homomorphic Encryption[J]. Netinfo Security, 2020, 20(4): 55-64.

图/表 8

图1

图2

图3

表1

图4

图5

图6

图7

参考文献 25

[1]	LARS George.HBase: The Definitive Guide[M]. DAI Zhiyuan, LIU Jia, JIANG Jie. : Posts and Telecom Press, 2013.
	LARS George.HBase权威指南[M].代志远,刘佳,蒋杰,译.北京:人民邮电出版社,2013.
[2]	CUI Dan, SHI Jinxin.Implementation of HBase Secondary Index Based on Redis[J]. Computer Engineering & Software, 2016, 37(11): 64-67.
	崔丹,史金鑫.基于Redis实现HBase二级索引的方法[J].软件,2016,37(11):64-67.
[3]	XI Xiaofeng, CAO Baoxiang.An Improved Fully Homomorphic Encryption Scheme under Conditions of Cloud Computing[J]. Computer Technology and Development, 2015, (2): 144-147.
	锡晓峰,曹宝香.一种适用于云计算环境的改进全同态加密方案[J]. 计算机技术与发展,2015,(2):144-147.
[4]	HUANG Q C.Research on Ciphertext Index Method for Relational Database[C]//IEEE. 2009 2nd IEEE International Conference on Computer Science and Information Technology, August 8-11, 2009, Beijing, China. New York: IEEE, 2009: 445-449.
[5]	DAWN Xiaoding, SONG D, WAGNER A P.Practical Techniques for Searches on Encrypted Data[C]//IEEE. Proceeding 2000 IEEE Symposium on Security and Privacy. May 14-17, 2000, Berkeley, CA, USA. New York: IEEE, 2010: 44-55.
[6]	GOH E J. Secure Indexes[EB/OL]. , 2019-8-15.
[7]	CURTMOLA R, GARAY J, KAMARA S, et al.Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions[J]. Journal of Computer Security, 2011, 19(5): 895-934.
[8]	CASH D, JARECKI S, JUTLA C, et al. Highly-scalable Searchable Symmetric Encryption with Support for Boolean Queries[EB/OL]. , 2019-8-15.
[9]	KAMARA S, MOATAZ T. Boolean Searchable Symmetric Encryption with Worst-case Sub-linear Complexity[EB/OL]. , 2019-8-15.
[10]	BONEH D, CRESCENZO G D, OSTROVSKY R, et al.Public Key Encryption with Keyword Search[C]//Springer. Advances in Cryptology-EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004, Interlaken, Switzerland. Berlin, Heidelberg: Springer, 2004: 506-522.
[11]	XU P, TANG X, WANG W, et al.Fast and Parallel Keyword Search over Public-key Ciphertexts for Cloud-assisted IoT[J]. IEEE Access, 2017, 5(99): 24775-24784.
[12]	CHANG Y C, MITZENMACHER M.Privacy Preserving Keyword Searches on Remote Encrypted Data[C]//Springer. International Conference on Applied Cryptography and Network Security, June 7-10, 2005, New York, NY, USA. Berlin, Heidelberg: Springer, 2005: 442-455.
[13]	CAO N, WANG C, LI M, et al.Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data[J]. IEEE Transactions on Parallel and Distributed Systems, 2014, 25(1): 222-233.
[14]	YANG Yang, LIU Jia, CAI Shengwei, et al.Fast Multi-Keyword Semantic Ranked Search in Cloud Computing[J]. Chinese Journal of Computers, 2018, 41(6): 1346-1359.
	杨旸,刘佳,蔡圣暐,等.云计算中保护数据隐私的快速多关键词语义排序搜索方案[J].计算机学报,2018,41(6): 1346-1359.
[15]	LI J, CHEN S C, SONG D J.Security Structure of Cloud Storage Based on Homomorphic Encryption Scheme[C]//IEEE. International Conference on Cloud Computing and Intelligence Systems, October 30-November 11, 2012, Hangzhou, China. New Jersey: IEEE, 2012: 224-227.
[16]	CHENG Shuai, YAO Hanbing.Study of Cipher Text Retrieval Based on Homomorphic Encryption[J]. Computer Science, 2015, 42(6A): 413-416.
	程帅,姚寒冰.基于同态加密的密文全文检索技术的研究[J].计算机科学, 2015, 42(6A):413-416.
[17]	FU Wei, LI Moci, ZHAO Huarong, et al.CRSHE: A Novel Ciphertext Retrieval Scheme Based on Homomorphic Encryption[J]. Computer Engineering and Science, 2018, 40(9): 1540-1545.
	付伟,李墨泚,赵华容,等. CRSHE:基于同态加密的新型密文检索方案[J].计算机工程与科学, 2018, 40(9): 1540-1545.
[18]	CUI Chen, ZHENG Linjiang, HAN Fengping, et al.Design of Secondary Indexes in HBase Based on Memory[J]. Journal of Computer Applications, 2018, 38(6): 1584-1590.
	崔晨,郑林江,韩凤萍,等.基于内存的HBase二级索引设计[J].计算机应用,2018,38(6):1584-1590.
[19]	DING Fei, CHEN Changsong, ZHANG Tao, et al.Research and Implementation of Coprocessor Based HBase Region-level Secondary Index[J]. Journal of Computer Applications, 2014, (z1): 181-185.
	丁飞,陈长松,张涛,等.基于协处理器的HBase区域级第二索引研究与实现[J].计算机应用, 2014,(z1):181-185.
[20]	RIVEST R, ADLEMAN L, DERTOUZOS M.On Data Banks and Privacy Homomorphisms[J]. Foundations of Secure Computation, 1978, 4(11): 169-180.
[21]	LI Lang, YU Xiaozhong, YANG Yaqiong, et al.Survey on Homomorphic Encryption Technology[J]. Application Research of Computers, 2015, (11): 3209-3214.
	李浪,余孝忠,杨娅琼,等.同态加密研究进展综述[J].计算机应用研究, 2015,(11):3209-3214.
[22]	GENTRY C.A Fully Homomorphic Encryption Scheme[M]. Stanford: Stanford University, 2009.
[23]	DIJK M V, GENTRY C, HALEVI S, et al.Fully Homomorphic Encryption over the Integers[C]//Springer. Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 30-Jun 3, 2010, French Riviera France. New York: ACM, 2010: 24-43.
[24]	GRUSS , RICHARD C, et al. Solr Team Project Report[EB/OL]. , 2019-8-15.
[25]	HOWGRAVE G N.Approximate Integer Common divisors[M]. Berlin Heidelberg: Springer, 2001: 51-66.

RowKey	name	age
Row1	Tom	12
Row2	John	15
Row3	Rose	17

基于同态加密的HBase二级密文索引方法研究

HBase Secondary Ciphertext Indexing Method Based on Homomorphic Encryption

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 25

相关文章 15

编辑推荐

Metrics

本文评价

[1]	周昊楠, 李宁波, 车小亮, 杨晓元. 基于素数幂次阶分圆多项式环的多密钥全同态方案[J]. 信息网络安全, 2020, 20(5): 83-87.
[2]	唐春明, 林旭慧. 隐私保护集合交集计算协议[J]. 信息网络安全, 2020, 20(1): 9-15.
[3]	刘文超, 潘峰, 杨晓元, 周潭平. 基于GPU的全同态加密软件库调试与分析[J]. 信息网络安全, 2019, 19(6): 76-83.
[4]	秦中元, 韩尹, 朱雪金. 基于改进DGHV算法的云存储密文全文检索研究[J]. 信息网络安全, 2019, 19(1): 8-8.
[5]	游林, 梁家豪. 基于同态加密与生物特征的安全身份认证研究[J]. 信息网络安全, 2018, 18(4): 1-8.
[6]	宋新霞, 马佳敏, 陈智罡, 陈克非. 基于SEAL的虹膜特征密文认证系统[J]. 信息网络安全, 2018, 18(12): 15-22.
[7]	王嵘冰, 李雅囡, 徐红艳, 冯勇. 适合云服务环境的实数全同态加密方案[J]. 信息网络安全, 2018, 18(11): 49-56.
[8]	赵萌, 丁勇, 王玉珏. 指定审计员的云数据安全存储方案[J]. 信息网络安全, 2018, 18(11): 66-72.
[9]	王永建, 张健, 程少豫, 铁小辉. 面向云计算的同态加密改进设计[J]. 信息网络安全, 2017, 17(3): 21-26.
[10]	宋建业, 何暖, 朱一明, 付安民. 基于阿里云平台的密文数据安全去重系统的设计与实现[J]. 信息网络安全, 2017, 17(3): 39-45.
[11]	国杰彬, 李运发, 张大军. 云计算中面向数据安全的身份认证策略研究[J]. 信息网络安全, 2017, 17(3): 72-77.
[12]	邓伏虎, 李震宇, 曾莉尧, 熊虎. 一种支持El-Gamal安全外包解密的云密码系统[J]. 信息网络安全, 2017, 17(12): 73-79.
[13]	李增鹏, 马春光, 张磊, 张雯雯. 两类基于容错学习的多比特格公钥加密方案[J]. 信息网络安全, 2017, 17(10): 1-7.
[14]	肖迪, 马青青, 王兰, 向艳萍. 基于稀疏表示的云协助安全数字水印技术[J]. 信息网络安全, 2017, 17(1): 1-7.
[15]	李增鹏, 邹岩, 张磊, 马春光. 一种基于全同态加密的智能电网数据交换隐私保护方案[J]. 信息网络安全, 2016, 16(3): 1-7.