信息网络安全 ›› 2024, Vol. 24 ›› Issue (9): 1444-1457.doi: 10.3969/j.issn.1671-1122.2024.09.012

• 技术研究 • 上一篇    下一篇

基于云存储的多关键字可搜索加密方案

谢小凤, 张鑫涛, 王鑫, 鲁秀青()   

  1. 青岛大学计算机科学技术学院,青岛 266071
  • 收稿日期:2023-11-16 出版日期:2024-09-10 发布日期:2024-09-27
  • 通讯作者: 鲁秀青 luxiuqing@qdu.edu.cn
  • 作者简介:谢小凤(1999—),女,湖北,硕士研究生,主要研究方向为云计算、属性基加密|张鑫涛(1998—),男,山东,硕士研究生,主要研究方向为云计算、属性基加密、区块链技术|王鑫(1998—),男,江苏,硕士研究生,主要研究方向为云计算、属性基加密|鲁秀青(1975—),女,山东,副教授,博士,主要研究方向为云计算、属性基加密、身份基加密
  • 基金资助:
    山东省自然科学基金(ZR2019MF058)

Multi-Keyword Searchable Encryption Scheme Based on Cloud Storage

XIE Xiaofeng, ZHANG Xintao, WANG Xin, LU Xiuqing()   

  1. College of Computer Science and Technology, Qingdao University, Qingdao 266071, China
  • Received:2023-11-16 Online:2024-09-10 Published:2024-09-27

摘要:

尽管基于属性的可搜索加密(Attribute-Based Searchable Encryption,ABSE)能够安全有效地实现对密文的可控搜索,但目前的多关键字ABSE方案计算开销过大,且大量数据存储在云服务器中,存在数据冗余问题。针对上述问题,文章提出一种基于云存储的多关键字可搜索加密方案,采用云边缘协同的工作模式,将加密数据存储在云服务器上,同时将加密索引上传到最近的边缘节点,进行关键字搜索和协助解密,降低系统开销。为了进一步减轻客户端的计算开销,方案还采用了预加密机制。同时方案通过设置数据标签实现数据去重功能,引入验证算法保证搜索结果的完整性和正确性。安全性分析和性能分析证明了方案的有效性和实用性,与其他方案对比证明了方案具有更好的性能和更全面的功能。

关键词: 属性基加密, 密文验证, 预加密, 云边缘协同, 数据去重

Abstract:

Attribute-based searchable encryption(ABSE) enables secure and efficient controlled searches on encrypted data. However, existing multi-keyword ABSE schemes suffer from excessive computational overhead. Moreover, the prevalence of storing a substantial volume of data in cloud servers further exacerbates the problem of data redundancy. This paper proposed a cloud-based multi-keyword searchable encryption scheme to address the aforementioned issues. The scheme introduced a cloud-edge collaborative working model. Encrypted data was stored on cloud servers. Meanwhile, encrypted indexes were uploaded to the nearest node to perform keyword search and assisted decryption, reducing the system overhead. To further alleviate the client’s computational costs, the scheme employed a pre-encryption mechanism. Additionally, the scheme employed data tagging to achieve data deduplication and introduced verification algorithms to ensure the integrity and correctness of search results. Security analysis and performance evaluation demonstrate the effectiveness and practicality of the proposed scheme. The comparison with other schemes reveal that the proposed scheme outperforms in terms of performance and offers more comprehensive functionality.

Key words: attribute-based encryption, ciphertext verification, pre-encryption, cloud-edge collaboration, data deduplication

中图分类号: