ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (10): 2313-2322.doi: 10.7544/issn1000-1239.2015.20150504

所属专题: 2015网络安全与隐私保护研究进展

• 信息安全 • 上一篇    下一篇

一个自主授权的多用户可搜索加密方案

李真1,2,蒋瀚1,赵明昊1   

  1. 1(山东大学计算机科学与技术学院 济南 250101); 2(山东财经大学计算机科学与技术学院 济南 250014) (sdufelizhen@126.com)
  • 出版日期: 2015-10-01
  • 基金资助: 
    基金项目:国家自然科学基金面上项目(61173139,61572294);教育部高等学校博士学科点专项科研基金项目(20110131110027)

A Discretionary Searchable Encryption Scheme in Multi-User Settings

Li Zhen1,2, Jiang Han1, Zhao Minghao1   

  1. 1(School of Computer Science and Technology, Shandong University, Jinan 250101);2(School of Computer Science and Technology, Shandong University of Finance and Economics, Jinan 250014)
  • Online: 2015-10-01

摘要: 可搜索加密(searchable encryption, SE)允许用户将数据加密后存储到云服务器上,然后在密文数据中按关键词进行搜索,且保证隐私泄漏的最小化.现已提出了针对效率和安全性方面的多种SE方案,但对于多方用户的可搜索加密,目前绝大多数方案都需要用到完全可信的第三方来进行用户授权.针对这一问题,提出让半诚实的云服务器来维护一个权限分配矩阵,允许用户按自己的意愿控制其他用户对自己文件的访问权限,从而弱化了可信第三方的功能.而且,搜索者可指定用户并且服务器只在对其授权的用户文档中进行搜索,从而缩小了搜索范围.同时,利用双线性对的性质,在不增加额外交互的前提下解决了加密文档的密钥分发问题.最后给出该方案在随机预言机模型下安全性的形式化证明.

关键词: 云计算, 可搜索加密, 多用户, 可证明安全, 双线性映射

Abstract: Searchable encryption (SE) allows a client to store a collection of encrypted documents on a server and later quickly carry out keyword searches on these encrypted documents, while revealing minimal information to the server. Searchable encryption is an active area of research and a number of schemes with different efficiency and security characteristics have been proposed in the literature. In terms of the multi-user setting, most existing schemes involve a fully-trusted third-party to assign permission among users. In this paper, based on bilinear pairing, we propose a multi-user searchable encryption scheme without the trusted third-party. Specifically, we allow users to discretionarily authorize the documents which other users can access, by maintaining rights assignment matrix to the cloud service provider(CSP) which is honest but curious. Moreover in our scheme, in the searching phase the user can search the documents he wants meanwhile has access to, and accordingly reduce the search scopes of the cloud server. In addition, based on bilinear pairing, we solve the problem of symmetric key distribution, which is neglected in most existing schemes. Actually it implies security risks if the symmetric key is shared among the users. Lastly, we provide formal security proof of our scheme in random oracle model.

Key words: cloud computing, searchable encryption (SE), multi-user, provable security, bilinear maps

中图分类号: