一种增强的多用户前向安全动态对称可搜索加密方案

卢冰洁; 周俊; 曹珍富

doi:10.7544/issn1000-1239.2020.20200439

一种增强的多用户前向安全动态对称可搜索加密方案

(上海市高可信计算重点实验室(华东师范大学) 上海 200062) (xiaoyao9697@163.com)

基金项目: 上海市自然科学基金项目(20ZR1418400);国家自然科学基金项目(61602180,61702187,61632012,61672239,U1636216)；中央高校基本科研业务费专项资金；中国博士后科学基金项目(2017M611502)

详细信息

中图分类号: TP309
计量
- 文章访问数: 1048
- HTML全文浏览量: 7
- PDF下载量: 715
出版历程
- 发布日期: 2020-09-30

A Multi-User Forward Secure Dynamic Symmetric Searchable Encryption with Enhanced Security

(Shanghai Key Laboratory of Trustworthy Computing (East China Normal University), Shanghai 200062)

Funds: This work was supported by Shanghai Natural Science Foundation (20ZR1418400), the National Natural Science Foundation of China (61602180, 61702187, 61632012, 61672239, U1636216), the Fundamental Research Funds for the Central Universities, and the China Postdoctoral Science Foundation (2017M611502).

摘要

摘要: 动态对称可搜索加密由于其具有良好的动态密文数据搜索功能而在云存储中得到了广泛的应用，但最近研究表明，动态可搜索加密很容易遭受文件注入攻击.为了抵抗这种攻击，前向安全的对称可搜索加密方案被相继提出.可是，现有的前向安全对称可搜索方案大多只支持单用户.最近，Wang等人在NSS 2018上提出了多用户环境下的前向安全动态可搜索加密方案(multi-user forward secure dynamic searchable encryption scheme, MFS)，通过引入一个半诚实且不与云服务器合谋的代理服务器，解决了多用户查询的问题.但是，发现敌手可以通过窃听攻击或重放攻击找出更新文件与旧的搜索令牌之间的关联，从而破坏MFS方案的前向安全性.为了解决这个问题，提出了一个增强的多用户前向安全动态可搜索加密方案EMFS，通过去除用户和代理服务器之间的状态值传递和用户身份验证来抵抗窃听攻击和重放攻击.该方案采用了一个新的索引结构，能够有效地提升删除效率.最后，给出了形式化的安全证明，证明了EMFS方案在保证前向安全同时，能够抵抗上述2种攻击,并且把删除的复杂度从O(n\-w)降低到O(1)，其中n\-w表示匹配关键字w的文件个数.
- 动态对称可搜索加密 /
- 云存储 /
- 代理服务器 /
- 前向安全 /
- 多用户
Abstract: Dynamic symmetric searchable encryption has been widely used in cloud storage due to its functionality of dynamic encrypted data search. However, recent studies have shown that dynamic searchable encryption is vulnerable to file injection attacks. In order to resist such attacks, several forward secure symmetric searchable encryption schemes have been proposed. Unfortunately, most of the existing forward secure symmetric searchable solutions only work in the single user setting. In NSS 2018, Wang et al. proposed a multi-user forward secure dynamic searchable encryption scheme (MFS), by introducing a semi-honest proxy server that does not collude with the cloud server. However, we found that the forward security of the scheme can be compromised by the adversary who observes the association between the new update and the previous search tokens through eavesdropping attacks or replay attacks. To address this issue, a multi-user forward secure dynamic searchable symmetric encryption scheme EMFS is proposed with enhanced security, by exploiting user authentication mechanism without the need of state information transfer. We also adopt a new index structure to improve the efficiency. Finally, we give formal security proof to show that our scheme can resist the two attacks mentioned above, while maintaining forward security. Compared with Wang et al’s scheme, our construction provides a higher level of practical efficiency by reducing the complexity of deletion from O(n\-w) to O(1), where n\-w denotes the number of matching documents for keyword w.
- dynamic symmetric searchable encryption /
- cloud storage /
- proxy server /
- forward security /
- multi-user

HTML全文

参考文献(0)

施引文献(8)

期刊类型引用(5)

1.	谢朝武，黄锐. 目的地旅游安全事件集群：概念框架与测度体系研究. 旅游学刊. 2023(05): 42-57 . 百度学术
2.	严定宇，张宇鹏，陆希玉，曹华平. 对网络空间安全建模的系统思考. 网络安全与数据治理. 2023(12): 34-40 . 百度学术
3.	刘小虎，张恒巍，马军强，张玉臣，谭晶磊. 基于攻防博弈的网络防御决策方法研究综述. 网络与信息安全学报. 2022(01): 1-14 . 百度学术
4.	杨轶杰，朱广劼，司群，杨文. 铁路网络空间可视化实现路径分析. 铁路计算机应用. 2021(11): 15-20 . 百度学术
5.	刘小虎，张恒巍，张玉臣，胡浩，程建. 基于博弈论的网络攻防行为建模与态势演化分析. 电子与信息学报. 2021(12): 3629-3638 . 百度学术