【摘要】：云計(jì)算是信息領(lǐng)域正在發(fā)生的深刻變革,它將大量計(jì)算資源、存儲(chǔ)資源和軟件資源鏈接在一起為用戶提供了按需、易擴(kuò)展的信息服務(wù)。云存儲(chǔ)服務(wù)作為其中最重要的服務(wù)之一,允許企業(yè)和個(gè)人將其數(shù)據(jù)外包到云服務(wù)器上,并以按使用付費(fèi)的原則為其管理和維護(hù)數(shù)據(jù)。然而,云存儲(chǔ)在提高資源的利用效率和節(jié)約用戶成本的同時(shí),卻給數(shù)據(jù)的保密性和用戶的隱私性帶來(lái)了巨大的挑戰(zhàn)。加密技術(shù)已經(jīng)成為云計(jì)算中保護(hù)敏感數(shù)據(jù)和防止信息泄漏的重要工具,而隨之而來(lái)的加密數(shù)據(jù)的搜索與回取卻成了一大難題。因此,如何解決數(shù)據(jù)加密和數(shù)據(jù)搜索之間的沖突已經(jīng)成為亟需解決的重要問題,這是本文的研究動(dòng)機(jī)。正對(duì)上述問題,本文利用關(guān)鍵字搜索公鑰加密技術(shù)解決云存儲(chǔ)中加密數(shù)據(jù)的搜索問題,研究現(xiàn)有的關(guān)鍵字搜索公鑰加密方案的安全性,同時(shí)結(jié)合密碼學(xué)新技術(shù),構(gòu)造了兩個(gè)適用于云存儲(chǔ)環(huán)境的安全高效的實(shí)用關(guān)鍵字搜索公鑰加密方案。具體工作包括:1.分析了Hu等提出的兩個(gè)指定搜索者的關(guān)鍵字搜索公鑰加密方案的安全性,發(fā)現(xiàn)其無(wú)法抵抗離線關(guān)鍵字猜測(cè)攻擊,即惡意服務(wù)器可以猜測(cè)陷門中的關(guān)鍵字,從而區(qū)分用戶搜索的關(guān)鍵字。同時(shí),我們證明了如果關(guān)鍵字集合取自多項(xiàng)式大小的關(guān)鍵字字典,那么構(gòu)造抵抗離線關(guān)鍵字猜測(cè)攻擊的指定搜索者關(guān)鍵字搜索公鑰加密方案是不可能的。2.提出了可撤銷的關(guān)鍵字搜索公鑰加密概念,利用系統(tǒng)的時(shí)間周期劃分成若干時(shí)間片段的方法撤銷服務(wù)器的搜索能力;同時(shí),基于Fan等的匿名多接收者基于身份加密,利用Abdalla等的匿名基于身份加密到關(guān)鍵字搜索公鑰加密方案的一般性轉(zhuǎn)化方法,結(jié)合拉格朗日差值多項(xiàng)式提出新型高效可撤銷的關(guān)鍵字搜索公鑰加密方案的實(shí)用構(gòu)造方法。據(jù)我們所知,我們的方案是第一個(gè)可撤銷擁有陷門的服務(wù)器的搜索能力的可搜索加密方案。3.基于Zhao等的動(dòng)態(tài)非對(duì)稱群密鑰協(xié)商,Canetti等的代理重加密和Boneh等的關(guān)鍵字搜索公鑰加密方案提出了支持動(dòng)態(tài)群的關(guān)鍵字搜索公鑰加密方案。為了減輕用戶的計(jì)算負(fù)擔(dān),我們利用服務(wù)器輔助計(jì)算技術(shù)將雙線性對(duì)運(yùn)算外包給服務(wù)器來(lái)進(jìn)行。新方案實(shí)現(xiàn)了群用戶的數(shù)據(jù)共享、用戶加入和撤銷、群用戶的身份隱私、關(guān)鍵字搜索以及群外用戶的數(shù)據(jù)源提供功能,此方案適用于云存儲(chǔ)環(huán)境,特別是移動(dòng)云存儲(chǔ)中。
[Abstract]:Cloud computing is a profound change in the field of information. It links a large number of computing resources, storage resources and software resources together to provide users with on-demand and extensible information services. As one of the most important services, cloud storage services allow enterprises and individuals to outsource their data to cloud servers, and manage and maintain data according to the principle of payment for use. However, cloud storage not only improves the efficiency of resource utilization and saves the cost of users, but also brings great challenges to the confidentiality of data and the privacy of users. Encryption technology has become an important tool to protect sensitive data and prevent information leakage in cloud computing, but the search and retrieval of encrypted data has become a major problem. Therefore, how to solve the conflict between data encryption and data search has become an important problem, which is the motivation of this paper. To solve the above problems, this paper uses keyword search public key encryption technology to solve the search problem of encrypted data in cloud storage, studies the security of the existing key search public key encryption scheme, and combines with the new cryptography technology. Two secure and efficient public key encryption schemes for cloud storage environment are proposed. Specific tasks include: 1. This paper analyzes the security of two key search public key encryption schemes proposed by Hu et al., and finds that they can not resist off-line keyword guessing attacks, that is, malicious servers can guess the keywords in the trap door. This distinguishes the keyword of user search. At the same time, it is proved that if the keyword set is taken from a polynomial size keyword dictionary, it is impossible to construct a public key encryption scheme for designated searchers to resist off-line keyword guessing attacks. In this paper, the concept of revocation keyword search public key encryption is proposed, and the search ability of the server is revoked by dividing the time cycle of the system into several time segments. At the same time, the anonymous multi-receiver based on Fan and so on is based on identity encryption. Using the general transformation method of anonymous identity-based encryption to keyword search public key encryption scheme proposed by Abdalla et al., combined with Lagrange difference polynomial, a practical construction method of a new efficient and revocable keyword search public key encryption scheme is proposed. As far as we know, our scheme is the first searchable encryption scheme. The proxy reencryption scheme based on Zhao et al. And the key search public key encryption scheme based on Boneh et al. A key search public key encryption scheme supporting dynamic group is proposed. In order to reduce the computational burden of users, we outsource bilinear pairings to the server using server aided computing technology. The new scheme realizes the functions of data sharing, user join and revocation, identity privacy, keyword search and data source of out-of-group users. This scheme is suitable for cloud storage environment, especially mobile cloud storage.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TN918.4

【共引文獻(xiàn)】

相關(guān)期刊論文 前2條

1 李雙;;一種安全的具有匿名性的可搜索加密方案[J];計(jì)算機(jī)工程與應(yīng)用;2013年16期

2 王智弘;涂泰源;;Keyword Search Encryption Scheme Resistant Against Keyword-Guessing Attack by the Untrusted Server[J];Journal of Shanghai Jiaotong University(Science);2014年04期

相關(guān)博士學(xué)位論文 前2條

1 袁科;Timed-Release加密及其應(yīng)用中的關(guān)鍵問題研究[D];南開大學(xué);2014年

2 周旭華;加密搜索和數(shù)據(jù)完整性檢測(cè)及其云存儲(chǔ)安全中的應(yīng)用[D];上海交通大學(xué);2014年

相關(guān)碩士學(xué)位論文 前2條

1 趙遠(yuǎn)杰;云計(jì)算中的公鑰可搜索加密方案研究[D];西安電子科技大學(xué);2013年

2 孫婷;基于模糊關(guān)鍵字搜索的代理重加密的研究[D];南京航空航天大學(xué);2012年

，

本文編號(hào)：2221808