当前位置: 首页>博士论文>资源详情
云存储中多用户可搜索加密与安全数据共享研究
中文摘要

云存储是一个以数据存储和管理为核心的云计算系统,能够为用户提供强大而便捷的数据存储、处理和共享服务。随着云计算技术的日益普及,越来越多的用户会将本地数据迁移到云端。这样不仅可以使用户节省数据管理开销和系统维护成本,还可以让他们借助互联网随时随地访问数据。但是用户在享受这种方便快捷服务的同时,也面临着随之而来的数据安全问题和隐私泄露问题。云存储服务器并不是完全可信的,对传输信道的监听、对服务器的攻击,甚至是服务器管理员的人为泄露和破坏都会对用户的数据造成威胁。特别是对于医疗、金融等领域的敏感数据,信息的泄露和滥用将对用户造成巨大损失。为了防止服务器及其他非授权用户获取隐私数据,一个最简单的方法是将数据加密后再上传,可这又带来了如何直接对密文数据进行查询和共享使用的难题。因此,可搜索加密与安全数据共享技术应运而生,可以既保障用户安全方便地使用云存储服务,又能解决服务器处理密文数据的难题,目前已成为学者们研究的热点。 在可搜索加密机制中,数据拥有者在云服务器上存储密文数据,数据访问者提交关键词搜索凭证并获得包含此关键词的目标文档;服务器基于关键词进行查询并返回查询结果,在此过程中不会获得目标文档以及关键词的明文信息。这样一来,合法用户在保护自己数据安全和隐私的前提下,利用云服务器强大的存储能力和计算能力实现了数据存储和查询操作。早期的可搜索加密研究主要是针对单用户的,也就是说数据拥有者同时就是数据访问者。而现在的云存储系统中,每个用户除了对自己的数据有访问需求外,有时也希望能将数据共享给其他用户,或者去访问其他用户的数据。也就是说,每个用户可以既是数据拥有者,又是数据访问者,这种模式称之为多写多读,是云存储中涵盖面最广也是实现最为复杂的一种模式,在现实中有广阔的应用前景,因此研究多写多读的这种多用户可搜索加密具有极大的应用价值。 安全数据共享就是通过加密数据来实现机密性,然后通过自主分发解密密钥来实现访问控制的一种技术。现有方案要么依赖可信第三方进行密钥分发,要么需要数据拥有者在线进行密钥分发。但是随着越来越多的用户使用云存储系统,这些条件越来越不容易被满足,而为用户提供一种独一无二的、便利的、按需访问的安全数据共享机制已成为云存储中必不可少的一项服务。 由此可见,云存储环境下的多用户可搜索加密与安全数据共享需要面对的主要难题有以下几点。(1)每个用户都希望对自己的数据自主进行访问控制,不存在一个完全可信的第三方,也无法对资源进行统一管理。(2)每个用户可能需要随时随地通过不同类型的终端访问数据,所以方案要降低对安全信道的依赖。但是在公共信道上传输数据需要考虑新的威胁。(3)由于数据拥有者本身也是一个普通用户,所以不能像管理员那样时刻在线来分发解密密钥。现有方案往往不能同时解决这些问题。因此本文的研究内容是针对这些问题设计可证安全的多用户可搜索加密方案与安全数据共享方案。 我们的研究侧重于方案的设计以及安全性分析与证明,目的是确立协议实现的基础,所以我们关注:方案能否满足密码学安全特性以及理论可行性。严格的安全性证明也为分析此类方案带来了理论依据,所以我们注重在相应的安全模型下给出形式化的安全性证明,这也是可证明安全的基本要求。本文研究内容有三方面: 1、自主授权的多写多读可搜索加密方案研究 对多写多读可搜索加密方案的形式化定义、安全模型及构造方法进行了研究,提出一种可以不依赖于可信第三方并能实现细粒度访问控制的方案。 本方案没有使用可信的用户管理中心,而是由数据拥有者自主控制数据访问者对自己文件的访问权限。实现方式是通过在半诚实的云服务器中存储一个可动态更新的权限分配矩阵,由数据拥有者基于数据访问者的公钥来计算权限值。由于每个用户的公私钥都可从现有的CA中心获得,从而不需要一个用于管理用户密钥的可信第三方。同时,数据访问者可指定数据拥有者进行查询,并且服务器只在对其授权的数据拥有者的文档中进行搜索,从而缩小了搜索范围。而且利用双线性对的性质,在不增加额外交互的前提下解决了加密文档的密钥分发问题,减少交互,降低了通信复杂度。最后,给出了该方案在随机谕言机模型下安全性的形式化证明。 2、多写多读可搜索加密中的关键词猜测攻击及防御方案研究 我们做了两部分工作,一是对多写多读可搜索加密方案中是否存在关键词猜测攻击进行了分析,二是设计了一个无安全信道下能抵抗关键词猜测攻击的多写多读可搜索加密方案。 多用户可搜索加密中的安全性研究一直是个值得关注的问题,特别是对于关键词猜测攻击,己经有学者证明了在多个数据拥有者和一个数据访问者(简称多写单读)的可搜索加密方案中存在这种攻击行为。这是由于人们习惯用一些常规的关键词,所以攻击者可以通过自己猜测一些关键词,然后利用在公开信道上得到的信息就可以验证其是否是发送者使用的关键词。但是,现有的多写多读可搜索加密方案中没有考虑这种攻击行为。因此我们对当前主流的多写多读可搜索加密方案进行分析,证明了在这些方案中,若不采用安全信道传输数据,则同样存在关键词猜测攻击。因为方案中的授权用户拥有合法私钥,可利用在信道上收集的信息计算出一些用于实施关键词猜测攻击的数据。但是使用安全信道在某些场景下是不实用的。因此,我们的第二项工作就是利用指定服务器的方法,提出了一种无安全信道下能抵抗关键词猜测攻击的多写多读可搜索加密方案。方案中,利用随机数以及服务器的公钥将文档的索引值和关键词的搜索令牌都进行了隐藏,从而只有指定的服务器可以进行存储和搜索操作。同时,方案还保留了不依赖可信第三方进行用户管理的优点。而且,对于数据拥有者采用不同密钥加密的文档,数据访问者只需提供一个搜索令牌即可在这些文档中进行检索,简化了数据访问者的计算开销。同样,在随机谕言机模型下对其安全性进行了形式化证明。 3、多密钥的安全数据共享方案研究 对安全数据共享方案的形式化定义、安全模型和构造方法进行了研究,提出了一个多密钥的安全数据共享方案。 针对安全数据共享的研究,目前集中在密文访问控制技术的实现上,主要是利用密码学的技术将用户的解密能力基于一些访问控制策略来实现。但是目前的方案对于实现多用户的自主数据共享灵活性不够,安全性考虑也不全面。因此,我们提出了一个多密钥的安全数据共享方案。方案同样不依赖可信第三方来管理用户,而是让数据拥有者针对自己不同类别的数据进行细粒度的访问授权。不采用安全信道,而是利用指定服务器的思想,只有拥有对应私钥的服务器可以进行数据共享操作,从而可抵抗授权用户敌手的恶意行为。每个文档采用唯一密钥加密,保证文档内容的机密性。但是不需要数据拥有者在线分发解密密钥,而是由云服务器生成解密陷门,数据访问者收到后再利用自己的私钥计算即可获得最终的解密密钥,从而简化了密钥分发过程。 综上所述,本文的研究工作主要围绕着云存储中多用户可搜索加密与安全数据共享技术展开,主要着眼点是在多写多读的这种复杂模型下可以让用户能够不依赖可信第三方而实现自主授权,在不存在安全信道的前提下能够抵抗关键词猜测攻击,以及在不引入用户额外开销的情况下实现密钥分发。针对这些问题设计可证安全的方案不仅能为实用协议的设计与实现奠定理论基础,也为云存储的推广应用提供有益借鉴。 关键词:可搜索加密;安全共享;公钥密码;Diffie-Hellman问题;可证明安全

英文摘要

Cloud storage is a cloud computing system focusing on data storage and management. It can provide users powerful and convenient services such as data storage, data processing and data sharing. With the increasing popularity of cloud computing, more and more users tend to outsource their local data to the cloud. This not only can help users save the cost of data management and system maintenance, but also can make them accessible to data through Interne at any place and any time they want. However, when users enjoy this convenient and efficient service, they would also face the following problems about data security and privacy disclosure. The cloud storage server cannot be trusted completely. The eavesdropping on the transmission channel, the attacks on the server, and even the server administrator's personal disclosure will pose threats to users’ data. Particularly in the field of medicine and finance, information disclosure and abuse will cause a great loss to users. In order to prevent the server and other non-authorized users from accessing the private data, a trivial solution is that the users encrypt their data before uploading. However this will make data difficult to query and share. Under this circumstance, searchable encryption (SE) and secure data sharing technologies have come out, which can not only guarantee the users to use the cloud storage service safely but also solve the problem of processing encrypted data. In the mechanism of searchable encryption, data owner (aka. writer) generates an encrypted index and stores it on cloud server along with the encrypted documents. Data user (aka. reader) generates the trapdoor of a keyword and gets the target documents that containing the keyword. The cloud server can search the index and return the query results, meanwhile it cannot obtain the plaintext of the target document and the keyword. As a result, legitimate users can take the advantage of the cloud server’s powerful storage capacity and computing power to safely store their data and make query operations. Early research on searchable encryption was focused on single-writer/single-reader (S/S), which means the writer is the same person to the reader. In today's cloud storage systems, every user has both the desire to share data and the demand to access data from others or himself. In other words, each user can not only be a writer but also a reader in the model called multi-writer/multi-reader (M/M). This model of cloud storage can be widely used in a variety of areas in reality, hence the development on it is of great value. Secure data sharing is a technique to achieve confidentiality by encrypting data and achieve access control through autonomous distribution of the decryption keys. Existing schemes either rely on the trusted third party (TTP) or the online writer for key distribution. But with more and more users enter into the cloud storage system, it cannot meet the demand. It is necessary for the system to extend its service to every users by a technology with convenience, individuality and pay-as-you-go mode. This shows that the main problems of multi-user searchable encryption and secure data sharing in cloud storage system are as follows. (1) Each writer wishes to have access control for his own data. There is no fully trusted third party and no unified resource management system. (2) Each user may need to access data at any time and any place through different types of terminals, so the scheme should reduce the dependence on the secure channel. However, data transmission over public channels would meet with new threats. (3) Since the writer himself is an ordinary user, it is impossible for him to distribute the decryption key online like administrators. Existing solutions often fail to solve these problems, the content of this paper is to design the provably secure multi-user searchable encryption scheme and the secure data sharing scheme to solve these problems. Our research focuses on the design of the scheme with the analysis and proof of the security. The security requirements of the schemes and the theoretical feasibility of them is concerned. Thus, a theoretical foundation for the implementation of practical protocols are laid. The strict security proof also bring a theoretical basis for the analysis of such schemes, so we focus on the formal proof in specific security model. The above provable security requirements are necessary in modern cryptography. Specifically, our research includes the following aspects. 1.Research on discretionary authorization of MMSE scheme We study the formal definition, security model and construction method of MMSE scheme and propose a TTP-free scheme which achieves fine-grained access control. In replacement of a trusted user management center, the writer can discretionarily grant and revoke the privileges to readers by maintaining a dynamically updated authority distribution matrix in the semi-honest cloud server. The writer calculates the authorization value according to the public key of the reader. Since each user’s public and private key can be obtained from an existing CA center, a trusted third party is not needed to manage the key. Moreover, the reader can specify one or more writer to query, and the server only searches for documents that the reader have privilege to get, thus the search scope can be narrowed. And with the help of the bilinear maps, the key distribution is an integration between with user authorization and search procedures. It reduces the interaction between the user and the server or writers and readers, and thus reduces the communication overhead. Finally, we give the formal proofs of its security in the random oracle model 2.Research on keyword guessing attack and defense on MMSE scheme We have completed the following two part jobs. The first one is analyzing whether keyword guessing attack (KGA) is a problem in MMSE schemes, the second one is designing a security channel-free scheme that can resist KGA. Research on the security of multi-user SE scheme is always a notable problem. Especially in KGA, some scholars have proved that it resists in the multi-writer/single-reader (M/S) scheme. This is because people usually queries commonly-used keywords, so an eavesdropping adversary can guess some keywords by themselves and verify them with the information he got from the public channel. However, this attack is not considered in the existing MMSE schemes. Therefore, we analyze some current main MMSE scheme, and prove that none of these scheme can resist this attack without the secure channel. This is mainly because the authorized user has the legal private key, he can calculate some data by using the information that was collected from the public channel to implement KGA. However, deploying secure channel is impractical in some scenarios. Therefore, our second task is to propose an MMSE scheme that can resist KGA without a secure channel by using the designated server. In the scheme, the index value of the document and the trapdoor of keywords are hidden by the random number and the public key of the server, so that only the designated server can perform storage and search operations. At the same time, the scheme retains the advantage of independence from the TTP in user management. Moreover, in terms of the documents encrypted by different keys, the reader only need to generate one trapdoor, which simplifies his computational overhead. In the same way, we prove the security in the random oracle model. 3.Research on secure data sharing scheme with multiple keys We study the formal definition, security model and construction method of secure data sharing scheme and propose a multi-key data sharing scheme. The research of secure data sharing is focused on the implementation of cryptographic access control technology, which mainly uses the cryptography technology to realize the decryption capability of users based on some access control policies. However, the current scheme is not flexible enough for the realization of multi-user discretionary data sharing, and the security considerations are not comprehensive. Therefore, we propose a multi-key data sharing scheme. The scheme reaches fine-grained access control by allowing the writer to authorize different classes of data without a TTP. Instead of using a secure channel, a designated server which has the corresponding private key can perform data sharing operations, thus resisting the malicious behavior by the authorized user. Each document is encrypted with a unique key to ensure the confidentiality. But the writer is not required to distribute the keys. Instead, the cloud server can generate the trapdoor of decryption key and transmit it to the reader. Then the reader can recover the decryption key by using his private key. Thus, our proposed scheme does not need an online writer, which simplifies the procedure of key distribution. In summary, we study the multi-user searchable encryption and secure data sharing technologies in cloud storage. The main focus is on multi-writer multi-reader model. We solve the problems such as allowing users to discretionary authorize without a TTP, resisting keyword guessing attack without security channel and realizing key model. We solve the problems such as allowing users to discretionary authorize without a TTP, resisting keyword guessing attack without security channel and realizing key distribution without introducing additional overhead. Designing the provable security schemes not only can lay a theoretical foundation to the design and the implementation of practical protocols, but also provide a useful reference for the popularization and application of cloud storage. Keywords: Searchable Encryption; Secure Data Sharing; Diffie-Hellman Problem; Public Key Cryptography; Provable Security

作者相关
主题相关
看过该书的人还在看哪些书