Verifiable Cloud Data Sharing Scheme that Supports Privacy Protection

doi:10.19678/j.issn.1000-3428.0065088

Abstract

Abstract: With the rapid development of mobile Internet technology, an increasing amount of data is stored on remote cloud servers, thereby increasing the search and sharing of sensitive data in outsourced cloud storage.To cope with these issues, a public-key searchable encryption algorithm is designed based on an elliptic curve and a verifiable data sharing scheme that supports privacy protection in cloud storage systems is proposed.In this scheme, the data sender uses message authentication code technology to generate a ciphertext corresponding to keywords using his/her own private key and the public key of the data receiver.The data receiver also uses message authentication code technology and generates a searchable trapdoor using his/her own private key and the public key of the data sender.In this way, the cloud server can quickly match the ciphertext corresponding to the keywords with a searchable trapdoor, and thus the scheme ensures the confidentiality and searchability of outsourced data.The scheme simultaneously achieves ciphertext and trapdoor indistinguishability when selecting keywords;thus, it can resist internal keyword guessing attacks.In addition, to prevent a cloud server from malicious deception or returning incorrect searchable ciphertexts, this scheme leverages cloud auditing techniques and adds an integrity verification phase for cloud storage ciphertexts.Performance analysis and comparison results show that this scheme only requires 2.17 ms to share cloud encrypted data, and its efficiency is at least 39.98% higher than that of PEKS, PAEKS, dIBAEKS, and CLEKS schemes;hence, it is more conducive to deployment in resource-constrained intelligent terminal devices.

Key words: cloud storage, privacy protection, data sharing, searchable encryption, integrity verification

摘要： 随着移动互联网技术的飞速发展，海量数据将存储在远程云服务器，由此带来外包云存储敏感数据的搜索与安全共享问题。基于椭圆曲线设计公钥可搜索加密算法，提出云存储系统中支持隐私保护的可验证数据分享方案。在该方案中，数据发送方结合消息认证码技术，使用自己的私钥和数据接收方的公钥产生关键词对应的密文，数据接收方结合消息认证码技术，使用自己的私钥和数据发送方的公钥产生搜索陷门，从而云服务器可以对关键词密文和搜索陷门进行快速匹配测试。该方案可保证云端存储数据的机密性，实现对外包云存储数据的可搜索功能，并在选择关键词攻击下满足密文不可区分性与搜索陷门不可区分性，抵抗内部关键词猜测攻击。此外，为防止云服务器出现恶意欺骗或返回不正确的搜索密文行为，引入云审计的设计思想，对存储在云端的密文数据进行完整性验证。性能分析与比较结果表明，该方案云端加密数据分享过程耗时仅为2.17 ms，与PEKS、PAEKS、dIBAEKS、CLEKS方案相比效率提升39.98%以上，更有利于部署在资源受限的智能终端设备。

关键词: 云存储, 隐私保护, 数据分享, 可搜索加密, 完整性验证

CLC Number:

TP309

ZHANG Xiaojun, LIU Qing, ZHENG Shuang, WANG Xin, XUE Jingting, WANG Shixiong. Verifiable Cloud Data Sharing Scheme that Supports Privacy Protection[J]. Computer Engineering, 2023, 49(3): 49-57.

张晓均, 刘庆, 郑爽, 王鑫, 薛婧婷, 王世雄. 支持隐私保护的可验证云端数据分享方案[J]. 计算机工程, 2023, 49(3): 49-57.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0065088

http://www.ecice06.com/EN/Y2023/V49/I3/49

Figures/Tables 10

References

[1] CHEN L, XUE Y, MU Y, et al.CASE-SSE:context-aware semantically extensible searchable symmetric encryption for encrypted cloud data[J/OL].IEEE Transactions on Services Computing:1-10[2022-04-02].https://ieeexplore.ieee.org/abstract/document/9743210.
[2] PENG Y, LIU Q, TIAN Y, et al.Dynamic searchable symmetric encryption with forward and backward privacy[C]//Proceedings of the 20th International Conference on Trust, Security and Privacy in Computing and Communications.Washington D.C., USA:IEEE Press, 2021:420-427.
[3] VO V, LAI S, YUAN X, et al.Towards efficient and strong backward private searchable encryption with secure enclaves[C]//Proceedings of International Conference on Applied Cryptography and Network Security.Berlin, Germany:Springer, 2021:50-75.
[4] LI J G, ZHANG Y C, NING J T, et al.Attribute based encryption with privacy protection and accountability for CloudIoT[J].IEEE Transactions on Cloud Computing, 2022, 10(2):762-773.
[5] HE K, CHEN J, ZHOU Q X, et al.Secure dynamic searchable symmetric encryption with constant client storage cost[J].IEEE Transactions on Information Forensics and Security, 2021, 16:1538-1549.
[6] LI J, HUANG Y Y, WEI Y, et al.Searchable symmetric encryption with forward search privacy[J].IEEE Transactions on Dependable and Secure Computing, 2021, 18(1):460-474.
[7] LI X, TONG Q, ZHAO J, et al.VRFMS:verifiable ranked fuzzy multi-keyword search over encrypted data[J/OL].IEEE Transactions on Services Computing:1-10[2022-04-02].https://ieeexplore.ieee.org/abstract/document/9669122.
[8] SONG D, WAGNER D, PERRIG A.Practical techniques for searching on encrypted data[C]//Proceedings of IEEE Symposium on Research in Security and Privacy.Washington D.C., USA:IEEE Press, 2006:44-55.
[9] CHEN T, XU P, WANG W, et al.Bestie:very practical searchable encryption with forward and backward security[C]//Proceedings of European Symposium on Research in Computer Security.Berlin, Germany:Springer, 2021:3-23.
[10] PATRANABIS S, MUKHOPADHYAY D.Forward and backward private conjunctive searchable symmetric encryption[C]//Proceedings of 2021 Network and Distributed System Security Symposium.Reston, USA:Internet Society, 2021:1-10.
[11] ZHANG Y, KATZ J, PAPAMANTHOU C.All your queries are belong to us:the power of file-injection attacks on searchable encryption[C]//Proceedings of the 25th USENIX Conference on Security Symposium.New York, USA:ACM Press, 2016:707-720.
[12] BONEH D, CRESCENZO G D, OSTROVSKY R, et al.Public key encryption with keyword search[C]//Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques.Berlin, Germany:Springer, 2004:506-522.
[13] 张超, 彭长根, 丁红发, 等.基于国密SM9的可搜索加密方案[J].计算机工程, 2022, 48(7):159-167. ZHANG C, PENG C G, DING H F, et al.Searchable encryption scheme based on China state cryptography standard SM9[J].Computer Engineering, 2022, 48(7):159-167.(in Chinese)
[14] LU Y, LI J G.Lightweight public key authenticated encryption with keyword search against adaptively-chosen-targets adversaries for mobile devices[J].IEEE Transactions on Mobile Computing, 2022, 21(12):4397-4409.
[15] CHAUDHARI P, DAS M L.Privacy preserving searchable encryption with fine-grained access control[J].IEEE Transactions on Cloud Computing, 2021, 9(2):753-762.
[16] MA M M, HE D B, KUMAR N, et al.Certificateless searchable public key encryption scheme for industrial Internet of Things[J].IEEE Transactions on Industrial Informatics, 2018, 14(2):759-767.
[17] WU T Y, CHEN C M, WANG K H, et al.Security analysis and enhancement of a certificateless searchable public key encryption scheme for IIoT environments[J].IEEE Access, 2019, 7:49232-49239.
[18] JIANG P, GUO F C, SUSILO W, et al.PPFilter:provider privacy-aware encrypted filtering system[J].IEEE Transactions on Services Computing, 2021, 14(5):1519-1530.
[19] LU Y, LI J G, ZHANG Y C.Privacy-preserving and pairing-free multirecipient certificateless encryption with keyword search for cloud-assisted IIoT[J].IEEE Internet of Things Journal, 2020, 7(4):2553-2562.
[20] LU Y, LI J G, ZHANG Y C.Secure channel free certificate-based searchable encryption withstanding outside and inside keyword guessing attacks[J].IEEE Transactions on Services Computing, 2021, 14(6):2041-2054.
[21] 邓志辉, 王少辉, 王平.基于合数阶双线性对的可搜索加密方案分析与改进[J].计算机工程, 2020, 46(9):123-128, 135. DENG Z H, WANG S H, WANG P.Analysis and improvement of searchable encryption scheme based on composite-order bilinear pairs[J].Computer Engineering, 2020, 46(9):123-128, 135.(in Chinese)
[22] YANG Y, MA M D.Conjunctive keyword search with designated tester and timing enabled proxy re-encryption function for E-health clouds[J].IEEE Transactions on Information Forensics and Security, 2016, 11(4):746-759.
[23] ZHANG X J, XU C X, WANG H X, et al.FS-PEKS:lattice-based forward secure public-key encryption with keyword search for cloud-assisted industrial Internet of Things[J].IEEE Transactions on Dependable and Secure Computing, 2021, 18(3):1019-1032.
[24] YANG N B, XU S M, QUAN Z.An efficient public key searchable encryption scheme for mobile smart terminal[J].IEEE Access, 2020, 8:77940-77950.
[25] HUANG Q.An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks[J].Information Sciences, 2017, 403/404:1-14.
[26] LI H B.Designated-server identity-based authenticated encryption with keyword search for encrypted emails[J].Information Sciences, 2019, 481:330-343.
[27] ZHENG Q, LI X, AZGIN A.CLKS:certificateless keyword search on encrypted data[C]//Proceedings of International Conference on Network and System Security.Berlin, Germany:Springer, 2015:239-253.

Please choose a citation manager

Content to export