CN106127075A

CN106127075A - The encryption method of can search for based on secret protection under a kind of cloud storage environment

Info

Publication number: CN106127075A
Application number: CN201610472300.9A
Authority: CN
Inventors: 胡玉鹏; 马梦怡; 皮玲; 温冠超; 高子文
Original assignee: Hunan University
Current assignee: Hunan University
Priority date: 2016-06-27
Filing date: 2016-06-27
Publication date: 2016-11-16
Anticipated expiration: 2036-06-27
Also published as: CN106127075B

Abstract

The invention discloses the encryption method of can search for based on secret protection under a kind of cloud storage environment, make L={l_i| 1≤i≤card (L) } represent IBS SSE system model in all of card (L) plant user identity type, each data consumer belongs to one of which identity type, 1≤x≤card (L)；For document F, if document owner specifies the identity type of the data consumer of addressable document F to belong to the set that radix is xThen by the h of Bloom Filter independent hash function HASH={H₁,H₂,...H_hWillIn x element map in the bit string vector P of a length of q, P is the access control policy being bound to document F；When certain data consumer want access F time, access control executor by Bloom Filter, judge according to P whether identity type l of this data consumer belongs to sets of authorizationsIf belonging to, the match is successful, is not belonging to then that it fails to match.The present invention solves existing symmetry and can search for encipherment scheme and be difficult to be applicable to efficiently and safely multi-source data user model and conduct interviews the problem controlled for diversiform data user.

Description

The encryption method of can search for based on secret protection under a kind of cloud storage environment

Technical field

The present invention relates to the encryption method of can search for based on secret protection under a kind of cloud storage environment.

Background technology

Along with the increase of the network bandwidth and popularizing of mobile Internet, motility and economy that cloud storage is good are inhaled Draw the individual sight with enterprise, allowed them that local complicated data management system is contracted out to cloud.Cloud storage has become as cloud Calculate one of widest application, the user of the application of public cloud storage such as Dropbox, Google Drive, Kingsoft fast disk, micro-dish Quantity is skyrocketed through (wherein the number of users of Dropbox has broken through 500,000,000), Eucalyptus, 3A Cloud, minicloud etc. Platform the most provides the safety privately owned cloud of office for increasing enterprise.Cloud storage user can utilize in different places Different terminals (such as desktop computer, notebook computer, panel computer, smart mobile phone etc.) accesses data, and cloud storage is that these set Standby data sharing provides a kind of optimal solution.

But, due to data ownership and the separation of administrative power, the hidden danger of some data safety is emerged in large numbers the most therewith, cloud user Distrust to cloud storage service provider has become cloud storage at the important restriction factor promoted on way.In cloud storage pattern Under, the data of user (include that government and the financial data of company, the medical information of individual, mail, photograph album, financial transaction etc. are quick Sense data) completely it is managed by cloud service provider (Cloud Service Provider, CSP) and is stored.CSP can obtain Take, search for user and be stored in the sensitive data in high in the clouds；Due to the system failure, CSP may lose the data of user；Assailant also may be used The data that can obtain user by attacking the server of CSP cause information leakage.These potential safety hazards make the safety of cloud storage Property becomes a problem that can not be ignored.

In order to protect data-privacy, before uploading the data to CSP, it is necessary to by data owner, it is encrypted. But, this makes the data based on plaintext keyword search that some are traditional use service to be normally carried out undoubtedly.There is one Solution is to download all data and decipher in this locality, will produce huge bandwidth cost yet with in cloud system, should Scheme is the most unpractiaca.Furthermore, put aside for the time being alleviating locally stored administrative burden, if can not be conveniently and efficiently Search for, utilize and share data, then storing data into high in the clouds will be nonsensical.Therefore, for adding Miyun Data Mining Effective percentage and ensure that the encipherment scheme that can search for of its personal secrets can not be ignored and extremely have realistic meaning.In view of cloud Hold potential a large number of users and outsourcing data, meet simultaneously privacy, system availability, extensibility and high efficiency will Asking, this research topic will be extremely difficult, the most challenging.

The cipher text searching system typically possessing privacy protection function includes data owner, data consumer and CSP tri- Individual participant.The cryptographic algorithm generally using AES (Advanced Encryption Standard) etc carrys out encryption data, adopts Security Index is generated with the special encipherment scheme that can search for.Can search for encipherment scheme and mainly include two classes: be based on symmetric key Can search for encrypting (Searchable Symmetric Encryption, SSE) and based on unsymmetrical key can search for is encrypted (Searchable Asymmetric Encryption, SAE).

It is that data owner shares indiscriminate key with data consumer that symmetry can search for the basic model of encipherment scheme. Single key word be can search for encryption would generally set up one encryption can search for index, server is hidden index content, Unless server has obtained the suitable trapdoor generated by key.This kind of scheme is proposed first by Song et al., and they are with a kind of The special each word in double-decker encryption method encrypted document one by one, need to travel through whole document during search ciphertext and confirm Whether there is required key word, search efficiency is that comparison is low thus.Afterwards, Goh, Chang and Curtmola et al. For SSE give deeper into security definitions.The scheme that Goh proposes uses pseudo-random function (Pseudorandom Function) and Bloom Filter (Bloom Filter) be each document build a Security Index, search time with literary composition Gear number amount is directly proportional, but the correctness that the error caused due to Bloom Filter makes Search Results is the most complete.Chang Et al. and Curtmola et al. almost to propose employing pseudo random techniques in the same time be that key word generates index, raw for user Become the scheme of inquiry request, improve search efficiency, but the renewal of data is supported deficiency by scheme, need very big amount of calculation to carry out more Newly, in some instances it may even be possible to reconstruct all indexes.Afterwards, Kamara et al. proposes the cipher text retrieval method that can support that document updates. Wang et al. have studied the keyword search problem supporting safe ranking, utilizes reverse indexing (Inverted Index) and order-preserving Key word frequency in encryption (Order Preserving Encryption) technology secrecy document, according to keyword frequency sorts Search Results rather than return indiscriminate result.Recently, the one that Naveed et al. proposes is based on blind storage (Blind Storage) can search for encipherment scheme and can be greatly promoted search efficiency of mechanism, it is often more important that, the utilization of blind storage makes The search pattern (Access Pattern) of data consumer is hidden, and this is that overwhelming majority existing program cannot realize. Artificial each document index building such as Cao vector, is used matrix encryption and is added by the size of vector inner product value after inquiry The multi-key word search of ciphertext data, and front n the document in Query Result is returned, but owing to all documents need to be traveled through, search Efficiency and searching accuracy are relatively low.

The asymmetric basic model that can search for encipherment scheme is that any people holding public keys can write and is stored in The data of server, but the authorized user only holding private key can carry out cipher text searching.Boneh et al. first proposed based on non- Symmetric key can search for encipherment scheme, SAE is improved by rear Abdalla et al..Followed by, Boolean key word inquiry, Subset inquiry, range query etc. can search for encryption technology to be occurred in succession.Kerschbaum et al. proposes Identity-based encryption Asymmetric can search for encryption technology.Lin et al. decreases inevitable two-wire in unsymmetrical key can search for encipherment scheme The use of property pair, it is proposed that support single keyword search, be applicable to the cipher text searching scheme that network is discerned.Hwang et al. carries Go out to meet can search for encipherment scheme and allowing server to pass through user list control of fixed keyword (non-free) union inquiry Search permission processed, the program is applicable to the multi-user scene under corporate environment, and regrettably extensibility is relatively low, when reply is big During amount user, efficiency will decline to a great extent.Li et al. uses predicate encryption to propose to meet multi-user scene delegatable asymmetric Can search for encipherment scheme, but in the program, the inquiry request of data consumer need to be generated by trusted third party, inefficient. Sun et al. proposes a kind of mandate based on attribute encryption technology first and can search for encipherment scheme, and data owner uses access Control strategy generates index, and the user attributes only implied when the trapdoor of data consumer meets the access that index is comprised During the key word that strategy and this index are searched for corresponding to user, destination document could be accessed.The program is supported single simultaneously Key word and the union search of fixing multi-key word, extensibility is stronger.

In summary, it is higher that existing symmetry can search for encryption technology efficiency, can meet freely inquiring about multi-key word, But due to the Authentication theory of symmetric cryptography, traditional based on symmetric key realization can search for encrypts scarcely support complexity Multi-user scene, huge at number of users and have that to access the motility exposed in the case of demand for control relatively low with extensibility Problem, result in its application situation limitation.Relatively, the asymmetric encryption technology that can search for is more suitable for the multiplex of complexity Family model, and Bilinear map (Bilinear Paring) can be utilized to calculate the range data being represented as keyword vector Realize the ciphertext scope of data function of search that symmetric cryptography is generally difficult to support, exactly because but also Bilinear map can not be kept away The use exempted from, result in the problem that search efficiency is low, and major part scheme cannot meet freely inquiring about of multi-key word, also in addition Have impact on the actual application of such scheme.Sum it up, existing research lack " many data owners-many data consumers " this Complex query condition, ciphertext data are updated and access the support controlled, or realize cost simultaneously under one complicated user model Too high, efficiency is on the low side with availability.

Summary of the invention

The technical problem to be solved is, not enough for prior art, it is provided that under a kind of cloud storage environment based on Secret protection can search for encryption method.

For solving above-mentioned technical problem, the technical solution adopted in the present invention is: based on privacy under a kind of cloud storage environment That protects can search for encryption method, and it is as follows that the method mainly realizes process: makes L={l_i| 1≤i≤card (L) } represent IBS- In the system model of SSE, all of card (L) plants user identity type, and card (L) represents the radix of set L；Each data make User belongs to one of which identity type, 1≤x≤card (L)；For document F, if document owner specifies addressable document The identity type of the data consumer of F belongs to the set that radix is xThen by the h of Bloom Filter independent Kazakhstan Uncommon function HASH={H₁,H₂,...H_hWillIn x element map in the bit string vector P of a length of q, P is and is bound to The access control policy of document F, P writes index document with the identifier of F and is stored in IBS-SSE system model；When certain When individual data consumer wants to access F, the executor that access controls is after getting the relevant index document of F, by Broome mistake Filter, judge according to P whether identity type l of this data consumer belongs to sets of authorizationsIf belonging to, the match is successful, does not belongs to In then it fails to match.

The generation process of access control policy P includes: initially set up the bit string vector P of an a length of q, and by bit string to Amount everybody value of P is initialized as 0；For either elementUtilize each function in hash function group HASH One a pair l_iCarry out Hash and obtain h Hash Round Robin data partition H₁(l_i), H₂(l_i) ... H_h(l_i), update cloth Shandong according to this h address Nurse filter vector, makes the value of these positions of Bloom Filter vector be changed by 0 and is set to 1, finally return that the Bu Lu being updated successfully Nurse filter vector is as access control policy；

Access the process that implements controlling to mate to include: firstly generate integer number flag=0, for the identity of visitor Type l, utilizes a pair identity type of each function 1 in hash function group HASH carry out Hash and obtain h Hash Round Robin data partition H₁ (l), H₂(l) ... H_h(l)；One by one check vector P in by these allocation indexs to place value, if value is 1, then flag+=1；If Value is 0, then it fails to match.Finally, if flag=h, then the match is successful.

DocumentComprise document identifier ID, document properties combined arrangementWith document common content f, literary composition Shelves combinations of attributesDimension be designated as Dim=n+m,It is made up of Dim Attribute domain and each genus Property territory all comprises a property value, wherein r_kRepresent scope generic attribute R_kProperty value, w_yThen represent key word generic attribute W_yGenus Property value；Order | R_k| represent R_kTerritory all possible property value number, | W_y| represent W_yField all possible property value number, that In collection of document FILE, make Α be all document properties combination set, then the radix of Α be card (Α)=| R₁|×| R₂|×...×|R_n|×|W₁|×|W₂|×...×|W_m|；Wherein, 1≤k≤n；1≤y≤n.

The detailed process obtaining index document relevant for F includes:

1) the access trapdoor from data user is being receivedQ retouches State the data search condition of data consumer, whereinDescribe data consumer to target literary composition The different requirements of each attribute thresholding of shelves, UID then indicates the identity of access requestor, specifically, D_RDescribe a model Enclosing the requirement of the value of generic attribute, it can be a numerical value or a numerical range；And D_WDescribe a key word generic The requirement of the value of property, it can be any number of key word.When data consumer is with [r_x1,r_x2](r_x1≤r_x2) defined attribute Field R_xTime,Utilize order preserving transformation function X pairMake conversion and can obtain its encrypted formWhen data consumer is with z key definition attribute field W_xTime,Utilize universe pseudo-random function Ψ pairIt is encrypted and can obtain its encrypted formAfter), accessing the executor CA controlled can inquire about in two-dimensional polling list according to Q Qualified index document identifier (IID) s, and by all corresponding tuple (addr) s combination producing subsets By S_QThe data block total number indexed is designated as size_Q；When the scope generic attribute territory condition in QAt least During one non-NULL, select the attribute R that given range codomain is minimum_min, 1≤min≤n；CA is according to given minimum value scope R is pressed in location_minThe two-dimensional polling list T of sequence_minIn meetTuple, recycling Carry out the coupling of other Attribute domains；When the scope generic attribute territory condition in QDuring all skies, the most directly UtilizeThe tuple of arbitrary table in two-dimensional polling list collection T is mated；

2) S is drawn_QAfter, CA selects a random number τ and generates a pseudorandom integer ordered series of numbers V ← Γ (τ), before V β·size_QIndividual different integer array becomes pseudorandom subsetV_QIt is to operate the mixed of preparation for accessing of access trapdoor Q Confuse subset；Γ is PRNG；n_B=α b_max；α and β is spreading factor and the confounding factors of IBS respectively, b_maxIt is Array B is available for the number of data blocks upper limit of storage.

3) CA will be by S_QAnd V_QThis locality is upset and be jointly downloaded to the data block indexed, and utilizes Deciphering is by S_QThe data block that indexes also recovers and indexes document accordingly；B [i] is the i-th data block in B, and B is containing n_B =α b_maxThe array of individual data block；Φ is pseudo-random function, K_ΦIt is the key for Φ, v_iIt it is the version of i-th data block Number,I.e. utilize Φ and K_ΦTo character string (v_i| | i) make pseudo-random process.

4) after recovering the index document that identifier is (IID) s, CA travels through terminal list FS according to (IID) s, if FS exists to certain part index document more newly requested, the most first it is updated, remove this request, then will update after rope Quotation shelves are as indexing document accordingly；

5) when needing to add new index document, first check whether index document identifier to be added is present in T In, if existing, then perform write operation；If not existing, adding the most in the steps below and indexing document:

5a) will index document sets IND, number of data blocks upper limit b_max, two-dimensional polling list collection T and K_IBSAs input, by rope Draw every part of index document I in document sets IND_iIt is split as size_iIndividual data block, as index document I_iTotal byte length length_iWhen can not be divided exactly by ω, front length_i/ ω data block size is ω, last size data block less than ω Being filled to ω by 0s, all data blocks all comprise two head fields, and one of them is responsible for recording IID_i, another is then responsible for record I_iVersion number v_i, v_iIt is initialized as 0；

5b) making B is containing n_B=α b_maxData blocks all in B are also initialized as 0s, to IND by the array of individual data block In each index document I_i, with σ=IID_iFor seed, generate an integer Number Sequence S ← Γ (σ), from the beginning of sequence S Select size_iIndividual different integer number, and guarantee that the data block in the B indexed by these integer numbers is sky；With Represent before being generated by σ and PRNG ΓIndividual integer number, creates a pseudorandom subsetS_i=Λ [σ,size_i]；

5c) will be by I by ascending order_iThe size split_iIndividual data block writes by S_iData block in the B indexed, these Data block is marked as non-NULL；

5d) by two-dimensional polling list collection T with I_iThe addr of corresponding tuple_iField is updated to S_i；

Pseudo-random function Φ 5e) is utilized all data blocks in B to be encrypted.

Compared with prior art, the had the beneficial effect that present invention of the present invention solves existing symmetry and can search for adding Close scheme is difficult to the problem simultaneously supporting any multidimensional keyword query with the complex conditions search of range query；Solve Existing symmetry can search for encipherment scheme and is difficult to be applicable to multi-source data user model efficiently and safely and make for diversiform data User conduct interviews control problem.

Accompanying drawing explanation

Fig. 1 is that the data of one embodiment of the invention upload model；

Fig. 2 is data search (access) model of one embodiment of the invention；

Fig. 3 is index storage model different from IBS for BS；

Fig. 4 is the IBS scheme of the present invention key operation flow process in the data search stage；

Fig. 5 is for when attribute dimensions is fixed, and data set sets up index experimental result picture；

Fig. 6 is when initiating searching request with same inquiry trapdoor Q, the computing cost that index obtains and data set size Relation；

Fig. 7 is when the attribute dimensions of data set document is fixed as Dim=9, with different trapdoor Q₁、Q₂With Q₃To difference Calculating time overhead when the data set of size scans for；

Fig. 8, for when data set attribute dimension is Dim=9, updates portion index document in a secondary index obtains operation Required time overhead accounts for the proportion that index obtains the overhead of operation；

Fig. 9 illustrates and completes once to access the time controlling coupling under the data set of different attribute dimension and data volume；

Figure 10 illustrates the pass calculated between time overhead and data set attribute dimension and data volume adding a document System.

Detailed description of the invention

The system model of IBS-SSE is made up of four entities: data owner, data consumer, authority central authority CA And cloud service provider CSP, Fig. 1 and Fig. 2 respectively show the data of the program and upload model and data search (access) mould Type.IBS-SSE mainly by IBS-SSE.Setup, IBS-SSE.IndexGen, IBS-SSE.Enc, IBS-SSE.Trapdoor, IBS-SSE.Search, IBS-SSE.Dec and IBS-SSE.AddUser, eight polynomial time algorithms of IBS-SSE.AddDoc Composition.In order to realize complex conditions search and user access control under multi-source data user model efficiently and safely simultaneously, this Invention design also have employed two key technologies in these main algorithm: indexes blind storage IBS (Index Blind Storage) and the relevant user identity access control method of ciphertext, first the present invention will introduce both key technologies, then explain State the algorithm definition of IBS-SSE.

1.IBS memory mechanism

IBS is affected by the inspiration of blind memory mechanism BS, and for index document, the storage management design of non-document itself, causes Power provides answering including any multidimensional keyword query and range query in the encipherment scheme that can search for for setting up based on IBS The encryption memory mechanism of miscellaneous conditional search.For realizing this target, the present invention realizes details to the framework of BS with algorithm and carries out Amendment, have employed a series of pseudo-random function, and introduce realized by MySQL two-dimensional polling list set T, access trapdoor Q, mixed Confuse factor-beta and terminal list FS.IBS be made up of three polynomial time algorithms running on CA end (scheme former from BS is different, In order to adapt to the complicated user model of " multiple-owner-multi-user " in enterprise-class environment, in IBS, these algorithms main Execution side and related parameter choosing side are changed to the client of authority central authority CA by the client of data owner itself, by CA end is to set up index from the possessory data of many data are unified and process the data search request from many data consumers, Fig. 3 illustrates index storage models different for BS from IBS.

IBS.KeyGen (λ):

Safety coefficient λ as input, is exported key K for pseudo-random function PRF by key schedule_Φ, for universe pseudo-with Machine function FD-PRF exports key K_Ψ.Finally export K_IBS=(K_Φ, K_Ψ) and by K_IBSIt is stored in CA client.

IBS.Initial(IND,b_max,T,K_IBS):

Initialization algorithm will index document sets IND, number of data blocks upper limit b_max, two-dimensional polling list collection T and K_IBSAs defeated Enter.By every part of index document I in index document sets IND_iIt is split as size_iIndividual data block, the size of each data block is ω, size_iComputational methods as follows:

{size}_{i} = {\begin{matrix} {length}_{i} / ω & (\begin{matrix} i f & {length}_{i} & \mod & ω = 0 \end{matrix}) \\ ({length}_{i} / ω) + 1 & (\begin{matrix} i f & {length}_{i} & \mod & ω &NotEqual; 0 \end{matrix}) \end{matrix}}

As index document I_iTotal byte length length_iWhen can not be divided exactly by ω, front length_i/ ω data block size For ω, last size data block less than ω is filled to ω by 0s.All data blocks all comprise two head fields, Qi Zhongyi Individual responsible record IID_i, another is then responsible for record I_iVersion number v_i, v_iIt is initialized as 0.

Making B is containing n_B=α b_maxData blocks all in B are also initialized as 0s by the array of individual data block.To in IND Each index document I_iOperation below performing:

(1) with σ=IID_iFor seed, generate a sufficiently long integer Number Sequence S ← Γ (σ), from the beginning of sequence S Select size_iIndividual different integer number, and guarantee that the data block in the B indexed by these integer numbers is sky.With Represent before being generated by σ and PRNG ΓIndividual such integer number, creates a pseudorandom subsetS_i =Λ [σ, size_i]。

(2) will be by I by ascending order_iThe size split_iIndividual data block writes by S_iData block in the B indexed, these Block is marked as non-NULL.

(3) by two-dimensional polling list collection T with I_iThe addr of corresponding tuple_iField is updated to S_i。

Afterwards, CA utilizes pseudo-random function Φ all data blocks in B to be encrypted, and is sent extremely by the B after encryption CSP.For the i-th data block in B, its encrypted form is

IBS.Access(Q,op,T,K_IBS):

Data access algorithm will access trapdoor Q, operating instruction symbol op, two-dimensional polling list collection T and K_IBSAs input.? All document function op ∈ in read, write, alter, delete}, write operation write, amendment operation alter and deletion Operation delete is all attached in read operation read by time delay laziness update method, to slow down the operation burden of CA.

(1) receiving from data user'sAfterwards, CA can root In two-dimensional polling list, qualified (IID) s is inquired about and by all corresponding (addr) s combination producing subsets according to QCan be by S_QThe data block total number indexed is designated as size_Q.Specifically, when the scope generic attribute territory condition in QAt least during a non-NULL, select the attribute R that given range codomain is minimum_min(1≤min≤n), due to T_minIn Tuple is according to property valueBy ascending order arrangement, CA can be according to given minimum value scopeQuickly position T_minIn MeetTuple, then on the premise of decreasing tuple query context, recycling Carry out the coupling of other Attribute domains；When the scope generic attribute territory condition in QDuring all skies, the most directly UtilizeThe tuple of arbitrary table in T is mated.The matching operation in this stage is mainly complete by MySQL Become.

(2) S is being drawn_QAfter, CA selects a random number τ and generates a sufficiently long pseudorandom integer ordered series of numbers V ← Γ (τ).Front β size with V_QIndividual different integer array becomes pseudorandom subsetV_QIt it is the access operation for trapdoor Q Prepare obscures subset.

(3) CA will be by S_QAnd V_QThis locality is upset and be jointly downloaded to the data block indexed, and utilizes Deciphering is by S_QThe data block that indexes also recovers and indexes document accordingly.

(4) after recovering the index document that identifier is (IID) s, CA can travel through terminal list FS according to (IID) s. If FS exists to certain part index document more newly requested, the most first it is updated, remove this request, then will update after Index document puts in ensuing task.To I_iWrite operation write in can encounter two kinds of situations:

If I after (a) renewal_i' number of data blocks size_i' with update before consistent, data that CA only need to be written into data_newWrite I_iLast data block, make I_iAll data block version number v_i=v_i+ 1, then encrypt these data blocks And return B to complete to update with obscuring block together foldback.

If I after (b) renewal_i' number of data blocks size_i' more than update beforeCA then needs to calculate subsetFetch by S at B_newThe empty data block indexed and (β-1) (size_i'- size_i) individual obfuscated data block (S_newGeneration method see IBS.Initial step 1).By S_wenWith S_iMerge and obtain S_i'=S_i∨ S_new, I will be belonged to after the encryption completing the write of data, the renewal of version number and data block_i' data block together with obscuring block Together foldback returns B.Finally, by I_iAddr in T_iField is updated to S_i'。

Amendment operation alter and deletion action delete realize step and write operation write is basically identical, difference It is the difference (data block contents 0s is replaced and is labeled as sky by deletion action) of update content.Fig. 4 illustrates IBS scheme and exists The key operation flow process in this stage of data search.

It addition, when needing to add new index document, only need to first check index document identifier to be added the most It is present in T.If existing, then perform write operation write；If not existing, then the step pressing IBS.Initial adds index literary composition Shelves can (when it should be noted that execution initialization algorithm, B be in this locality, and adds document I the most again_iTime B be stored in CSP, Now need to calculate S ← Γ (IID_i) and from S, determine a length of size_iSubsetWith a length of α·size_iSubsetDownload from B byThe data block of index goes back to this locality, then by data pair to be added By S_iThe block of index covers).

2. the user identity access control method that ciphertext is relevant

Can relate to the data consumer of different identity type in system design based on IBS-SSE, data owner has Weigh and specify access control policy for its document.The present invention designs the relevant user identity of an easy Ciphertext policy for this and accesses Control method, the method is mainly with Bloom Filter (Bloom Filter) for the core realized.Make L={l_i|1≤i≤ Card (L) } represent IBS-SSE system model in all of card (L) plant user identity type, each data consumer all belongs to In one of which identity type.For document F, if document owner specifies the identity class of the data consumer of addressable the document Type belongs to the set that radix is x (1≤x≤card (L))Then by the h of Bloom Filter independent hash function HASH={H₁,H₂,...H_hWillIn x element map in the bit string vector P of a length of q, P is and is bound to document F's Access control policy, will write index document with the identifier of F and is stored in IBS.When certain data consumer wants to access F Time, the executor CA that access controls, after operation IBS.Access gets the relevant index document of F, can be filtered by Broome Device, judge according to P whether identity type l of this data consumer belongs to sets of authorizationsIf belonging to, the match is successful, is not belonging to Then it fails to match.The generation of access control policy P and access control the concrete methods of realizing of coupling respectively such as algorithm 1, algorithm 2 institute Show:

3.IBS-SSE scheme

Dynamic symmetry can search for encipherment scheme IBS-SSE and is mainly made up of, by them following 8 polynomial time algorithms Interact with blind destination server.This programme uses the blind memory mechanism IBS of index to be indexed the storage and management of document, logical Cross it and realize the search of complex conditions.

IBS-SSE.Setup: run on CA end.Using security parameter as input, defeated for cryptographic primitive all in scheme Go out key K_SSE；Create user list, for existing subscriber's distributing user ID and formulate identity type.

IBS-SSE.IndexGen: run on CA end.By a collection of document and Qi Nei all possible document properties group Cooperation, for inputting, for every part of document distribution document identifier and generates access by the user identity access control method that ciphertext is relevant Control strategy；Generate index document sets merging and process index document with IBS.Initial algorithm initialization IBS mechanism.

IBS-SSE.Enc: CA end or user side may be run on.The document that need to add is encrypted and sends to CSP； The identifier of the document, document properties and access control policy are sent to CA to update index (when running on user side simultaneously Time).

IBS-SSE.Trapdoor: run on user side.Visitor utilizes search condition and my identity to generate search and falls into Q is also sent to CA by door Q.

IBS-SSE.Search: run on CA end.CA runs IBS.Access algorithm to obtain and search condition after receiving Q Corresponding index document, and carry out authorizing coupling, final requirement to visitor's identity and destination document according to access control method CSP returns the destination document that the match is successful.

IBS-SSE.Dec: run on user side.Using ciphertext as input, decipher and restore document in plain text.

IBS-SSE.AddUser: run on CA end.First check for new user the most existed with in user list, if nothing, Then for its distributing user ID specify identity type.

IBS-SSE.AddDoc: run on user side and CA end.Wherein user side is responsible for encryption and uploads new document, and will The new identifier of document, document properties and access control policy inform CA；CA end is responsible for indexing according to gained information updating.

Compare existing symmetry and can search for encipherment scheme, first, the invention provides and include any multidimensional keyword query With range query in interior complex conditions search, improve the defect that existing scheme search condition is single；Second, ensureing search The while of with other key operations high efficiency, present the enhanced scalability of reply mass data；3rd, it is possible to be applicable to The complicated applications model of " many data owners-many data consumers ", it is ensured that data content, search trapdoor and user identity Privacy, hiding data accesses access module, and allows data owner to specify access delegated strategy.

The advantage proving this technology here mainly by functional contrast and experimental data.Test and running Windows7 Realizing on the notebook computer of operating system, outfit Intel Core i5-3210M processor and 4G internal memory, code is by Java language Speech, sql like language and storehouse of increasing income are write, and wherein Crypto++ is applied to block cipher (AES) and impact resistance hash function (SHA256) realization.

Table 1 gives the BSTORE-SSE that the IBS-SSE scheme of present invention proposition, Naveed et al. propose^[11]Scheme and The EMRS scheme that Li et al. proposes^[56]Between functional contrast.These three scheme is all based on the design of blind memory mechanism. BSTORE-SSE conceals access module by the utilization of blind storage, but the program only allows single keyword search, therefore difficult With diversified search need in satisfied actual application.On the basis of BSTORE-SSE, EMRS achieves the row of multi-key word Name search and access control, but the program all cannot meet the application feelings of many data owners (i.e. multiple data origin) with the former Border.Having drawn the elite of Naveed et al. scheme, IBS-SSE scheme proposed by the invention not only conceals access mould to CSP Formula, also achieves the complex conditions search including any multidimensional keyword query and range query.Additionally, with IBS-SSE The EMRM system set up can be flexibly applied to the user model of " multiple-owner-multi-user ", and provides solution dissimilar The requirements for access of user and the access control method of privacy requirements.

Table 1

Followed by experimental result, just index foundation, search access and document and add three parts and IBS-SSE is commented Estimate.In an experiment: make α=β=4 to ensure that IBS mechanism the most occupied number of data blocks in array B is less than n_BThe situation of/4 Lower unexpected probability p stopped_err≤2^-40；Make function number h=7 of hash function group HASH, to ensure at card (L)=3 Minimum with the probability of miscarriage of justice of Bloom Filter in access control method in the case of vector a length of 32 of P.Experiment is respectively The data set that document properties dimension is Dim=3, Dim=6, Dim=9 is carried out, and takes respectively from this three classes data set The subset of 128MB, 256MB, 512MB, 1G, 2G carrys out survey calculation expense, makes n_B=2 × 10⁴。

1. index is set up:

The performance measurement of index establishment stage covers in IBS-SSE.IndexGen algorithm and generates (containing step except indexing in plain text Suddenly all operations outside (1)), mainly includes indexing document name and IBS.Initial algorithm (includes indexing piecemeal, two dimension Inquiry table write and encryption of blocks of data).The index generation performance generating with can search for encipherment scheme of index is unrelated in plain text, and institute The work of other correlational studyes is had all to give tacit consent to this operation of ignorance.In this stage, index document name is the most less, time complexity For O (card (Α)), only with data set attribute combined number (i.e. index document number) linear correlation；IBS.Initial(IND, T,K_IBS) occupying major part computing cost, its time complexity can be designated as O (card (Α)+n_B), only with data set attribute group Close number card (Α) and length n of B_BRelevant, and unrelated with the data volume of data set.Fig. 5 demonstrates this point: card (Α) It is doubled and redoubled with the increase of document properties dimension Dim, the increase linear increase of personal attendant card (Α) when index is set up；Work as card (Α) certain and time data set varies in size, it is basically identical that duration set up in index, as it can be seen, as Dim=6, index is set up Required time maintains essentially between 13s～15s.Visible, when attribute dimensions is fixed, this programme can be with a length of time stable Different magnitude data sets set up index.

2. search accesses:

Search dial-tone stage mainly comprises index acquisition and access controls two primary operational and (notes the most only considering The operation of Situation-1, because the document acquisition operation in Situation-2 is unrelated with the search performance that the present invention pays close attention to, And its time overhead is the most negligible).

Index obtains the search reduction (containing updating) of generation and the index including trapdoor in operation: the former is by IBS- SSE.Trapdoor completes, and time complexity is O (Dim), and the latter is mainly completed by IBS.Access algorithm, and both of which is not counted According to collection size impact.Fig. 6 illustrates when initiating to search with same inquiry trapdoor Q (containing multidimensional keyword query and range query condition) During rope request, the computing cost that index obtains is unrelated with data set size, is affected the most little by attribute dimensions.It addition, with regard to this Bright known, the experimental result of encipherment scheme is can search for about the complex conditions supporting any multidimensional keyword query and range query Extremely limited, that comparing function is similar APKS scheme, when Dim=9 and index number are consistent, APKS needs 42s to complete rope Draw and search for and IBS-SSE only needs 0.5s (and IBS-SSE has also counted trapdoor generation, index reduction and the expense updated).Therefore, When Q fixes, this programme shown when searching for the data set of different pieces of information amount size and attribute dimensions enhanced scalability and Efficientibility.

Fig. 7 illustrates when the attribute dimensions of data set document is fixed as Dim=9, with different trapdoor Q₁、Q₂With Q₃Right Calculating time overhead when different size of data set scans for, is wherein described in Q₁, Q₂And Q₃Search condition respectively For: During as it can be seen, data set varies in size when search condition is certain, rope The time overhead drawing acquisition is basically identical；When search condition is different, data set size is identical, the time overhead that index obtains Also about 0.5s is maintained.Therefore, when attribute dimensions is fixed, this programme can be with stable efficiency in different size of data Search is completed according to different Q on collection.

Due to the time delay laziness update method used in IBS.Access, the index acquisition stage also needs to undertake index upgrade Computing cost.In this programme, index upgrade is time-consumingly grown and is only asked number relevant to pending corresponding renewal.Fig. 8 shows When data set attribute dimension is Dim=9, in a secondary index obtains operation, updates portion index document (add a line number According to) needed for time overhead account for index and obtain the proportion of overhead of operation, it is seen that update operation accounting seldom and not with data Collection size variation, the time overhead obtained substantially without impact index.

Reduction index document after, document need by access control method complete authorize coupling.Fig. 9 illustrates and is not belonging to together Property dimension and data volume data set under complete once to access the time controlling coupling, total divided by coupling document by mating total duration Number gained, consumed computing cost is almost in 0, negligible.

3. document adds:

When adding a document F to data set_newTime, the data side of uploading needs for F_newDistribution FID_new, generate be used for updating The trapdoor of requestAnd formulate access delegated strategy P by access control method_new, CA needs content to be updated is write FS List, required amount of calculation data volume with data set own is unrelated.Figure 10 illustrate the calculating time overhead adding a document with Relation between data set attribute dimension and data volume, it is seen that it is time-consuming not by the shadow of the size of data set own that document adds operation Ring, affected by attribute dimensions the most little, be substantially maintained near 0.2s.

Symmetry based on the design of IBS memory mechanism can search for encipherment scheme IBS-SSE and can be combined sql like language by Java language Completion code realizes.In case of target storage document is for electronic health record data set FILE, the document of composition FILETopology example as shown in table 1, can present with the file format of xml, whereinIt is to share Content, f represents case history content,Represent case history property content；It is the private identity information of document owner, the only owner I and the data consumer authorized could conduct interviews under specific security mechanism.Α is all possible attribute in FILE CombinationSet,By Dim=n+m, Dim dimension attribute territory is constituted and each Attribute domain all wraps altogether Containing a property value.Wherein r_xRepresent scope generic attribute R_xProperty value, scope generic attribute generally refers to such as " age ", " day Phase " etc. the Numeric Attributes that can arrange in order of property value；w_xThen represent key word generic attribute W_xProperty value, key word generic Property generally refers to such as the character type attribute such as " sex ", " position ".The attribute dimensions of F can spread, hereinafter simplify statement, F is made to be made up of three-dimensional properties territory, then temporarilyWherein r is the property value of Attribute domain R (representing " age "), w₁And w₂ It is respectively Attribute domain W₁(representing " sex ") and Attribute domain W₂The property value of (representing " disease type "), now card (Α)=| R | ×|W₁|×|W₂|。

Table 1

From the point of view of the identity of data access person with data access purpose, at IBS-SSE.Trapdoor, IBS- To there are two kinds of data access situations in the SSE.Search scheduling algorithm stage: make the Situation-1 person U that represents data access_iFor going out Individual or mechanism according to ad hoc inquiry conditional search data is needed rather than the situation of data owner, order in just cause Situation-2 represents data access person U_iFor data owner or the authorized situation directly obtaining data person.IBS- The detailed description of the invention of SSE main algorithm is as follows:

IBS-SSE.Setup (λ):

At system establishment stage, CA is using safety coefficient λ as input.

(1) utilize Crypto++ storehouse of increasing income, for system, the cryptographic primitive used is generated key K_SSE=K_IBS。

(2) creating user list UL according to known users set, list length is designated as | UL |.I-th node generation in UL Table user U_i=＜ UID_i,UN_i,BI_i,TS_i,ε_i＞, wherein UID_iIt is set as U_iID, UN_iFor U_iUser name, BI_iBag Include U_iEssential information (including name, age, address, contact method, work etc.), TS_iIt is at U_iGenerate every time and upload new The timetable of document, ε_iIt is belonging to U_iRandom factor.UID_iBy to U_iUnique identification card number id_iMake universe impact resistance Connecting with l after hash conversion Η generation, mode is as follows:

s_i←H(id_i) (1)

UID_i=＜ s_i| | l ＞ (2)

s_iIt is id_iReformulations (this sentences a length of | s_i| string representation), l ∈ L be mark U_iUser identity class The character of type.

(3) by < UID_i,TS_i,ε_i> it is sent to user U_i。

UID_iUsing as user's identification in systems and encryption and decryption privacy of user identity dataKey, it is only Can be by U_iI holds (certain CA also needs to preserve portion).In actual applications, UID_iCan be identified by scanning and make With, if conditions permit, the available bio information such as fingerprint or iris is as s_iReplace id_iGenerate UID_i, strengthen safety with this Property.

IBS-SSE.IndexGen (FILE, Α):

Index generating algorithm is by the set FILE combinations of attributes all possible with it of document FSet Α as input, Operation below performing:

(1) it is every a document F_j∈ FILE generates document identifier FID in the following manner_j:

{FID}_{j} &LeftArrow; H (U I D | | t) &CirclePlus; ϵ

Wherein UID is F_jPossessory ID, t is F_jThe generation time, ε is the random factor that document owner is exclusive. Meanwhile, according to F_jThe access rights that the owner specifies for it, are generated by the user identity access control method that ciphertext is relevant and visit Ask strategy P_j, P_jIt it is the bit string vector of 32.

(2) being that FILE initializes and set up index collection of document IND and two-dimensional polling list T, algorithm 3 describes to be set up Journey:

For arbitraryCreate portion index document I_i.WillIt is designated as meeting document propertiesAll literary compositions The set of shelves identifier.T={T_j| 1≤j≤card (Α) } it is one and will be used for indexing the 3 row × card (Α) of document searching The two-dimensional polling list collection of row, often row tuple both corresponds to a index document I_i, it is represented byWherein wrap Containing I_iIdentifier IID_i, jth scope generic attribute thresholding after order preserving transformationAnd record is by I_iSplit by form Data block character string addr of address in IBS_i(being initialized as sky).T is reduced to T={T} herein, and its tuple is designated asAll tuples are according to E_rSize by ascending order arrange.

(3) IBS.Initial (IND, T, K are run_IBS) to initialize IBS.

(4) the index collection of document IND being stored into IBS sends to CSP and takes care of in CA local by T.Due at this programme Middle CSP is only responsible for uploading download work and not performing calculating task, and therefore CSP end can be directly by cloud storages such as such as Dropbox Application realizes.

IBS-SSE.Enc (FILE):

Encrypting stage is with collection of document FILE for input.To arbitrary documentAdd by following subregion Close mode is encrypted:

{SE}_{F I D} (\overset{\cdot}{F}) &RightArrow; \overset{\cdot}{C}

{SE}_{U I D} (\overset{\cdot\cdot}{F}) &RightArrow; \overset{\cdot\cdot}{C}

After willSend and be stored in CSP.

To shareable dataWith privacy of identities dataThe method carrying out subregion encryption is protection user's body Part privacy also meets the requirements for access of dissimilar user and lays a good foundation.Calculate it addition, be used here traditional symmetric cryptography Method AES carrys out encrypted document, it is also possible to use more complicated encryption mechanism (such as BS) to seek higher safety neatly.

IBS-SSE.Trapdoor ():

(1) in Situation-1, U_iSearch trapdoor should be submitted to CAWherein Describe U_iThe different of attribute thresholding each to destination document require (i.e. querying condition), UID_iThen indicate U_iIdentity.Require emphasis , in order to ensure the accurate description to different attribute territory,Pattern of the input must be fixing, but describe then can be very Flexibly.Specifically, U_iCan be that scope generic attribute specifies a numerical value or a numerical range (such as to would indicate that the D at age_R It is set to " 5 " or " 1～5 "), when data consumer is to Attribute domain R_xSearch condition beTime, utilize Order preserving transformation function X is to D_RMake conversion and can obtain its encrypted formCan be to close Keyword generic attribute specifies any number of key word (such as to would indicate that disease typeBe set to " catch a cold, fever, cough " or " hypoglycemia "), when data consumer is with z key definition attribute field W_xTime,Utilize universe Pseudo-random function Ψ is to D_WIt is encrypted and can obtain its encrypted formIf it is right Certain attribute field is without particular/special requirement, it is allowed to property value is empty.If the value of each attribute field is sky, then destination document is whole Individual set.

(2) in Situation-2, data owner U_iDestination document can be known by subscription client local information FID.Specifically, UID is i.e. utilized_i、TS_iIn generation time t and ε_iCalculate FID.

IBS-SSE.Search(Q,T,K_IBS):

(1) in Situation-1, CA will receive from U_iSearch trapdoor Q after run IBS.Access, use SQL Inquire about, obtain with Q described in index document corresponding to search condition decipher reduction.Then, CA can be controlled by access Method processed is to UID_iMake to access mandate coupling with (FID, the P) s that own comprised in index document, and finally request is returned at CSP Return the ciphertext block data of the identified document of FID that the match is successful.

(2) in Situation-2, U_iDirectly can return the ciphertext block data of destination document to CSP request according to FID.

IBS-SSE.Dec (C):

Decipherment algorithm is with ciphertextAs input, U_iCan pass throughObtain shared with the portion in F Point.Only data owner can pass through with authorized personObtain privacy of identities part.

IBS-SSE.AddUser (s', l', UN', BI', TS'):

After receiving the request adding a new user, first check in user list UL according to s' and the most there is this use Family.If nothing, CA then distributes UID for new user_|UL|+1=<s'| | l'>, and by U_|UL|+1=< UID_|UL+1|,UN',BI',TS',ε'> It is linked into UL, | UL |=| UL |+1.It then informs new user is with < UID_|UL+1|,TS',ε'>。

IBS-SSE.AddDoc(F_new):

(1) first, the data side of uploading performs Enc algorithm and by the F after encryption_newIt is uploaded to CSP.Meanwhile, F is sent_new's Document identifier, the trapdoor describing its attribute and owner's identity and access control policyTo CA End.

(2) CA need to check F_newThe owner whether be present in user list UL, if nothing, then then first carry out AddUser algorithm.

(3) CA calls in good timeAlgorithm is to complete the renewal of relative index document.

In the present invention, the assignment of relevant parameter symbol is described as follows shown in table:

Claims

1. the encryption method of can search for based on secret protection under a cloud storage environment, it is characterised in that the method mainly realizes Process is as follows: make L={l_i| 1≤i≤card (L) } represent IBS-SSE system model in all of card (L) plant user's body Part type, card (L) represents user identity type l_iThe radix of set L, each data consumer belongs to one of which body Part type；For document F, if it is x that document owner specifies the identity type of the data consumer of addressable document F to belong to radix SetThen by the h of Bloom Filter independent hash function HASH={H₁,H₂,...H_hWillIn x Element maps in the bit string vector P of a length of q, and P is the access control policy being bound to document F, and P is with the identifier one of F Play write index document and be stored in IBS-SSE system model；When certain data consumer wants to access F, access holding of control Passerby is after getting the relevant index document of F, by Bloom Filter, the identity class that judges this data consumer according to P Whether type l belongs to sets of authorizationsIf belonging to, the match is successful, is not belonging to then that it fails to match；1≤x≤card(L).

The encryption method of can search for based on secret protection under cloud storage environment the most according to claim 1, it is characterised in that The generation process of access control policy P includes: initially set up the bit string vector P of an a length of q, and bit string vector P is every Value be initialized as 0；For either elementUtilize each function in hash function group HASH one a pair l_iCarry out Hash and obtain h Hash Round Robin data partition H₁(l_i), H₂(l_i) ... H_h(l_i), update Broome according to this h address and filter Device vector, makes the value of these positions of Bloom Filter vector be changed by 0 and is set to 1, finally return that the Broome being updated successfully filters Device vector is as access control policy；

Access the process that implements controlling to mate to include: firstly generate integer number flag=0, for the identity type of visitor L, utilizes a pair identity type of each function 1 in hash function group HASH carry out Hash and obtain h Hash Round Robin data partition H₁(l), H₂(l) ... H_h(l)；One by one check vector P in by these allocation indexs to place value, if value is 1, then flag+=1；If value is 0, then it fails to match.Finally, if flag=h, then the match is successful.

The encryption method of can search for based on secret protection under cloud storage environment the most according to claim 1, it is characterised in that DocumentComprise document identifier ID, document properties combined arrangementWith document common content f, document properties CombinationDimension be designated as Dim=n+m,It is made up of Dim Attribute domain and each Attribute domain is equal Comprise property value, wherein a r_kRepresent scope generic attribute R_kProperty value, w_yThen represent key word generic attribute W_yProperty value； Order | R_k| represent R_kTerritory all possible property value number, | W_y| represent W_yField all possible property value number, then at literary composition Shelves set FILE in, make A be all document properties combination set, then the radix of A be card (A)=| R₁|×|R₂|×...× |R_n|×|W₁|×|W₂|×...×|W_m|；Wherein, 1≤k≤n；1≤y≤m.

The encryption method of can search for based on secret protection under cloud storage environment the most according to claim 1, it is characterised in that The detailed process obtaining index document relevant for F includes:

1) the access trapdoor from data user is being receivedQ describes data The data search condition of user, whereinDescribe data consumer to each attribute of destination document The different requirements of thresholding, UID then indicates the identity of access requestor, specifically, D_RDescribe the value to a scope generic attribute Requirement；D_WDescribe the requirement of value to a key word generic attribute；When data consumer is with [r_x1,r_x2],r_x1≤r_x2Definition belongs to Property field R_xTime,Utilize order preserving transformation function X pairConvert to obtain its encrypted formWhen data consumer is with z key definition attribute field W_xTime, Utilize universe pseudo-random function Ψ pairIt is encrypted to obtain its encrypted form Afterwards, access the executor CA controlled and can inquire about qualified index document identifier (IID) in two-dimensional polling list according to Q S, and by all corresponding tuple (addr) s combination producing subsetsBy S_QThe data block total number indexed is designated as size_Q, n_B=α b_max；α is the spreading factor of IBS, b_maxBeing the number of data blocks upper limit being available for storage in array B, B is for containing n_B=α b_maxThe array of individual data block；When the scope generic attribute territory condition in QAt least one non- Time empty, select the attribute R that given range codomain is minimum_min, 1≤min≤n；CA is according to given minimum value scopeLocation By R_minThe two-dimensional polling list T of sequence_minIn meetTuple, recyclingCarry out The coupling of other Attribute domains；When the scope generic attribute territory condition in QDuring all skies, then directly utilizeThe tuple of arbitrary table in two-dimensional polling list collection T is mated；

2) CA selects a random number τ and generates a pseudorandom integer ordered series of numbers V ← Γ (τ), with the front β size of V_QIndividual difference Integer array become pseudorandom subsetV_QBe for access trapdoor Q access operation prepare obscure subset；Γ is pseudo- Random number generator；β is the confounding factors of IBS；

3) CA will be by S_QAnd V_QThis locality is upset and be jointly downloaded to the data block indexed, and utilizes Deciphering is by S_QThe data block that indexes also recovers and indexes document accordingly；B [i] is the i-th data block in B；Φ be pseudo-with Machine function, K_ΦIt is the key for Φ, v_iIt is the version number of i-th data block,I.e. utilize Φ and K_ΦTo character string (v_i| | i) make pseudo-random process；

4) after recovering the index document that identifier is (IID) s, CA travels through terminal list FS according to (IID) s, if in FS Exist to certain part index document more newly requested, the most first it is updated, remove this request, then will update after index literary composition Shelves are as indexing document accordingly；

5) when needing to add new index document, first check whether index document identifier to be added is present in T, if Exist, then perform write operation；If not existing, adding the most in the steps below and indexing document:

5a) will index document sets IND, number of data blocks upper limit b_max, two-dimensional polling list collection T and K_IBSAs input, will index literary composition Every part of index document I in shelves collection IND_iIt is split as size_iIndividual data block, as index document I_iTotal byte length length_iNo When can be divided exactly by ω, front length_i/ ω data block size is ω, and last size data block less than ω is filled by 0s To ω, all data blocks all comprise two head fields, and one of them is responsible for recording IID_i, another is then responsible for record I_iVersion Number v_i, v_iIt is initialized as 0；

5b) data blocks all in B are initialized as 0s, to each index document I in IND_i, IID_iFor index document I_iID, With σ=IID_iFor seed, generate an integer Number Sequence S ← Γ (σ), from the beginning of sequence S, select size_iIndividual different whole Type number, and guarantee that the data block in the B indexed by these integer numbers is sky；WithRepresent raw by σ and pseudo random number Before the Γ that grows up to be a useful person generatesIndividual integer number, creates a pseudorandom subsetS_i=Λ [σ, size_i]；

Pseudo-random function Φ 5e) is utilized all data blocks in B to be encrypted.