CN107679408A - Regular language searching system in safe cloud storage - Google Patents
Regular language searching system in safe cloud storage Download PDFInfo
- Publication number
- CN107679408A CN107679408A CN201710888030.4A CN201710888030A CN107679408A CN 107679408 A CN107679408 A CN 107679408A CN 201710888030 A CN201710888030 A CN 201710888030A CN 107679408 A CN107679408 A CN 107679408A
- Authority
- CN
- China
- Prior art keywords
- msub
- mrow
- msubsup
- user
- trapdoor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The present invention relates to the regular language searching system in a kind of safe cloud storage.Regular language of the input of the AES of the system for a public key and using random length character string descriptor, the ciphertext of generation are sent to Cloud Server;In the data retrieval stage, user defines a deterministic finite automatonAnd generated using its private keyTrapdoor,Define one group of state transfer set, original state and receive state.And if only if is embedded in regular language quilt in ciphertextTrapdoor when receiving, the document is considered as matching document.The present invention can accommodate any more symbol, and can increase new symbol at any time, substantially increase the practicality of scheme;Moreover it is possible to reduce the storage overhead of wireless subscriber terminal, it is easy to the flexible expansion of system.
Description
Technical field
The present invention relates to the regular language searching system in a kind of safe cloud storage
Background technology
Cloud storage is a kind of emerging memory module, can provide the user expansible, flexible and pay-for-use service.
For personal use, user can access their data using any equipment whenever and wherever possible.When one group of user uses cloud
During storage, it allows group member synchronization and manages all shared documents.In addition, it is also saved for buying storage for user
The fund input of equipment.Cloud storage also causes many securities while providing convenient for client.All data are deposited
Storage is on multiple servers of cloud service provider, therefore client can not grasp its data completely.Because server may be hacked
Visitor's invasion, or internal staff may leak data obtain commercial interest, therefore users worry the privacy concern of document.With
Family wishes to use encryption technology, to protect the confidentiality of data, to have triggered another problem again:How to be carried out in a large amount of ciphertexts
Data retrieval.User can not possibly download all storage informations and it be decrypted and then again to retrieving in plain text, and can not bear
Huge transport overhead and very long data retrieval times.
Can search for encryption technology data can not only be encrypted protection, and can be before data-privacy is not destroyed
Put and support efficient function of search.User generates search trapdoor using its private key and sends it to Cloud Server.Receive
After trapdoor, Cloud Server scans on the premise of ciphertext not being decrypted to encryption data.In data retrieval process,
Cloud Server will not obtain any cleartext information about encryption data and user searches for the information of content.However, most of can
Search encipherment scheme only supports basic search pattern, such as single keyword search, links keyword search and boolean search.
Cloud computing is industry with keen competition, there is provided good Consumer's Experience is most important.
Although cloud computing is the service mode of next generation network, safety and privacy concern are to hinder it in practical application
In be widely accepted major obstacle.Chang et al. have studied the security of cloud computing, including fire wall, access control, identity
Management, intrusion prevention and polymerization encryption.Zheng et al. proposes a kind of mobile framework to realize remotely resident multimedia service safety
Access.Someone have studied the security architecture of business cloud, it realize safe and reliable cloud service and can safe handling it is a large amount of
Data.
Evincible data hold (PDP) and provide a kind of probabilistic verification method for cloud computing to prove that the data of user are complete
Whole property.Barsoum et al. have studied the design principle of PDP constructions, and indicate the limitation of existing PDP models.Wang et al.
Propose a kind of PDP models of the identity-based for the storage of multiple Cloud Servers.It eliminates the certificate management of complexity, and energy
Enough carry out polytype checking.Li et al. have studied in resource-constrained devices it is provable hold scheme, reduce big gauge
Expense is calculated, realizes dynamic data operation.Omojte et al. proposes a kind of lightweight encoding scheme to support multiple users.
Can search for encryption technology can protect data-privacy, while support user to inquire about encrypted document.Since
Since Song et al. proposes this concept, it causes increasing concern.Wang et al. utilizes one-to-many order preserving map side
Method realizes keyword sorted search scheme in file is encrypted.Liu et al. reduces query cost, and inquiry is categorized as more
Individual grade.Xu et al. combines public key encryption and fuzzy keyword search devises the public key encryption framework of fuzzy keyword search.
Li et al. introduces relevance score and preference heterogeneity can carry out accurate keyword search, and utilizes the sub- word of classification
Allusion quotation improves efficiency.
Cui et al. introduces the concept that key polymerization can search for encryption so that data owner only sends single to user
Key just can share large volume document.Yang et al. devise one it is time-based can search for encipherment scheme, search permission is referring to
User is awarded in the fixed time.Someone introduces the encryption mechanism based on attribute and is used to can search for encryption so as to searching
Rope authority carries out fine-granularity access control.Chen et al. proposes a kind of two server model to resist keyword guessing attack.
Someone have studied based on the encryption technology of lattice so as to after constructing the quantum epoch can search for encipherment scheme.
Someone have studied can search for encrypting in mobile environment.When mobile group changes, Xia et al. is non-right using dynamic
Group cipher key negotiation protocol and allograph is claimed to update ciphertext.Somebody have studied the scheme of no safe lane to resist keyword
Guessing attack.Later, Liang et al. propose support regular language search can search for encipherment scheme.However, it have it is several tight
The problem of weight.First, user must interact with key generation centre can just scan for inquiring about.Secondly, when system is set
When, it is necessary to pre-defined assemble of symbol.The size of Your Majesty's key increases with the growth of the set, when predefined glossary of symbols becomes
When big, Your Majesty's key needs to consume bigger memory space.If adding new symbol, whole system must be rebuild.The
Three, encrypting with trapdoor generating algorithm, user needs to perform a large amount of powers calculating.Therefore, Liang scheme should for cloud storage
It is impracticable for.
The content of the invention
It is an object of the invention to for regular language search, storage and computing cost in existing scheme, can not be supported big
The problems such as, there is provided the regular language searching system in a kind of safe cloud storage, much more any symbol can be accommodated, and can be with
Symbol new Shi Zengtian, substantially increase the practicality of scheme;Moreover it is possible to the storage overhead of wireless subscriber terminal is reduced, just
In the flexible expansion of system.
To achieve the above object, the technical scheme is that:A kind of regular language searching system in safe cloud storage,
Including key generation centre, Cloud Server;
The key generation centre, for generating public/private keys pair for user;
The Cloud Server, for providing the user cloud storage service;
When system is established, key generation centre generation common parameter, and generate public/private keys pair for each user;Then,
The document data of data owner is encrypted generation ciphertext and is sent to Cloud Server storage by key generation centre, meanwhile,
The keyword character string of document data is encrypted, to describe this article file data;
When user carries out data retrieval inquiry, by key generation centre using private key generation search trapdoor, then should
Trapdoor is sent to Cloud Server, and Cloud Server searches for matching document data according to trapdoor, and returns to user.
In an embodiment of the present invention, the specific implementation of key generation centre generation common parameter is as follows,
Setup(1κ)→PP:Key generation centre performs Setup algorithms, with security parameter 1κFor input, algorithm selects at random
Select h0,h1,h2,h3,h4,φ1,φ2,η∈RG andCalculate g1=ga,g2=gb, obtain common parameter PP=
(g,g1,g2,h0,h1,h2,h3,h4,φ1,φ2,η);Wherein, H:GT→ G is hash function, and G is Prime Orders p bilinearity group, g
∈ G are G generation members.
In an embodiment of the present invention, key generation centre is the specific implementation side that each user generates public/private keys pair
Formula is as follows,
KeyGen(PP,u)→(PKu,SKu):For user u, key generation centre random selectionCalculate Y=e (g1,g2)α,Y0=gs',Then
Public/private keys are exported to (PKu,SKu), wherein, PKu=(Y, Y0,Y1,Y2,Y3,Y4,Y5), SKu=(α, s', s ", s " ').
In an embodiment of the present invention, the specific reality that the document data of data owner is encrypted key generation centre
Existing mode is as follows,
Enc(PKu, W={ w1,...,wl})→CT:Key generation centre is with character string W and public key PKuTo input, at random
SelectionCalculate C0=H (Ys), C1=gs, C2=ηs,C5,i=si/ s',
C6,i=wxsi-1/ s ", C7,i=wisi/ s " ', output ciphertext CT=(C0,C1,C2,C3,C4,{C5,i}i∈[0,l]{C6,i,
C7,i}i∈[1,l]), and it is sent to Cloud Server.
In an embodiment of the present invention, the specific implementation by key generation centre using private key generation search trapdoor
It is as follows,
TokenGen(SKu, M=(Q, Σ, T, q0,qn-1))→TK:Trapdoor generating algorithm is performed, and inputs the private key of user
SKuM=(Q, Σ, T, q are represented with DFA0,qn-1);
In DFA expressions, Q is state set { q0,...,qn-1, wherein, q0It is original state, qn-1It is to receive state, T
It is state transfer set, the transfer of each of which state is all a tuple| T |=m;
Random selectionAnd { ri}i∈[0,l],User calculatesT2=gu, T3=gr, T6,t=rt/ s', T7,t=ut/ s', Ts,t=rtσt/ s ",
Export TK=(T1,T2,T3,T4,T5,{T6,t,T7,t,T8,t}t∈[1,m]), and send it to Cloud Server and inquired about.
In an embodiment of the present invention, Cloud Server matches the specific implementation of document data according to search trapdoor search
It is as follows,
Test(CT,TK)→1/0:Using ciphertext CT and trapdoor TK as input, Cloud Server calculates:
If equation H (Γ)=C0Set up, algorithm output 1, represent that trapdoor matches with encrypted indexes, and user is returned
The document F corresponding with ciphertext CT;Otherwise 0 is exported.
Compared to prior art, the invention has the advantages that:
(1) regular language is searched for:Present invention employs regular language search, and compared with other schemes, the present invention can carry
For more flexible search pattern;In the system, the input of AES for a public key and utilizes random length character string descriptor
Regular language;The ciphertext of generation is sent to Cloud Server;In the data retrieval stage, it is limited certainly that user defines a certainty
Motivation (DFA) simultaneously utilizes its private key generation DFA trapdoor;DFA defines one group of state transfer set, original state and receives shape
State.When the regular language that and if only if is embedded in ciphertext is received by DFA trapdoor, the document is considered as matching document;
(2) dynamic attribute:Any more symbol can be accommodated in the system, and new symbol can be increased at any time, greatly
The big practicality for improving scheme;Moreover it is possible to reduce the storage overhead of wireless subscriber terminal;It is easy to the flexible expansion of system;
(3) odds for effectiveness:The present invention is established on the basis of symmetrical Prime Orders Bilinear Groups, than closing number rank and asymmetric element
Number rank Bilinear Groups are more efficient.;In addition, encryption and trapdoor generating algorithm are also efficient.
Brief description of the drawings
Fig. 1 is present system framework.
Fig. 2 is the DFA of the present invention course of work.
Fig. 3 is the example of the industrial cloud storage of the present invention.
Embodiment
Below in conjunction with the accompanying drawings, technical scheme is specifically described.
Regular language searching system in a kind of safe cloud storage of the present invention, including key generation centre, Cloud Server;
The key generation centre, for generating public/private keys pair for user;
The Cloud Server, for providing the user cloud storage service;
When system is established, key generation centre generation common parameter, and generate public/private keys pair for each user;Then,
The document data of data owner is encrypted generation ciphertext and is sent to Cloud Server storage by key generation centre, meanwhile,
The keyword character string of document data is encrypted, to describe this article file data;
When user carries out data retrieval inquiry, by key generation centre using private key generation search trapdoor, then should
Trapdoor is sent to Cloud Server, and Cloud Server searches for matching document data according to trapdoor, and returns to user.
In the present invention, the specific implementation of key generation centre generation common parameter is as follows,
Setup(1κ)→PP:Key generation centre performs Setup algorithms, with security parameter 1κFor input, algorithm selects at random
Select h0,h1,h2,h3,h4,φ1,φ2,η∈RG andCalculate g1=ga,g2=gb, obtain common parameter PP=
(g,g1,g2,h0,h1,h2,h3,h4,φ1,φ2,η);Wherein, H:GT → G is hash function, and G is Prime Orders p bilinearity group, g
∈ G are G generation members.
In the present invention, key generation centre is that the specific implementation of each user generation public/private keys pair is as follows,
KeyGen(PP,u)→(PKu,SKu):For user u, key generation centre random selectionCalculate Y=e (g1,g2)α,Y0=gs',Then
Public/private keys are exported to (PKu,SKu), wherein, PKu=(Y, Y0,Y1,Y2,Y3,Y4,Y5), SKu=(α, s', s ", s " ').
In the present invention, the specific implementation that the document data of data owner is encrypted key generation centre is such as
Under,
Enc(PKu, W={ w1,...,wl})→CT:Key generation centre is using character string W and public key PKu as input, at random
SelectionCalculate C0=H (Ys), C1=gs, C2=ηs,C5,i=si/ s',
C6,i=wisi-1/ s ", C7,i=wisi/ s " ', output ciphertext CT=(C0,C1,C2,C3,C4,{C5,i}i∈[0,l]{C6,i,C7,i
}i∈[1,l]), and it is sent to Cloud Server.
It is in the present invention, as follows using the specific implementation of private key generation search trapdoor by key generation centre,
TokenGen(SKu, M=(Q, Σ, T, q0,qn-1))→TK:Trapdoor generating algorithm is performed, and inputs the private key of user
SKuM=(Q, Σ, T, q are represented with DFA0,qn-1);
In DFA expressions, Q is state set { q0,...,qn-1, wherein, q0It is original state, qn-1It is to receive state, T
It is state transfer set, the transfer of each of which state is all a tuple| T |=m;
Random selectionAnd { ri}i∈[0,l],User calculatesT2=gu, T3=gr, T6,t=rt/ s', T7,t=ut/ s', Ts,t=rtσt/ s ", it is defeated
Go out TK=(T1,T2,T3,T4,T5,{T6,t,T7,t,T8,t}t∈[1,m]), and send it to Cloud Server and inquired about.
In the present invention, Cloud Server is as follows according to the specific implementation of search trapdoor search matching document data,
Test(CT,TK)→1/0:Using ciphertext CT and trapdoor TK as input, Cloud Server calculates:
If equation H (Γ)=C0Set up, algorithm output 1, represent that trapdoor matches with encrypted indexes, and user is returned
The document F corresponding with ciphertext CT;Otherwise 0 is exported.
It is below the specific implementation process of the present invention.
Fig. 1 is the system framework of the present invention.System includes following various types of entities.The characteristics of each entity and function
It is described below:
Key generation centre (KGC):KGC in by system all entities trusted, be responsible for the common parameter of generation system, together
When be system in each validated user generate public/private keys pair.Private key is sent to user, public key by KGC by back channel
Then all users are disclosed, KGC takes care of public key (such as PKI using security management mechanism:PKIX).
Data owner:Data owner utilizes regular language using the personal sensitive data of cloud storage service storage
Document is described, regular language and document are encrypted, and send it to Cloud Server.
Cloud Server:Cloud Server provides the user cloud storage service.Data are generally stored inside logic pond and multiple physics
In server.Cloud Server ensures that authorized user can access data whenever and wherever possible.Cloud Server possesses at surprising data
Reason and computing capability.Cloud Server responds to the search inquiry of user, starts search matching document.
User:User asks Cloud Server to perform measuring and calculation to encryption data.User searches for trapdoor using private key generation,
And send it to Cloud Server and inquired about.
Partial symbols in the present invention are defined as follows.
Because arbitrary (M, W) can be converted into (M', W') (wherein M' only has one kind to receive state), therefore the present invention is only
Consider | F |=1 DFA is represented.In addition, the system supports dynamic set of letters renewal, such as | Σ | it is unlimited size, therefore
DFA expression is defined as M=(Q, Σ, T, q0,qn-1), wherein n=| Q |, m=| T |,
1st, the basic implementation process of the system
1.1 systems are established
Setup(1κ)→PP:Key generation centre performs Setup algorithms, with security parameter 1κFor input, algorithm selects at random
Select h0,h1,h2,h3,h4,φ1,φ2,η∈RG andCalculate g1=ga,g2=gb, obtain common parameter PP=
(g,g1,g2,h0,h1,h2,h3,h4,φ1,φ2,η);Wherein, H:GT→ G is hash function, and G is Prime Orders p bilinearity group, g
∈ G are G generation members.
1.2 user's registration
When user u is to system registry, KGC verifies its identity and advises public/private keys (PK for its generationu,SKu)。
KeyGen(PP,u)→(PKu,SKu):For user u, key generation centre random selectionCalculate Y=e (g1,g2)α,Y0=gs',Then
Public/private keys are exported to (PKu,SKu), wherein, PKu=(Y, Y0,Y1,Y2,Y3,Y4,Y5), SKu=(α, s', s ", s " ').
1.3 encryption
Enc(PKu, W={ w1,...,wl})→CT:Key generation centre is with character string W and public key PKuTo input, at random
SelectionCalculate C0=H (Ys), C1=gs, C2=ηs,C5,i=si/ s',
C6,i=wisi-1/ s ", C7,i=wisi/ s " ', output ciphertext CT=(C0,C1,C2,C3,C4,{C5,i}i∈[0,l]{C6,i,C7,i
}i∈[1,l]), and it is sent to Cloud Server.
1.4 trapdoors generate
TokenGen(SKu, M=(Q, Σ, T, q0,qn-1))→TK:Trapdoor generating algorithm is performed, and inputs the private key of user
SKuM=(Q, Σ, T, q are represented with DFA0,qn-1);
In DFA expressions, Q is state set { q0,...,qn-1, wherein, q0It is original state, qn-1It is to receive state, T
It is state transfer set, the transfer of each of which state is all a tuple| T |=m;
Random selectionAnd { ri}i∈[0,l],User calculatesT2=gu, T3=gr, T6,t=rt/ s', T7,t=ut/ s', Ts,t=rtσt/ s ",
Export TK=(T1,T2,T3,T4,T5,{T6,t,T7,t,T8,t}t∈[1,m]), and send it to Cloud Server and inquired about.
1.5 test
Test(CT,TK)→1/0:Using ciphertext CT and trapdoor TK as input, Cloud Server calculates:
If equation H (Γ)=C0Set up, algorithm output 1, represent that trapdoor matches with encrypted indexes, i.e. the DFA of trapdoor
Receive character string W, and the document F corresponding with ciphertext CT is returned to user;Otherwise 0 is exported.
2nd, Bilinear map
AlgorithmUsing security parameter λ as input, parameter (p, g, G, the G of Prime Orders bilinear map are exportedT,e).Wherein G and
GTIt is Prime Orders p multiplicative cyclic group, g is G generation member.Map e:G×G→GTIt is bilinear map.Bilinear map e has
Three attributes:(1) bilinearity:And a, b ∈ Zp, there is e (ua,vb)=e (uv)ab.(2) non-degeneracy:e(g,g)≠
1.(3) computability:Mapping e can be calculated effectively.
3rd, difficulty is assumed
Assuming that 1 (DBDH:Prejudgementing character bilinear Diffie-Hellman is assumed).G is Prime Orders p bilinearity group, and g is G
Generation member.Random selectionIt is givenAttacker is difficult by e (g, g)abs∈GTWith element Z (from
GTMiddle random selection) both makes a distinction.
4th, deterministic finite automaton is summarized
Deterministic finite automaton (DFA) belongs to computational theoretical category, and it receives or refusal character string, and is each
Input character string and perform unique operation.One deterministic finite automaton M is five-tuple (Q, Σ, δ, a q0,F)。
(1) Q is state set
(2) Σ is one group of assemble of symbol for being referred to as alphabet
(3) δ is transfer function
(4)q0∈ Q are original states
(5)It is the set for receiving state
Symbol T represents one group of associated transfer set of and function δ.IfThen shift Tt∈ T expression
Form isWherein | T |=m.
Assuming that M=(Q, Σ, δ, q0,F).M receives character string W=(w1,w2,...,wl) and if only if by ∈ Σ in the presence of one
Status switch r0,r1,...,rn∈ Q, wherein
1)r0=q0
2) for i ∈ (0, n-1), there are transfer function δ (ri,wi+1)=ri+1
3)rn∈F
Symbol ACCEPT (M, W) represents that deterministic finite automaton M receives character string W, and symbol REJECT (M, W) represents true
Qualitative finite automata M does not receive character string W.If M receives all W ∈ L and refused allIllustrate automatic machine M
L language can be identified, this language is referred to as regular language.
Fig. 2 describes the DFA course of work.There are 4 states, q in example0It is original state, q4It is to receive state.Assuming that
Automatic machine is currently at state q0.Incoming symbol w1Afterwards, state will be from q0It is transferred to q1.Shifted and gathered according to predefined state
T, with symbol wiContinually enter, state can continue to change.If it is (w to input character string1,w2,w6) or (w1,w5,w3,w4,
w6), the DFA in Fig. 2 will receive the character string.If it is (w to input character string1,w3,w6), the DFA in Fig. 2 will refuse the character
String.
5th, industrial cloud storage example
Shown in Fig. 3 is the example of an industrial cloud storage:A kind of process of new product is researched and developed in enterprise plan.Pass through the reality
Example illustrates the operation principle of this programme
The process of research and invention new product comprises the following steps:
1) production schedule:The function of deisgn product, structure and material, and design information is sent to auditing department first.
2) audit:Auditing department is responsible for examining the feasibility and manufacturing cost of the program.If improper, auditing department will
It negate the program.Otherwise, auditing department can be intended to be sent to manufacturing sector.
3) manufacture:After receiving new product designs scheme, manufacturing sector's production sample according to schedule.Then, sample is sent out
Give test organization.If manufacture failure, sample will be sent back to design department.
4) experiment test:Physical property, function and the practicality of test organization's test sample.If sample has passed through all
Experiment test, it is possible to produced on a large scale.Otherwise, the production schedule is sent back to design department.
5) product:By a series of research and development, new product can be launched into market.
According to the studies above and exploitation program, keyword string is defined as:w1=" Design ", w2=" Agree ", w3="
Procedure ", w4=" Pass ", w5=" Disagree ", w6=" Fail "
In system establishment stage, KGC is system generation common parameter and is that each user distributes public/private keys pair, then
The data of enterpriser's generation are encrypted and send it to Cloud Server.Keyword character string is encrypted to retouch simultaneously
State document, such as (CT1,CT2,CT3):
CT1=Enc (pku,(w1,w2,w3,w4))
CT2=Enc (pku,(w1,w5))
CT3=Enc (pku,(w1,w2,w6))
If user wants to carry out data retrieval inquiry, DFA is defined first.Make q0=" ProductionPlan " is initial
State, q4=" Product " is uniquely receives state.Make q1=" Audit ", q2=" Manufacture ", q3="
Experimental Test”。
State transfer set T:
T1=(Production Plan, Audit, Design),
T2=(Audit, Manufacture, Agree),
T3=(Manufacture, Experimental Test, Produce),
T4=(Experimental Test, Pass, Product),
T5=(Audit, Production Plan, Disagree),
T6=(Manufacture, Production Plan, Fail),
T7=(Experimental Test, Production Plan, Fail)
Then user-defined finite automata M is encrypted to search trapdoor TK and sends it to Cloud Server.
Cloud Server performs Test algorithms and finds matching document, then to user's return and CT1Corresponding document F1And text
F in shelves1Include the acceptable crucial word strings of DFA.
The advantage of the invention is that:
(1) regular language is searched for:Present invention employs regular language search, and compared with other schemes, the present invention can carry
For more flexible search pattern.In the system, the input of AES for a public key and utilizes random length character string descriptor
Regular language.The ciphertext of generation is sent to Cloud Server.In the data retrieval stage, it is limited certainly that user defines a certainty
Motivation (DFA) simultaneously utilizes its private key generation DFA trapdoor.DFA defines one group of state transfer set, original state and receives shape
State.When the regular language that and if only if is embedded in ciphertext is received by DFA trapdoor, the document is considered as matching document.
(2) dynamic attribute:Any more symbol can be accommodated in the system, and new symbol can be increased at any time, greatly
The big practicality for improving scheme.Moreover it is possible to reduce the storage overhead of wireless subscriber terminal.It is easy to the flexible expansion of system.
(3) odds for effectiveness:The present invention is established on the basis of symmetrical Prime Orders Bilinear Groups, than closing number rank and asymmetric element
Number rank Bilinear Groups are more efficient.In addition, encryption and trapdoor generating algorithm are also efficient.
Purposes:Cloud computing can provide the user flexible data management and access and service.However, what Cloud Server provided
Storage service is not fully by users to trust.Can search for encryption is to realize the important tool that safety is stored and searched for, and it can
The function of Confidentiality protection and private data retrieval is provided.The present invention proposes a kind of efficient dynamic regular language and can search for
Encipherment scheme.Compared with other existing schemes, the advantage of the invention is that it is supported regular language encryption and had based on certainty
Limit the data retrieval of automatic machine.Dynamic construction ensure that system has higher scalability and without predefined glossary of symbols
Close, reduce computing cost and memory space.The system support multi-user, each user can not with key generation centre
The private key generation DFA trapdoors of oneself are utilized in the case of interaction.
Above is presently preferred embodiments of the present invention, all changes made according to technical solution of the present invention, caused function are made
During with scope without departing from technical solution of the present invention, protection scope of the present invention is belonged to.
Claims (6)
- A kind of 1. regular language searching system in safe cloud storage, it is characterised in that:Including key generation centre, cloud service Device;The key generation centre, for generating public/private keys pair for user;The Cloud Server, for providing the user cloud storage service;When system is established, key generation centre generation common parameter, and generate public/private keys pair for each user;Then, key The document data of data owner is encrypted generation ciphertext and is sent to Cloud Server storage by generation center, meanwhile, to text The keyword character string of file data is encrypted, to describe this article file data;When user carries out data retrieval inquiry, by key generation centre using private key generation search trapdoor, then by the trapdoor Send to Cloud Server, Cloud Server searches for matching document data according to trapdoor, and returns to user.
- 2. the regular language searching system in safe cloud storage according to claim 1, it is characterised in that:In key generation The specific implementation of heart generation common parameter is as follows,Setup(1κ)→PP:Key generation centre performs Setup algorithms, with security parameter 1κFor input, algorithm random selection h0, h1,h2,h3,h4,φ1,φ2,η∈RG andCalculate g1=ga,g2=gb, obtain common parameter PP=(g, g1, g2,h0,h1,h2,h3,h4,φ1,φ2,η);Wherein, H:GT → G is hash function, and G is Prime Orders p bilinearity group, and g ∈ G are G Generation member.
- 3. the regular language searching system in safe cloud storage according to claim 1, it is characterised in that:In key generation The heart is that the specific implementation of each user generation public/private keys pair is as follows,KeyGen(PP,u)→(PKu,SKu):For user u, key generation centre random selectionMeter Calculate Y=e (g1,g2)α,Y0=gs',Then public/private keys are exported to (PKu, SKu), wherein, PKu=(Y, Y0,Y1,Y2,Y3,Y4,Y5), SKu=(α, s', s ", s " ').
- 4. the regular language searching system in safe cloud storage according to claim 3, it is characterised in that:In key generation The specific implementation that the document data of data owner is encrypted the heart is as follows,Enc(PKu, W={ w1,...,wl})→CT:Key generation centre is with character string W and public key PKuFor input, random selectionCalculate C0=H (Ys), C1=gs, C2=ηs,C5,i=si/ s', C6,i= wisi-1/ s ", C7,i=wisi/ s " ', output ciphertext CT=(C0,C1,C2,C3,C4,{C5,i}i∈[0,l]{C6,i,C7,i}i∈[1,l]), and It is sent to Cloud Server.
- 5. the regular language searching system in safe cloud storage according to claim 4, it is characterised in that:Given birth to by key It is as follows using the specific implementation of private key generation search trapdoor into center,Trapdoor generating algorithm is performed, and inputs the private key SK of useruWith DFA is representedIn DFA expressions, Q is state set { q0,...,qn-1, wherein, q0It is original state, qn-1It is to receive state,It is shape State transfer set, the transfer of each of which state is all a tupleRandom selectionAnd { ri}i∈[0,l],User calculates T2=gu, T3=gr,T6,t=rt/ s', T7,t=ut/ s', Ts,t=rtσt/ s ", output TK=(T1, T2,T3,T4,T5,{T6,t,T7,t,T8,t}t∈[1,m]), and send it to Cloud Server and inquired about.
- 6. the regular language searching system in safe cloud storage according to claim 5, it is characterised in that:Cloud Server root Specific implementation according to search trapdoor search matching document data is as follows,Test(CT,TK)→1/0:Using ciphertext CT and trapdoor TK as input, Cloud Server calculates:<mfenced open = "" close = ""> <mtable> <mtr> <mtd> <mrow> <mi>&Gamma;</mi> <mo>=</mo> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>1</mn> </msub> <mo>,</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>)</mo> </mrow> <mo>&CenterDot;</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>2</mn> </msub> <mo>,</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>)</mo> </mrow> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msup> <mo>&CenterDot;</mo> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>3</mn> </msub> <mo>,</mo> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>)</mo> </mrow> <mo>&CenterDot;</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>4</mn> </msub> <mo>,</mo> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>)</mo> </mrow> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msup> <mo>&CenterDot;</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <munder> <mo>&Pi;</mo> <mrow> <mi>i</mi> <mo>&Element;</mo> <mo>&lsqb;</mo> <mn>1</mn> <mo>,</mo> <mi>l</mi> <mo>&rsqb;</mo> </mrow> </munder> <mo>&lsqb;</mo> <mi>e</mi> <mrow> <mo>(</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <msub> <mi>T</mi> <mrow> <mn>6</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <mo>,</mo> <msubsup> <mi>Y</mi> <mn>1</mn> <msub> <mi>C</mi> <mrow> <mn>5</mn> <mo>,</mo> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>2</mn> <msub> <mi>C</mi> <mrow> <mn>6</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>3</mn> <msub> <mi>C</mi> <mrow> <mn>5</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>5</mn> <msub> <mi>C</mi> <mrow> <mn>7</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> </msubsup> <mo>)</mo> </mrow> <mo>&CenterDot;</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <msub> <mi>T</mi> <mrow> <mn>7</mn> <mo>,</mo> <msub> <mi>x</mi> <msub> <mi>t</mi> <mi>i</mi> </msub> </msub> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>1</mn> <msub> <mi>T</mi> <mrow> <mn>6</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>2</mn> <msub> <mi>T</mi> <mrow> <mn>8</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <mo>,</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <msub> <mi>C</mi> <mrow> <mn>5</mn> <mo>,</mo> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <mo>)</mo> </mrow> <mo>&CenterDot;</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <mrow> <mo>-</mo> <msub> <mi>T</mi> <mrow> <mn>7</mn> <mo>,</mo> <msub> <mi>y</mi> <msub> <mi>t</mi> <mi>i</mi> </msub> </msub> </mrow> </msub> </mrow> </msubsup> <msubsup> <mi>Y</mi> <mn>3</mn> <msub> <mi>T</mi> <mrow> <mn>6</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>2</mn> <msub> <mi>T</mi> <mrow> <mn>8</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <mo>,</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <msub> <mi>C</mi> <mrow> <mn>5</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> </msubsup> <mo>)</mo> </mrow> <mo>&rsqb;</mo> </mrow> </mtd> </mtr> </mtable> </mfenced>If equation H (Γ)=C0Set up, algorithm output 1, represent trapdoor match with encrypted indexes, and to user return with it is close Document F corresponding literary CT;Otherwise 0 is exported.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710888030.4A CN107679408B (en) | 2017-09-27 | 2017-09-27 | Regular language retrieval system in secure cloud storage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710888030.4A CN107679408B (en) | 2017-09-27 | 2017-09-27 | Regular language retrieval system in secure cloud storage |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107679408A true CN107679408A (en) | 2018-02-09 |
CN107679408B CN107679408B (en) | 2020-06-12 |
Family
ID=61136379
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710888030.4A Active CN107679408B (en) | 2017-09-27 | 2017-09-27 | Regular language retrieval system in secure cloud storage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107679408B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112765669A (en) * | 2021-02-01 | 2021-05-07 | 福州大学 | Regular language searchable encryption system based on time authorization |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103955537A (en) * | 2014-05-16 | 2014-07-30 | 福州大学 | Method and system for designing searchable encrypted cloud disc with fuzzy semantics |
CN105471826A (en) * | 2014-09-04 | 2016-04-06 | 中电长城网际系统应用有限公司 | Ciphertext data query method, device and ciphertext query server |
CN106921674A (en) * | 2017-03-30 | 2017-07-04 | 福州大学 | The re-encryption semanteme of acting on behalf of that quantum is attacked after anti-can search for encryption method |
-
2017
- 2017-09-27 CN CN201710888030.4A patent/CN107679408B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103955537A (en) * | 2014-05-16 | 2014-07-30 | 福州大学 | Method and system for designing searchable encrypted cloud disc with fuzzy semantics |
CN105471826A (en) * | 2014-09-04 | 2016-04-06 | 中电长城网际系统应用有限公司 | Ciphertext data query method, device and ciphertext query server |
CN106921674A (en) * | 2017-03-30 | 2017-07-04 | 福州大学 | The re-encryption semanteme of acting on behalf of that quantum is attacked after anti-can search for encryption method |
Non-Patent Citations (5)
Title |
---|
KAITAI LIANG等: "Privacy-Preserving and Regular Language Search Over Encrypted Cloud Data", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 》 * |
MOHSEN AMINI SALEHI等: "《 2014 IEEE 7th International Conference on Cloud Computing》", 4 December 2014 * |
包文意: "基于关键字高效的公钥加密搜索体制研究与应用", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
方黎明等: "标准模型下增强的无需安全信道的带关键词搜索的公钥加密", 《计算机科学》 * |
李威杰等: "支持正则表达式的密文检索方案的研究", 《计算机应用与软件》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112765669A (en) * | 2021-02-01 | 2021-05-07 | 福州大学 | Regular language searchable encryption system based on time authorization |
CN112765669B (en) * | 2021-02-01 | 2023-04-18 | 福州大学 | Regular language searchable encryption system based on time authorization |
Also Published As
Publication number | Publication date |
---|---|
CN107679408B (en) | 2020-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ge et al. | Towards achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification | |
Liang et al. | Searchable attribute-based mechanism with efficient data sharing for secure cloud storage | |
Guo et al. | Fedcrowd: A federated and privacy-preserving crowdsourcing platform on blockchain | |
CN107491497A (en) | Multi-user's multi-key word sequence of any language inquiry is supported to can search for encryption system | |
CN106803784A (en) | The multi-user based on lattice is fuzzy in secure multimedia cloud storage can search for encryption method | |
Li et al. | Privacy-preserving data utilization in hybrid clouds | |
Fan et al. | TraceChain: A blockchain‐based scheme to protect data confidentiality and traceability | |
CN109361644A (en) | A kind of Fog property base encryption method for supporting fast search and decryption | |
Zhao et al. | Are you the one to share? Secret transfer with access structure | |
CN105635135A (en) | Encryption system based on attribute sets and relational predicates and access control method | |
Ji et al. | An efficient attribute-based encryption scheme based on SM9 encryption algorithm for dispatching and control cloud | |
Wang et al. | Attribute-based equality test over encrypted data without random oracles | |
CN114598472A (en) | Conditional-hidden searchable agent re-encryption method based on block chain and storage medium | |
Ying et al. | Reliable policy updating under efficient policy hidden fine-grained access control framework for cloud data sharing | |
Zhang et al. | Post-quantum blockchain over lattice | |
Liu et al. | Multiauthority attribute-based access control for supply chain information sharing in blockchain | |
He et al. | Efficient identity-based proxy re-encryption scheme in blockchain-assisted decentralized storage system | |
CN108650268A (en) | It is a kind of realize multistage access can search for encryption method and system | |
Liu et al. | Verifiable attribute-based keyword search encryption with attribute revocation for electronic health record system | |
CN116827670A (en) | Intelligent medical data security sharing method based on national cryptographic algorithm | |
Huang et al. | Fast and privacy-preserving attribute-based keyword search in cloud document services | |
Xu et al. | Dynamic chameleon authentication tree for verifiable data streaming in 5G networks | |
CN107679408A (en) | Regular language searching system in safe cloud storage | |
Zhu et al. | Privacy-enhanced multi-user quantum private data query using partial quantum homomorphic encryption | |
Chiang et al. | A quantum assisted secure client-centric polyvalent blockchain architecture for smart cities |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |