CN108243000B - Ciphertext searching method in cloud storage system - Google Patents
Ciphertext searching method in cloud storage system Download PDFInfo
- Publication number
- CN108243000B CN108243000B CN201810031590.2A CN201810031590A CN108243000B CN 108243000 B CN108243000 B CN 108243000B CN 201810031590 A CN201810031590 A CN 201810031590A CN 108243000 B CN108243000 B CN 108243000B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- data
- key
- public key
- cloud server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a ciphertext searching method in a cloud storage system, which comprises the following steps: receiving and storing the cipher text of the key words sent by the data owner and receiving the trap door used for searching the key words sent by the data user; matching the trapdoor with the ciphertext to obtain a search result; the ciphertext is generated based on the private key of the data owner, the trapdoor is generated based on the private key of the data user, and the private key of the cloud server is required to be used in the matching process of the trapdoor and the ciphertext. The method and the device can solve the problems of searchability of the ciphertext and safety of the keyword in the cloud storage system.
Description
Technical Field
The invention relates to a cloud storage technology, in particular to ciphertext search in a cloud storage system.
Background
With the development of the internet, cloud storage and cloud computing are favored by users by virtue of the advantages of remote access service, low cost, high reliability of data, easy expansion of storage space and the like, become more and more important in daily life, and individuals and enterprises store own data in the cloud more and more. However, as the data management in the cloud is separated from the supervision of the user, many sensitive information is easily leaked, and the security of the data in the cloud storage is more and more concerned by cloud service providers and users. In order to prevent private data of a data owner from being leaked, the data owner usually encrypts the private data first and then stores the encrypted data in the cloud, but another problem is caused by the fact that when a user needs to retrieve a ciphertext file, the cloud server does not have a user key and can only retrieve the file name of the user ciphertext, and the method is lack of protection on keywords of the ciphertext and leaks some information of the user data to a certain extent. Therefore, the problems of searchability and security of the ciphertext in the cloud storage become an urgent problem to be solved.
The research and analysis of the existing cloud storage systems at home and abroad shows that the Baidu cloud uses plaintext for storage, has no related encryption mode, and supports a user to encrypt data by using third-party software and then upload the data to the cloud. The Baidu cloud is stored by using plaintext, and plaintext data of a user is easy to attack in the storage process, so that the security of the storage mode is general. If the user wants to protect the data of the user, the user needs to encrypt the data by using third-party software and upload the encrypted data to the cloud, the security of the encryption model is high, but only the file name of the ciphertext can be searched when the cloud server searches the ciphertext of the user, and the file name of the ciphertext of the user also reveals the related information of the ciphertext to a certain extent. In addition, if a user wants to share a ciphertext with another user, the user must tell the other party the ciphertext decryption key. Two problems are implied in this process, the first is that if the data owner encrypts different ciphertexts using different keys, the data owner needs to remember a large number of keys, and thus, this approach is inconvenient and not desirable for the user. If a data owner encrypts a lot of data with a certain key, the data encrypted with the same key may be leaked after the decryption key telling others of a certain ciphertext. Therefore, the method is not a cloud storage encryption method which can meet the requirements of security and user functions.
Amazon cloud storage service (Amazon S3) uses HTTPS to encrypt and transmit data, and encrypts and stores the data in the cloud, which is better than a hundred-degree cloud, and can prevent attacks from external attackers. However, in the three encryption methods of the SSE-S3, the SSE-KMS and the SSE-C, the keys for encrypting and decrypting data are always acquired by the cloud server, so that the encryption method can only prevent attacks from external attackers and cannot prevent attacks from the inside of the cloud. In addition, in the aspect of ciphertext search, decryption is always performed before search, and certain influence is also caused on efficiency, especially in the case of a large amount of data and large files, decryption takes a certain time, so that the method has certain space for improving safety and efficiency.
In summary, the Baidu cloud uses plaintext storage, the security is general, if data is encrypted and uploaded to the cloud, only the retrieval of the file name of the ciphertext can be supported, and in this way, some information of the ciphertext is leaked. The amazon cloud storage service supports keyword retrieval on a ciphertext by using ciphertext storage, but encryption and decryption keys are always acquired by a cloud end, so that the amazon cloud storage service still cannot resist attacks inside the cloud. That is, both of the cloud storage methods have a data security problem.
To solve the searchable encryption problem and the security problem of the ciphertext, Song et al proposes a first practical Symmetric searchable encryption method (SSE), but the method is only applicable to a single-user environment and is not applicable to a cloud storage environment. Then, Boneh et al propose a first searchable public key encryption method (PEKS), which can be used in a multi-user environment and thus can be used in a cloud storage environment. The PEKS method can enable a user to quickly search the ciphertext which the user wants, enhances the practicability of public key encryption, and creates a new research direction. Although the PEKS method solves the searchability problem of the ciphertext, Byun et al attack the PEKS method, which indicates that the PEKS method is subjected to off-line keyword vectoring attack (KG attack), and keyword information is still leaked. Then, Rhee et al proposed a Searchable Public-Key Encryption Scheme (dPEKS) for specifying a server, which can resist KG attacks by external attackers but still cannot resist KG attacks by the server. Although later on many scholars have improved dPEKS, to date no dPEKS method has been found that can resist KG attacks.
Disclosure of Invention
The invention provides a ciphertext search method for cloud storage, which comprises the following steps:
receiving and storing a ciphertext of the keyword sent by the data owner;
a trap door for receiving the search key words sent by the data user; and
matching the trapdoor with the ciphertext to obtain a search result;
wherein the ciphertext is generated based on a private key of the data owner, and the trapdoor is generated based on a private key of the data consumer.
And a cloud server private key is required to be utilized in the process of matching the trapdoor and the ciphertext.
The ciphertext of the keyword needs to be generated using the data owner private key, the data user public key, and the cloud server public key.
Trapdoors for generating the key need to use the data owner public key, the data user private key, and the cloud server public key.
The private key and the public key of the data owner, the private key and the public key of the data user, and the private key and the public key of the cloud server are generated based on pre-generated public parameters and random numbers corresponding to the data owner, the data user, and the cloud server, respectively.
Generating a private key SK of a data owner using the following formulaOAnd public key PKOPrivate key SK of data userUAnd public key PKUAnd private key SK of cloud serverSAnd public key PKS:
SKS=α,PKS=αP1;
SKO=xO,PKO=xOP2;
SKU=xU,PKU=xUP2;
Wherein alpha, xO、xUIs a random number, P1And P2To generate a primitive, P1,P2∈G1。
Preferably, the following formula is used to generate the ciphertext C of the keyword ww={C1,C2,C3}:
C1=rP1
C2=rP2
Wherein r isNumber of machines, P1And P2To generate a primitive, P1,P2∈G1,PKSIs a cloud server public key, PKUIs a public key of a data user, SKOIs the data owner private key.
Preferably, the trapdoor T for the search key w is generated using the following formulaw={T1,T2}:
T1=SKUH(w)PKO+r1P2,
T2=r1PKS.
Wherein r is1Is a random number, SKUIs a private key, PK, of a data userOIs a data owner public key, PKSBeing a cloud server public key, P2To generate a primitive.
Preferably, the trapdoor T is corrected by using the following formulaw={T1,T2} and ciphertext Cw={C1,C2,C3Matching:
if the equality is established, the keyword w in the trapdoor is the same as the keyword w in the ciphertext, the matching is successful, otherwise, the matching is failed.
The method of the embodiment of the invention not only meets the searching function of the ciphertext in the cloud storage, but also can resist KG attacks of external attackers and servers, thereby solving the searching problem of the ciphertext in the cloud storage system and the safety problem of the keyword. Besides, the method has strong practicability and high performance in the similar method.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 illustrates main steps of a ciphertext search method in a cloud storage system according to an embodiment of the present invention; and
fig. 2 shows detailed steps of a ciphertext search method in a cloud storage system according to another embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar components or components having the same or similar functions throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Fig. 1 shows the main steps of a ciphertext search method in a cloud storage system according to an embodiment of the present invention, where the method may be executed by a cloud server, and includes:
ST1, receiving and storing the cipher text of the key word sent by the data owner;
ST2, trapdoor for receiving search key word sent by data user; and
ST3, matching the trapdoor with the ciphertext to obtain a search result;
wherein the ciphertext is generated based on a private key of the data owner, and the trapdoor is generated based on a private key of the data consumer.
The ciphertext of the keyword needs to be generated using the data owner private key, the data user public key, and the cloud server public key.
Trapdoors for generating the key need to use the data owner public key, the data user private key, and the cloud server public key.
And a cloud server private key is needed in the process of matching the trapdoor and the ciphertext.
The private key and the public key of the data owner, the private key and the public key of the data user, and the private key and the public key of the cloud server are generated based on pre-generated public parameters and random numbers corresponding to the data owner, the data user, and the cloud server, respectively.
Fig. 2 shows detailed steps of a ciphertext search method in a cloud storage system according to another embodiment of the present invention, including:
s1, generating public system parameters by a Key Generation Center (KGC for short); the following steps S11-S13 may be included.
S11, inputting a k as a safety parameter, and generating prime number q more than or equal to 2kGroup G of orders1,G2. And selects a bilinear map e G1×G1→G2。
S12, randomly selecting two generators P1,P2∈G1。
S2, cloud server generates server private key SKSAnd server public key PKS. Preferably, the SK can be generated by the following steps S21 and S22SAnd PKS。
S21, selecting a number alpha as the server private key SK by the cloud serverS=α;
S22, cloud server utilizes server private key SKSAnd generating element P1Calculate the server public key PKS=αP1。
S3, generating data owner public key PKOData owner private key SKOData user public key PKUAnd data user private key SKU. PK may be generated by the following steps S31 and S22O、SKO、PKUAnd SKU。
S31, selecting random number x by data owner and data user respectivelyOAnd a random number xUAs its own private key SKOAnd SKUWherein, random number
SKO=xO,SKU=xU
S32, data owner uses random number xOAnd generating element P2Computing a data owner public key PKOThe data user utilizes a random number xUAnd generating element P2Calculating the public key PK of the data userU. The specific process is as follows:
PKO=xOP2,PKU=xUP2
s4, the data owner encrypts the keyword w to generate a keyword ciphertext CwAnd sending the data to a cloud server for storage. The specific process may include steps S41 to S43:
S42, using random number r, generating element P1And P2Public key PK of cloud serverSData owner public key PKUGenerating ciphertext C corresponding to keyword ww={C1,C2,C3}. Preferably, the specific process is as follows:
C1=rP1
C2=rP2
s43, sending ciphertext CwAnd storing the data to the cloud server.
S5, when the data user wants to search the ciphertext with the keyword w, the trapdoor T for searching is generatedwAnd sending the data to the cloud server for retrieval. Preferably, the method includes steps S51-S53:
S52, using random number r1Private key SK of data userUData owner public key PKOServer public key PKSAnd generating element P1Trapdoor T for calculation and retrievalw={T1,T2The method concretely comprises the following steps:
T1=SKUH(w)PKO+r1P2,
T2=r1PKS.
s53, sending trapdoor TwAnd searching to the cloud server.
S6, trap door T sent by cloud server to data userwAnd stored key ciphertext CwAnd matching and performing subsequent processing according to a matching result.
Trapdoor T sent by cloud server receiving data userwThen, the trapdoor T is put inwAnd ciphertext C of the stored data ownerwMatching can be performed by using the following matching formula:
if the key w in the ciphertext is the same as the key w in the trapdoor, the equation is true, the matching is successful, otherwise, the matching is failed.
Wherein, the calculation process of the matching formula is as follows:
the embodiment of the invention not only meets the searching function of the ciphertext in the cloud storage, but also can resist KG attacks of external attackers and the cloud server, and solves the searching problem of the ciphertext in the cloud storage system and the safety problem of the keyword. In addition, the ciphertext retrieval method is high in ciphertext retrieval speed and high in practicability. According to the invention, companies or individuals can develop related systems to protect own data security. The existing cloud storage platform can also add corresponding functions according to the invention, thereby realizing greater protection of user data.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing is a more detailed description of the present invention that is presented in conjunction with specific embodiments, and the practice of the invention is not to be considered limited to those descriptions. It will be apparent to those skilled in the art that a number of simple derivations or substitutions can be made without departing from the inventive concept.
Claims (2)
1. A ciphertext search method in a cloud storage system comprises the following steps:
receiving and storing a ciphertext of a keyword sent by a data owner, wherein the ciphertext of the keyword is generated by using a data owner private key, a data user public key and a cloud server public key;
the trapdoor is used for receiving retrieval keywords sent by a data user, wherein the trapdoor of the keywords is generated by utilizing a data owner public key, a data user private key and a cloud server public key; and
matching the trapdoor with the ciphertext by using a private key of a cloud server to obtain a search result;
wherein the private key SK of the data owner is generated using the following formulaOAnd public key PKOPrivate key SK of data userUAnd public key PKUAnd private key SK of cloud serverSAnd public key PKS:
SKS=α,PKS=αP1;
SKO=xO,PKO=xOP2;
SKU=xU,PKU=xUP2;
Wherein alpha, xO、xUIs a random number, P1And P2To generate a primitive, P1,P2∈G1,G1The prime number q is more than or equal to 2kA group of orders;
wherein, the following formula is used to generate the ciphertext C of the keyword ww={C1,C2,C3}:
C1=rP1
C2=rP2
Wherein r is a random number, P1And P2To generate a primitive, P1,P2∈G1,PKSIs a cloud server public key, PKUIs a public key of a data user, SKOA data owner private key, e is a bilinear map;
wherein, the trap door T for searching the key word w is generated by the following formulaw={T1,T2}:
T1=SKUH(w)PKO+r1P2,
T2=r1PKS.
Wherein r is1Is a random number, SKUIs a private key, PK, of a data userOIs a data owner public key, PKSBeing a cloud server public key, P2To generate a primitive;
wherein the trapdoor T is subjected to the following formulaw={T1,T2} and ciphertext Cw={C1,C2,C3InLine matching:
if the equality is established, the keyword w in the trapdoor is the same as the keyword w in the ciphertext, the matching is successful, otherwise, the matching is failed.
2. The method of claim 1, wherein the private and public keys of the data owner, the private and public keys of the data consumer, and the private and public keys of the cloud server are generated based on pre-generated public parameters and random numbers corresponding to the data owner, the data consumer, and the cloud server, respectively.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810031590.2A CN108243000B (en) | 2018-01-12 | 2018-01-12 | Ciphertext searching method in cloud storage system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810031590.2A CN108243000B (en) | 2018-01-12 | 2018-01-12 | Ciphertext searching method in cloud storage system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108243000A CN108243000A (en) | 2018-07-03 |
CN108243000B true CN108243000B (en) | 2021-07-09 |
Family
ID=62699543
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810031590.2A Expired - Fee Related CN108243000B (en) | 2018-01-12 | 2018-01-12 | Ciphertext searching method in cloud storage system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108243000B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112328626B (en) * | 2020-10-28 | 2022-09-30 | 浙江工商大学 | Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing |
CN113312643B (en) * | 2021-06-09 | 2022-09-27 | 杭州趣链科技有限公司 | Keyword matching method based on SM2 and SM3 algorithms |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104852801A (en) * | 2015-02-13 | 2015-08-19 | 陕西师范大学 | Searchable public key encryption method |
CN105024812A (en) * | 2015-07-13 | 2015-11-04 | 西安理工大学 | Identity-based designated tester searchable encryption method in cloud storage |
CN105681280A (en) * | 2015-12-29 | 2016-06-15 | 西安电子科技大学 | Searchable encryption method based on Chinese in cloud environment |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105007161B (en) * | 2015-06-12 | 2018-10-12 | 电子科技大学 | A kind of fuzzy keyword public key search encryption method of trapdoor None- identified |
CN105282167A (en) * | 2015-11-06 | 2016-01-27 | 福建工程学院 | Searchable certificateless public key encryption method |
CN105743888A (en) * | 2016-01-22 | 2016-07-06 | 河南理工大学 | Agent re-encryption scheme based on keyword research |
CN106161437B (en) * | 2016-06-28 | 2019-08-20 | 电子科技大学 | It is a kind of that public key cryptography scheme efficiently can search for based on ElGamal |
CN106131029B (en) * | 2016-07-19 | 2019-03-29 | 南京邮电大学 | A kind of efficient cipher text searching method for resisting attribute key abuse |
CN107395568A (en) * | 2017-06-21 | 2017-11-24 | 西安电子科技大学 | A kind of cipher text retrieval method of more data owner's certifications |
-
2018
- 2018-01-12 CN CN201810031590.2A patent/CN108243000B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104852801A (en) * | 2015-02-13 | 2015-08-19 | 陕西师范大学 | Searchable public key encryption method |
CN105024812A (en) * | 2015-07-13 | 2015-11-04 | 西安理工大学 | Identity-based designated tester searchable encryption method in cloud storage |
CN105681280A (en) * | 2015-12-29 | 2016-06-15 | 西安电子科技大学 | Searchable encryption method based on Chinese in cloud environment |
Also Published As
Publication number | Publication date |
---|---|
CN108243000A (en) | 2018-07-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3375129B1 (en) | Method for re-keying an encrypted data file | |
Wang et al. | Secure ranked keyword search over encrypted cloud data | |
EP3058678B1 (en) | System and method for dynamic, non-interactive, and parallelizable searchable symmetric encryption | |
JP6180177B2 (en) | Encrypted data inquiry method and system capable of protecting privacy | |
CN113626484A (en) | Searchable encryption method and system capable of flexibly replacing ciphertext and computer equipment | |
US20140192976A1 (en) | Method and system for id-based encryption and decryption | |
CN105743888A (en) | Agent re-encryption scheme based on keyword research | |
US20090138698A1 (en) | Method of searching encrypted data using inner product operation and terminal and server therefor | |
CN109361644B (en) | Fuzzy attribute based encryption method supporting rapid search and decryption | |
CN103944711A (en) | Cloud storage ciphertext retrieval method and system | |
CN105282167A (en) | Searchable certificateless public key encryption method | |
CN114142996B (en) | Searchable encryption method based on SM9 cryptographic algorithm | |
CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
CN107766739B (en) | Phrase retrieval method and device for encrypted text data | |
CN114338025A (en) | Ciphertext equivalence testing method in cloud environment | |
CN101859306A (en) | Method and equipment for generating blind index table, and united keyword search method and equipment | |
CN108243000B (en) | Ciphertext searching method in cloud storage system | |
CN115174600A (en) | Ciphertext data encryption and safe retrieval method and device for cloud storage system | |
CN105007258B (en) | A kind of quick keyword can search for public key encryption method | |
CN109274659B (en) | Certificateless online/offline searchable ciphertext method | |
CN108259172B (en) | Ciphertext searching method in cloud storage system | |
CN112804052B (en) | User identity encryption method based on composite order group | |
CN107454059B (en) | Search encryption method based on sequence cipher in cloud storage environment | |
CN113407966A (en) | Searchable public key encryption method and system with key updating and ciphertext sharing functions | |
CN109672525B (en) | Searchable public key encryption method and system with forward index |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210709 Termination date: 20220112 |
|
CF01 | Termination of patent right due to non-payment of annual fee |