CN111026754B - Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device - Google Patents
Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device Download PDFInfo
- Publication number
- CN111026754B CN111026754B CN201911237131.0A CN201911237131A CN111026754B CN 111026754 B CN111026754 B CN 111026754B CN 201911237131 A CN201911237131 A CN 201911237131A CN 111026754 B CN111026754 B CN 111026754B
- Authority
- CN
- China
- Prior art keywords
- data
- index
- query
- storage system
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2246—Trees, e.g. B+trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2264—Multidimensional index structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computational Linguistics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a safe and efficient circular range uploading and inquiring method, a corresponding storage medium and an electronic device. The invention constructs an index for a two-dimensional data set by using the SS tree, and provides a safe and efficient circular intersection judging method. The method comprises a plurality of clients and a cloud storage system, wherein the clients are connected with the cloud storage system through a network respectively.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a safe and efficient circular range data uploading and querying method, a corresponding storage medium and an electronic device.
Background
With the rapid development of network technologies and communication devices, more and more data are stored in the cloud storage system. However, data privacy issues have become one of the main reasons that hinder outsourced storage of data. After the data is stored in the cloud storage system, a data owner loses direct control over the data, and the data in the cloud storage system faces the threat of external network attack, so that confidential information can be leaked. A simple method is to encrypt sensitive data and upload the encrypted sensitive data to a cloud storage system, and when data needs to be queried, all ciphertext data are downloaded to the local, and then are retrieved after being decrypted. Obviously, the process is extremely inefficient, has high requirements on the storage capacity and the computing capacity of the client, and is not suitable for a big data application scenario.
A circular area query is a commonly used type of query based on two-dimensional data (e.g., geographic location, etc.), where the query condition is a circular area, and the query result is the two-dimensional data in the area. Currently, a secure retrieval method supporting circular range query is mainly based on predicate encryption technology (for example, wang, b., li, m., wang, h., & Li, h.circular range search on encrypted specific data. In CNS, pp.182-190 (2015) and Wang, b., li, m., & Wang, h.geographic range search on encrypted specific data. Tifs,11 (4), pp.704-719 (2016)), but the method has low query efficiency.
Chinese patent application CN201610113032.1 discloses a circular range search method for encrypted spatial data, which generates a search token according to a target circular range and uploads the search token to a cloud server, wherein the search token comprises two squares respectively inscribed and circumscribed with the target circular range. And the cloud server searches according to the search token to obtain an intermediate search result and sends the intermediate search result to the trusted third party, the trusted third party filters the intermediate search result to obtain a final search result, and the final search result is encrypted again and then sent to the user. The method needs multi-party participation, and the query efficiency is still low.
In a tree structured query, a similar search tree (SS tree, white, d.a., & Jain, r.family indexing with the SS-tree. In ICDE, pp.516-523 (1996)) improves the R tree by representing the shape of the region with a bounding circle instead of a minimum bounding rectangle, improving the performance of the nearest neighbor query. However, there is no description of applying SS trees to ciphertext cloud storage system queries.
Therefore, a safe and efficient round range query method and system are designed and realized, and the method and system are very important for improving the confidentiality and the usability of the ciphertext cloud storage system.
Disclosure of Invention
In view of the above problem, the present invention provides a safe and efficient circular range data uploading and querying method, a corresponding storage medium, and an electronic device. The invention constructs an index for a two-dimensional data set by using an SS tree, and provides a safe and efficient circular range data uploading and inquiring method, a corresponding storage medium and an electronic device. Based on the method, the cloud storage system can quickly search the SS tree, effectively protect the two-dimensional data and the privacy of the query condition, and meanwhile, realize the round range query of the mass ciphertext two-dimensional data.
In order to achieve the purpose, the invention adopts the following technical scheme:
a safe and efficient circular range data uploading method for clients is suitable for a network consisting of a plurality of clients and a cloud storage system, and comprises the following steps:
1) Constructing data into SS tree indexes, representing each node of the SS tree as an index circular vector, and generating an initial index;
2) And uploading ciphertext data obtained by encrypting the data and a security index obtained by encrypting the initial index to a cloud storage system.
Further, the index circular vector I = (a) 2 +b 2 -c 2 ,-2a,-2b,-2c,1) T And (a, b) is the circle center of the circle corresponding to the node, and c is the radius of the circle corresponding to the node.
Further, the encryption method of the data is an SMS4 encryption algorithm or an AES256 encryption algorithm.
Further, the encryption method of the initial index is a matrix encryption algorithm.
A safe and efficient round range data query method for clients is suitable for a network consisting of a plurality of clients and a cloud storage system, and comprises the following steps:
1) Expressing the query condition as a trapdoor circular vector, encrypting the generated initial trapdoor into a security trapdoor, uploading the security trapdoor to a cloud storage system, and querying data uploaded by the method by the cloud storage system according to the security index and the security trapdoor to obtain ciphertext query data;
2) And receiving the ciphertext query data, and decrypting to obtain the required data.
Further, the trapdoor circular vector T = (1, x, y, z, x) 2 +y 2 -z 2 ) T And (x, y) is the center of the circle corresponding to the query condition, and z is the radius of the circle corresponding to the query condition.
Further, the step of querying the ciphertext query data comprises:
1) Starting a search from a root node of the SS tree;
2) If a certain non-leaf node of the SS tree is intersected with the query condition, continuing to search child nodes of the SS tree, otherwise, stopping searching the branch;
3) And if a certain leaf node of the SS tree is intersected with the query condition, returning ciphertext query data contained in the certain leaf node to the client, otherwise, ignoring the leaf node.
Further, the intersection with the query condition meansWhereinIn order to construct a vector for the security index,and constructing a vector for the safety trapdoor.
A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the above method when executed.
An electronic device comprising a memory and a processor, wherein the memory stores a program for performing the steps of the above method.
Compared with the existing data query method, the method has the following advantages:
the invention simultaneously ensures the confidentiality and the availability of the sensitive data, and can search the data on the premise of not decrypting the ciphertext data through a safe retrieval technology. When data are uploaded, a data owner additionally constructs a security index for sensitive data, and ciphertext data and the security index are stored in a cloud storage system together. When data is queried, a data searcher constructs a security trapdoor for a query condition and sends the security trapdoor to the cloud storage system. And then, the cloud storage system searches by using the security index and the security trapdoor, and returns the ciphertext data meeting the query condition to the data searcher. The process does not reveal the content of sensitive data and query conditions, and most of the computing work is done by the cloud storage system.
Drawings
FIG. 1 is a diagram of a scenario for secure and efficient round range querying in accordance with the present invention;
FIG. 2 is a system block diagram of the safe and efficient round range query of the present invention;
FIG. 3 is a flow diagram of the secure index construction for the secure and efficient round-range query of the present invention;
FIG. 4 is a query flow diagram of the secure and efficient round-range query of the present invention;
fig. 5 is an SS tree constructed in an embodiment of the present invention.
Detailed Description
The features of the various aspects of the present invention are described in detail below with reference to the attached drawing figures, but do not limit the scope of the invention in any way.
The round range query method based on the SS tree is realized through a client and a cloud storage system, and comprises the following steps of:
1. the client side respectively generates a key for encrypting and decrypting the two-dimensional data and a key for encrypting the initial index and the initial trapdoor;
preferably, the client can perform encryption and decryption operations on the two-dimensional data by using any secure and reliable encryption algorithm, such as SMS4, AES256 and the like.
Preferably, the client may perform an encryption operation on the initial index and the initial trapdoor by using any encryption algorithm that keeps the vector inner product positive and negative, such as a matrix encryption algorithm.
2. The client constructs an SS tree index for the two-dimensional data set, where each node corresponds to a circle.
3. And the client represents each node of the SS tree in a vector form and generates an initial index.
Preferably, the circle corresponding to the node has a center (a, b) and a radius c, and a vector I is constructed according to a, b, and c:
I=(a 2 +b 2 -c 2 ,-2a,-2b,-2c,1) T
4. and the client side encrypts each vector in the initial index respectively to generate a security index.
5. And the client side encrypts each two-dimensional data respectively and then sends the ciphertext two-dimensional data and the safety cable to the cloud storage system.
6. When two-dimensional data in a certain circular area needs to be queried, a client represents a query condition in a vector form, and an initial trapdoor is generated.
Preferably, the center of the circle corresponding to the query condition is (x, y), the radius is z, and the vector Q is constructed according to x, y, z:
T=(1,x,y,z,x 2 +y 2 -z 2 ) T
7. and encrypting the initial trapdoor by the client to obtain the safe trapdoor.
8. And the client sends the security trapdoor to the cloud storage system.
9. After receiving the security trap door, the cloud storage system uses the security index and the security trap door to search. The searching process is the same as that of the SS tree, starting from a root node, if a certain non-leaf node is intersected with the query condition, continuing to search the child node, and otherwise, stopping searching the branch; if a certain leaf node is intersected with the query condition, returning the ciphertext two-dimensional data contained in the certain leaf node to the client, otherwise, ignoring the leaf node.
Preferably, (a-x) if the circle corresponding to the node (circle center (a, b), radius c) intersects with the circle corresponding to the query condition (circle center (x, y), radius z) 2 +(b-y) 2 ≤(c+z) 2 . In particular, the amount of the solvent to be used,
I·T=(a 2 +b 2 -c 2 )-2ax-2by-2cz+(x 2 +y 2 -z 2 )=(a-x) 2 +(b-y) 2 -(c+z) 2
if it is usedThe node intersects the query condition, otherwise it does not. WhereinIn order to construct a vector for the security index,and constructing a vector for the safety trap door.
10. And the client decrypts the ciphertext two-dimensional data sent by the cloud storage system.
The round range query system based on the SS tree comprises a plurality of clients and a cloud storage system, wherein the clients are respectively connected with the cloud storage system through a network, each client comprises a security module, an index operation module and a trapdoor operation module, the cloud storage system comprises a query server and a ciphertext storage server, and the round range query system comprises:
the security module is mainly used for performing encryption and decryption operations on the two-dimensional data and performing encryption operations on the initial index and the initial trap door;
the index operation module is mainly used for constructing an SS tree and generating an initial index, and after the two-dimensional data and the initial index are encrypted by the security module, the two-dimensional data of the ciphertext and the security index are initiated and sent to the cloud storage system;
the trapdoor operation module is mainly used for generating an initial trapdoor, and after the initial trapdoor is encrypted by the security module, the security trapdoor is sent to the cloud storage system;
the query server is mainly used for storing the security index, performing query operation by using the security index and the security trapdoor, and sending an identifier id corresponding to the two-dimensional data meeting the query condition to the ciphertext storage server;
the ciphertext storage server is mainly used for storing the ciphertext two-dimensional data and returning the ciphertext two-dimensional data corresponding to the identification id sent by the query server to the client.
Further, the security module comprises a two-dimensional data encryption and decryption component and an index trapdoor encryption component, wherein:
the two-dimensional data encryption and decryption component is mainly used for generating a key and related parameters required by the encryption and decryption of the two-dimensional data, and encrypting and decrypting the two-dimensional data needing the encryption and decryption operation;
the index trapdoor encryption component is mainly used for generating keys and related parameters required by encrypting the initial index and the initial trapdoor and encrypting the initial index and the initial trapdoor which need to be encrypted.
Further, the index operation module in turn comprises an index tree construction component, an initial index construction component, and a transmission component, wherein:
the index tree construction component is mainly used for constructing an SS tree for a two-dimensional data set;
the initial index construction component mainly represents each node of the SS tree generated by the index tree construction component into a vector form to generate an initial index;
the transmission component is mainly used for sending the encrypted ciphertext two-dimensional data, the security index and other information of the security module to the cloud storage system.
Further, the trapdoor operating module in turn comprises an initial trapdoor construction assembly and a transport assembly, wherein:
the initial trapdoor construction component is mainly used for constructing an initial trapdoor for a query condition;
the transmission component is mainly used for sending the security trap door encrypted by the security module to the cloud storage system.
As shown in fig. 1, the method involves a user, a cloud storage system:
1. the user: and the user submits the ciphertext two-dimensional data and the security index to a cloud storage system for the owner and the searcher of the data, and generates the security trapdoor for the query condition during query.
The cloud storage system comprises: the cloud storage system comprises an inquiry server and a ciphertext storage server, the inquiry server sends an identification id corresponding to the two-dimensional data meeting the inquiry condition to the ciphertext storage server, and then the ciphertext storage server returns the ciphertext two-dimensional data corresponding to the identification id to the client, so that ciphertext two-dimensional data, safety index storage service and ciphertext retrieval service are provided for a user.
The structure of the safe and efficient circular range uploading and querying system provided by the invention is shown in fig. 2, and comprises a cloud storage system and a plurality of clients which are connected through a network. The cloud storage system comprises a query server and a ciphertext storage server, and each client comprises a security module, an index operation module and a trapdoor operation module. The security module comprises a two-dimensional data encryption and decryption component and an index trapdoor encryption component; the index operation module comprises an index tree construction component, an initial index construction component and a transmission component; the trapdoor operating module comprises an initial trapdoor construction assembly and a transmission assembly.
The safe and efficient circular range uploading and inquiring method provided by the invention comprises three core scenes:
1. system initialization
The client generates a key and associated parameters for the encryption and decryption operations. The encryption and decryption of the two-dimensional data can use any safe and reliable encryption algorithm, such as SMS4, AES256 and the like; the encryption initial index and the initial trapdoor can use any encryption algorithm that keeps the vector inner product positive and negative, such as a matrix encryption algorithm and the like.
2. Safety index structure
The flow of the security index construction of the present invention is shown in FIG. 3. In particular, the amount of the solvent to be used,
1. the client constructs an SS tree index for the two-dimensional data set.
2. And the client represents each node of the SS tree in a vector form and generates an initial index. Assuming that the circle center of a circle corresponding to a certain node is (a, b) and the radius is c, constructing a vector I according to the a, b and c:
I=(a 2 +b 2 -c 2 ,-2a,-2b,-2c,1) T
3. the client side encrypts each vector I in the initial index respectively to generate a safety index
4. And the client side encrypts each two-dimensional data respectively and then sends the ciphertext two-dimensional data and the safety cable to the cloud storage system.
3. Circular range query
The query flow of the present invention is shown in fig. 4. In particular, the amount of the solvent to be used,
1. the client represents the query condition in a vector form to generate an initial trap door. Assuming that the circle center of the circle corresponding to the query condition is (x, y) and the radius is z, constructing a vector Q according to the x, y and z:
T=(1,x,y,z,x 2 +y 2 -z 2 ) T
3. And the client sends the security trapdoor to the cloud storage system.
4. After the cloud storage system receives the security trap door, the security index is searched from the root node. For non-leaf nodes, ifContinuing to search the child nodes, otherwise stopping searching the branch; for leaf node, ifReturning the ciphertext two-dimensional data contained in the node to the client, otherwise ignoring the node。
5. And the client decrypts the ciphertext two-dimensional data sent by the cloud storage system.
The following is an embodiment of the present invention.
In this embodiment, the two-dimensional data to be uploaded is 4: { p 1 =(0,2),p 2 =(2,0),p 3 =(4,5),p 4 =(6,3)}。
The flow of this embodiment is as follows:
1. the client generates keys and related parameters for the AES256 encryption algorithm and the matrix encryption algorithm, respectively.
2. As shown in fig. 5, the client constructs an SS tree index for the two-dimensional data set, with an out-degree of the tree of 2. Specifically, the method comprises the following steps:
the root node root contains data of p 1 =(0,2),p 2 =(2,0),p 3 =(4,5),p 4 = (6, 3) }, the circle center of the corresponding circle is (3, 2), and the radius is 3.2;
the data contained in node A is { p } 1 =(0,2),p 2 = (2, 0) }, the center of the corresponding circle is (1, 1), and the radius is 1.5;
the data contained in the node B is { p } 3 =(4,5),p 4 = (6, 3) }, the circle center of the corresponding circle is (5, 4), and the radius is 1.5;
the data contained in node a is { p } 1 = (0, 2) }, the circle center of the corresponding circle is (0, 2), and the radius is 0;
the node b contains data of { p } 2 = (2, 0) }, the circle center of the corresponding circle is (2, 0), and the radius is 0;
the data contained in node c is { p } 3 = (4, 5) }, the circle center of the corresponding circle is (4, 5), and the radius is 0;
the data contained in node d is { p } 4 = (6, 3) }, the center of the corresponding circle is (6, 3), and the radius is 0.
3. And the client represents each node of the SS tree in a vector form to generate an initial index. Specifically, the method comprises the following steps:
constructing a vector I for root node root root =(2.76,-6,-4,-6.4,1) T ;
Constructing a vector I for node A A =(-0.25,-2,-2,-3,1) T ;
Constructing a vector I for a node B B =(38.75,-10,-8,-3,1) T ;
Constructing vector I for node a a =(4,0,-4,0,1) T ;
Constructing a vector I for node b b =(4,-4,0,0,1) T ;
Constructing vector I for node c c =(41,-8,-10,0,1) T ;
Constructing vector I for node d d =(45,-12,-6,0,1) T 。
4. The client side respectively encrypts each vector I in the initial index by using a matrix encryption algorithm root ,I A ,I B ,I a ,I b ,I c ,I d Generating a secure index
5. And the client encrypts the two-dimensional data respectively by using an AES256 encryption algorithm, and then sends the ciphertext two-dimensional data and the safety cable to the cloud storage system.
6. Assuming that the query condition is a circle with a circle center of (3, 3) and a radius of 2.5, the client represents the query condition in a vector form to generate an initial trapdoor T = (1, 3,2.5, 11.75) T 。
8. And the client sends the security trapdoor to the cloud storage system.
9. After the cloud storage system receives the security trap door, the security index is searched from the root node. Specifically, the method comprises the following steps:
for root node root, calculation is carried out to obtainThen continue searching for its child nodes;
for the leaf node c, calculation is carried out to obtainC contains data p 3 The need to be returned to the client;
In summary, the query result is { p } 3 And returning the ciphertext to the client by the cloud storage system.
10. The client decrypts the result returned by the cloud storage system to obtain { p 3 =(4,5)}。
The present invention has been described in detail by way of the form expression and the embodiment, but the specific implementation form of the present invention is not limited thereto. Various obvious changes and modifications can be made therein by one skilled in the art without departing from the spirit and principles of the process of the invention. The protection scope of the present invention shall be subject to the claims.
Claims (5)
1. A safe and efficient round range data query method for clients is suitable for a network consisting of a plurality of clients and a cloud storage system, and comprises the following steps:
1) When two-dimensional data are uploaded, an SS tree index is constructed for the two-dimensional data set, each node of the SS tree is represented as an index circular vector, and an initial index is generated; wherein the index circular vector I = (a) 2 +b 2 -c 2 ,-2a,-2b,-2c,1) T The (a, b) is the center of the circle corresponding to the node, and the c is the radius of the circle corresponding to the node;
2) Ciphertext data obtained by encrypting the two-dimensional data and security index obtained by encrypting the initial indexUploading to a cloud storage system;
3) When two-dimensional data is queried, the query condition is expressed as a trapdoor circular vector T = (1,x, y, z, x) 2 +y 2 -z 2 ) T Generating an initial trap door, wherein (x, y) is the center of a circle corresponding to the query condition, and z is the radius of the circle corresponding to the query condition;
4) Encrypting the initial trapdoor into a secure trapdoorAnd uploading the data to a cloud storage system so that the cloud storage system indexes according to the securityAnd a safety trap doorInquiring the encrypted data to obtain ciphertext inquiry data; wherein the cloud storage system indexes according to securityAnd a safety trapDoor with a door panelInquiring the encrypted data to obtain ciphertext inquiry data, comprising the following steps:
starting a search from a root node of the SS tree;
for any non-leaf node in the SS tree: in thatIf the result of (1) is not greater than zero, searching the child nodes of the non-leaf node; in thatIf the result of (d) is greater than zero, ignoring the child nodes of the non-leaf node;
for any leaf node in the SS tree: in thatIf the result is not greater than zero, the data contained in the leaf node is used as ciphertext query data; in thatIf the result of (1) is greater than zero, then ignoring the non-leaf node;
5) And receiving and decrypting the ciphertext query data to obtain a two-dimensional data set required by query.
2. The method of claim 1, wherein the encryption method of the data is an SMS4 encryption algorithm or an AES256 encryption algorithm.
3. The method of claim 1, wherein the encryption method of the initial index is a matrix encryption algorithm.
4. A storage medium having a computer program stored thereon, wherein the computer program is arranged to, when executed, perform the method according to any of claims 1-3.
5. An electronic device comprising a memory having a computer program stored therein and a processor configured to run the computer to perform the method of any of claims 1-3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911237131.0A CN111026754B (en) | 2019-12-05 | 2019-12-05 | Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911237131.0A CN111026754B (en) | 2019-12-05 | 2019-12-05 | Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111026754A CN111026754A (en) | 2020-04-17 |
CN111026754B true CN111026754B (en) | 2022-12-02 |
Family
ID=70204367
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911237131.0A Active CN111026754B (en) | 2019-12-05 | 2019-12-05 | Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111026754B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103440280A (en) * | 2013-08-13 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Retrieval method and device applied to massive spatial data retrieval |
CN105791283A (en) * | 2016-02-29 | 2016-07-20 | 电子科技大学 | Circle range search method specific to encrypted spatial data |
CN107169114A (en) * | 2017-05-12 | 2017-09-15 | 东北大学 | A kind of mass data multidimensional ordering searching method |
CN108388807A (en) * | 2018-02-28 | 2018-08-10 | 华南理工大学 | It is a kind of that the multiple key sequence that efficiently can verify that of preference search and Boolean Search is supported to can search for encryption method |
CN109815730A (en) * | 2018-12-29 | 2019-05-28 | 中国科学院软件研究所 | It is a kind of support skyline inquire can search for encryption method and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11341128B2 (en) * | 2015-11-12 | 2022-05-24 | Sap Se | Poly-logarithmic range queries on encrypted data |
-
2019
- 2019-12-05 CN CN201911237131.0A patent/CN111026754B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103440280A (en) * | 2013-08-13 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Retrieval method and device applied to massive spatial data retrieval |
CN105791283A (en) * | 2016-02-29 | 2016-07-20 | 电子科技大学 | Circle range search method specific to encrypted spatial data |
CN107169114A (en) * | 2017-05-12 | 2017-09-15 | 东北大学 | A kind of mass data multidimensional ordering searching method |
CN108388807A (en) * | 2018-02-28 | 2018-08-10 | 华南理工大学 | It is a kind of that the multiple key sequence that efficiently can verify that of preference search and Boolean Search is supported to can search for encryption method |
CN109815730A (en) * | 2018-12-29 | 2019-05-28 | 中国科学院软件研究所 | It is a kind of support skyline inquire can search for encryption method and system |
Non-Patent Citations (1)
Title |
---|
基于相似查询树的快速密文检索方法;田雪等;《软件学报》;20160121;第27卷(第6期);第1-11页 * |
Also Published As
Publication number | Publication date |
---|---|
CN111026754A (en) | 2020-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Pasupuleti et al. | An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing | |
Poh et al. | Searchable symmetric encryption: Designs and challenges | |
CN108494768B (en) | Ciphertext searching method and system supporting access control | |
Salam et al. | Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage | |
CN103955537A (en) | Method and system for designing searchable encrypted cloud disc with fuzzy semantics | |
CN112270006A (en) | Searchable encryption method for hiding search mode and access mode in e-commerce platform | |
Egorov et al. | ZeroDB white paper | |
US11082205B2 (en) | Methods for securing data | |
CN103970889A (en) | Security cloud disc for Chinese and English keyword fuzzy search | |
CN106934301A (en) | A kind of safely outsourced data processing method of relevant database for supporting ciphertext data manipulation | |
CN109739945A (en) | A kind of multi-key word ciphertext ordering searching method based on hybrid index | |
Abduljabbar et al. | Privacy-preserving image retrieval in IoT-cloud | |
CN110110550B (en) | Searchable encryption method and system supporting cloud storage | |
CN109740378B (en) | Security pair index structure resisting keyword privacy disclosure and retrieval method thereof | |
Kabir et al. | A dynamic searchable encryption scheme for secure cloud server operation reserving multi-keyword ranked search | |
CN106874379B (en) | Ciphertext cloud storage-oriented multi-dimensional interval retrieval method and system | |
JP6879311B2 (en) | Message transmission system, communication terminal, server device, message transmission method, and program | |
CN112948903A (en) | Secret state search technical architecture and method for big data storage | |
CN111026754B (en) | Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device | |
EP2775420A1 (en) | Semantic search over encrypted data | |
CN116760840A (en) | Efficient data sharing method based on block chain | |
Yan et al. | Secure and efficient big data deduplication in fog computing | |
WO2019178792A1 (en) | Ciphertext search method and system supporting access control | |
CN113132345B (en) | Agent privacy set intersection method with searchable function | |
CN109582818B (en) | Music library cloud retrieval method based on searchable encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |