CN111026754B - Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device - Google Patents

Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device Download PDF

Info

Publication number
CN111026754B
CN111026754B CN201911237131.0A CN201911237131A CN111026754B CN 111026754 B CN111026754 B CN 111026754B CN 201911237131 A CN201911237131 A CN 201911237131A CN 111026754 B CN111026754 B CN 111026754B
Authority
CN
China
Prior art keywords
data
index
query
storage system
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911237131.0A
Other languages
Chinese (zh)
Other versions
CN111026754A (en
Inventor
迟佳琳
周礼亮
李涛
乔文昇
李�昊
张敏
冯登国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
CETC 10 Research Institute
Original Assignee
Institute of Software of CAS
CETC 10 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS, CETC 10 Research Institute filed Critical Institute of Software of CAS
Priority to CN201911237131.0A priority Critical patent/CN111026754B/en
Publication of CN111026754A publication Critical patent/CN111026754A/en
Application granted granted Critical
Publication of CN111026754B publication Critical patent/CN111026754B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2264Multidimensional index structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computational Linguistics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a safe and efficient circular range uploading and inquiring method, a corresponding storage medium and an electronic device. The invention constructs an index for a two-dimensional data set by using the SS tree, and provides a safe and efficient circular intersection judging method. The method comprises a plurality of clients and a cloud storage system, wherein the clients are connected with the cloud storage system through a network respectively.

Description

Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a safe and efficient circular range data uploading and querying method, a corresponding storage medium and an electronic device.
Background
With the rapid development of network technologies and communication devices, more and more data are stored in the cloud storage system. However, data privacy issues have become one of the main reasons that hinder outsourced storage of data. After the data is stored in the cloud storage system, a data owner loses direct control over the data, and the data in the cloud storage system faces the threat of external network attack, so that confidential information can be leaked. A simple method is to encrypt sensitive data and upload the encrypted sensitive data to a cloud storage system, and when data needs to be queried, all ciphertext data are downloaded to the local, and then are retrieved after being decrypted. Obviously, the process is extremely inefficient, has high requirements on the storage capacity and the computing capacity of the client, and is not suitable for a big data application scenario.
A circular area query is a commonly used type of query based on two-dimensional data (e.g., geographic location, etc.), where the query condition is a circular area, and the query result is the two-dimensional data in the area. Currently, a secure retrieval method supporting circular range query is mainly based on predicate encryption technology (for example, wang, b., li, m., wang, h., & Li, h.circular range search on encrypted specific data. In CNS, pp.182-190 (2015) and Wang, b., li, m., & Wang, h.geographic range search on encrypted specific data. Tifs,11 (4), pp.704-719 (2016)), but the method has low query efficiency.
Chinese patent application CN201610113032.1 discloses a circular range search method for encrypted spatial data, which generates a search token according to a target circular range and uploads the search token to a cloud server, wherein the search token comprises two squares respectively inscribed and circumscribed with the target circular range. And the cloud server searches according to the search token to obtain an intermediate search result and sends the intermediate search result to the trusted third party, the trusted third party filters the intermediate search result to obtain a final search result, and the final search result is encrypted again and then sent to the user. The method needs multi-party participation, and the query efficiency is still low.
In a tree structured query, a similar search tree (SS tree, white, d.a., & Jain, r.family indexing with the SS-tree. In ICDE, pp.516-523 (1996)) improves the R tree by representing the shape of the region with a bounding circle instead of a minimum bounding rectangle, improving the performance of the nearest neighbor query. However, there is no description of applying SS trees to ciphertext cloud storage system queries.
Therefore, a safe and efficient round range query method and system are designed and realized, and the method and system are very important for improving the confidentiality and the usability of the ciphertext cloud storage system.
Disclosure of Invention
In view of the above problem, the present invention provides a safe and efficient circular range data uploading and querying method, a corresponding storage medium, and an electronic device. The invention constructs an index for a two-dimensional data set by using an SS tree, and provides a safe and efficient circular range data uploading and inquiring method, a corresponding storage medium and an electronic device. Based on the method, the cloud storage system can quickly search the SS tree, effectively protect the two-dimensional data and the privacy of the query condition, and meanwhile, realize the round range query of the mass ciphertext two-dimensional data.
In order to achieve the purpose, the invention adopts the following technical scheme:
a safe and efficient circular range data uploading method for clients is suitable for a network consisting of a plurality of clients and a cloud storage system, and comprises the following steps:
1) Constructing data into SS tree indexes, representing each node of the SS tree as an index circular vector, and generating an initial index;
2) And uploading ciphertext data obtained by encrypting the data and a security index obtained by encrypting the initial index to a cloud storage system.
Further, the index circular vector I = (a) 2 +b 2 -c 2 ,-2a,-2b,-2c,1) T And (a, b) is the circle center of the circle corresponding to the node, and c is the radius of the circle corresponding to the node.
Further, the encryption method of the data is an SMS4 encryption algorithm or an AES256 encryption algorithm.
Further, the encryption method of the initial index is a matrix encryption algorithm.
A safe and efficient round range data query method for clients is suitable for a network consisting of a plurality of clients and a cloud storage system, and comprises the following steps:
1) Expressing the query condition as a trapdoor circular vector, encrypting the generated initial trapdoor into a security trapdoor, uploading the security trapdoor to a cloud storage system, and querying data uploaded by the method by the cloud storage system according to the security index and the security trapdoor to obtain ciphertext query data;
2) And receiving the ciphertext query data, and decrypting to obtain the required data.
Further, the trapdoor circular vector T = (1, x, y, z, x) 2 +y 2 -z 2 ) T And (x, y) is the center of the circle corresponding to the query condition, and z is the radius of the circle corresponding to the query condition.
Further, the step of querying the ciphertext query data comprises:
1) Starting a search from a root node of the SS tree;
2) If a certain non-leaf node of the SS tree is intersected with the query condition, continuing to search child nodes of the SS tree, otherwise, stopping searching the branch;
3) And if a certain leaf node of the SS tree is intersected with the query condition, returning ciphertext query data contained in the certain leaf node to the client, otherwise, ignoring the leaf node.
Further, the intersection with the query condition means
Figure BDA0002305183050000031
Wherein
Figure BDA0002305183050000032
In order to construct a vector for the security index,
Figure BDA0002305183050000033
and constructing a vector for the safety trapdoor.
A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the above method when executed.
An electronic device comprising a memory and a processor, wherein the memory stores a program for performing the steps of the above method.
Compared with the existing data query method, the method has the following advantages:
the invention simultaneously ensures the confidentiality and the availability of the sensitive data, and can search the data on the premise of not decrypting the ciphertext data through a safe retrieval technology. When data are uploaded, a data owner additionally constructs a security index for sensitive data, and ciphertext data and the security index are stored in a cloud storage system together. When data is queried, a data searcher constructs a security trapdoor for a query condition and sends the security trapdoor to the cloud storage system. And then, the cloud storage system searches by using the security index and the security trapdoor, and returns the ciphertext data meeting the query condition to the data searcher. The process does not reveal the content of sensitive data and query conditions, and most of the computing work is done by the cloud storage system.
Drawings
FIG. 1 is a diagram of a scenario for secure and efficient round range querying in accordance with the present invention;
FIG. 2 is a system block diagram of the safe and efficient round range query of the present invention;
FIG. 3 is a flow diagram of the secure index construction for the secure and efficient round-range query of the present invention;
FIG. 4 is a query flow diagram of the secure and efficient round-range query of the present invention;
fig. 5 is an SS tree constructed in an embodiment of the present invention.
Detailed Description
The features of the various aspects of the present invention are described in detail below with reference to the attached drawing figures, but do not limit the scope of the invention in any way.
The round range query method based on the SS tree is realized through a client and a cloud storage system, and comprises the following steps of:
1. the client side respectively generates a key for encrypting and decrypting the two-dimensional data and a key for encrypting the initial index and the initial trapdoor;
preferably, the client can perform encryption and decryption operations on the two-dimensional data by using any secure and reliable encryption algorithm, such as SMS4, AES256 and the like.
Preferably, the client may perform an encryption operation on the initial index and the initial trapdoor by using any encryption algorithm that keeps the vector inner product positive and negative, such as a matrix encryption algorithm.
2. The client constructs an SS tree index for the two-dimensional data set, where each node corresponds to a circle.
3. And the client represents each node of the SS tree in a vector form and generates an initial index.
Preferably, the circle corresponding to the node has a center (a, b) and a radius c, and a vector I is constructed according to a, b, and c:
I=(a 2 +b 2 -c 2 ,-2a,-2b,-2c,1) T
4. and the client side encrypts each vector in the initial index respectively to generate a security index.
5. And the client side encrypts each two-dimensional data respectively and then sends the ciphertext two-dimensional data and the safety cable to the cloud storage system.
6. When two-dimensional data in a certain circular area needs to be queried, a client represents a query condition in a vector form, and an initial trapdoor is generated.
Preferably, the center of the circle corresponding to the query condition is (x, y), the radius is z, and the vector Q is constructed according to x, y, z:
T=(1,x,y,z,x 2 +y 2 -z 2 ) T
7. and encrypting the initial trapdoor by the client to obtain the safe trapdoor.
8. And the client sends the security trapdoor to the cloud storage system.
9. After receiving the security trap door, the cloud storage system uses the security index and the security trap door to search. The searching process is the same as that of the SS tree, starting from a root node, if a certain non-leaf node is intersected with the query condition, continuing to search the child node, and otherwise, stopping searching the branch; if a certain leaf node is intersected with the query condition, returning the ciphertext two-dimensional data contained in the certain leaf node to the client, otherwise, ignoring the leaf node.
Preferably, (a-x) if the circle corresponding to the node (circle center (a, b), radius c) intersects with the circle corresponding to the query condition (circle center (x, y), radius z) 2 +(b-y) 2 ≤(c+z) 2 . In particular, the amount of the solvent to be used,
I·T=(a 2 +b 2 -c 2 )-2ax-2by-2cz+(x 2 +y 2 -z 2 )=(a-x) 2 +(b-y) 2 -(c+z) 2
if it is used
Figure BDA0002305183050000041
The node intersects the query condition, otherwise it does not. Wherein
Figure BDA0002305183050000042
In order to construct a vector for the security index,
Figure BDA0002305183050000043
and constructing a vector for the safety trap door.
10. And the client decrypts the ciphertext two-dimensional data sent by the cloud storage system.
The round range query system based on the SS tree comprises a plurality of clients and a cloud storage system, wherein the clients are respectively connected with the cloud storage system through a network, each client comprises a security module, an index operation module and a trapdoor operation module, the cloud storage system comprises a query server and a ciphertext storage server, and the round range query system comprises:
the security module is mainly used for performing encryption and decryption operations on the two-dimensional data and performing encryption operations on the initial index and the initial trap door;
the index operation module is mainly used for constructing an SS tree and generating an initial index, and after the two-dimensional data and the initial index are encrypted by the security module, the two-dimensional data of the ciphertext and the security index are initiated and sent to the cloud storage system;
the trapdoor operation module is mainly used for generating an initial trapdoor, and after the initial trapdoor is encrypted by the security module, the security trapdoor is sent to the cloud storage system;
the query server is mainly used for storing the security index, performing query operation by using the security index and the security trapdoor, and sending an identifier id corresponding to the two-dimensional data meeting the query condition to the ciphertext storage server;
the ciphertext storage server is mainly used for storing the ciphertext two-dimensional data and returning the ciphertext two-dimensional data corresponding to the identification id sent by the query server to the client.
Further, the security module comprises a two-dimensional data encryption and decryption component and an index trapdoor encryption component, wherein:
the two-dimensional data encryption and decryption component is mainly used for generating a key and related parameters required by the encryption and decryption of the two-dimensional data, and encrypting and decrypting the two-dimensional data needing the encryption and decryption operation;
the index trapdoor encryption component is mainly used for generating keys and related parameters required by encrypting the initial index and the initial trapdoor and encrypting the initial index and the initial trapdoor which need to be encrypted.
Further, the index operation module in turn comprises an index tree construction component, an initial index construction component, and a transmission component, wherein:
the index tree construction component is mainly used for constructing an SS tree for a two-dimensional data set;
the initial index construction component mainly represents each node of the SS tree generated by the index tree construction component into a vector form to generate an initial index;
the transmission component is mainly used for sending the encrypted ciphertext two-dimensional data, the security index and other information of the security module to the cloud storage system.
Further, the trapdoor operating module in turn comprises an initial trapdoor construction assembly and a transport assembly, wherein:
the initial trapdoor construction component is mainly used for constructing an initial trapdoor for a query condition;
the transmission component is mainly used for sending the security trap door encrypted by the security module to the cloud storage system.
As shown in fig. 1, the method involves a user, a cloud storage system:
1. the user: and the user submits the ciphertext two-dimensional data and the security index to a cloud storage system for the owner and the searcher of the data, and generates the security trapdoor for the query condition during query.
The cloud storage system comprises: the cloud storage system comprises an inquiry server and a ciphertext storage server, the inquiry server sends an identification id corresponding to the two-dimensional data meeting the inquiry condition to the ciphertext storage server, and then the ciphertext storage server returns the ciphertext two-dimensional data corresponding to the identification id to the client, so that ciphertext two-dimensional data, safety index storage service and ciphertext retrieval service are provided for a user.
The structure of the safe and efficient circular range uploading and querying system provided by the invention is shown in fig. 2, and comprises a cloud storage system and a plurality of clients which are connected through a network. The cloud storage system comprises a query server and a ciphertext storage server, and each client comprises a security module, an index operation module and a trapdoor operation module. The security module comprises a two-dimensional data encryption and decryption component and an index trapdoor encryption component; the index operation module comprises an index tree construction component, an initial index construction component and a transmission component; the trapdoor operating module comprises an initial trapdoor construction assembly and a transmission assembly.
The safe and efficient circular range uploading and inquiring method provided by the invention comprises three core scenes:
1. system initialization
The client generates a key and associated parameters for the encryption and decryption operations. The encryption and decryption of the two-dimensional data can use any safe and reliable encryption algorithm, such as SMS4, AES256 and the like; the encryption initial index and the initial trapdoor can use any encryption algorithm that keeps the vector inner product positive and negative, such as a matrix encryption algorithm and the like.
2. Safety index structure
The flow of the security index construction of the present invention is shown in FIG. 3. In particular, the amount of the solvent to be used,
1. the client constructs an SS tree index for the two-dimensional data set.
2. And the client represents each node of the SS tree in a vector form and generates an initial index. Assuming that the circle center of a circle corresponding to a certain node is (a, b) and the radius is c, constructing a vector I according to the a, b and c:
I=(a 2 +b 2 -c 2 ,-2a,-2b,-2c,1) T
3. the client side encrypts each vector I in the initial index respectively to generate a safety index
Figure BDA0002305183050000061
4. And the client side encrypts each two-dimensional data respectively and then sends the ciphertext two-dimensional data and the safety cable to the cloud storage system.
3. Circular range query
The query flow of the present invention is shown in fig. 4. In particular, the amount of the solvent to be used,
1. the client represents the query condition in a vector form to generate an initial trap door. Assuming that the circle center of the circle corresponding to the query condition is (x, y) and the radius is z, constructing a vector Q according to the x, y and z:
T=(1,x,y,z,x 2 +y 2 -z 2 ) T
2. the client encrypts the initial trap door T to obtain a safe trap door
Figure BDA0002305183050000062
3. And the client sends the security trapdoor to the cloud storage system.
4. After the cloud storage system receives the security trap door, the security index is searched from the root node. For non-leaf nodes, if
Figure BDA0002305183050000063
Continuing to search the child nodes, otherwise stopping searching the branch; for leaf node, if
Figure BDA0002305183050000064
Returning the ciphertext two-dimensional data contained in the node to the client, otherwise ignoring the node。
5. And the client decrypts the ciphertext two-dimensional data sent by the cloud storage system.
The following is an embodiment of the present invention.
In this embodiment, the two-dimensional data to be uploaded is 4: { p 1 =(0,2),p 2 =(2,0),p 3 =(4,5),p 4 =(6,3)}。
The flow of this embodiment is as follows:
1. the client generates keys and related parameters for the AES256 encryption algorithm and the matrix encryption algorithm, respectively.
2. As shown in fig. 5, the client constructs an SS tree index for the two-dimensional data set, with an out-degree of the tree of 2. Specifically, the method comprises the following steps:
the root node root contains data of p 1 =(0,2),p 2 =(2,0),p 3 =(4,5),p 4 = (6, 3) }, the circle center of the corresponding circle is (3, 2), and the radius is 3.2;
the data contained in node A is { p } 1 =(0,2),p 2 = (2, 0) }, the center of the corresponding circle is (1, 1), and the radius is 1.5;
the data contained in the node B is { p } 3 =(4,5),p 4 = (6, 3) }, the circle center of the corresponding circle is (5, 4), and the radius is 1.5;
the data contained in node a is { p } 1 = (0, 2) }, the circle center of the corresponding circle is (0, 2), and the radius is 0;
the node b contains data of { p } 2 = (2, 0) }, the circle center of the corresponding circle is (2, 0), and the radius is 0;
the data contained in node c is { p } 3 = (4, 5) }, the circle center of the corresponding circle is (4, 5), and the radius is 0;
the data contained in node d is { p } 4 = (6, 3) }, the center of the corresponding circle is (6, 3), and the radius is 0.
3. And the client represents each node of the SS tree in a vector form to generate an initial index. Specifically, the method comprises the following steps:
constructing a vector I for root node root root =(2.76,-6,-4,-6.4,1) T
Constructing a vector I for node A A =(-0.25,-2,-2,-3,1) T
Constructing a vector I for a node B B =(38.75,-10,-8,-3,1) T
Constructing vector I for node a a =(4,0,-4,0,1) T
Constructing a vector I for node b b =(4,-4,0,0,1) T
Constructing vector I for node c c =(41,-8,-10,0,1) T
Constructing vector I for node d d =(45,-12,-6,0,1) T
4. The client side respectively encrypts each vector I in the initial index by using a matrix encryption algorithm root ,I A ,I B ,I a ,I b ,I c ,I d Generating a secure index
Figure BDA0002305183050000071
5. And the client encrypts the two-dimensional data respectively by using an AES256 encryption algorithm, and then sends the ciphertext two-dimensional data and the safety cable to the cloud storage system.
6. Assuming that the query condition is a circle with a circle center of (3, 3) and a radius of 2.5, the client represents the query condition in a vector form to generate an initial trapdoor T = (1, 3,2.5, 11.75) T
7. The client encrypts the initial trapdoor T to obtain a safe trapdoor
Figure BDA0002305183050000081
8. And the client sends the security trapdoor to the cloud storage system.
9. After the cloud storage system receives the security trap door, the security index is searched from the root node. Specifically, the method comprises the following steps:
for root node root, calculation is carried out to obtain
Figure BDA0002305183050000082
Then continue searching for its child nodes;
for node A, the calculation results in
Figure BDA0002305183050000083
Then continue searching for its child nodes;
for the leaf node a, calculation is carried out to obtain
Figure BDA0002305183050000084
The leaf node is ignored;
for the leaf node b, the calculation results in
Figure BDA0002305183050000085
The leaf node is ignored;
for the node B, the calculation is obtained
Figure BDA0002305183050000086
Then continue searching for its child nodes;
for the leaf node c, calculation is carried out to obtain
Figure BDA0002305183050000087
C contains data p 3 The need to be returned to the client;
for leaf node d, calculation is carried out to obtain
Figure BDA0002305183050000088
The leaf node is ignored.
In summary, the query result is { p } 3 And returning the ciphertext to the client by the cloud storage system.
10. The client decrypts the result returned by the cloud storage system to obtain { p 3 =(4,5)}。
The present invention has been described in detail by way of the form expression and the embodiment, but the specific implementation form of the present invention is not limited thereto. Various obvious changes and modifications can be made therein by one skilled in the art without departing from the spirit and principles of the process of the invention. The protection scope of the present invention shall be subject to the claims.

Claims (5)

1. A safe and efficient round range data query method for clients is suitable for a network consisting of a plurality of clients and a cloud storage system, and comprises the following steps:
1) When two-dimensional data are uploaded, an SS tree index is constructed for the two-dimensional data set, each node of the SS tree is represented as an index circular vector, and an initial index is generated; wherein the index circular vector I = (a) 2 +b 2 -c 2 ,-2a,-2b,-2c,1) T The (a, b) is the center of the circle corresponding to the node, and the c is the radius of the circle corresponding to the node;
2) Ciphertext data obtained by encrypting the two-dimensional data and security index obtained by encrypting the initial index
Figure FDA00038325238800000110
Uploading to a cloud storage system;
3) When two-dimensional data is queried, the query condition is expressed as a trapdoor circular vector T = (1,x, y, z, x) 2 +y 2 -z 2 ) T Generating an initial trap door, wherein (x, y) is the center of a circle corresponding to the query condition, and z is the radius of the circle corresponding to the query condition;
4) Encrypting the initial trapdoor into a secure trapdoor
Figure FDA0003832523880000011
And uploading the data to a cloud storage system so that the cloud storage system indexes according to the security
Figure FDA0003832523880000012
And a safety trap door
Figure FDA0003832523880000013
Inquiring the encrypted data to obtain ciphertext inquiry data; wherein the cloud storage system indexes according to security
Figure FDA0003832523880000014
And a safety trapDoor with a door panel
Figure FDA0003832523880000015
Inquiring the encrypted data to obtain ciphertext inquiry data, comprising the following steps:
starting a search from a root node of the SS tree;
for any non-leaf node in the SS tree: in that
Figure FDA0003832523880000016
If the result of (1) is not greater than zero, searching the child nodes of the non-leaf node; in that
Figure FDA0003832523880000017
If the result of (d) is greater than zero, ignoring the child nodes of the non-leaf node;
for any leaf node in the SS tree: in that
Figure FDA0003832523880000018
If the result is not greater than zero, the data contained in the leaf node is used as ciphertext query data; in that
Figure FDA0003832523880000019
If the result of (1) is greater than zero, then ignoring the non-leaf node;
5) And receiving and decrypting the ciphertext query data to obtain a two-dimensional data set required by query.
2. The method of claim 1, wherein the encryption method of the data is an SMS4 encryption algorithm or an AES256 encryption algorithm.
3. The method of claim 1, wherein the encryption method of the initial index is a matrix encryption algorithm.
4. A storage medium having a computer program stored thereon, wherein the computer program is arranged to, when executed, perform the method according to any of claims 1-3.
5. An electronic device comprising a memory having a computer program stored therein and a processor configured to run the computer to perform the method of any of claims 1-3.
CN201911237131.0A 2019-12-05 2019-12-05 Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device Active CN111026754B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911237131.0A CN111026754B (en) 2019-12-05 2019-12-05 Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911237131.0A CN111026754B (en) 2019-12-05 2019-12-05 Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device

Publications (2)

Publication Number Publication Date
CN111026754A CN111026754A (en) 2020-04-17
CN111026754B true CN111026754B (en) 2022-12-02

Family

ID=70204367

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911237131.0A Active CN111026754B (en) 2019-12-05 2019-12-05 Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device

Country Status (1)

Country Link
CN (1) CN111026754B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103440280A (en) * 2013-08-13 2013-12-11 江苏华大天益电力科技有限公司 Retrieval method and device applied to massive spatial data retrieval
CN105791283A (en) * 2016-02-29 2016-07-20 电子科技大学 Circle range search method specific to encrypted spatial data
CN107169114A (en) * 2017-05-12 2017-09-15 东北大学 A kind of mass data multidimensional ordering searching method
CN108388807A (en) * 2018-02-28 2018-08-10 华南理工大学 It is a kind of that the multiple key sequence that efficiently can verify that of preference search and Boolean Search is supported to can search for encryption method
CN109815730A (en) * 2018-12-29 2019-05-28 中国科学院软件研究所 It is a kind of support skyline inquire can search for encryption method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11341128B2 (en) * 2015-11-12 2022-05-24 Sap Se Poly-logarithmic range queries on encrypted data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103440280A (en) * 2013-08-13 2013-12-11 江苏华大天益电力科技有限公司 Retrieval method and device applied to massive spatial data retrieval
CN105791283A (en) * 2016-02-29 2016-07-20 电子科技大学 Circle range search method specific to encrypted spatial data
CN107169114A (en) * 2017-05-12 2017-09-15 东北大学 A kind of mass data multidimensional ordering searching method
CN108388807A (en) * 2018-02-28 2018-08-10 华南理工大学 It is a kind of that the multiple key sequence that efficiently can verify that of preference search and Boolean Search is supported to can search for encryption method
CN109815730A (en) * 2018-12-29 2019-05-28 中国科学院软件研究所 It is a kind of support skyline inquire can search for encryption method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于相似查询树的快速密文检索方法;田雪等;《软件学报》;20160121;第27卷(第6期);第1-11页 *

Also Published As

Publication number Publication date
CN111026754A (en) 2020-04-17

Similar Documents

Publication Publication Date Title
Pasupuleti et al. An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing
Poh et al. Searchable symmetric encryption: Designs and challenges
CN108494768B (en) Ciphertext searching method and system supporting access control
Salam et al. Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage
CN103955537A (en) Method and system for designing searchable encrypted cloud disc with fuzzy semantics
CN112270006A (en) Searchable encryption method for hiding search mode and access mode in e-commerce platform
Egorov et al. ZeroDB white paper
US11082205B2 (en) Methods for securing data
CN103970889A (en) Security cloud disc for Chinese and English keyword fuzzy search
CN106934301A (en) A kind of safely outsourced data processing method of relevant database for supporting ciphertext data manipulation
CN109739945A (en) A kind of multi-key word ciphertext ordering searching method based on hybrid index
Abduljabbar et al. Privacy-preserving image retrieval in IoT-cloud
CN110110550B (en) Searchable encryption method and system supporting cloud storage
CN109740378B (en) Security pair index structure resisting keyword privacy disclosure and retrieval method thereof
Kabir et al. A dynamic searchable encryption scheme for secure cloud server operation reserving multi-keyword ranked search
CN106874379B (en) Ciphertext cloud storage-oriented multi-dimensional interval retrieval method and system
JP6879311B2 (en) Message transmission system, communication terminal, server device, message transmission method, and program
CN112948903A (en) Secret state search technical architecture and method for big data storage
CN111026754B (en) Safe and efficient circular range data uploading and querying method, corresponding storage medium and electronic device
EP2775420A1 (en) Semantic search over encrypted data
CN116760840A (en) Efficient data sharing method based on block chain
Yan et al. Secure and efficient big data deduplication in fog computing
WO2019178792A1 (en) Ciphertext search method and system supporting access control
CN113132345B (en) Agent privacy set intersection method with searchable function
CN109582818B (en) Music library cloud retrieval method based on searchable encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant