CN113722366B - Safety data retrieval method based on careless ciphertext inverted index - Google Patents

Safety data retrieval method based on careless ciphertext inverted index Download PDF

Info

Publication number
CN113722366B
CN113722366B CN202111072425.XA CN202111072425A CN113722366B CN 113722366 B CN113722366 B CN 113722366B CN 202111072425 A CN202111072425 A CN 202111072425A CN 113722366 B CN113722366 B CN 113722366B
Authority
CN
China
Prior art keywords
leaf
tree
triplet
nodes
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111072425.XA
Other languages
Chinese (zh)
Other versions
CN113722366A (en
Inventor
吴志强
蔡竹斌
李文军
李睿
张经宇
郑少莹
王进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha University of Science and Technology
Original Assignee
Changsha University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha University of Science and Technology filed Critical Changsha University of Science and Technology
Priority to CN202111072425.XA priority Critical patent/CN113722366B/en
Publication of CN113722366A publication Critical patent/CN113722366A/en
Application granted granted Critical
Publication of CN113722366B publication Critical patent/CN113722366B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24552Database cache management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a secure data retrieval method based on careless ciphertext inverted index, which comprises the following steps: step 1, constructing an unintentional ciphertext inverted index; step 2, writing the data into an unintentional ciphertext inverted index; step 3, searching cloud data according to a communication protocol, wherein step 1 comprises the following steps: the method comprises the steps of constructing an ORAM tree of a cloud inadvertent random access tree, constructing a user side buffer and constructing a user side keyword hash table, wherein the cloud inadvertent random access tree is used for storing ciphertext inverted indexes, and the user side buffer and the user side keyword hash table are used for temporarily storing data; the step 2 comprises the following steps: and writing the data in the user side buffer area into an ORAM tree path of the cloud through an eviction operation.

Description

Safety data retrieval method based on careless ciphertext inverted index
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a security data retrieval method based on an inadvertent ciphertext inverted index, which can be applied to a security cloud computing network.
Background
For inexpensive storage resources, many enterprises outsource sensitive data to cloud servers. Users typically employ a dynamically searchable encryption (Dynamic Searchable Encryption, DSE) scheme to encrypt data to protect personal privacy. DSEs provide efficient encrypted data search, data update services while protecting users' sensitive information, such as files and queried content. DSEs typically achieve excellent query and update efficiency at the cost of leaky search mode and access mode. The search mode (SEARCH PATTERN) mainly refers to frequency privacy information generated by searching a certain keyword by a user, and the access mode (ACCESS PATTERN) mainly contains result privacy information searched by the user. However, a recent series of attacks has shown that data query privacy can be leveraged by hackers to reveal user sensitive data. The more queries that are initiated, the more leakage that is incurred, and in extreme cases even the cloud can be made aware of all user query information. The conventional method of hiding the search and access modes is to use an inadvertent random access machine (Oblivious Random ACCESS MACHINE, ORAM) technology, which is an encryption method of remote read-write data with relatively high overhead, and the search and access modes are not revealed by constantly changing the data storage locations and re-encrypting the accessed data when accessing the data. The direct use of ORAM to construct an inadvertent DSE scheme encounters new problems such as large client location Map (Position Map), multiple interactions with cloud servers per update, and high computational overhead.
Traditional inverted indexes can quickly map keywords into a set of keyword-file identifiers, i.e., mapping of file identifiers to keywords into keyword-to-file identifier mappings, keywords to a set of files. Typically inverted indexing can reduce the time to find from keywords. The inverted index needs to be combined with ORAM and other technologies to better protect the search mode and access mode.
The invention provides a secure data retrieval method based on careless ciphertext inverted index, which has the following advantages and technical effects: 1) The single round trip interaction is realized, and the user can obtain data or update data only by sending a request and receiving a response; 2) The strong forward and backward privacy is realized, and the search mode, the update mode and the operation type are not exposed in any data inquiry; 3) Support large-scale insertion and insertion efficiency is high.
Disclosure of Invention
The invention is realized by adopting the following technical scheme:
A secure data retrieval method based on careless ciphertext inverted index comprises the following steps: step 1, constructing an unintentional ciphertext inverted index; step 2, writing the data into an unintentional ciphertext inverted index; step 3, searching cloud data according to a communication protocol, wherein,
The step 1 comprises the following steps: the method comprises the steps of constructing an ORAM tree of a cloud inadvertent random access tree, constructing a user side buffer and constructing a user side keyword hash table, wherein the cloud inadvertent random access tree is used for storing ciphertext inverted indexes, and the user side buffer and the user side keyword hash table are used for temporarily storing data;
The step 2 comprises the following steps: and writing the data in the user side buffer area into an ORAM tree path of the cloud through an eviction operation.
The security data retrieval method based on the careless ciphertext inverted index comprises the following steps: the ORAM tree is an encrypted full binary tree, the ORAM tree with the height L has (2 L -1) nodes in total, each tree node stores Z triples (key, value, leaf), wherein (key, value) is a key value pair with fixed size, the stored data is derived from an encrypted inverted index, the value is called a data block, and leaf is a leaf identifier for identifying the path from a leaf node to a root node of the current triplet; in the ORAM tree, a path from a root node to any node is represented by a character string, from the root node, a left branch represents '0', a right branch represents '1', and a 01 character string formed by connecting paths represents a path; tree nodes in the ORAM tree are encoded according to the following rule, the root node is encoded as 0, the node encoded as x, the left child is encoded as (2x+1), and the right child is encoded as (2x+2); ORAM tree with height L can store Z (2 L -1) triples at most, and the leaf value ranges from (2 L-1 -1) to (2 L -2) according to the coding rule.
The security data retrieval method based on the careless ciphertext inverted index comprises the following steps: the user side keyword hash table refers to a data structure capable of mapping a keyword w into keyword information KI, and is denoted by ht, wherein the keyword information KI is composed of two parts, i.e., ki= (wLength, sCounter), wLength and sCounter, where wLength is the number of data blocks obtained by searching the keyword w, sCounter refers to the number of times the keyword w is searched and updated, and sCounter = sCounter +1 is executed every time the user searches or updates the keyword w, and is used for generating different pseudo random numbers.
The security data retrieval method based on the careless ciphertext inverted index comprises the following steps: the user end buffer area is a stateful hash table, a triplet (value, leaf) is stored according to a key, namely a triplet t is given, and the buffer area stores the triplet in the buffer area according to the key t.key; after an eviction operation, the state of the triplet is recorded in the buffer, i.e. whether the triplet is in the t.leaf to root path of the ORAM tree or in the buffer, and for any triplet t it exists either in the t.leaf to root path or in Stash.
The secure data retrieval method based on the careless ciphertext inverted index, wherein the expelling operation in the step 2 comprises the following steps:
Let x be an accessed leaf node identifier, P (x, j) denote the path from the root node to the j-th level node in the path from node x to the root, and for any triplet in any buffer, the triplet in the buffer that can be evicted to the cloud ORAM tree satisfies equation 1:
P(x,j)=P(triplet.leaf,j) (1)
Leaf calculation was performed: assuming that the result set of the key w after the inverted index processing is DB (w) = { id 1,id2,…,idr }, where each id is a file identifier, let F be a hash function with a key, Is the key of the user, c is sCounter in the hash table ht value of the key, and is used for recording the number of times the key w is searched and updated, and is marked as c=ht [ w ]. SCounter, and the ith file identifier id i meets the following principles: the key-file identifier pair (w, id i) is either uploaded to the path of leaf node x i to the root node or remains in the buffer, and leaf x i is calculated by equation 2:
Wherein the computed result token (w, i, c) is the leaf identifier for the search key-file identifier pair (w, id i), (2 L-1 -1) is the value of the first leaf identifier of the cloud ORAM tree, and (F k(w||i||c)%2L -1) is an integer value computed using the keyed hash function F and 2 L-1.
The secure data retrieval method based on the careless ciphertext inverted index, wherein the eviction operation in the step 2 comprises K nearest neighbor eviction:
step A, initializing a hash table pathNodes for storing tree nodes: defining a hash table pathNodes for temporarily storing tree node information to be uploaded to a cloud ORAM tree, wherein an index of the hash table is a character string formed by a path from a root node to a current node, and represents path information through which a corresponding node in the ORAM tree can be found;
step B, copying the triples in the buffer area into an ordered array, sorting the triples, and storing the triples in the buffer area at the user end in the ordered array, wherein the elements in the array are sorted according to leaves;
Step C, performing the following operations on paths corresponding to a group of leaf nodes from the bottom layer to the upper layer, wherein KNNEA is input as a group of leaf nodes leave= { x 1,x2,…,xr }, each leaf is a leaf, and the paths from r leaf nodes to the root node are corresponding;
Step D, searching K triples T nearest to the leaf in the array, and judging one by one, wherein the process description of searching the K triples T nearest to the leaf in the array is shown as step E, and the judging process description is shown as step F;
Step E, for a node N in a path, selecting a triplet in (Z+1) leaf less than or equal to the current leaf value from leaf to the left, and selecting a triplet in (Z+1) leaf greater than or equal to the current leaf value from leaf to the right, wherein a total of K= (2Z+1) nearest neighbor triples are selected from a user side buffer as node N candidate triples T;
Step F, determining whether the triplet can be uploaded to the tree node by judging whether the triplet meets the formula (1) in the eviction principle, namely comparing whether P (leaf, j) is equal to P (triplet, leaf, j), wherein j represents the number of layers from the bottommost layer of the tree to the topmost layer of the tree, namely j epsilon [ L,1], the number of layers is reduced by 1 after the nodes at the bottommost layer are filled, if the triplet can not be uploaded to the tree node, repeating the step to judge the next triplet, otherwise, continuing to judge whether pathNodes is full, if pathNodes is not full, storing the triplet in pathNodes, deleting the stored triplet from the ordered number group and the buffer area, and repeating the step until all triples in the K triples T are judged to be finished;
And G, encrypting pathNodes and uploading to the cloud.
The secure data retrieval method based on the careless ciphertext inverted index, wherein the eviction operation in the step 2 comprises a partition-based eviction operation:
Step A, sorting the triplets in the buffer area and the input group of leaf identifiers leave according to the size of the leaf value;
b, dividing the leaf identifier range into a group of partitions with fixed sizes, wherein the sizes of the partitions are powers of 2;
Step C, respectively distributing the triples and the reaves in the buffer areas to the corresponding subareas according to the leaf values to obtain a group of non-empty subareas and a group of non-empty paths;
Step D, initializing a hash table global variable pathNodes for storing tree nodes;
And E, executing the following operations on each non-space partition: invoking KNNEA * to evict the path of the triplet in the non-space partition to the corresponding non-space partition and saving in pathNodes, KNNEA * referring to performing data operations in the same manner as B, C, D, E, F steps in the K nearest neighbor eviction algorithm;
step F, calling KNNEA to expel the rest triples;
And G, encrypting pathNodes and uploading to the cloud.
The security data retrieval method based on the careless ciphertext inverted index comprises the following steps:
Step A, generating leaf identifiers, wherein a user creates a group of empty blocks for storing result data, the user generates a group of leaf identifiers leave through a token (w) method and sends the leaf identifiers leave to the cloud, the token (w) method generates a group of leaf identifiers leave through a leaf calculation method token (w, i, c) according to keyword information in a keyword hash table, wherein i refers to an ith keyword-file identifier, and c refers to the number of times the keyword w is searched and updated;
Step B, reading tree nodes, calling READPATHS (tree, { x 1,…,xr }) sub-method to read a group of tree nodes in the ORAM tree, taking a group of leaf identifiers leave= { x 1,…,xr } generated in the previous step as input, and returning the read tree nodes to a user; the READPATHS algorithm is specifically described as follows: a group of leaf identifiers { x 1,…,xr } are transmitted, all nodes in the paths from all leaf nodes to the root node are sequentially obtained according to the leaf identifiers and stored in a node set nodes, and finally a group of tree nodes are obtained;
C, reconstructing a leaf identifier, decrypting tree nodes read from the cloud to obtain triples stored in the nodes, storing the triples into a local buffer area according to keys, executing htw. sCounter +1 operation by a user every time search operation access w is executed, mapping the leaf identifier into a new random leaf identifier, generating a unique key value for each data block corresponding to the key by using a key (w, i) method by the user, and calculating and generating the new leaf identifier by using the key (w, i, C) method, wherein the value of the key (w, i) is equal to G (w||i), G is a pseudo-random function, and the value range of i is [1, htw ]. WLength ];
step D, expelling nodes, wherein a user acquires an identifier set from the acquired data block, wherein the identifier set is obtained by calling KNNEA an algorithm by the searched final result user, and the data in the buffer area are re-encrypted and expelled to the cloud;
And E, updating the nodes, wherein the cloud replaces the nodes in the original path with the new nodes.
Drawings
FIG. 1 is a diagram of an exemplary configuration of an OBI;
FIG. 2 is a flow chart of the KNNEA algorithm;
FIG. 3 is a flow chart of the PBEA algorithm;
fig. 4 is a flowchart of a search key.
Detailed Description
The following describes specific embodiments of the present invention in detail with reference to the drawings.
The following describes embodiments of the present invention in detail with reference to fig. 1-4.
The invention relates to both a user and a cloud server. And the user encrypts the private data, establishes an unintentional ciphertext inverted index for the private data, and stores the encrypted private data in the cloud server. And the user communicates with the cloud server through a specific communication protocol to realize private dynamic query data and dynamic update data. Assuming the user is trusted, the cloud server is "honest but curious". The cloud server can completely execute the user instruction, but can also try to illegally acquire the user private data.
The security data retrieval method based on the careless ciphertext inverted index relates to three aspects: the invention discloses a new ciphertext index structure, two methods for expelling data and a communication protocol, wherein the ciphertext index structure specifically refers to an careless ciphertext inverted index, the two methods for expelling data specifically refer to two algorithms for writing data into the careless ciphertext inverted index, and the communication protocol specifically refers to a protocol READANDREPLACE for reading and writing data in the whole communication process. The method proposed by the invention is described in detail in three parts: 1. constructing an unintentional ciphertext inverted index; 2. writing data into an unintentional ciphertext inverted index through an eviction algorithm; 3. and reading and writing data according to the communication protocol.
1. Construction of careless ciphertext inverted index
The inadvertent ciphertext inverted index (Oblivious inverted Index, OBI for short) of the present invention is an encrypted data structure that includes three sub-data storage structures and a communication protocol. The three sub-structures are: a cloud unintentional random access tree (ORAM tree), a client key hash table (ht), and a client buffer (Stash). The cloud unintentional random access tree is used for storing ciphertext inverted indexes, and the user side buffer area and the user side keyword hash table are used for temporarily storing data.
The ORAM tree is an encrypted full binary tree, each non-leaf node has two child nodes, each node is either encrypted or null, and the ORAM tree with the height L has (2 L -1) nodes in total. Each tree node has a total of Z triples (keys, values), where (keys, values) are fixed-size key-value pairs, whose stored data is derived from the encrypted inverted index. The value is referred to as a data block, leaf is a leaf identifier that identifies the path of the leaf node to the root node where the current triplet is located. In the ORAM tree, a path from a root node to any node can be represented by a character string, from the root node, a left branch represents '0', a right branch represents '1', and a 01 character string formed by connecting paths represents a path. Tree nodes in the ORAM tree are encoded according to the following rule, the root node is encoded as 0, the node encoded as x, the left child is encoded as (2x+1), and the right child is encoded as (2x+2). ORAM tree with height L can store Z (2 L -1) triples at most, and the leaf value ranges from (2 L-1 -1) to (2 L -2) according to the coding rule.
The client-side keyword hash table refers to a data structure capable of mapping a keyword w into keyword information (Keyword Information, abbreviated as KI), wherein the keyword information KI consists of two parts of wLength and sCounter, namely ki= (wLength, sCounter), wherein wLength is the number of data blocks obtained by searching the keyword w, sCounter refers to the number of times the keyword w is searched and updated, and sCounter = sCounter +1 is executed every time the user searches or updates w, and the method is used for generating different pseudo random numbers.
The client buffer is a stateful hash table, and stores a triplet (key, value, leaf) according to a key, that is, a triplet t is given, and the buffer stores the triplet in the buffer according to the key t. After an eviction operation, the state of the triplet is recorded in the buffer, i.e. whether the triplet is in the t.leaf to root path of the ORAM tree or in the buffer. For any triplet t, it exists either in the t.leaf to root path or in the buffer Stash.
FIG. 1 is an example of the construction of an OBI, which includes an ORAM tree of the cloud, a hash table of the client, and a buffer. The ORAM tree node stores an encryption result obtained by the right inverted index processing, and a dotted line indicates that the inverted index exists only logically. Examples include two files of identifiers 50 and 52, three keywords { a, b, c } being included in the file of identifier 50, two keywords { a, b } being included in the file of identifier 52, whereby an inverted index shown on the right side of fig. 1 can be established, a corresponding to the two files 50 and 52, c corresponding to one file 50, b corresponding to the two files 52 and 50, a keyword-file identifier set DB (a) = { (a, 50), (a, 52) }, DB (b) = { (b, 50), (b, 52) }, DB (c) = { (c, 50) }, one file { (a, 50), (b, 50), (c, 50) } being made up of three keyword-identifier pairs corresponding to 50, one file { (a, 52), (b, 52) }, OBI being placed in the nodes of the orttree, wherein (a, 50) is placed in the path of values of (a, 50) being placed in the path of (10, leaf values. In order to obtain the result corresponding to the keyword a, the user needs to calculate the leaves {8,10} in advance, then call the communication protocol READANDREPLACE ({ 8,10 }) in the third step, read the nodes on the two paths with the leaf values of 8 and 10 to decrypt locally and obtain data, and upload the nodes to replace the nodes of the original path after shuffling, and specifically adopt the communication protocol in the third step.
2. Expelling algorithm
The eviction operation in the invention refers to an algorithm for writing data in a user side buffer area into paths from a plurality of leaves of a cloud ORAM tree to tree roots, and aims to reduce the space occupied by data stored in the user side. The eviction operations in the present invention may be used to insert, search, and modify data in large volumes. When the eviction operation is executed, more triples can be stored because the nodes at the bottom layer of the cloud tree are more than the nodes at the top layer, so that the triples evicted from the user side buffer area are stored from the bottom layer of the tree, namely the leaf nodes of the tree.
The eviction algorithm described in the present invention needs to satisfy the following conditions. Let x be an accessed leaf node identifier and P (x, j) denote the path from the root node to the j-th level node in the path from node x to the root. For any triplet in any buffer, the triplet in the buffer that can be evicted to the cloud ORAM tree satisfies the following equation:
P(x,j)=P(triplet.leaf,j) (1)
the leaf calculation method according to the present invention is to calculate a leaf value for executing a communication protocol READANDREPLACE ({ x 1,x2,…,xr }), which is described in detail below.
Assume that the result set obtained by reverse indexing the keyword w is DB (w) = { id 1,id2,…,idr }, where each id is a file identifier. Let F be a keyed hash function,Is the key of the user, c is sCounter in the key hash table ht value, and is used to record the number of times the key w is searched and updated, denoted as c=ht [ w ]. SCounter. The i-th file identifier id i satisfies the following principle: the key-file identifier pair (w, id i) is either uploaded to the path of leaf node x i to the root node or remains in the buffer, and leaf x i can be calculated by the following formula:
Wherein the computed result token (w, i, c) is the leaf identifier for the search key-file identifier pair (w, id i), (2 L-1 -1) is the value of the first leaf identifier of the cloud ORAM tree, and (F k(w||i||c)%2L -1) is an integer value computed using the keyed hash function F and 2 L-1.
The eviction operations described in the present invention include use of two multi-path eviction algorithms, specifically a K nearest neighbor eviction algorithm (K-Nearest Neighbor Eviction Algorithm, KNNEA) and a Partition-based eviction algorithm (Partition-Based Eviction Algorithm, PBEA).
The K nearest neighbor eviction algorithm is a multipath eviction algorithm, and when the algorithm is executed, triples in a user side buffer area can be evicted into r paths of the cloud ORAM tree, and the algorithm is suitable for a smaller result set. KNNEA the main idea is to select Z evictions from the K nearest neighbor triples into the tree node without having to scan the entire buffer to select the triples. As shown in fig. 2, the K nearest neighbor eviction algorithm proposed by the present invention is specifically described below.
Step A, initializing hash table pathNodes for storing tree nodes. A hash table pathNodes is defined for temporarily storing the tree node information to be uploaded to the cloud ORAM tree later, and the index (path information) is a character string formed by the path from the root node to the current node, and represents a piece of path information, so that the corresponding node in the ORAM tree can be found directly through the path information.
And B, copying the triples in the buffer area to an ordered array locally at the user terminal. The triples are sorted, and the triples in the client buffer are initially stored in an ordered array whose elements are sorted by leaf.
And C, carrying out the following operation on the paths corresponding to a group of leaves leave from the bottom layer to the upper layer. KNNEA is input as a set of leaf nodes leave= { x 1,x2,…,xr }, each leaf is leaf, and r paths from leaf nodes to root nodes can be corresponding, namely x 1-to-root,x2-to-root,…,xr -to-root, KNNEA adopt a bottom-up strategy to expel triplets of a user side buffer into the above r paths.
And D, searching K triples T nearest to the leaf in the array, and judging one by one. The process of searching K triples T nearest to leaf in the array is described as step E, and the judging process is described as step F.
And E, for the node N in one path, selecting a triplet in (Z+1) leaf less than or equal to the current leaf value from leaf to the left, and selecting a triplet in (Z+1) leaf greater than or equal to the current leaf value from leaf to the right, wherein a total of K= (2Z+1) nearest neighbor triples are selected from the user side buffer as node N candidate triples T, wherein one leaf identifier corresponding to the node N is leaf.
Step F, determining whether the triplet can be uploaded to the tree node by judging whether the triplet meets the formula (1) in the eviction principle, namely comparing whether P (leaf, j) is equal to P (triple. Leaf, j), wherein j represents the number of layers from the bottommost layer (root) of the tree to the topmost layer of the tree, namely j E [ L,1], and the number of layers is reduced by one after the nodes of the bottommost layer are filled. If the triplet cannot be uploaded to the tree node, the step is repeated to judge the next triplet, otherwise, whether pathNodes is full is continuously judged, if pathNodes is not full, the triplet is stored in pathNodes, and KNNEA deletes the stored triplet from the ordered stack and the buffer. And repeating the step until all triples in the selected K triples T are judged.
And G, encrypting pathNodes and uploading to the cloud, wherein the encryption algorithm is random symmetric encryption of the private key. The private key random symmetric encryption is a symmetric encryption algorithm, a user has a private key, and the user introduces a globally-increased counter to plaintext data to be encrypted each time so as to ensure that ciphertext after each encryption is a unique value.
The partition-based eviction algorithm is also a multipath eviction algorithm, and is suitable for evicting triples of a large number of buffers to a cloud path and inserting a large number of files. As shown in FIG. 3, the partition-based eviction algorithm proposed by the present invention is described in detail below.
Step A, sorting the triplets in the buffer and the input set of leaf identifiers leave by the size of the leaf value.
And B, dividing the leaf identifier range into a group of partition sections with fixed sizes. When the amount of data to be processed is large, the core idea of the PBEA algorithm is to divide the leaf identifier range into a set of fixed-size partitions whose size is an integer power of 2, i.e. partition size size=2 c. The leaf identifier leaf has a value ranging from (2 L-1 -1) to (2 L -2), and this interval can be divided into a set of fixed-size partitions, typically with size set to size=2 16.
And C, distributing the ordered triplets and the leaf identifiers in the step A to the corresponding partitions according to the leaf values to obtain a group of non-space partitions and a group of paths of the non-space partitions.
Step D, initialize a hash table global variable pathNodes for storing tree nodes, which need to be stored multiple times. Similar to step A in KNNEA, pathNodes is used to temporarily save tree node information that is subsequently uploaded into the cloud ORAM tree.
And E, executing the following operation on each partition in the parts. The KNNEA * algorithm is invoked to find out that the triplet to be evicted is saved in pathNodes, where the difference between the KNNEA * algorithm and KNNEA algorithm is that KNNEA * evicts the triplet of the partition into the path of the partition, and KNNEA evicts the triplet of the entire buffer into the full path at once.
And F, calling KNNEA an algorithm to expel the remaining triples.
And G, encrypting pathNodes and uploading to the cloud.
3. The client performs data retrieval on the cloud unintentional random access tree ORAM tree through a communication protocol
The communication protocol described in the present invention is denoted READANDREPLACE ({ x 1,x2,…,xr }), where x i (i e [1, r ]) refers to a leaf identifier (leaf) generated by a user using a pseudo-random function. The method for searching the safety data provided by the invention is used for initializing the data and reading and writing the data in batches, and the communication protocol comprises four steps: 1) The cloud reads the path from the tree leaves of a group of ORAM tree to the tree root; 2) The user decrypts the path from each leaf to the root and writes it into the buffer, and further processing is performed. This process is performed locally, and the user-executable operations include: inserting new data into the buffer area, reading and writing data in batches and updating data in batches. 3) Evicting data using the two eviction algorithms KNNEA and PBEA; 4) The cloud replaces the original visited set of paths with the received nodes.
By adopting the communication protocol, the data is inserted into the careless ciphertext inverted index and is divided into four steps. Step 1) r random paths from leaves to tree roots are read, and all read values are written into a user buffer; step 2) initializing a triplet to be inserted, and writing the triplet into a user side buffer area; step 3) adopting the KNNEA and PBEA two expelling algorithms to expel the data in the user side buffer area to the cloud; 4) The cloud replaces the data in the original r paths of the cloud with the received data. In the process, for the cloud server, only the operation of reading and writing a group of tree root to leaf nodes is performed; for the user, he performs data decryption, encryption, reading, writing, shuffling, and eviction.
The method for searching the safety data is adopted to search the data, and the method is divided into five steps. Assuming that the Search keyword w is denoted as Search (w), the algorithm flow thereof is as shown in fig. 4, and is described in detail below.
And step A, generating a leaf identifier. The user creates a set of empty blocks for storing the result data. The user generates a set of leaf identifiers leave by the token (w) method and sends to the cloud. The token (w) method generates a set of leaf identifiers leaves according to the key information in the key hash table using the leaf calculation method token (w, i, c) mentioned above, wherein i and c refer specifically to the number wLength of key-file identifier pairs in DB (w) and the number sCounter of times w is searched.
And B, reading the tree nodes. A call READPATHS (tree, { x 1,…,xr }) sub-method reads a set of tree nodes in the ORAM tree. The leaf identifiers leave generated in the previous step are used as input to return the read tree nodes to the user. The READPATHS algorithm is specifically described as follows: and a group of leaf identifiers { x 1,…,xr } are transmitted, all nodes in the paths from all leaf nodes to the root node are sequentially acquired according to the leaf identifiers and stored in a node set nodes, and finally a group of tree nodes is obtained.
And C, reconstructing the leaf identifier. And the user decrypts the tree node read from the cloud to obtain the triplet stored in the node, and stores the triplet into a local buffer area according to the key. The user performs related operation on the data in the local buffer area, when the user executes the search operation to access w, the user executes htw. sCounter +1 operation, the leaf identifier is correspondingly changed, and the leaf identifier is mapped into a new random leaf identifier. The user uses a key (w, i) method to generate a unique key value key for each data block corresponding to the key, calculates and generates a new leaf identifier through the key (w, i, c) method, calls READWRITESTASH (op, key, value, leaf) sub-methods to read and write data of a local buffer area, and the key (w, i) is equal to G (w I), wherein G is a pseudo-random function, and the value range of i is [1, ht [ w ]. WLength ]. The op in READWRITESTASH (op, key, value, leaf) algorithm indicates whether the type of operation performed is read or write, the key is a value generated by using the key (w, i) algorithm, the value indicates a value to be written or read, if a write operation is performed, a triplet (key, value, leaf) is written into the buffer according to the key, otherwise, if a read operation is performed, the value in the triplet is read according to the key, and the leaf value of the triplet in the buffer is replaced by a new leaf.
And D, expelling the node. The user obtains a set of identifiers from the retrieved data block, which is the final result of the search. The user invokes KNNEA an algorithm to re-encrypt and evict the data in the buffer to the cloud.
And E, updating the node. The cloud replaces the nodes in the original path with new nodes.
In the above steps, the cloud performs only a read set of random paths and write set of random paths operation. The expelling and encrypting of the data are completed at the user side. The last step of the search protocol may be packaged into the next query to implement a single round of communication protocol. The user only has to temporarily cache the tree nodes to be evicted.

Claims (2)

1. A secure data retrieval method based on careless ciphertext inverted index is characterized by comprising the following steps: step1, constructing an unintentional ciphertext inverted index; step 2, writing the data into an unintentional ciphertext inverted index; step 3, searching cloud data according to a communication protocol, wherein,
The step 1 comprises the following steps: the method comprises the steps of constructing an ORAM tree of a cloud inadvertent random access tree, constructing a user side buffer and constructing a user side keyword hash table, wherein the cloud inadvertent random access tree is used for storing ciphertext inverted indexes, and the user side buffer and the user side keyword hash table are used for temporarily storing data; wherein: the user side keyword hash table refers to a data structure capable of mapping a keyword w into keyword information KI, and is represented by ht, wherein the keyword information KI is composed of wLength and sCounter parts, namely ki= (wLength, sCounter), wherein wLength is the number of data blocks obtained by searching the keyword w, sCounter refers to the number of times the keyword w is searched and updated, and sCounter = sCounter +1 is executed every time the user searches or updates the keyword w, and is used for generating different pseudo random numbers;
the step 2 comprises the following steps: writing the data in the user buffer area into an ORAM tree path of the cloud through an eviction operation;
The user side buffer area is a stateful hash table, a triplet (value, leaf) is stored according to a key, the leaf is a leaf identifier, namely a triplet t is given, and the buffer area stores the triplet in the buffer area according to the key t.key; after an eviction operation, the state of the triplet is recorded in the buffer, i.e. whether the triplet is in the path from t.leaf to root of the ORAM tree or in the buffer, and for any triplet t, it exists either in the path from t.leaf to root or in the client buffer Stash;
The eviction operation in step2 comprises:
Let x be an accessed leaf node identifier, P (x, j) denote the path from the root node to the j-th level node in the path from node x to the root, and for any triplet in any buffer, the triplet in the buffer that can be evicted to the cloud ORAM tree satisfies equation 1:
P(x,j)=P(triplet.leaf,j) (1)
Leaf calculation was performed: assuming that the result set obtained by reverse index processing of the keyword w is DB (w) = { id 1,id2,…,idr }, wherein each id is a file identifier, F is a hash function with a key, k is a key of a user, c is sCounter in the hash table ht value of the keyword, and is used for recording the number of times the keyword w is searched and updated, and is recorded as c=ht [ w ]. SCounter, and the ith file identifier id i satisfies the following principles: the key-file identifier pair (w, id i) is either uploaded to the path of leaf node x i to the root node or remains in the buffer, and leaf x i is calculated by equation 2:
Wherein the computed result token (w, i, c) is a leaf identifier for retrieving the keyword-file identifier pair (w, id i), (2 L-1 -1) is a value of the first leaf identifier of the cloud ORAM tree, (F k(w||i||c)%2L-1) is an integer value obtained by computing a value and 2 L-1 remainders by using the hash function F with a key, and L is the height of the ORAM tree;
Wherein the eviction operation in step2 comprises a K nearest neighbor eviction:
step A, initializing a hash table pathNodes for storing tree nodes: defining a hash table pathNodes for temporarily storing tree node information to be uploaded to a cloud ORAM tree, wherein an index of the hash table is a character string formed by a path from a root node to a current node, and represents path information through which a corresponding node in the ORAM tree can be found;
step B, copying the triples in the buffer area into an ordered array, sorting the triples, and storing the triples in the buffer area at the user end in the ordered array, wherein the elements in the array are sorted according to leaves;
Step C, performing the following operations on a path corresponding to a group of leaf nodes from the bottom layer to the upper layer, wherein the input of the K nearest neighbor eviction algorithm KNNEA is a group of leaf nodes leave= { x 1,x2,…,xr }, each leaf is a leaf, and the path from the corresponding r leaf nodes to the root node;
Step D, searching K triples T nearest to the leaf in the array, and judging one by one, wherein the process description of searching the K triples T nearest to the leaf in the array is shown as step E, and the judging process description is shown as step F;
Step E, for a node N in a path, selecting a triplet in (Z+1) leaf less than or equal to the current leaf value from leaf to the left, and selecting a triplet in (Z+1) leaf greater than or equal to the current leaf value from leaf to the right, wherein a total of K= (2Z+1) nearest neighbor triples are selected from a user side buffer as node N candidate triples T;
Step F, determining whether the triplet can be uploaded to the tree node by judging whether the triplet meets the formula (1) in the eviction principle, namely comparing whether P (leaf, j) is equal to P (triplet, leaf, j), wherein j represents the number of layers from the bottommost layer of the tree to the topmost layer of the tree, namely j epsilon [ L,1], the number of layers is reduced by 1 after the nodes at the bottommost layer are filled, if the triplet can not be uploaded to the tree node, repeating the step to judge the next triplet, otherwise, continuing to judge whether pathNodes is full, if pathNodes is not full, storing the triplet in pathNodes, deleting the stored triplet from the ordered number group and the buffer area, and repeating the step until all triples in the K triples T are judged to be finished;
step G, encrypting pathNodes and uploading to the cloud;
The eviction operation in step 2 comprises a partition-based eviction operation:
Step A, sorting the triplets in the buffer area and the input group of leaf identifiers leave according to the size of the leaf value;
b, dividing the leaf identifier range into a group of partitions with fixed sizes, wherein the sizes of the partitions are powers of 2;
Step C, respectively distributing the triples and the reaves in the buffer areas to the corresponding subareas according to the leaf values to obtain a group of non-empty subareas and a group of non-empty paths;
Step D, initializing a hash table global variable pathNodes for storing tree nodes;
And E, executing the following operations on each non-space partition: invoking KNNEA * to evict the path of the triplet in the non-space partition to the corresponding non-space partition and saving in pathNodes, KNNEA * referring to performing data operations in the same manner as B, C, D, E, F steps in the K nearest neighbor eviction algorithm;
step F, calling KNNEA to expel the rest triples;
step G, encrypting pathNodes and uploading to the cloud;
Wherein step 3 comprises:
Step A, generating leaf identifiers, wherein a user creates a group of empty blocks for storing result data, the user generates a group of leaf identifiers leave through a token (w) method and sends the leaf identifiers leave to the cloud, the token (w) method generates a group of leaf identifiers leave through a leaf calculation method token (w, i, c) according to keyword information in a keyword hash table, wherein i refers to an ith keyword-file identifier, and c refers to the number of times the keyword w is searched and updated;
step B, reading tree nodes, calling READPATHS (tree, { x 1,…,xr }) sub-method to read a group of tree nodes in the ORAM tree, taking a group of leaf identifiers leave= { x 1,…,xr } generated in the previous step as input, and returning the read tree nodes to a user; the ReadPath algorithm is specifically described as follows: a group of leaf identifiers { x 1,…,xr } are transmitted, all nodes in the paths from all leaf nodes to the root node are sequentially obtained according to the leaf identifiers and stored in a node set nodes, and finally a group of tree nodes are obtained;
C, reconstructing a leaf identifier, decrypting tree nodes read from the cloud to obtain triples stored in the nodes, storing the triples into a local buffer area according to keys, executing htw. sCounter +1 operation by a user every time search operation access w is executed, mapping the leaf identifier into a new random leaf identifier, generating a unique key value for each data block corresponding to the key by using a key (w, i) method by the user, and calculating and generating the new leaf identifier by using the key (w, i, C) method, wherein the value of the key (w, i) is equal to G (w||i), G is a pseudo-random function, and the value range of i is [1, htw ]. WLength ];
step D, expelling nodes, wherein a user acquires an identifier set from the acquired data block, wherein the identifier set is obtained by calling KNNEA an algorithm by the searched final result user, and the data in the buffer area are re-encrypted and expelled to the cloud;
And E, updating the nodes, wherein the cloud replaces the nodes in the original path with the new nodes.
2. The method for secure data retrieval based on careless ciphertext inverted index of claim 1, wherein: the ORAM tree is an encrypted full binary tree, the ORAM tree with the height L has (2 L -1) nodes in total, each tree node stores Z triples (key, value, leaf), wherein (key, value) is a key value pair with fixed size, the stored data is derived from an encrypted inverted index, the value is called a data block, and leaf is a leaf identifier for identifying the path from a leaf node to a root node of the current triplet; in the ORAM tree, a path from a root node to any node is represented by a character string, from the root node, a left branch represents '0', a right branch represents '1', and a 01 character string formed by connecting paths represents a path; tree nodes in the ORAM tree are encoded according to the following rule, the root node is encoded as 0, the node encoded as x, the left child is encoded as (2x+1), and the right child is encoded as (2x+2); ORAM tree with height L can store Z (2 L -1) triples at most, and the leaf value ranges from (2 L-1 -1) to (2 L -2) according to the coding rule.
CN202111072425.XA 2021-09-14 2021-09-14 Safety data retrieval method based on careless ciphertext inverted index Active CN113722366B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111072425.XA CN113722366B (en) 2021-09-14 2021-09-14 Safety data retrieval method based on careless ciphertext inverted index

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111072425.XA CN113722366B (en) 2021-09-14 2021-09-14 Safety data retrieval method based on careless ciphertext inverted index

Publications (2)

Publication Number Publication Date
CN113722366A CN113722366A (en) 2021-11-30
CN113722366B true CN113722366B (en) 2024-05-03

Family

ID=78683473

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111072425.XA Active CN113722366B (en) 2021-09-14 2021-09-14 Safety data retrieval method based on careless ciphertext inverted index

Country Status (1)

Country Link
CN (1) CN113722366B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117094037B (en) * 2023-10-16 2024-01-05 湘江实验室 Path+ORAM-based multipath cache write-back method and device and related equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104615692A (en) * 2015-01-23 2015-05-13 重庆邮电大学 Search encryption method supporting dynamic updating and multi-keyword safe ranking
CN107885705A (en) * 2017-10-09 2018-04-06 中国科学院信息工程研究所 A kind of efficiently expansible safe document similarity computational methods and device
CN109145079A (en) * 2018-07-24 2019-01-04 南京邮电大学 Cloud based on personal interest user model can search for encryption method
CN110837650A (en) * 2019-10-25 2020-02-25 华中科技大学 Cloud storage ORAM access system and method under untrusted network environment
US10740474B1 (en) * 2015-12-28 2020-08-11 Ionic Security Inc. Systems and methods for generation of secure indexes for cryptographically-secure queries
CN111639364A (en) * 2020-06-01 2020-09-08 浙江大学 Distributed efficient obfuscation method for cloud data access mode
CN112270006A (en) * 2020-11-02 2021-01-26 重庆邮电大学 Searchable encryption method for hiding search mode and access mode in e-commerce platform
CN113268458A (en) * 2021-05-24 2021-08-17 华中科技大学 Caching method and system based on cost-sensitive classification algorithm

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7707380B2 (en) * 2006-09-29 2010-04-27 Qimonda Ag Memories, method of storing data in memory and method of determining memory cell sector quality
US9015853B2 (en) * 2012-06-15 2015-04-21 The Regents Of The University Of California Concealing access patterns to electronic data storage for privacy

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104615692A (en) * 2015-01-23 2015-05-13 重庆邮电大学 Search encryption method supporting dynamic updating and multi-keyword safe ranking
US10740474B1 (en) * 2015-12-28 2020-08-11 Ionic Security Inc. Systems and methods for generation of secure indexes for cryptographically-secure queries
CN107885705A (en) * 2017-10-09 2018-04-06 中国科学院信息工程研究所 A kind of efficiently expansible safe document similarity computational methods and device
CN109145079A (en) * 2018-07-24 2019-01-04 南京邮电大学 Cloud based on personal interest user model can search for encryption method
CN110837650A (en) * 2019-10-25 2020-02-25 华中科技大学 Cloud storage ORAM access system and method under untrusted network environment
CN111639364A (en) * 2020-06-01 2020-09-08 浙江大学 Distributed efficient obfuscation method for cloud data access mode
CN112270006A (en) * 2020-11-02 2021-01-26 重庆邮电大学 Searchable encryption method for hiding search mode and access mode in e-commerce platform
CN113268458A (en) * 2021-05-24 2021-08-17 华中科技大学 Caching method and system based on cost-sensitive classification algorithm

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
OBI: a multi-path oblivious RAM for forward-and-backward-secure searchable encryption;Zhiqiang Wu 等;《Network and Distributed System Security (NDSS) Symposium》;20230303;1-16 *
Panagiotis Rizomiliotis 等.ORAM Based Forword Privacy Preserving Dynamic Searchable Symmetric Encryption Schemes.《CCSW'15:Proceedings of the 2015 ACM Workshop on cloud Computing Security Workshop》.2015,65-76. *
基于概念图的加密云数据语义检索方法研究;黄烽校;《中国优秀硕士学位论文全文数据库 信息科技辑》;20180315(第03期);I138-2294 *
强前后向安全的动态可搜索对称加密研究;李博;《中国优秀硕士学位论文全文数据库 信息科技辑》(第03期);I138-17 *
李博.强前后向安全的动态可搜索对称加密研究.《中国优秀硕士学位论文全文数据库 信息科技辑》.2021,(第03期),I138-17. *
用于防御AnC侧信道攻击的Cache布局设计;孙逸飞;《中国优秀硕士学位论文全文数据库 信息科技辑》;20200215(第02期);I138-199 *

Also Published As

Publication number Publication date
CN113722366A (en) 2021-11-30

Similar Documents

Publication Publication Date Title
Mayberry et al. Efficient private file retrieval by combining ORAM and PIR
Li et al. HybridORAM: Practical oblivious cloud storage with constant bandwidth
US10990617B2 (en) Method and system for searching encrypted data
Liu et al. NewMCOS: Towards a practical multi-cloud oblivious storage scheme
Hutflesz et al. Globally order preserving multidimensional linear hashing
US10229068B2 (en) Tunable oblivious RAM
CN110837650B (en) Cloud storage ORAM access system and method under untrusted network environment
Xie et al. Practical private shortest path computation based on oblivious storage
CN113722366B (en) Safety data retrieval method based on careless ciphertext inverted index
Liu et al. Eurus: Towards an efficient searchable symmetric encryption with size pattern protection
CN103414555A (en) Array key management method based on IO block encryption
Yan et al. Secure multi-keyword search supporting dynamic update and ranked retrieval
CN112231752A (en) Ciphertext insertion query deletion method without interactive frequency hiding
Sanchez-Artigas Toward efficient data access privacy in the cloud
Rizomiliotis et al. Simple forward and backward private searchable symmetric encryption schemes with constant number of roundtrips
Liu et al. An efficient oblivious random data access scheme in cloud computing
Zhang et al. S-oram: A segmentation-based oblivious ram
Al-Saleh et al. Radix path: A reduced bucket size oram for secure cloud storage
CN115238281A (en) Efficient side channel defense method based on hybrid ORAM
Li et al. Forward and backward secure searchable encryption scheme supporting conjunctive queries over bipartite graphs
Lin et al. Secure and privacy preserving outsourcing of tree structured data
Bacis et al. Distributed shuffle index in the cloud: Implementation and evaluation
CN113626836A (en) Symmetric searchable encryption method and system based on LSM
Huang et al. A secure and efficient privacy-preserving range query scheme in location-based services
Ma et al. Towards practical protection of data access pattern to cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant