CN118246041A - Encryption method, device and storage medium for preventing malicious data from being released - Google Patents

Encryption method, device and storage medium for preventing malicious data from being released Download PDF

Info

Publication number
CN118246041A
CN118246041A CN202410120980.2A CN202410120980A CN118246041A CN 118246041 A CN118246041 A CN 118246041A CN 202410120980 A CN202410120980 A CN 202410120980A CN 118246041 A CN118246041 A CN 118246041A
Authority
CN
China
Prior art keywords
file
list
user
ciphertext
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410120980.2A
Other languages
Chinese (zh)
Inventor
杨广华
秘倩
庄严
籍润泽
杨晓云
刘志强
张瑜
李锴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Systems Engineering of PLA Academy of Military Sciences
Original Assignee
Institute of Systems Engineering of PLA Academy of Military Sciences
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Systems Engineering of PLA Academy of Military Sciences filed Critical Institute of Systems Engineering of PLA Academy of Military Sciences
Priority to CN202410120980.2A priority Critical patent/CN118246041A/en
Publication of CN118246041A publication Critical patent/CN118246041A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Library & Information Science (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

An encryption method, an encryption device and a storage medium for preventing malicious data from being released are provided. The encryption method for preventing malicious data from being released comprises the following steps: initializing a plurality of lists by a system to generate a main public key and a main private key; the third party server acquires a plurality of attribute sets, generates a user private key of each user, and sends the user private key to a client of a user corresponding to the user private key; the method comprises the steps that a client acquires a file, a keyword, an access strategy, a main public key, a user private key and a database storage file which are input by a user, wherein the access strategy and the keyword are embedded in the file; the sterilizer determines whether the file is malicious data; in response to the sterilizer determining that the file is not malicious data: the client side stores the files and a plurality of lists based on the files, the keywords, the access policies, the master public key, the user private key, the database to generate identifiers, purifying ciphertext, updated file search tokens, file update tokens, identifier ciphertext and updated document quantity; the system stores the generated parameters in the corresponding list.

Description

Encryption method, device and storage medium for preventing malicious data from being released
Technical Field
The present disclosure relates to data security technologies, and in particular, to an encryption method, an encryption device, and a storage medium for preventing malicious data from being issued.
Background
Searchable encryption technology is an efficient way to support multiple users and large-scale data processing, allowing users to perform data processing operations on the data while protecting it. In order to realize fine-grained access control and searchability of a system at the same time, most of the current schemes combine an attribute-based encryption mechanism and a searchable encryption mechanism to realize data sharing on the cloud. The data sharing technology needs to search on the basis of ciphertext to ensure the security of data, and set access rights for users. The data user uploads the encrypted file to the server side for storage, and when the file is retrieved, the server side needs to determine the query file on the basis of the ciphertext, and the server side is semi-honest, so that information leakage should be controlled as much as possible in the process. A searchable encryption technique may be employed to address this problem. The searchable encryption techniques are divided into: (1) Symmetric Searchable Encryption (SSE), which uses tools such as pseudo-random function, hash algorithm, symmetric encryption algorithm, etc., has the advantages of high algorithm encryption efficiency and faster operation speed; (2) Public key searchable encryption (PEKS) is suitable for use in a multi-user system, and encryption algorithms are generally complex, but avoid establishing a secure channel between a sender and a receiver, and have high practicability. Fine-grained access control of user rights is typically implemented using attribute-based encryption, which is divided into: (1) Based on the attribute-based encryption (KP-ABE) of the key strategy, embedding the strategy into the key and the attribute into the ciphertext; (2) Based on the attribute-based encryption (CP-ABE) of ciphertext policies, the policies are embedded in the ciphertext and the attributes are embedded in the key.
Disclosure of Invention
It would be advantageous to provide a mechanism that alleviates, mitigates or even eliminates one or more of the above problems.
According to an aspect of the present disclosure, an encryption method for preventing malicious data from being published is provided and applied to an encryption system, the encryption system includes one or more clients, a server, a sterilizer and a third party server, and the encryption method includes: the system determines a pairing group, a plurality of group elements, a pseudo-random generator, and a random index; the system generates a master public key and a master private key based on the pairing group, the plurality of group elements, the pseudo-random generator and the random exponent; The system initializes a plurality of lists, the plurality of lists comprising: a first list for recording keyword keys and corresponding query times corresponding to keywords under specific rights, a second list for recording public and private key pairs of trapdoor functions corresponding to keywords under the corresponding rights of the accessed user, a third list for recording correspondence between access policies and user rights keys, a fourth list for recording the number of added documents and corresponding search tokens corresponding to keywords under the specific rights, a fifth list for recording the number of deleted documents and corresponding search tokens corresponding to keywords under the specific rights, a sixth list for recording the relationship between keywords and identifiers of added documents, a third list for recording the number of documents and corresponding search tokens, A seventh list for recording a relationship between the keyword and the identifier of the deleted file and an eighth list for recording a relationship between the identifier of the file and the ciphertext of the purified file, wherein the first list, the second list, the third list, the fourth list, and the fifth list are stored at one or more clients, and the sixth list, the seventh list, and the eighth list are stored at the server; The third party server acquires a plurality of attribute sets which are attribute sets met by a plurality of users respectively; the third party server randomly generates a plurality of random numbers, generates a user private key of each user based on a plurality of attribute sets, the plurality of random numbers, the main public key and the main private key, and sends the user private key to a client of a user corresponding to the user private key; a first client in one or more clients acquires a first file, a first keyword, a first access policy, a main public key, a first user private key and a first database which store the file, wherein the first file, the first keyword, the first access policy and the first keyword are input by a first user; the first client obtains a first ciphertext corresponding to the content main body part of the first file based on the content main body part of the first file, the first access policy, the main public key and the encryption algorithm; The sterilizer determines whether the first file is malicious data; in response to the sterilizer determining that the first file is not malicious data: the first client generates a first identifier, a first purification ciphertext, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document number based on the first ciphertext, the first keyword, the first access policy, the master public key, the first user private key, the first database storage file, and the plurality of lists; the first client stores the updated first file search tokens and the updated first document quantity into a fourth list of the first client; the first client sends a first identifier, a first purification ciphertext, a first file update token and a first identifier ciphertext to the server; and the server storing the first identifier and the first purified ciphertext into an eighth list and storing the first file update token and the first identifier ciphertext into a sixth list.
According to another aspect of the present disclosure, there is provided an encryption apparatus for preventing malicious data from being issued, applied to an encryption system including one or more clients, a server side, a sterilizer, and a third party server, the encryption apparatus comprising: a first module configured to determine a pairing group, a plurality of group elements, a pseudo-random generator, and a random index; a second module configured to generate a master public key and a master private key based on the pairing group, the plurality of group elements, the pseudo-random generator, and the random exponent; A third module configured to initialize a plurality of lists, the plurality of lists comprising: a first list for recording keyword keys and corresponding query times corresponding to keywords under specific rights, a second list for recording public and private key pairs of trapdoor functions corresponding to keywords under specific rights of accessed users, a third list for recording correspondence between access policies and user rights keys, a fourth list for recording the number of added documents and corresponding search tokens corresponding to keywords under specific rights, a fifth list for recording the number of deleted documents and corresponding search tokens corresponding to keywords under specific rights, a third list for recording the number of added documents and corresponding search tokens, A sixth list for recording a relationship between the keyword and the identifier of the added file, a seventh list for recording a relationship between the keyword and the identifier of the deleted file, and an eighth list for recording a relationship between the identifier of the file and the ciphertext of the purified file, wherein the first list, the second list, the third list, the fourth list, and the fifth list are stored at one or more clients, and the sixth list, the seventh list, and the eighth list are stored at the server; A fourth module configured to acquire a plurality of attribute sets, where the attribute sets are attribute sets that are satisfied by a plurality of users themselves, respectively; a fifth module configured to randomly generate a plurality of random numbers, generate a user private key of each user based on the plurality of attribute sets, the plurality of random numbers, the master public key and the master private key, and send the user private key to a client of a user corresponding to the user private key; a sixth module configured to obtain a first file, a first keyword, a first access policy, a master public key, a first user private key, and a first database storage file entered by a first user, wherein the first access policy and the first keyword are embedded in the first file; a seventh module configured to obtain a first ciphertext corresponding to the content body portion of the first file based on the content body portion of the first file, the first access policy, the master public key, and the encryption algorithm; an eighth module configured to determine whether the first file is malicious data; a ninth module configured to determine, in response to the eighth module, that the first file is not malicious data: generating a first identifier, a first purified ciphertext, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document number based on the first ciphertext, the first keyword, the first access policy, the master public key, the first user private key, the first database storage file, and the plurality of lists; storing the updated first file search token and the updated first document quantity into a fourth list of the first client; transmitting the first identifier, the first purification ciphertext, the first file update token and the first identifier ciphertext to a server side; And storing the first identifier and the first purified ciphertext into an eighth list, and storing the first file update token and the first identifier ciphertext into a sixth list.
According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having instructions stored thereon that, when executed by one or more processors of an encryption system including one or more clients, server-side, sterilizers, and third party servers, cause the encryption system to perform the above-described method.
These and other aspects of the disclosure will be apparent from and elucidated with reference to the embodiments described hereinafter.
Drawings
Further details, features and advantages of the present disclosure are disclosed in the following description of exemplary embodiments, with reference to the following drawings, wherein:
FIG. 1 is a schematic diagram illustrating an example system in which various methods described herein may be implemented, according to an example embodiment;
FIG. 2 is a flowchart illustrating an encryption method to protect against malicious data distribution in accordance with an example embodiment;
FIG. 3 is a flowchart illustrating a portion of a process of an encryption method for protecting against malicious data distribution in accordance with an illustrative embodiment;
FIG. 4 is a flowchart illustrating a portion of a process of an encryption method for protecting against malicious data distribution in accordance with an illustrative embodiment;
FIG. 5 is a flowchart illustrating a portion of a process of an encryption method for protecting against malicious data distribution in accordance with an illustrative embodiment;
FIG. 6 is a flowchart illustrating a portion of a process of an encryption method for protecting against malicious data distribution in accordance with an illustrative embodiment;
FIG. 7 is a flowchart illustrating a portion of a process of an encryption method for protecting against malicious data distribution in accordance with an illustrative embodiment;
FIG. 8 is a schematic block diagram illustrating an encryption apparatus protecting against malicious data distribution in accordance with an example embodiment;
FIG. 9 is a simulation result diagram illustrating file addition consumption time of an encryption method for protecting against malicious data distribution according to an exemplary embodiment;
fig. 10 is a simulation result diagram illustrating a keyword deletion consuming time of an encryption method for preventing malicious data distribution according to an exemplary embodiment;
FIG. 11 is a time comparison simulation result diagram illustrating different states of addition of keywords of an encryption method for protecting against malicious data distribution in accordance with an exemplary embodiment;
FIG. 12 is a simulation result diagram illustrating the time taken to query a file when a user of an encryption method for protecting against malicious data distribution satisfies different rights, according to an exemplary embodiment; and
Fig. 13 is a simulation result diagram illustrating storage costs of an added file of an encryption method for preventing malicious data distribution according to an exemplary embodiment.
Detailed Description
In the present disclosure, the use of the terms "first," "second," and the like to describe various elements is not intended to limit the positional relationship, timing relationship, or importance relationship of the elements, unless otherwise indicated, and such terms are merely used to distinguish one element from another. In some examples, a first element and a second element may refer to the same instance of the element, and in some cases, they may also refer to different instances based on the description of the context.
The terminology used in the description of the various illustrated examples in this disclosure is for the purpose of describing particular examples only and is not intended to be limiting. Unless the context clearly indicates otherwise, the elements may be one or more if the number of the elements is not specifically limited. As used herein, the term "plurality" means two or more, and the term "based on" should be interpreted as "based at least in part on". Furthermore, the term "and/or" and "at least one of … …" encompasses any and all possible combinations of the listed items.
As mentioned above, it has become a trend today to host data to the cloud, and more institutions have begun to store and manage their data in a cloud computing manner. With the continuous development and progress of cloud computing technology, the mechanism can use cloud storage and computing resources more flexibly, so that the service efficiency and competitiveness of the mechanism are improved. Meanwhile, the cloud storage can provide higher-level security and backup, and help the institutions to better protect data and business. The headquarters or departments of the large-scale organization are often not in the same city, and the business demands require frequent data exchange, so that the limitation of the geographic position can be well offset by uploading and storing the data to the cloud server. However, the cloud server is vulnerable to external network attacks and leaks a large amount of data. Therefore, in order to effectively protect data privacy, encrypted files are stored on a cloud server, while other institutions need to retrieve files on the basis of ciphertext. Searchable encryption technology supports multi-user and large-scale data processing that can allow users to update and query data while protecting it in terms of privacy and security, where public key searchable encryption is more secure but generally requires higher computational resources and time. Because a file may contain a large amount of encrypted content, different access rights should be added to the file for policy reasons. Since the data stored by the cloud server is dynamically changed, there is a risk of information leakage when data sharing is performed. Threat comes mainly from three aspects:
1) Threat from user: the data publisher does not have access policies embedded within a reasonable scope of rights as specified, resulting in all users being able to view the shared file. The user deliberately leaks the encryption key of the file, so that the group which does not meet the authority can decrypt the file to obtain the encrypted content.
2) Threat from file handling process: when a user updates and retrieves a file, the adversary may eavesdrop on the data revealed during the operation. When users inadvertently issue irrational update queries, additional information is revealed, and certain security is destroyed.
3) Threat from server: the presence of malicious servers is also contemplated, and ciphertext within such servers may be tampered with, and non-corresponding ciphertext may be returned.
Before introducing exemplary embodiments of the present disclosure, several terms used herein will first be explained.
1. Third party server: the confidentiality of the user key is maintained, the user key is a trusted third party organization, information leakage to any other organization is avoided, a unique key is generated for each user in the system, and the key is safely transmitted to the user.
2. Data publisher: and uploading the shared file to the server side, and flexibly setting access rules for the file. It is not excluded that in some cases the entity involved by the data publisher may be malicious, and malicious data publication may reveal the encryption key of the file to unauthorized illegal users. The data publisher may operate at the client.
3. A sterilizer: an application program for verifying and sterilizing and decontaminating documents. The sterilized and purified file can still be decrypted to obtain the original content body portion. The sterilizer only processes the content main body of the file, does not change the relation between the key words and the file identifier pairs, and the purified file is sent to the server side. The sterilizer may be operated at the client.
4. Data inquirer: keywords are used to query related files stored in the server side, and keywords contained in the files can be deleted. Only authorized users can decrypt the encrypted file. The data querier may operate at the client.
5. Server side: the data sent by the user and the sterilizer is stored, including encrypted file identifier list, file added keyword list, file deleted keyword list, etc.
Several parameters and their explanations herein are shown in table 1 below:
Parameters and meanings thereof as set forth in Table 1
Exemplary embodiments of the present disclosure are described in detail below with reference to the attached drawings.
FIG. 1 is a schematic diagram illustrating an example system in which various methods described herein may be implemented, according to an example embodiment.
Referring to fig. 1, the system 100 includes one or more clients 110, 140, and 150, a sterilizer 120, a server 130, and a third party server 160.
In some embodiments, one or more of clients 110, 140, and 150 may be any type of mobile computer device, including a mobile computer, a mobile phone, a wearable computer device (e.g., a smart watch, a head-mounted device, including smart glasses, etc.), or other type of mobile device. In some embodiments, one or more of clients 110, 140, and 150 may alternatively be a stationary computer device, such as a desktop, server computer, or other type of stationary computer device.
In some embodiments, the sterilizer 120 may operate on one or more clients 110, 140, and 150.
Server side 130 and third party server 160 are typically servers deployed by an Internet Service Provider (ISP) or Internet Content Provider (ICP). Server side 130 and third party server 160 may represent a single server, a cluster of multiple servers, a distributed system, or a server side that provides basic cloud services (such as cloud databases, cloud computing, cloud storage, cloud communication).
Fig. 2 is a flowchart illustrating an encryption method 200 of protecting against malicious data distribution according to an example embodiment. Method 200 may be performed at a client device (e.g., one or more clients 110, 140, and 150 shown in fig. 1), i.e., the subject of execution of the various steps of method 200 may be one or more clients 110, 140, and 150 shown in fig. 1. In some embodiments, the method 200 may be performed at a server (e.g., the server side 130 shown in fig. 1). In some embodiments, method 200 may be performed by a client device (e.g., one or more of clients 110, 140, and 150) and a server (e.g., server side 130) in combination. Hereinafter, each step of the method 200 is described in detail taking the execution subject as the client 110 (the data publisher client as shown in fig. 1) as an example.
Referring to fig. 2, fig. 2 is a flowchart illustrating an encryption method 200 of protecting against malicious data distribution according to an example embodiment.
The method 200 comprises the following steps:
Step S201, the system determines an pairing group, a plurality of group elements, a pseudo-random generator and a random index;
Step S202, the system generates a main public key and a main private key based on the pairing group, a plurality of group elements, a pseudo-random generator and a random exponent;
Step S203, initializing a plurality of lists by the system, wherein a first list, a second list, a third list, a fourth list and a fifth list are stored in one or more clients, and a sixth list, a seventh list and an eighth list are stored in a server;
Step S204, a third party server acquires a plurality of attribute sets, wherein the attribute sets are attribute sets which are met by a plurality of users respectively;
Step S205, a third party server randomly generates a plurality of random numbers, generates a user private key of each user based on a plurality of attribute sets, the plurality of random numbers, a main public key and a main private key, and sends the user private key to a client of a user corresponding to the user private key;
Step S206, a first client in the one or more clients acquires a first file, a first keyword, a first access policy, a main public key, a first user private key and a first database which store the file, wherein the first access policy and the first keyword are embedded in the first file;
step S207, the first client obtains a first ciphertext corresponding to the content main part of the first file based on the content main part of the first file, the first access policy, the master public key and the encryption algorithm;
step S208, the sterilizer determines whether the first file is malicious data;
Step S209, in response to the sterilizer determining that the first file is not malicious data, the first client generates a first identifier, a first purified ciphertext, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document quantity based on a first ciphertext, a first keyword, a first access policy, a master public key, a first user private key, a first database storage file, and a plurality of lists;
Step S210, the first client stores the updated first file search tokens and the updated first document quantity into a fourth list of the first client;
Step S211, the first client sends a first identifier, a first purification ciphertext, a first file update token and a first identifier ciphertext to the server; and
Step S212, the server side stores the first identifier and the first purified ciphertext into the eighth list, and stores the first file update token and the first identifier ciphertext into the sixth list.
In step S201, the system determines a pairing group, a plurality of group elements, a pseudo-random generator, and a random index. In an example, the system obtains the security parameter λ and the system attribute U and determines the pairing groupFromA plurality of group elements g, h 1,h2,…,hU, a pseudo-random generator PRG and a random index
In step S202, the system generates a master public key and a master private key based on the pairing group, the plurality of group elements, the pseudo-random generator, and the random exponent. In an example, the system is based on pairing groupsA plurality of group elements g, h 1,h2,…,hU, a pseudo-random generator PRG and random exponents a, alpha, beta generate a master public key mpk and a master private key msk, wherein
In step S203, the system initializes a plurality of lists, wherein the first list, the second list, the third list, the fourth list, and the fifth list are stored at one or more clients, and the sixth list, the seventh list, and the eighth list are stored at the server side 130. In an example, the system initializes 8 lists EDB ind,LatestKw,Trapdoorkey,AccK,Wadd,Wdel,Tadd and T del, a first list LatestK w, a second list Trapdoorkey, a third list Acck, a fourth list W add, The fifth list W del is stored at one or more clients, the sixth list EDB ind, the seventh list T add and the eighth list T del are stored at the server side 130, And wherein LatestK w records the keyword key K w corresponding to the keyword w under the specific authority and the corresponding query times T w; Trapdoorkey records public keys and private keys (PK, SK) of trapdoor sequences corresponding to the keyword w under the corresponding authority of the user; accK records the correspondence between the access control Policy and the user rights key Perk; w add records the number n w of the added documents corresponding to the keyword W under the specific authority and the corresponding search tokens ST; W del records the deleted document number n w corresponding to the keyword W under the specific authority and the corresponding search tokens ST; t add records the relationship between the keywords and the identifier ind of the added file; t del records the relationship between the keywords and the identifier ind of the deleted file; The EDB ind records the relationship between the file identifier ind and the purification file ciphertext CT'.
In step S204, the third party server obtains a plurality of attribute sets, where the attribute sets are attribute sets that are satisfied by the plurality of users themselves, respectively. In an example, the third party server 160 obtains three attribute sets S1, S2, and S3, where S1 is the attribute set satisfied by the first user himself, S2 is the attribute set satisfied by the second user herself, and S3 is the attribute set satisfied by the third user herself.
In step S205, the third party server randomly generates a plurality of random numbers, generates a user private key of each user based on the plurality of attribute sets, the plurality of random numbers, the master public key and the master private key, and sends the user private key to the client of the user corresponding to the user private key. In an example, for each user, the third party server 160 generates two random numbersAnd generates a corresponding user private key/>, based on the corresponding set of attributes S (i.e., S1 corresponds to the first user, S2 corresponds to the second user, and S3 corresponds to the third user), two random numbers t, t', a master public key mpk, and a master private key mskAnd sends the user private key sk S to the client of the user corresponding to the user private key.
In step S206, the first client 110 of the one or more clients obtains a first file, a first keyword, a first access policy, a master public key, a first user private key, and a first database store file that are input by the first user, wherein the first access policy and the first keyword are embedded in the first file. In an example, a first user of a first client 110 of the one or more clients is a data publisher, and the first client 110 obtains a first file, a first keyword w1, a first access Policy1, a master public key mpk, a first user private key sk S1, and a first database storage file that are input by the first user (i.e., the data publisher shown in fig. 1), wherein the first access Policy1 and the first keyword w1 are embedded in the first file.
In step S207, the first client 110 obtains a first ciphertext corresponding to the content body portion of the first file based on the content body portion of the first file, the first access policy, the master public key, and the encryption algorithm. In an example, the first client 110 obtains a first ciphertext CT1 Σ (Policy 1, M1, mpk) corresponding to the content body portion M1 of the first file based on the content body portion M1 of the first file, the first access Policy1, the master public key mpk, and the encryption algorithm SABE. In some examples, the first access policy needs to be converted into an LSSS access structure (X, ρ) by using a linear secret sharing scheme for security, where X is an mxn matrix, and since the access control policy may be converted into the LSSS access structure and random elements are randomly selected to construct the matrix, key parameters cannot be calculated even if an adversary steals the access control policy, so that the purpose of preventing data leakage can be achieved. The function ρ maps each line of X to a particular attribute, labeled ρ (i) ∈ { Att 1,…,AttU }, selects a vectorCalculate/>, for each row i of XSelecting encryption key of first fileAndObtain the first ciphertextWherein the method comprises the steps of C1=K·e(g,g)αs,C2=e(g,g)βs,D0=gsi=1,2,…,m。
In step S208, the sterilizer determines whether the first file is malicious data. In an example, the sterilizer selects two random elementsGenerating/> from mpkP is the set of attributes contained in the first access policy. Let i= { I: ρ (I) ∈s }, andIs a set of constants Σ i∈Iwiθi =s, calculated Only if the e (g, g) rs=e(D0,gr equation is satisfied, it is verified that the first user (i.e., the data publisher) encrypts the first file according to the prescribed access policy, the sterilizer determines that the first file is not malicious data, and step S209 is performed.
In response to the sterilizer determining that the first file is not malicious data, the first client 110 generates a first identifier, a first purified ciphertext, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document quantity based on the first ciphertext, the first key, the first access policy, the master public key, the first user private key, the first database storage file, and the plurality of lists at step S209. In an example, in response to the sterilizer determining that the first file is not malicious data, the first client 110 generates a first identifier ind1, a first purified ciphertext CT'1, an updated first file search token ST1 c+1, a first file update token UT1 c+1, a first identifier ciphertext e1, and an updated first document number n w1 based on the first ciphertext CT1, the first keyword w1, the first access Policy1, the master public key mpk, the first user private key sk S1, the first database storage file, and the plurality of lists.
In step S210, the first client 110 stores the updated first file search token and the updated first document quantity in the fourth list of the first client 110. In an example, the first client 110 stores the updated first file search token ST1 and the updated first document number n w1 into the fourth list W add of the first client 110.
In step S211, the first client 110 transmits the first identifier, the first purified ciphertext, the first file update token, and the first identifier ciphertext to the server side 130. In an example, the first client 110 sends the first identifier ind1, the first purified ciphertext CT'1, the first file update token UT1 c+1, and the first identifier ciphertext e1 to the server side 130.
In step S212, the server side stores the first identifier and the first purified ciphertext into the eighth list, and stores the first file update token and the first identifier ciphertext into the sixth list. In an example, the server side 130 stores the first identifier ind1 and the first purified ciphertext CT'1 into the eighth list EDB ind and stores the updated first file update token UT1 c+1 and the first identifier ciphertext e1 into the sixth list.
According to some embodiments, the first client 110 prohibits sending the first ciphertext to the server 130 in response to the sterilizer determining that the first file is malicious data.
In step S208, when e (g, g) rs=e(D0,gr is not satisfied, then the first user (i.e., the data publisher) does not encrypt the first file according to the prescribed access policy, the first user is an illegal user, the sterilizer determines that the first file is malicious data, and step S213 (not shown in fig. 2) is performed.
In step S213, in response to the sterilizer determining that the first file is malicious data, the first client 110 prohibits the transmission of the first ciphertext to the server 130. In some examples, the first client 110 prohibits sending the first ciphertext CT1 to the server 130 in response to the sterilizer determining that the first file is malicious data.
According to the embodiment of the disclosure, the access policy can be embedded into the shared file to realize fine granularity authority classification of the file during data release, the access policy of the file can be customized according to requirements, and shared storage, updating and classified query of the data can be realized; the sterilizer is constructed to prevent malicious data release, mainly revealing possibly crisis caused by sensitive information such as access control strategies, file encryption keys and the like, and verifies whether a data publisher embeds the access strategies of the files according to regulations, so that the purpose of preventing malicious data release is achieved.
Fig. 3 is a flowchart illustrating a portion of a process of an encryption method for protecting against malicious data distribution according to an example embodiment.
According to some embodiments, as shown in fig. 3, step S209 may include: step S310, the first client 110 queries whether the third list records the first access policy; step S320, in response to the first client 110 inquiring that the third list has recorded the first access policy, the first client 110 decrypts the portion corresponding to the first access policy in the third list by using the first user private key to obtain the first user authority key corresponding to the first access policy; step S330, the first client 110 generates a first purified ciphertext based on the first ciphertext through the sterilizer; and step S340, the first client 110 generates a first identifier, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document number based on the first purified ciphertext and the first user authority key.
Referring to fig. 3, in step S310, the first client 110 inquires whether the third list records the first access policy. In some examples, the first client 110 queries the third list AccK for a record of the first access Policy1.
In step S320, in response to the first client 110 querying that the third list has recorded the first access policy, the first client 110 decrypts the portion corresponding to the first access policy in the third list with the first user private key to obtain the first user permission key corresponding to the first access policy. In some examples, in response to the first client 110 querying that the third list Acck has recorded the first access Policy1, the first client 110 decrypts the portion of the third list AccK corresponding to the first access Policy1 using the first user private key sk S1 to obtain the first user rights key Perk1 corresponding to the first access Policy 1.
In step S330, the first client 110 generates a first purified ciphertext based on the first ciphertext through the sterilizer. In some examples, the first client 110 generates, by the sterilizer, a first purified ciphertext CT'1 based on the first ciphertext CT 1. In some examples, the first client 110 selects the vector through a sterilizerCalculationRandomly selected elementAnd an elementAs a purifying key of the file, obtain a purifying ciphertext WhereinV1=C1·e(g,g)αs,V2=C2·K'·e(g,g)βs',V3=D0·gs',
In step S340, the first client 110 generates a first identifier, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document number based on the first purified ciphertext and the first user rights key. In some examples, the first client 110 generates the first identifier ind1, the updated first file search token ST1 c+1, the first file update token UT1 c+1, the first identifier ciphertext e1, and the updated first document number n w1 based on the first purified ciphertext CT'1 and the first user rights key Perk.
Fig. 4 is a flowchart illustrating a portion of a process of an encryption method for protecting against malicious data distribution according to an exemplary embodiment.
According to some embodiments, as shown in fig. 4, step S209 may further include: step S410, in response to the first client 110 not querying that the third list has recorded the first access policy, waiting for obtaining the first user permission key; step S420, the first client 110 acquires the first user authority key; step S430, the first client 110 encrypts the first user authority key by embedding the attribute base into the first access policy, and stores the encrypted first user authority key in the third list of the first client 110; step S440, the first client 110 generates a first purified ciphertext based on the first ciphertext through the sterilizer; and step S450, the first client 110 generates a first identifier, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document number based on the first purified ciphertext and the first user authority key.
In step S410, in response to the first client 110 not querying that the third list has recorded the first access policy, it waits for the first user permission key to be acquired. In an example, in response to the first client 110 not querying that the third list AccK has recorded the first access Policy1, waiting for the first user permission key Perk1 to be obtained, i.e., waiting for the first user to input the first user permission key Perk1.
In step S420, the first client 110 acquires the first user authority key. In an example, the first client 110 obtains the first user rights key Perk1.
In step S430, the first client 110 encrypts the first user right key using the attribute base embedded in the first access policy and stores in the third list of the first client 110. In an example, the first client 110 encrypts the first user rights key Perk with the attribute-based embedded first access Policy1 and is stored in the third list AccK of the first client 110.
In step S440, the first client 110 generates a first purified ciphertext based on the first ciphertext through the sterilizer. In an example, the first client 110 generates, by the sterilizer, a first purified ciphertext CT'1 based on the first ciphertext CT 1. In some examples, the first client 110 selects the vector through a sterilizerCalculationRandomly selected elementAnd an elementAs a purification key for the file, a purification ciphertext/>, is obtained WhereinV1=C1·e(g,g)αs',V2=C2·K'·e(g,g)βs',V3=D0·gs',
In step S450, the first client 110 generates a first identifier, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document number based on the first purified ciphertext and the first user rights key. In an example, the first client 110 generates the first identifier ind1, the updated first file search token ST1 c+1, the first file update token UT1 c+1, the first identifier ciphertext e1, and the updated first document number n w1 based on the first purified ciphertext CT'1 and the first user rights key Perk.
Fig. 5 is a flowchart illustrating a portion of a process of an encryption method for protecting against malicious data distribution according to an example embodiment.
According to some embodiments, as shown in fig. 5, step S450 or step S340 may include: step S510, the first client 110 decrypts the portion of the first list corresponding to the first keyword using the decryption algorithm and the first user authority key to obtain a first keyword key, decrypts the portion of the fifth list corresponding to the first keyword to obtain a first file search token and a first document number, and decrypts the portion of the second list corresponding to the first keyword to obtain a first trapdoor function public-private key pair; step S520, generating an updated first file search token and an updated first document quantity based on the first trapdoor function public-private key pair and the first file search token; step S530, encrypting the file name of the first file by using the first user authority key to obtain a first identifier; and step S540, generating a first file updating token and a first identifier ciphertext based on the first keyword key and the updated first file searching token by using the first hash function and the second hash function respectively.
In step S510, the first client 110 decrypts the portion of the first list corresponding to the first keyword using the decryption algorithm and the first user authority key to obtain the first keyword key, decrypts the portion of the fifth list corresponding to the first keyword to obtain the first file search token and the first document number, and decrypts the portion of the second list corresponding to the first keyword to obtain the first trapdoor function public-private key pair. In an example, the first client 110 decrypts the portion LatestK w [ W1] of the first list LatestK w corresponding to the first keyword W1 using the AES algorithm as the decryption algorithm and the first user authority key Perk to obtain the first keyword key K w1, decrypts the portion W add [ W1] of the fifth list W add corresponding to the first keyword W1 to obtain the first file search token ST1 c and the first number of documents n w1, and decrypts the portion Trapdoorkey [ W1] of the second list Trapdoorkey corresponding to the first keyword W1 to obtain the first trapdoor function public-private key pair (PK 1, SK 1).
In step S520, an updated first file search token and an updated first number of documents are generated based on the first trapdoor function public-private key pair and the first file search token. In an example, an updated first file search token ST1 c+1 and an updated first number of documents n w1 +1 are generated based on the first trapdoor function public-private key pair (PK 1, SK 1) and the first file search token ST1 c.
In step S530, the file name of the first file is encrypted with the first user authority key to obtain a first identifier. In an example, the file name of the first file is encrypted with the first user rights key Perk to obtain the first identifier ind1.
In step S540, a first file update token and a first identifier ciphertext are generated based on the first keyword key and the updated first file search token, respectively, using the first hash function and the second hash function. In an example, performing the first keyword key K w1 and the updated first file search token ST1 c+1 using the first hash function H 1 generates the first file update token UT1 c+1, and performing the exclusive-or operation based on the first keyword key K w1 and the updated first file search token ST1 c+1 using the second hash function H 2 The file identifier ciphertext e1 is obtained.
Fig. 6 is a flowchart illustrating a portion of a process 600 of an encryption method for protecting against malicious data distribution in accordance with an example embodiment.
According to some embodiments, as shown in fig. 6, the method 200 may further include step S610, where a second client of the one or more clients obtains a second file name, a second user private key, a second keyword, a main public key, and a second database storage file input by a second user, where the second keyword is a searchable keyword of a corresponding second file of the second file name; step S620, the second client generates a second identifier, an updated second file search token, an updated second file update token, a second identifier ciphertext, and an updated second document number based on the second file name, the second user private key, the second keyword, the master public key, the second database storage file, and the plurality of lists; step S630, the second client stores the generated updated second file search tokens and the updated second document quantity into a fifth list of the second client; step S640, the second client sends the second identifier, the second file update token and the second identifier ciphertext to the server 130; and step S650, the server side 130 stores the second identifier in the eighth list, and the second file update token and the second identifier ciphertext in the seventh list.
In step S610, a second client of the one or more clients obtains a second file name, a second user private key, a second keyword, a master public key, and a second database storage file input by a second user, where the second keyword is a searchable keyword of a corresponding second file of the second file name. In an example, a second client of the one or more clients obtains a second file name input by a second user, a second user private key sk S2, a second keyword w2, a master public key mpk, and a second database storage file, where the second keyword w2 is a searchable keyword w2 of a corresponding second file of the second file name.
In step S620, the second client generates a second identifier, an updated second file search token, an updated second file update token, a second identifier ciphertext, and an updated second document quantity based on the second file name, the second user private key, the second keyword, the master public key, the second database storage file, and the plurality of lists. In an example, the second client generates the second identifier ind2, the updated second file search token ST2 c+1, the second file update token UT2 c+1, the second identification Fu Miwen e2, and the updated second document number n w2 based on the second file name, the second user private key sk S2, the second key w2, the master public key mpk, the second database storage file, and the plurality of lists.
In step S630, the second client stores the generated updated second file search token and the updated second document quantity in the fifth list of the second client. In an example, the second client stores the generated updated second file search token ST2 c+1 and the updated second document number n w2 into a fifth list W del of the second client.
In step S640, the second client transmits the second identifier, the second file update token, and the second identification Fu Miwen to the server side 130. In an example, the second client sends the second identifier ind2, the second file update token UT2 c+1, and the second identification Fu Miwen e2 to the server side 130.
In step S650, the server side 130 stores the second identifier in the eighth list, and the second file update token and the second identifier ciphertext in the seventh list. In an example, the server side 130 stores the second identifier ind2 into the eighth list EDB ind, the second file update token UT2 c+1 and the second identifier Fu Miwen e2 into the seventh list T del.
In some examples, the system first traverses the third list Acck to determine, according to the attributes of the second user, all access policies satisfied by the second user, and decrypts with the second user private key sk S2 to obtain a corresponding set of Perk, and updates W del [ W2] and T del under each user authority key Perk in the set of Perk in sequence.
Fig. 7 is a flowchart illustrating a portion of a process 700 of an encryption method for protecting against malicious data distribution in accordance with an example embodiment.
According to some embodiments, as shown in fig. 7, the method 200 may further include a step S710 of obtaining, by a third client 150 of the one or more clients (i.e., the client used by the data querier shown in fig. 1), a third user private key, a third keyword, a master public key, and a third database storage file entered by the third user; step S720, the third client 150 determines whether the third user satisfies a plurality of access policies corresponding to a plurality of files corresponding to the third keyword; and step S730, in response to the third user satisfying any one of the access policies, the third client 150 generates a content body portion of all files for which the third user corresponding to the third keyword satisfies all of the access policies and updates the corresponding plurality of lists based on the third user private key, the third keyword, the master public key, the third database storage file, and the plurality of lists.
In step S710, a third client 150 of the one or more clients obtains a third user private key, a third keyword, a master public key, and a third database storage file entered by a third user. In some examples, a third client 150 of the one or more clients obtains a third user private key sk S3, a third key w3, a master public key mpk, and a third database storage file entered by a third user.
In step S720, the third client 150 determines whether the third user satisfies a plurality of access policies corresponding to a plurality of files corresponding to the third keyword. In some examples, the third client 150 determines whether the third user satisfies a plurality of access policies Policy3 corresponding to a plurality of files corresponding to the third keyword w 3.
In step S730, in response to the third user satisfying any one of the access policies, the third client 150 generates content body parts of all files of the third user satisfying all of the access policies corresponding to the third keyword based on the third user private key, the third keyword, the master public key, the third database storage file, and the plurality of lists, and updates the plurality of lists. In some examples, in response to the third user satisfying any one of the access policies, the third client 150 generates a content body portion of all files for which the third user corresponding to the third key w3 satisfies all of the access policies Policy3 based on the third user private key sk S3, the third key w3, the master public key mpk, the third database storage file, and the plurality of lists, and updates the plurality of lists.
In some examples, the system first traverses the third list AccK to determine, according to the attribute S3 of the third user, that all access Policy sets Policy3 are satisfied by the user, and the third user private key sk S3 decrypts the corresponding AccK [ Policy3] to obtain the corresponding Perk3 set, and sequentially uses each Perk3 to perform the following operations: using AES algorithm as decryption algorithm, perk as key to decrypt LatestK w [ W3] to obtain K w3, decrypting Trapdoorkey [ W3] to obtain public and private key pair (PK 3, SK 3) corresponding to trapdoor function, decrypting W add [ W3] to obtain search token ST c_add of last added file and all file numbers n w3_add under the W3; let i be the set pair obtained (UT i_add,H2(Kw3,STi_add) from n w_add -1 to 0), trapdoor function uses PK3 operation ST i_add to obtain search token ST i-1_add of old file, sends UT i_add to server 130 to search for all (UT i_add,ei_add) and delete corresponding entries in T add, third client 150 calculates according to the returned content to obtain The list of deleted file keywords is processed in the same manner to obtain (ind i_del, del). Difference set processing is performed on (ind i_add, add) and (ind i_del, del), and an empty set R' m is initialized to record an undeleted set of file identifiers ind. K w3 and LatestK w [ W3] are updated after each query, followed by updating the W add and T add lists according to R' m. The server 130 inquires the ciphertext corresponding to R ' m in EDB ind, returns the ciphertext to client CT ' ≡EDB ind [ ind ], the client decrypts the content main body M fact that gets the file, SABE. Decrypt (CT ', sk S, mpk), only if the attribute S of the data inquirer meets the access policy, the data inquirer can be calculated
AndAnd further calculate the file encryption keyFile purification keyPerforming an exclusive or operation results in the content body portion/>, of the file
In some embodiments, the method 200 including part of the process 700 further includes: in response to the third user not satisfying the plurality of access policies, the third client is prohibited from generating a content body portion of the file (not shown in fig. 7).
In some examples, when the attribute S of the third client does not satisfy the access policy, the third client is prohibited from generating the content body portion M of the file such that the data seeker accesses.
In some examples, the system may use JPBC library to specify the class of elliptic curve as typeA in the initialization algorithm Setup (); the input security parameters qbits and rbits can be selected to have values qbits =512 and rbits=160; bilinear groups can be initialized and fixed by the Pairing objectAnd Alpha, beta, etc.The generation of random elements in the group may use pairing. Getzr (). NewRandomElement (). GetImmutable (). The trapdoor function can be realized by adopting an RSA algorithm, and the key length of the RSA algorithm can be 1024 bits. The hash function H 1 may be MD5 and H 2 may be SHA-256. The calculation of the file identifier ind, etc. using Perk as key encryption and decryption may alternatively be generated by the AES-128 algorithm.
In some examples, latestK w、Trapdoorkey、Wadd、Wdel、Tadd and T del lists may be stored in a ser file format, and user private key sk S, system master public key mpk, system master private key msk, and system initialization parameter files may all be stored in properties file format. Because the output and input of JCA in Java for encryption, decryption, message digest, etc. operations are mostly byte arrays, the data of the operation can be converted to hexadecimal or Base64 code for storage and exchange. The exclusive or operation of plaintext M (i.e., the plaintext of the body portion of the file content) in the encryption converts the plaintext into a byte array in 16 system, performs exclusive or output to obtain a string type, and performs Base64 encoding on the result when storing.
According to another aspect of the present disclosure, an encryption apparatus is provided that protects against malicious data distribution.
Fig. 8 is a schematic block diagram illustrating an encryption apparatus 800 protecting against malicious data distribution according to an exemplary embodiment. As shown in fig. 8, an encryption apparatus 800 for preventing malicious data distribution includes:
a first module 810 configured to determine a pairing group, a plurality of group elements, a pseudo-random generator, and a random index;
a second module 820 configured to generate a master public key and a master private key based on the pairing group, the plurality of group elements, the pseudo-random generator, and the random exponent;
A third module 830 configured to initialize a plurality of lists, the plurality of lists comprising: a first list for recording keyword keys and corresponding query times corresponding to keywords under specific rights, a second list for recording public and private key pairs of trapdoor functions corresponding to keywords under the corresponding rights of the accessed user, a third list for recording correspondence between access policies and user rights keys, a fourth list for recording the number of added documents and corresponding search tokens corresponding to keywords under the specific rights, a fifth list for recording the number of deleted documents and corresponding search tokens corresponding to keywords under the specific rights, a sixth list for recording a relationship between keywords and identifiers of added files, a seventh list for recording a relationship between identifiers of keywords and deleted files, and an eighth list for recording a relationship between identifiers of files and purified file ciphertext, wherein the first, second, third, fourth, and eighth lists are stored at one or more clients, and the sixth, seventh, and eighth lists are stored at the server side 130;
a fourth module 840 configured to obtain a plurality of attribute sets, the plurality of attribute sets being attribute sets satisfied by the plurality of users themselves, respectively;
A fifth module 850 configured to randomly generate a plurality of random numbers, generate a user private key of each user based on the plurality of attribute sets, the plurality of random numbers, the master public key and the master private key, and send the user private key to a client of the user corresponding to the user private key;
A sixth module 860 configured to obtain a first file, a first keyword, a first access policy, a master public key, a first user private key, and a first database storage file entered by a first user, wherein the first access policy and the first keyword are embedded in the first file;
A seventh module 870 configured to obtain a first ciphertext corresponding to the content body portion of the first file based on the content body portion of the first file, the first access policy, the master public key, and the encryption algorithm;
an eighth module 880 configured to determine whether the first file is malicious data;
a ninth module 890 configured to, in response to the eighth module determining that the first file is not malicious data:
Generating a first identifier, a first purified ciphertext, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document number based on the first ciphertext, the first keyword, the first access policy, the master public key, the first user private key, the first database storage file, and the plurality of lists;
storing the updated first file search token and the updated first document quantity in a fourth list of the first client 110;
transmitting the first identifier, the first purified ciphertext, the first file update token, and the first identifier ciphertext to the server side 130; and
The first identifier and the first purified ciphertext are stored in an eighth list, and the first file update token and the first identifier ciphertext are stored in a sixth list.
It should be appreciated that the various modules of the apparatus 800 shown in fig. 8 may correspond to the various steps in the method 200 described with reference to fig. 2. Thus, the operations, features, and advantages described above with respect to method 200 are equally applicable to apparatus 800 and the modules that it comprises. For brevity, certain operations, features and advantages are not described in detail herein.
Fig. 9 to 13 illustrate simulation result diagrams of an encryption method for preventing malicious data distribution according to an exemplary embodiment. The simulation run environment is shown in table 2. Three variables are mainly considered in the simulation test: the number of access control policies that the user satisfies, the number of different keywords contained in the file, and the number of files added. The number of attributes in the system is fixed at 12 and all files used in the experiment are 16 bytes in size. Some experimental parameters are shown in table 3.
TABLE 2 running Environment
Table 3 table of experimental parameters
Fig. 9 is a simulation result diagram illustrating a file addition consuming time of an encryption method for preventing malicious data distribution according to an exemplary embodiment.
Referring to fig. 9, the time cost of a user adding different files containing only the same keyword w under the same access control policy is tested. Fig. 9 shows that it takes a long time to first add a file. When the access control policy is first used, the user-specified Perk needs to be encrypted and saved. In addition Perk is used to encrypt and save the newly generated K w and (PK, SK). Later, when a file with w is added under the same rights, only Perk, K w, and SK need be found and decrypted.
Fig. 10 is a simulation result diagram illustrating a keyword deletion consuming time of an encryption method for preventing malicious data distribution according to an exemplary embodiment.
Referring to fig. 10, fig. 10 shows that less time is taken because deleting a file does not require processing the clean file stored on the server again.
In some examples, there are two cases when adding a file: keywords contained in the subsequently added file have never been presented before and keywords of the subsequently added file have been presented.
Fig. 11 is a time comparison simulation result diagram illustrating different addition states of keywords of an encryption method for preventing malicious data distribution according to an exemplary embodiment.
Referring to fig. 11, fig. 11 shows that when an added file contains a new keyword, the time is longer and increases linearly as the number of files increases. This is due to the addition of new keywords resulting in the creation of new K w and (PK, SK).
Fig. 12 is a simulation result diagram illustrating the time taken to query a file when a user of an encryption method for preventing malicious data distribution satisfies different rights according to an exemplary embodiment.
Referring to fig. 12, it is shown that when the number of five files contains the same keyword w, the test calculates the time for the user to query w depends on the number of access control policies. FIG. 12 shows the time spent querying keywords when the user satisfies different rights. The more access control policies in AccK, the longer the user will take to obtain all the required rights keys. The more rights the user satisfies, the longer it takes to acquire all the additional data.
Fig. 13 is a simulation result diagram illustrating storage costs of an added file of an encryption method for preventing malicious data distribution according to an exemplary embodiment.
Referring to fig. 13, each added file corresponds to a different access control policy and contains unique keywords. In this case, the size change of each file is observed. If a different access control policy is used each time, a new rights key will be generated. When different keywords are added, new K w and (PK, SK) will be generated. From fig. 13, it can be seen that the Trapdoorkey file changes more significantly because it stores the public and private keys of the trapdoor sequence.
Although specific functions are discussed above with reference to specific modules, it should be noted that the functions of the various modules discussed herein may be divided into multiple modules and/or at least some of the functions of the multiple modules may be combined into a single module. The particular module performing the actions discussed herein includes the particular module itself performing the actions, or alternatively the particular module invoking or otherwise accessing another component or module that performs the actions (or performs the actions in conjunction with the particular module). Thus, a particular module that performs an action may include that particular module itself that performs the action and/or another module that the particular module invokes or otherwise accesses that performs the action. As used herein, the phrase "entity a initiates action B" may refer to entity a issuing an instruction to perform action B, but entity a itself does not necessarily perform that action B.
It should also be appreciated that various techniques may be described herein in the general context of software hardware elements or program modules. The various modules described above with respect to fig. 8 may be implemented in hardware or in hardware in combination with software and/or firmware. For example, the modules may be implemented as computer program code/instructions configured to be executed in one or more processors and stored in a computer-readable storage medium. Alternatively, these modules may be implemented as hardware logic/circuitry. For example, in some embodiments, one or more of the first through ninth modules 810 through 890 may be implemented together in a System on Chip (SoC). The SoC may include an integrated circuit chip including one or more components of a Processor (e.g., a central processing unit (Central Processing Unit, CPU), microcontroller, microprocessor, digital signal Processor (DIGITAL SIGNAL Processor, DSP), etc.), memory, one or more communication interfaces, and/or other circuitry, and may optionally execute received program code and/or include embedded firmware to perform functions.
According to an aspect of the present disclosure, there is provided a computer-readable storage medium having instructions stored thereon that, when executed by one or more processors of an encryption system comprising one or more clients 110, 140 and 150, server side 130, sterilizer 120 and third party server 160, cause the encryption system to perform any of the method embodiments described above.
While the disclosure has been illustrated and described in detail in the drawings and foregoing description, such illustration and description are to be considered illustrative and schematic and not restrictive; the present disclosure is not limited to the disclosed embodiments. Variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed subject matter, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps than those listed and the indefinite article "a" or "an" does not exclude a plurality, the term "a" or "an" means two or more, and the term "based on" is to be interpreted as "based at least in part on". The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims (10)

1. An encryption method for preventing malicious data from being released is applied to an encryption system, the encryption system comprises one or more clients, a server side, a sterilizer and a third party server, and the encryption method comprises the following steps:
The system determines a pairing group, a plurality of group elements, a pseudo-random generator, and a random index;
the system generates a master public key and a master private key based on the pairing group, the plurality of group elements, the pseudo-random generator, and the random exponent;
The system initializes a plurality of lists, the plurality of lists comprising: a first list for recording keyword keys and corresponding query times corresponding to keywords under specific rights, a second list for recording public and private key pairs of trapdoor functions corresponding to keywords under the corresponding rights of the accessed user, a third list for recording correspondence between access policies and user rights keys, a fourth list for recording the number of added documents and corresponding search tokens corresponding to keywords under the specific rights, a fifth list for recording the number of deleted documents and corresponding search tokens corresponding to keywords under the specific rights, a sixth list for recording a relationship between keywords and identifiers of added files, a seventh list for recording a relationship between identifiers of keywords and deleted files, and an eighth list for recording a relationship between identifiers of files and purified file ciphertext, wherein the first list, the second list, the third list, the fourth list, and the fifth list are stored at the one or more clients, the seventh list, and the eighth list are stored at the server;
the third party server acquires a plurality of attribute sets which are attribute sets met by a plurality of users respectively;
The third party server randomly generates a plurality of random numbers, generates a user private key of each user based on the plurality of attribute sets, the plurality of random numbers, the master public key and the master private key, and sends the user private key to a client of a user corresponding to the user private key;
A first client side in the one or more client sides acquires a first file, a first keyword, a first access policy, the main public key, a first user private key and a first database which are input by a first user, and stores the file, wherein the first access policy and the first keyword are embedded in the first file;
the first client obtains a first ciphertext corresponding to the content main part of the first file based on the content main part of the first file, the first access policy, the main public key and an encryption algorithm;
The sterilizer determines whether the first file is malicious data;
In response to the sterilizer determining that the first file is not malicious data:
The first client generates a first identifier, a first purified ciphertext, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document quantity based on the first ciphertext, the first keyword, the first access policy, the master public key, the first user private key, the first database storage file, and the plurality of lists;
The first client stores the updated first file search token and the updated first document quantity into a fourth list of the first client;
the first client sends the first identifier, the first purification ciphertext, the first file update token and the first identifier ciphertext to the server; and
The server stores the first identifier and the first purified ciphertext into the eighth list, and stores the first file update token and the first identifier ciphertext into the sixth list.
2. The method of claim 1, further comprising:
In response to the sterilizer determining that the first file is malicious data, the first client prohibits sending the first ciphertext to the server side.
3. The method of claim 2, wherein the first client generating the first identifier, the first purified ciphertext, the updated first file search token, the first file update token, the first identifier ciphertext, and the updated first document quantity based on the first ciphertext, the first keyword, the first access policy, the master public key, the first user private key, the first database storage file, and the plurality of lists comprises:
the first client side inquires whether the third list records the first access strategy;
Responding to the first client-side inquiring that the third list has recorded the first access strategy, and decrypting a part corresponding to the first access strategy in the third list by the first client-side by utilizing the first user private key to obtain a first user authority key corresponding to the first access strategy;
The first client generates the first purified ciphertext based on the first ciphertext through the sterilizer; and
The first client generates the first identifier, the updated first file search token, the first file update token, the first identifier ciphertext, and the updated first document quantity based on the first purified ciphertext and a first user permission key.
4. The method of claim 3, wherein the first client generating the first identifier, the first purified ciphertext, the updated first file search token, the first file update token, the first identifier ciphertext, and the updated first document quantity based on the first ciphertext, the first keyword, the first access policy, the master public key, the first user private key, the first database storage file, and the plurality of lists further comprises:
Waiting for obtaining a first user permission key in response to the first client not querying that the third list has recorded the first access policy;
The first client acquires the first user authority key;
The first client uses an attribute base to embed the first access policy to encrypt the first user authority key and stores the first user authority key in the third list of the first client;
the first client generates a first purification ciphertext based on the first ciphertext through the sterilizer; and
The first client generates the first identifier, the updated first file search token, the first file update token, the first identifier ciphertext, and the updated first document quantity based on the first purified ciphertext and a first user permission key.
5. The method of claim 3 or 4, the first client generating the first identifier, the updated first file search token, the first file update token, the first identifier ciphertext, and the updated first document quantity based on the first purified ciphertext and a first user rights key comprising:
The first client decrypts the part of the first list corresponding to the first keyword by using a decryption algorithm and the first user authority key to obtain a first keyword key, decrypts the part of the fifth list corresponding to the first keyword to obtain a first file search token and a first document number, and decrypts the part of the second list corresponding to the first keyword to obtain a first trapdoor function public-private key pair;
generating the updated first file search token and the updated first document quantity based on a first trapdoor function public-private key pair and the first file search token;
Encrypting a file name of the first file by using the first user authority key to obtain the first identifier; and
And respectively generating the first file updating token and the first identifier ciphertext based on the first keyword key and the updated first file searching token by using a first hash function and a second hash function.
6. The method of any one of claims 1-4, further comprising:
A second client side in the one or more client sides acquires a second file name, a second user private key, a second keyword, the main public key and a second database storage file which are input by a second user, wherein the second keyword is a searchable keyword of a second file corresponding to the second file name;
The second client generates a second identifier, an updated second file search token, an updated second file update token, a second identifier ciphertext, and an updated second document quantity based on the second file name, the second user private key, the second key, the master public key, the second database storage file, and the plurality of lists;
The second client stores the generated updated second file search tokens and the updated second document quantity into a fifth list of the second client;
The second client sends the second identifier, the second file update token and the second identifier Fu Miwen to the server; and
And the server side stores the second identifier into the eighth list, and the second file update token and the second identifier ciphertext are stored into the seventh list.
7. The method of any one of claims 1-4, further comprising:
a third client of the one or more clients obtains the third user private key, a third keyword, the master public key and a third database storage file input by a third user;
The third client determines whether a third user meets a plurality of access policies corresponding to a plurality of files corresponding to a third keyword; and
And in response to the third user meeting any access policy, the third client generates content body parts of all files corresponding to the third keyword for the third user meeting all access policies based on the third user private key, the third keyword, the main public key, the third database storage file and the plurality of lists, and updates the plurality of lists.
8. The method of claim 7, further comprising:
And in response to the third user not satisfying the plurality of access policies, prohibiting the third client from generating a content body portion of the file.
9. An encryption device for preventing malicious data from being released, which is applied to an encryption system, wherein the encryption system comprises one or more clients, a server side, a sterilizer and a third party server, and the encryption device comprises:
A first module configured to determine a pairing group, a plurality of group elements, a pseudo-random generator, and a random index;
a second module configured to generate a master public key and a master private key based on the pairing group, the plurality of group elements, the pseudo-random generator, and the random exponent;
A third module configured to initialize a plurality of lists, the plurality of lists comprising: a first list for recording keyword keys and corresponding query times corresponding to keywords under specific rights, a second list for recording public and private key pairs of trapdoor functions corresponding to keywords under the corresponding rights of the accessed user, a third list for recording correspondence between access policies and user rights keys, a fourth list for recording the number of added documents and corresponding search tokens corresponding to keywords under the specific rights, a fifth list for recording the number of deleted documents and corresponding search tokens corresponding to keywords under the specific rights, a sixth list for recording a relationship between keywords and identifiers of added files, a seventh list for recording a relationship between identifiers of keywords and deleted files, and an eighth list for recording a relationship between identifiers of files and purified file ciphertext, wherein the first list, the second list, the third list, the fourth list, and the fifth list are stored at the one or more clients, the seventh list, and the eighth list are stored at the server;
a fourth module configured to obtain a plurality of attribute sets, where the attribute sets are attribute sets that are satisfied by a plurality of users themselves respectively;
a fifth module configured to randomly generate a plurality of random numbers, generate a user private key of each user based on the plurality of attribute sets, the plurality of random numbers, the master public key and the master private key, and send the user private key to a client of a user corresponding to the user private key;
A sixth module configured to obtain a first file, a first keyword, a first access policy, the master public key, a first user private key, and a first database store file entered by a first user, wherein the first access policy and the first keyword are embedded in the first file;
A seventh module configured to obtain a first ciphertext corresponding to the content body portion of the first file based on the content body portion of the first file, the first access policy, the master public key, and an encryption algorithm;
an eighth module configured to determine whether the first file is malicious data;
A ninth module configured to, in response to the eighth module determining that the first file is not malicious data:
Generating a first identifier, a first purified ciphertext, an updated first file search token, a first file update token, a first identifier ciphertext, and an updated first document quantity based on the first ciphertext, the first keyword, the first access policy, the master public key, the first user private key, the first database storage file, and the plurality of lists;
Storing the updated first file search token and the updated first document quantity into a fourth list of the first client;
Transmitting the first identifier, the first purification ciphertext, the first file update token and the first identifier ciphertext to the server side; and
The first identifier and the first purified ciphertext are stored in the eighth list, and the first file update token and the first identifier ciphertext are stored in the sixth list.
10. A computer-readable storage medium having instructions stored thereon, which when executed by one or more processors of an encryption system comprising one or more clients, a server side, a sterilizer, and a third party server, cause the encryption system to perform the method of any one of claims 1 to 8.
CN202410120980.2A 2024-01-29 2024-01-29 Encryption method, device and storage medium for preventing malicious data from being released Pending CN118246041A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410120980.2A CN118246041A (en) 2024-01-29 2024-01-29 Encryption method, device and storage medium for preventing malicious data from being released

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410120980.2A CN118246041A (en) 2024-01-29 2024-01-29 Encryption method, device and storage medium for preventing malicious data from being released

Publications (1)

Publication Number Publication Date
CN118246041A true CN118246041A (en) 2024-06-25

Family

ID=91553176

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410120980.2A Pending CN118246041A (en) 2024-01-29 2024-01-29 Encryption method, device and storage medium for preventing malicious data from being released

Country Status (1)

Country Link
CN (1) CN118246041A (en)

Similar Documents

Publication Publication Date Title
AU2018367363B2 (en) Processing data queries in a logically sharded data store
US20210099287A1 (en) Cryptographic key generation for logically sharded data stores
Miao et al. Lightweight fine-grained search over encrypted data in fog computing
Li et al. A hybrid cloud approach for secure authorized deduplication
Salam et al. Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage
JP4958246B2 (en) Method, apparatus and system for fast searchable encryption
JP5420085B2 (en) Data processing device and data storage device
US7509492B2 (en) Distributed scalable cryptographic access control
JP5296365B2 (en) System, method, and computer program for encryption key management and automatic generation
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
Song et al. A cloud secure storage mechanism based on data dispersion and encryption
CA3065767C (en) Cryptographic key generation for logically sharded data stores
WO2008068655A2 (en) Privacy enhanced comparison of data sets
CN115459967A (en) Ciphertext database query method and system based on searchable encryption
Wang et al. Secure auditing and deduplication with efficient ownership management for cloud storage
Xu et al. Secure deduplication for big data with efficient dynamic ownership updates
Ha et al. Scalable and popularity-based secure deduplication schemes with fully random tags
CN115694921B (en) Data storage method, device and medium
Wang et al. Lightweight secure deduplication based on data popularity
CN118246041A (en) Encryption method, device and storage medium for preventing malicious data from being released
Handa et al. Keyword binning-based efficient search on encrypted cloud data
Panguluri et al. Enabling multi-factor authentication and verification in searchable encryption
CN118094636B (en) Data retrieval method and system with multi-level authority access control
Souror et al. Secure query processing for smart grid data using searchable symmetric encryption
Praveen et al. On the Design of a Searchable Encryption Protocol for Keyword Search using Proactive Secret Sharing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination