| Searchable encryption(SE)is a cryptographic primitive that supports users to perform keyword lookup of data on ciphertext,and it is one of the important technologies in the field of cloud computing.Since cloud servers are not fully trusted,they may behave dishonestly in providing search services,such as performing only partial search operations and returning incomplete search results to save computing resources,or returning empty sets as query results directly without performing search operations.From the search user’s perspective,in order to ensure the trustworthiness of the search results,the results returned by the cloud server need to be validated,including the validation of the correctness of the search results,the validation of the complete,and the validation of the results as the empty set.In addition,in searchable encryption that supports dynamic updates there is a data file version issue,i.e.,the cloud server may return an old version of the data file to the user,so the search user also needs to verify the timeliness of the search results.From the data owner’s perspective,the cloud server may perform operations such as deletion,addition,or replacement of data stored on it,so it is important to verify that the data stored in the cloud server has not been tampered with.Verifiability is an important indicator of the reliability,validity and usefulness of searchable encryption schemes,and existing schemes cannot support the above five types of verification at the same time.In this thesis,we focus on the issue and design a searchable symmetric encryption scheme that supports integrity verification.The main work of our research is as follows,(1)Construct an audit protocol for cloud data complete based on the RMHT(RITS-Merkle Hash Tree,RMHT),which can effectively support dynamic update and complete verification of data stored on cloud servers.Compared with the classical Merkle Hash Tree,RMHT greatly reduces the scope of searching nodes during the verification and reduces the time complexity of finding nodes from O(n)to O(log n).In addition,the scheme generates the current date timestamp after RMHT construction,which is used to solve the versioning problem of data files.(2)The BLS(Boneh Lynn Shacham,BLS)signature mechanism is used to generate digital signatures for each data file,while the RMHT timestamp is concatenated with the root node hash to generate the digital signature of the root node.By verifying the digital signature of the data file with the digital signature of the root node,the correctness and freshness of the data file received by the search user are guaranteed,and the correctness and version verification of the data file content is solved.Compared with other signature methods in searchable encryption schemes,our method can simultaneously aggregate multiple file digital signatures together for verification with the shortest signature length.Furthermore,our method has the advantages of less storage overhead and lower computational consumption and communication cost.(3)Invertible Bloom Filters(IBF)is introduced to store the state of keyword sets.The scheme of Invertible Bloom Filters not only represents the affiliation between keywords and their sets but also stores the information of the number of documents containing specific keywords,which can be updated in batches.By finding the pure cells of the search keywords in the Invertible Bloom filter,the number of files containing a certain keyword is calculated and then compared with the number of files returned by the cloud server to realize the complete verification and empty set verification of the returned results by the search user.(4)Construct a searchable encryption scheme that supports integrity verifiable encryption to meet the different needs of different users for data verification in the case of different deceptive behaviors of the cloud server,and show that this scheme is safe,correct,and effective by correctness,security and performance analysis. |
PDF Full Text Request