Public Key Encryption With Keyword Search Based On SGX

Public key encryption with keyword search(PEKS)enables users to search over encrypted data stored in the untrusted cloud server,which is of great significance for data privacy protection and is of increasing interest for this reason.This thesis mainly studies the provably secure public key encryption with keyword search(PEKS)schemes and proxy re-encryption(PRE)schemes based on software guard extensions(SGX),and proposes the following schemes:To solve the keyword guessing attacks(KGAs)and other security problems public key encryption with keyword search faced,a scheme for public key authenticated encryption with keyword search based on SGX is presented,which supporting searching on encrypted data by creating a trusted zone and running a keyword comparison enclave program in the cloud server.The formal security proof of the scheme is provided and shows that the scheme satisfies the ciphertext indistinguishability and trapdoor indistinguishability,that is,it can resist keyword guessing attacks.Further,the search pattern privacy(SP-Privacy)is defined,which ensures that adversaries cannot judge whether two searches are for the same keyword only through the trapdoors,so as to avoid revealing some privacy to external adversaries.In addition,the scheme can be easily extended to support complicated search functionalities and enhanced privacy protection,e.g.forward security.As examples,brief descriptions about how to extend the scheme to support multikeyword search and forward security are given.Experiments in real scenario show the better efficiency of the scheme compared with some typical schemes.To solve the problems that public key encryption with keyword search dose not support data sharing in multi-user scenarios,a scheme for proxy re-encryption with keyword search based on SGX is presented.In the scheme,the re-encryption is flexible and efficient,and the size of ciphertexts is constant.The formal security proof of the scheme shows that the scheme satisfies the security definition of keyword ciphertext indistinguishable.Besides,the scheme is of high scalability,can improve security by adding restrictions on the delegatee’s authorization.Two examples of scheme extensions for time-controlled and conditional restriction are provided.Finally,Evaluate and improve the scheme in the real scenario.The detailed testing result shows that the improvement is reasonable and valid,and the scheme has great advantages in efficiency compared with others.Design and develop a cloud platform for ciphertext retrieval and sharing.Based on SGX security protection policy,the cloud platform supports storage,retrieval and sharing of encrypted data for users in data-sensitive industries such as government,enterprises,hospitals and schools.According to system requirement analysis and feasibility analysis,build the platform on several personal computers through complete function and data architecture design.Then a series of tests are carried out.Finally complete the design and development of the cloud platform.