云存储中支持模糊查询的可搜索对称加密研究

Searchable encryption has been recognized as a promising method to achieve the secure cloud search. Based on our studies, we find the problem that the efficiency and the security cannot be both taken into account in existing search symmetric encryption schemes (SSE) which supports fuzzy keyword search. In order to solve this problem, a new SSE scheme is designed to meet the security of IND-CKA. We also find that a large memory space is needed to store the fuzzy keywords sets in existing SSE scheme. In order to overcome this shortcoming, an improved Jaro-Winkler Distance method is proposed for constructing a fuzzy set with low cost and high matching accuracy. Based on above work, a new index of "two level index+inverted list" and a parallel search method based on timestamp are proposed to improve efficiency. Meanwhile, in order to reduce the workload of searching users, a method of fine-grained ranking of search results is proposed, which consider both the similarity between keywords and the correlation between files and keywords. In our new SSE scheme, an order-preserving encryption scheme is used to encrypt the correlation scores mentioned above for protecting the privacy of the files. The introduction of time stamp will also greatly reduce the security risk caused by the trapdoor leakage. The results of this research will make up for the shortcomings of the existing schemes, which could not take into account both the efficiency and security, and further enhance the practicability of SSE scheme which supports fuzzy queries. It also provides new ideas and methods for the design of other encryption schemes.

可搜索对称加密(SSE)是解决云端不可信条件下加密数据安全检索的重要方法。本项目针对现有支持模糊查询的SSE方案中效率和安全无法兼顾的缺陷，设计一种满足选择关键字攻击下不可区分安全的SSE方案。方案中为了克服已有的关键字模糊集所占存储空间大的不足，通过改进Jaro-Winkler Distance方法，提出一种存储开销小、匹配准确度高的模糊集构造法。在此基础上，考虑索引结构和搜索方式对效率的影响，提出一种“两级索引+倒排链表”的索引构造法和一种基于时间戳的并行化搜索法。最后为了减少搜索用户筛选文件的工作量，结合关键字相似度和关键字与文件的相关度两因素提出一种搜索结果细粒度排序方法。为保护隐私，方案中使用保序加密对相关度分数进行加密，同时时间戳的引入将极大减少因陷门泄露带来的安全风险。本项目的研究结果将进一步提升支持模糊查询的SSE方案的实用性，同时也为其他密码方案的设计提供新的思路和方法。

可搜索对称加密是云存储领域的研究的热点。本项目以支持模糊查询的可搜索对称加密为研究对象，以提高搜索效率为研究动机，围绕如何构造安全且高效的可搜索对称加密算法这个关键科学问题，主要研究了：支持高效搜索的关键字索引结构、模糊搜索结果的细粒度排序和高效可搜索对称加密方案的构造。此外项目组还对加密方案中NP难题的高效求解、机器学习中的隐私保护以及高效的图像加密进行了扩展研究。三年来，项目组共发表标注基金号的论文10篇，其中8篇被SCI/EI收录，1篇论文发表在CCF推荐的中文A类期刊上，获PAAP 2019 Best Paper Award，申请专利1项，已授权软件著作权2项，出版专著2部。除上述成果外，本研究的其他重要成果，均以论文形式提交审稿中。总体来说，经过这三年研究，计划内容基本完成，初步构建了基于Bed-tree的支持模糊查询的可搜索对称加密方案的基本框架，研究结果将进一步提升可搜索加密方案的实用性，同时也为其他密码方案的设计提供新的思路和方法。