云计算环境中高速且可证明安全的隐私数据查询算法研究

Enterprises and end users have been increasingly outsourcing their data and computing services to public clouds such as Amazon EC2 for lower cost, higher reliability, better performance, and faster deployment. However, privacy has become the key concern as data owners may not fully trust public clouds. An SSE based privacy preserving data query scheme needs to satisfy two requirements. First, it needs to be provably secure under the adaptive IND-CKA security model. Second, it needs to be practically efficient in terms of both speed and memory. For speed efficiency, the query processing time needs to be sub-linear with respect to the number of data records. For millions of records, the query processing time should be in the scale of milliseconds because otherwise a delay in the scale of seconds or more is perceivable by human users unpleasantly. For space efficiency, the index size should be scalable. Unfortunately, so far no previous schemes satisfy both requirements. The main objective of this project is to develop a provably secure and practically efficient SSE based data query engine for public cloud storage and computing services. This project aims to support all queries types in SQL, such as range queries, keyword queries, pattern queries, similarity queries, join queries, aggregation queries, and beyond, such as KNN (k-nearest neighbour) queries and image queries. The PI plans to integrate these query processing algorithms into the open source database system mySQL. The resulting database system can be used by public cloud storage and computing services. This project aims to achieve both probable security under the adaptive security model and practical efficiency in terms of both high speed (e.g., a query speed of a few milliseconds for millions of records) and scalable memory. The proposed research will not only yield a theoretical foundation for provably secure and practically efficient SSE based data query processing, but also an open source privacy preserving database query processing system. As this project aims to achieve both probable security and practical efficiency, this project has high risks but is potentially transformative with high pay off. If successful, the resulting database system will have long-lasting impact in both academia and industry.

该项目旨在建立一个利用云存储和计算服务并基于可搜索对称加密（SSE）具有隐私保护功能的查询处理引擎。企业和终端用户开始逐渐外包数据存储和计算服务的到公共云（如亚马逊EC2）。数据外包使得成本更低，可靠性更高，性能更好，部署更便捷。然而，因为数据所有者不完全信任公共云，因此数据隐私已成为关键问题。一个基于SSE的隐私保护数据查询方案需要满足两个要求。首先，它需要在自适应IND-CKA安全模型下被证明是安全的。第二，它需要在速度和空间利用方面都具有高效性。然而到目前为止，没有方案同时满足这几个要求。该项目的目标是建立一个利用云存储和计算服务并基于SSE具有隐私保护功能的查询处理引擎。该项目的目标是实现适应性安全和高效性。该研究不仅为基于SSE的可证明安全性和高效的数据查询处理提供了理论基础，而且提供了开源的隐私保护数据库查询处理系统。本项目所产生的数据库系统将在学术界和工业界产生持久的影响。

该项目旨在建立一个利用云存储和计算服务并基于可搜索对称加密（SSE）具有隐私保护功能的查询处理引擎。企业和终端用户开始逐渐外包数据存储和计算服务的到公共云（如亚马逊EC2）。数据外包使得成本更低，可靠性更高，性能更好，部署更便捷。然而，因为数据所有者不完全信任公共云，因此数据隐私已成为关键问题。一个基于SSE的隐私保护数据查询方案需要满足两个要求。首先，它需要在自适应IND-CKA安全模型下被证明是安全的。第二，它需要在速度和空间利用方面都具有高效性。然而到目前为止，没有方案同时满足这几个要求。该项目的目标是建立一个利用云存储和计算服务并基于SSE具有隐私保护功能的查询处理引擎。该项目的目标是实现适应性安全和高效性。该研究不仅为基于SSE的可证明安全性和高效的数据查询处理提供了理论基础，而且提供了开源的隐私保护数据库查询处理系统。本项目所产生的数据库系统将在学术界和工业界产生持久的影响。