保护数据隐私性及抗量子密码分析的可搜索加密研究

The issue to provide data privacy protection with the ciphertext search function has become a bottleneck that hinders the future development of cloud storage service. The searchable encryption technology uses some specific encryption algorithms to ensure the security of data stored in unreliable environment and authorized users to search the stored ciphertext directly without prior decryption. The existing searchable encryption schemes have many drawbacks, such as inflexibility of the search, huge computing and communication overheads, and vulnerable to attacks, etc. The robustness dealing methods, such as spelling correction and token normalization, will be used to investigate the way to perform fuzzy keyword searches in Chinese and English documents. The concept of item weight will be introduced to analyze the ranking search with multiple keywords. The characteristics of the items will be used to calculate the optimal weight value. In order to realize more intelligent retrieval operations, semantic search on encrypted data will be studied by the measurement of semantic distance and similarity. Then the retrieval privilege of users will be restricted by embedding the information of search time, search condition and search type into the ciphertext. Only the authorized user is capable to search on the ciphertext with certain conditions and types within a specific period of time determined by the owner of the encrypted information. At last, strong security models will be developed to prevent malicious attacks. Particularly, novel searchable encryption schemes based on the lattice based cryptography and full homomorphic encryption technology will be designed to resist the quantum attacks. The special features of this project are the investigation of the searchable encryption on Chinese ciphertext and the semantic based query operations. The investigation on schemes that could resist quantum attacks is the innovation made in this project. The proposed research project shows its focus on both prospectiveness and practicability. It holds significant theoretical and practical values.

如何在保护数据隐私性的同时提供密文搜索功能，已成为束缚云存储服务未来发展的瓶颈。可搜索加密通过特定的加密算法保护不可信环境中的数据隐私，授权用户无需解密就可对密文数据进行检索。现有成果存在搜索方式不灵活，计算及通信开销大，易受攻击等缺陷。本课题首先通过拼写矫正和词项归一化等鲁棒性处理方法研究中英文模糊关键词可搜索加密；引入词项权重的概念，根据词项特征进行最优权重计算，研究基于权重的多关键词排序搜索；利用语义距离和语义相似度查找基于语义匹配的加密文档，实现智能化检索。其次，提出将密文中嵌入时间、条件和类型等因素对用户的检索权限进行制约，授权用户只能在特定的时间段内针对数据拥有者指定的条件和类型的数据进行检索。最后，建立强安全模型抵抗现有攻击，利用格公钥和全同态加密设计抗量子攻击的方案。针对中文、语义和抗量子攻击的算法研究是项目的特色和创新点。本课题注重前瞻性和实用性，具有重要理论意义。

可搜索加密是现代远程存储领域研究的热点和难点。经过三年的努力工作，课题组取得了重要进展， 研究团队在国内外著名期刊上发表论文22篇，申请发明专利16项，已授权软件著作权10项，达到了申请书上的研究目标，详细如下。 .具有灵活搜索性能的可搜索加密研究：针对现有的通配符可搜索方案中，搜索效率低、不能进行用户授权、存在错误概率等问题，我们设计了云存储安全中基于通配符的可搜索加密系统，成果发表在IEEE Transactions on Services Computing上。此外，还实现了语义关键词搜索，模糊排序搜索，快速语义排序搜索以及排序可验证的语义搜索。.具有特殊性性质的可搜索加密研究：针对目前的密文检索中，权限管理和撤销功能不完善、时间开销大、抗攻击能力差等问题，我们提出了电子医疗云中的多关键词密文检索系统，并支持时间授权代理重加密及对指定测试者验证的功能，成果发表在IEEE Transactions on Information Forensics and Security上。我们还设计了移动电子医疗系统中具有叛逆者追踪功能的可搜索加密系统，提出了轻量级的可共享和可追踪的安全移动医疗方案，并实现了基于属性的细粒度访问控制，只有满足访问策略的用户才能对数据拥有者的医疗信息进行访问，成果发表在IEEE Transactions on Dependable and Secure Computing上。此外，还设计了轻量级分布式的可搜索加密系统。.抗量子攻击的可搜索加密研究：针对目前多媒体云存储的可搜索加密方案中，查询效率低、只适用于单用户、不能抵抗量子攻击等问题，我们提出了多用户场景下的关键词模糊搜索系统。此外，还设计了抗量子攻击的语义关键词搜索系统并支持代理重加密功能和广播加密功能。.扩展研究：针对现有的方案中，无法支持紧急接入、存储和计算开销大等问题，我们设计了医疗物联网中的轻量级双重访问控制系统，成果发表在IEEE Transactions on Industrial Informatics上。此外，还设计了跨域系统中的群组秘钥管理系统以及基于机器学习的安全诊断系统。