Responsive image
博碩士論文 etd-0330113-121409 詳細資訊
Title page for etd-0330113-121409
論文名稱
Title
運用於雲儲存隱私保護搜尋之可控制謂語加密機制
Controllable Predicate Encryption Schemes for Privacy Preserving Search in Cloud Storage
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
107
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2013-03-22
繳交日期
Date of Submission
2013-04-30
關鍵字
Keywords
隱私保護、雲儲存、雲端運算、搜尋、謂語加密
Cloud Storage, Cloud Computing, Search, Predicate Encryption, Privacy Preserving
統計
Statistics
本論文已被瀏覽 5719 次,被下載 113
The thesis/dissertation has been browsed 5719 times, has been downloaded 113 times.
中文摘要
在傳統的公開金鑰加密系統與點對點通訊之環境,當送方要傳送隱私資料給收方時,收方可產生一組金鑰對,一把為私鑰,另一把為相對應之公鑰,並公布其公鑰。然後送方利用此公鑰加密欲傳送之訊息,而只有私鑰的真正擁有者有能力對此加密訊息進行解密。然而,在雲端運算環境與服務盛行的今日,許多使用者將大量資料存放於雲端之上。基於隱私保護之需求,使用者會先將其中之敏感性資料加密,再上傳至雲端。但傳統的公開金鑰加密系統無法完全適用於雲儲存環境,當收方欲存取具某些屬性或條件的雲資料時,會因雲資料被加密,造成雲伺服器無法於密文空間進行搜尋。為了解決此問題,謂語加密(Predicate Encryption)因應而生。謂語加密是一種新的密碼學方法,它針對加密資料提供較細緻(Fine-Grained)的存取權限控管。在謂語加密的設定中,送方以公鑰與一組屬性集合加密訊息,而收方將使用私鑰計算一個符合某些屬性條件之搜尋權杖(Token)。雲伺服器即可使用此權杖解密或尋出並回傳雲儲存裡符合條件之密文。

在本論文中,我們提出一個植基於內積謂語(Inner Product Predicates)之可控制謂語加密方法,此為第一個提供時間生效(Timed-Release)與資料自毀(Data Self-Destruction)機制之謂語加密。基於上述兩特性,送方可以依資料控制的需求,設定資料的可閱讀與不可閱讀時間。收方在可閱讀時間到達後,始可解密與開啟檔案;另外,當資料在不可閱讀時間到達後,將啟動資料自毀程序。再者,我們針對實務上的需求,提供一個衍生的謂語加密方法。此方法除上述兩個特性外,再包含長訊息加密(Long Message Encryption)與無須解密搜尋(Search without Decryption)兩特點。此方法的加密訊息長度與乘法群的秩(Order)無關;另外,與原始謂語加密不同之處為雲伺服器可不解開符合搜尋條件之密文,直接回傳密文給收方。

為增進謂語加密實作上的的效率,我們亦建構一個較輕量,植基於隱藏向量謂語(Hidden Vector Predicates)之謂語加密方法。再者,針對企業資料儲存之應用,我們提出一個同樣植基於隱藏向量謂語的對稱式謂語加密方法,此方法涵蓋兩種隱私保護搜尋功能,分別為可廢止委託搜尋(Revocable Delegated Search)與無須解密委託搜尋(Delegated Search without Decryption)。雲資料的管理者可藉由前項功能控管雲資料被使用的生命週期,以避免資料被濫用;另外,權杖的產生將區分為解密權杖與搜尋權杖,以提供企業不同層級與權限之人員使用 。本論文最後將於附錄展示上述兩種植基於隱藏向量謂語之謂語加密的系統應用與實作。
Abstract
In traditional public-key encryption, a receiver generates a pair of keys, a private key SK and a corresponding public key PK. A sender obtains the above public key and encrypts a message with this key. Only the owner of SK, the receiver, can decrypt the ciphertext and read the message. The above scenario only suits point-to-point communication. Recently, cloud computing prevails over the whole world, and a lot of sensitive data will be stored into the cloud. Due to the data privacy, it is necessary for users to encrypt their sensitive data before storing them into the cloud. However, there exist some shortcomings in the setting of traditional public-key encryption. When the receiver wants to search some particular data that are stored in the cloud server, the server cannot perform search over the ciphertext space. In order to solve this problem, predicate encryption schemes were proposed. Predicate encryption is a new cryptographic primitive that provides fine-grained control over the accesses to encrypted data. In the setting of predicate encryption, any message can be encrypted with PK and a set of attributes. The receiver can make use of SK to generate a search token corresponding to a predicate. The cloud server can take this token generated by the receiver to test or decrypt the ciphertexts if and only if the set of attributes of the ciphertexts satisfies the predicate of the secret token.

In this dissertation, we propose a controllable predicate encryption scheme for inner product predicates, which is the first work that can provide timed-release services and data self-destruction property. Owing to these properties, the sender can set the readable/unreadable time of the files to be sent to the receiver. The receiver can read the sent file only after the readable time. After the unreadable time, the structure of the file will be destroyed and the file will become unreadable. Furthermore, for practical usage purposes, an extended scheme, which is based on the proposed scheme, provides not only timed-release services and data self-destruction but also long message encryption and search without decryption. In the extended scheme, the length of encrypted messages does not depend on the order of the group. Moreover, the cloud server can obtain only the matched ciphertexts after the search.

In order to improve efficiency of predicate encryption, we construct a lightweight scheme of the predicate encryption that uses hidden vector predicates rather than inner product predicates. We also present a lightweight symmetric scheme of the predicate encryption, which provides two privacy preserving search functionalities, including revocable delegated search and delegated search without decryption. Due to these functionalities, the owner of a cloud storage can easily control the lifetimes and search privileges of cloud data. We also present system implementations of the above lightweight schemes in the Appendixes.
目次 Table of Contents
中文論文審定書 i

英文論文審定書 ii

誌謝 iv

中文摘要 v

Abstract vi

List of Figures x

List of Tables xii

Chapter 1 Introduction 1
1.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Motivation and Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Chapter 2 Controllable Predicate Encryption Schemes for Inner Product Predicates 6
2.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.1 Bilinear Pairing Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.2 General Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1.3 Security Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2 Proposed Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.2.1 Proposed Controllable Predicate Encryption Scheme . . . . . . . . . . . . . . . . . 11
2.2.2 Proposed Extended Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.2.3 How to Support Data Self-Destruction without P2P Networks . . . . . . . . . . . 21
2.3 Discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.3.1 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.3.2 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.3.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Chapter 3 Lightweight Predicate Encryption Scheme for Hidden Vector Predicates 29
3.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.1.1 Bilinear Pairing Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.1.2 General Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.1.3 Security Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.2 Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
3.3 Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.3.1 Extension 1: Retrieving All Ciphertexts . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.3.2 Extension 2: Supporting Delegated Search/Decryption in Cloud Storage 41
3.4 Security Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.5 Discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.5.1 From Selective Security to Full Security . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.5.2 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.5.3 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55

Chapter 4 Lightweight Symmetric Predicate Encryption Scheme for Hidden Vector
Predicates 58
4.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
4.1.1 Bilinear Pairing Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
4.1.2 General Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
4.1.3 Security Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
4.2 Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.3 Security Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
4.4 Discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
4.4.1 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
4.4.2 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Chapter 5 Conclusion and FutureWorks 77

Bibliography 77

Appendix A Implementation of Lightweight Predicate Encryption Scheme 83

Appendix B Implementation of Lightweight Symmetric Predicate Encryption Scheme 87
參考文獻 References
[1] G. Ateniese, M. Green, K. Fu, and S. Hohenberger. Improved Proxy Re-Encryption
Schemes with Applications to Secure Distributed Storage. ACM Transactions on Information and System Security, vol. 9, no. 1, pp. 1–30, 2006.
[2] J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-Policy Attribute-Based Encryption. The 28th IEEE Symposium on Security and Privacy (S & P 2007), pp. 321–334, 2007.
[3] J. Birkett and D. Stebila. Predicate-Based Key Exchange. The 15th Australasian Conference on Information Security and Privacy (ACISP 2010), pp. 282–299, 2010.
[4] C. Blundo, V. Iovino, and G. Persiano. Private-Key Hidden Vector Encryption with Key
Confidentiality. The 8th International Conference on Cryptology And Network Security
(CANS 2009), pp. 259–277, 2009.
[5] D. Boneh and X. Boyen. Efficient Selective Identity-Based Encryption without Random
Oracles. Journal of Cryptology, vol. 24, no. 4, pp. 659–693, 2011.
[6] D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano. Public Key Encryption with Keyword Search. Advances in Cryptology - EUROCRYPT 2004, pp. 506–522, 2004.
[7] D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. SIAM
Journal on Computing, vol. 32, no. 3, pp. 586–615, 2003.
[8] D. Boneh and B. Waters. Conjunctive, Subset, and Range Queries on Encrypted Data. The 4th Theory of Cryptography Conference (TCC 2007), pp. 535–554, 2007.
[9] X. Boyen and B. Waters. Anonymous Hierarchical Identity-Based Encryption (Without
Random Oracles). Advances in Cryptology - CRYPTO 2006, pp. 290–307, 2006.
[10] V. Casola, A. Cuomo, M. Rak, and U. Villano. The CloudGrid Approach: Security
Analysis and Performance Evaluation. Future Generation Computer Systems,
doi:10.1016/j.future.2011.08.008, 2011.
[11] S. Chatterjee, D. Hankerson, and A. Menezes. On the Efficiency and Security of Pairing-Based Protocols in the Type 1 and Type 4 Settings. IACR Cryptology ePrint Archive:Report 2010/388, 2010.
[12] J. H. Cheon, N. Hopper, Y. Kim, and I. Osipkov. Provably Secure Timed-Release Public Key Encryption. ACM Transactions on Information and Systems Security, vol. 11, no. 2 , article 8, 2008.
[13] A. Ciuffoletti. Secure Token Passing at Application Leve. Future Generation Computer Systems, vol. 26, no. 7, pp. 1026–1031, 2010.
[14] D. M. Freeman. Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups. Advances in Cryptology - EUROCRYPT 2010, pp. 44–61, 2010.
[15] R. Geambasu, T. Kohno, A. Levy, and H. M. Levy. Vanish: Increasing Data Privacy with Self-Destructing Data. The 18th USENIX Security Symposium (USENIX Security 2009), pp. 299–350, 2009.
[16] R. Gennaro, C. Gentry, and B. Parno. Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers. Advances in Cryptology - CRYPTO 2010, pp. 465–482, 2010.
[17] C. Gentry. Fully Homomorphic Encryption Using Ideal Lattices. The 41st ACM Symposium on Theory of Computing (STOC 2009), pp. 169–178, 2009.
[18] V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-Based Encryption for Finegrained Access Control of Encrypted Data. The 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 89–98, 2006.
[19] J. Han, W. Susilo, Y. Mu, and J. Yan. Privacy-Preserving Decentralized Key-Policy
Attribute-Based Encryption. IEEE Transactions on Parallel and Distributed Systems,
vol. 23, no. 11, pp. 2150–2162, 2012.
[20] Z. Hao, S. Zhong, and N. Yu. A Privacy-Preserving Remote Data Integrity Checking
Protocol with Data Dynamics and Public Verifiability. IEEE Transactions on Knowledge
and Data Engineering, vol. 23, no. 9, pp. 1432–1437, 2011.
[21] D. Harnik, B. Pinkas, and A. S. Peleg. Side Channels in Cloud Services: Deduplication in Cloud Storage. IEEE Security and Privacy, vol. 8, no. 6, pp. 40–47, 2010.
[22] J. Herranz and F. Laguillaumie. Blind Ring Signatures Secure under the Chosen-Target-CDH Assumption. The 9th Information Security Conference (ISC 2006), pp. 117–130, 2006.
[23] V. Iovino and G. Persiano. Hidden-Vector Encryption with Groups of Prime Order. The second International Conference on Pairing-based Cryptography (Pairing 2008), pp. 75–88, 2008.
[24] J. Katz, A. Sahai, and B. Waters. Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products. Advances in Cryptology - EUROCRYPT 2008, pp. 146–162, 2008.
[25] A. Lewko, T. Okamoto, K. Takashima A. Sahai, and B.Waters. Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption. Advances in Cryptology - EUROCRYPT 2010, pp. 62–91, 2010.
[26] J. Li, B. Li, T. Wo, C. Hu, J. Huai, L. Liu, and K. P. Lam. CyberGuarder: A Virtualization Security Assurance Architecture for Green Cloud Computing. Future Generation Computer Systems, vol. 28, no. 2, pp. 379–390, 2012.
[27] B. Libert and D. Vergnaud. Unidirectional Chosen-Ciphertext Secure Proxy Re-
Encryption. IEEE Transactions on Information Theory, vol. 57. no. 3, pp. 1786–1802,
2011.
[28] H. Y. Lin and W. G. Tzeng. A Secure Erasure Code-Based Cloud Storage System with Secure Data Forwarding. IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 6, pp. 995–1003, 2012.
[29] T. Okamoto and K. Takashima. Hierarchical Predicate Encryption for Inner-Products.
Advances in Cryptology - ASIACRYPT 2009, pp. 214–231, 2009.
[30] T. Okamoto and K. Takashima. Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption. Advances in Cryptology - Crypto 2010, pp. 191–208, 2010.
[31] T. Okamoto and K. Takashima. Achieving Short Ciphertexts or Short Secret-Keys for
Adaptively Secure General Inner-Product Encryption. The 10th International Conference
on Cryptology and Network Security (CANS 2011), pp. 138–159, 2011.
[32] T. Okamoto and K. Takashima. Adaptively Attribute-Hiding (Hierarchical) Inner Product Encryption. Advances in Cryptology - EUROCRYPT 2012, pp. 591–608, 2012.
[33] J. H. Park. Efficient Hidden Vector Encryption for Conjunctive Queries on Encrypted
Data. IEEE Transactions on Knowledge and Data Engineering, vol. 23, no. 10, pp.
1483–1497, 2011.
[34] J. H. Park. Inner-product Encryption under Standard Aassumptionss. Designs, Codes and Cryptography, vol. 58, no. 3, pp. 235–257, 2011.
[35] J. M. M. Prrez, J. B. Bernabe, J. M. A. Calero, F. J. G. Clemente, G. M. Perez, and
A. F. G. Skarmeta. Semantic-Based Authorization Architecture for Grid. Future Generation Computer Systems, vol. 27, no. 1, pp. 40–55, 2011.
[36] E. Schost. Polynomial Systems: Geometry and Algorithms. http://www.csd.uwo.ca/
eschost/publications/CS829-lecture3.pdf.
[37] M. Scott. Implementing Cryptographic Pairings. ftp://ftp.computing.dcu.ie/pub/resources/crypto/pairings.pdf.
[38] H. Shacham and B. Waters. Compact Proofs of Retrievability. Advances in Cryptology - ASIACRYPT 2008, pp. 90–107, 2008.
[39] E. Shen, E. Shi, and B. Waters. Predicate Privacy in Encryption Systems. The 6th Theory of Cryptography Conference (TCC 2009), pp. 457–473, 2009.
[40] E. Shi and B. Waters. Delegating Capabilities in Predicate Encryption Systems. The 35th International Colloquium on Automata, Languages and Programming (ICALP 2008), pp. 560–578, 2008.
[41] M. W. Storer, K. Greenan, D. D. E. Long, and E. L. Miller. Secure Data Deduplication. 2008 ACM Workshop on Storage Security and Survivability (StorageSS 2008), pp. 1–10, 2008.
[42] U. Uludag, S. Pankanti, and A. K. Jain. Fuzzy Vault for Fingerprints. Audio- and Video- Based Biometric Person Authentication , pp. 310-319, 2005.
[43] R. Wei and D. Ye. Delegate Predicate Encryption and Its Application to Anonymous Authentication. The 2009 ACM Symposium on Information, Computer and Communications Security (ASIACCS 2009), pp. 372–375, 2009.
[44] E. J. Yoon and K. Y. Yoor. A Secure Broadcasting Cryptosystem and Its Application
to Grid Computing. Future Generation Computer Systems, vol. 27, no. 5, pp. 620–626,
2011.
[45] Y. Zhang, C. J. Xue, D. S. Wong, N. Mamoulis, and S. M. Yiu. Acceleration of Composite Order Bilinear Pairing on Graphics Hardware. Cryptology ePrint Archive: Report 2011/196, 2011.
[46] D. Zissis and D. Lekkas. Addressing Cloud Computing Security Issues. Future Generation Computer Systems, vol. 28, no. 3, pp. 583–592, 2012.
[47] Amazon Simple Storage Service (Amazon S3). http://aws.amazon.com/s3/.
[48] Azure Storage Service. http://www.windowsazure.com/.
[49] The Java Pairing Based Cryptography Library. http://gas.dia.unisa.it/projects/jpbc/.
[50] The Pairing-Based Cryptography Library. http://crypto.stanford.edu/pbc/.
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available


紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code