通用构建：针对云存储中带有关键字搜索的公钥加密的加密反向防火墙

IF 5.3 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Cloud Computing Pub Date : 2024-02-15 DOI:10.1109/TCC.2024.3366435

Yang Ming;Hang Liu;Chenhao Wang;Yi Zhao

{"title":"通用构建：针对云存储中带有关键字搜索的公钥加密的加密反向防火墙","authors":"Yang Ming;Hang Liu;Chenhao Wang;Yi Zhao","doi":"10.1109/TCC.2024.3366435","DOIUrl":null,"url":null,"abstract":"The Snowden incident illustrates that an adversary may launch an algorithm substitution attack (ASA) by tampering with the algorithms of protocol participants to obtain users’ secret information. A measure against ASA is to equip the protocol participants with cryptographic reverse firewalls (CRF). Public key encryption with keyword search (PEKS) as a cryptographic primitive allows users to search encrypted file in cloud servers while ensuring the security of the original file. The existing CRF constructions for PEKS does not consider the trust level of CRFs, leaving honest-but-curious CRF to deal with trapdoors that should be sent in the secure channels, which brings new security risks. This article first introduces the notion of malleable designated tester public key encryption with keyword search (M-DPEKS). Based on M-DPEKS, we propose the generic construction of public key encryption with keyword search with cryptographic reverse firewalls to overcome the privacy leakage issue in cloud storage. Security proof indicates the generic construction is secure against ASA. Lastly, we instantiate the generic construction with a concrete M-DPEKS scheme and analyze the computation cost and communication overhead to evaluate the efficiency.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":null,"pages":null},"PeriodicalIF":5.3000,"publicationDate":"2024-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Generic Construction: Cryptographic Reverse Firewalls for Public Key Encryption With Keyword Search in Cloud Storage\",\"authors\":\"Yang Ming;Hang Liu;Chenhao Wang;Yi Zhao\",\"doi\":\"10.1109/TCC.2024.3366435\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Snowden incident illustrates that an adversary may launch an algorithm substitution attack (ASA) by tampering with the algorithms of protocol participants to obtain users’ secret information. A measure against ASA is to equip the protocol participants with cryptographic reverse firewalls (CRF). Public key encryption with keyword search (PEKS) as a cryptographic primitive allows users to search encrypted file in cloud servers while ensuring the security of the original file. The existing CRF constructions for PEKS does not consider the trust level of CRFs, leaving honest-but-curious CRF to deal with trapdoors that should be sent in the secure channels, which brings new security risks. This article first introduces the notion of malleable designated tester public key encryption with keyword search (M-DPEKS). Based on M-DPEKS, we propose the generic construction of public key encryption with keyword search with cryptographic reverse firewalls to overcome the privacy leakage issue in cloud storage. Security proof indicates the generic construction is secure against ASA. Lastly, we instantiate the generic construction with a concrete M-DPEKS scheme and analyze the computation cost and communication overhead to evaluate the efficiency.\",\"PeriodicalId\":13202,\"journal\":{\"name\":\"IEEE Transactions on Cloud Computing\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":5.3000,\"publicationDate\":\"2024-02-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Cloud Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10438021/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cloud Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10438021/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

斯诺登事件表明，对手可以通过篡改协议参与者的算法来发起算法替换攻击（ASA），从而获取用户的秘密信息。应对 ASA 的措施是为协议参与者配备加密反向防火墙（CRF）。带关键字搜索的公钥加密（PEKS）作为一种加密原语，允许用户在云服务器中搜索加密文件，同时确保原始文件的安全。现有的针对PEKS的CRF构造没有考虑CRF的信任级别，使得诚实但好奇的CRF无法处理本应在安全信道中发送的陷阱门，这带来了新的安全风险。本文首先介绍了带关键字搜索的可延展指定测试者公钥加密（M-DPEKS）的概念。在 M-DPEKS 的基础上，我们提出了带有关键字搜索的公开密钥加密的通用结构和加密反向防火墙，以克服云存储中的隐私泄露问题。安全证明表明该通用结构可安全对抗 ASA。最后，我们将通用结构与具体的 M-DPEKS 方案实例化，并分析了计算成本和通信开销，以评估其效率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Generic Construction: Cryptographic Reverse Firewalls for Public Key Encryption With Keyword Search in Cloud Storage

The Snowden incident illustrates that an adversary may launch an algorithm substitution attack (ASA) by tampering with the algorithms of protocol participants to obtain users’ secret information. A measure against ASA is to equip the protocol participants with cryptographic reverse firewalls (CRF). Public key encryption with keyword search (PEKS) as a cryptographic primitive allows users to search encrypted file in cloud servers while ensuring the security of the original file. The existing CRF constructions for PEKS does not consider the trust level of CRFs, leaving honest-but-curious CRF to deal with trapdoors that should be sent in the secure channels, which brings new security risks. This article first introduces the notion of malleable designated tester public key encryption with keyword search (M-DPEKS). Based on M-DPEKS, we propose the generic construction of public key encryption with keyword search with cryptographic reverse firewalls to overcome the privacy leakage issue in cloud storage. Security proof indicates the generic construction is secure against ASA. Lastly, we instantiate the generic construction with a concrete M-DPEKS scheme and analyze the computation cost and communication overhead to evaluate the efficiency.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Cloud Computing Computer Science-Software

CiteScore

9.40

自引率

6.20%

发文量

167

期刊介绍： The IEEE Transactions on Cloud Computing (TCC) is dedicated to the multidisciplinary field of cloud computing. It is committed to the publication of articles that present innovative research ideas, application results, and case studies in cloud computing, focusing on key technical issues related to theory, algorithms, systems, applications, and performance.