一個在主從式架構下SSE協議的安全性分析與改良

學術產出-Theses

Article View/Open

pdf(143)

Publication Export

Google Scholar^TM

政大圖書館

學術資源探索系統

Citation Infomation

No doi shows Citation Infomation

Simple Record
Full Record

題名	一個在主從式架構下SSE協議的安全性分析與改良 Security Analysis and Improvement on the SSE Protocol in Client-Server Model
作者	邱哿振 Chiu, Ko Cheng
貢獻者	左瑞麟 Tso, Ray Lin 邱哿振 Chiu, Ko Cheng
關鍵詞	SSE ASE 關鍵字搜尋雲端運算
日期	2013
上傳時間	21-Jul-2014 15:42:41 (UTC+8)
摘要	所謂的SSE (Symmetric Searchable Encryption;對稱式可搜尋加密)就是將自己的資料用自己的密鑰加密外包放在一個網路或雲端上的資料庫DB，存放期間使用者能保有向DB搜尋資料的能力，而DB仍然可以在不知道資料明文的情況下，把使用者所欲搜尋的資料回傳給他。2013年林峻立等學者針對上述的雲端環境，提出了具動態維護及合取關鍵字搜尋之無連結性密文搜尋機制，此方案利用SSE的方式能讓雲端上的伺服器快速搜尋到所提交的關鍵字相關檔案，但此方案所提出之協議仍有安全上的弱點。因此，在此篇論文中，我們基於此方案，分析其安全性漏洞，並在兼顧安全性與低成本的特性下，提出新的SSE搜尋機制。
參考文獻	[1] M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. M. Lee, G. Neven, P. Paillier, and H. Shi. “Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions.” Advances in Cryptology -CRYPTO `05, volume 3621 of Lecture Notes in Computer Science, pages 205-222. Springer, 2005. [2] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. “Provable data possession at untrusted stores.” In P. Ning, S. De Capitani di Vimercati, and P. Syverson, editors, ACM Conference on Computer and Communication Security (CCS `07), pages 598-609. ACM Press, 2007. [3] G. Ateniese, S. Kamara, and J. Katz. “Proofs of storage from homomorphic identication protocols.” Advances in Cryptology - ASIACRYPT `09, volume 5912 of Lecture Notes in Computer Science, pages 319-333. Springer, 2009. [4] G. Ateniese, R. Di Pietro, L. V. Mancini, and G. Tsudik. “Scalable and efficient provable data possession.” In Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm `08), pages 1-10, New York, NY, USA, 2008. ACM. [5] J. Baek, R. Safavi-Naini, and W. Susilo. “On the integration of public key data encryption and public key encryption with keyword search.” In International Conference on Information Security (ISC `06), volume 4176 of Lecture Notes in Computer Science, pages 217-232. Springer, 2006. [6] J. Baek, R. Safavi-Naini, and W. Susilo. “Public key encryption with keyword search revisited.” In International conference on Computational Science and Its Applications, volume 5072 of Lecture Notes in Computer Science, pages 1249-1259. Springer, 2008. [7] J. Bardin, J. Callas, S. Chaput, P. Fusco, F. Gilbert, C. Hoff, D. Hurst, S. Kumaraswamy, L. Lynch, S. Matsumoto, B. O`Higgins, J. Pawluk, G. Reese, J. Reich, J. Ritter, J. Spivey, and J. Viega. “Security guidance for critical areas of focus in cloud computing.” Technical report, Cloud Security Alliance, April 2009. [8] M. Bellare, A. Boldyreva, and A. O`Neill. “Deterministic and efficiently searchable encryption.” Advances in Cryptology - CRYPTO `07, Lecture Notes in Computer Science, pages 535-552. Springer, 2007. [9] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter. “Patient controlled encryption: Ensuring privacy of electronic medical records.” In ACM workshop on Cloud computing security (CCSW`09), pages 103-114. ACM, 2009. [10] J. Bethencourt, A. Sahai, and B. Waters. “Ciphertext-policy attribute-based encryption.” In IEEE Symposium on Security and Privacy, pages 321-334. IEEE Computer Society, 2007. [11] D. Boneh, G. di Crescenzo, R. Ostrovsky, and G. Persiano. “Public key encryption with keyword search.” Advances in Cryptology - EUROCRYPT `04, volume 3027 of Lecture Notes in Computer Science, pages 506-522. Springer, 2004. [12] D. Boneh, E. Kushilevitz, R. Ostrovsky, and W. Skeith. “Public-key encryption that allows PIR queries.” Advances in Cryptology - CRYPTO `07, volume 4622 of Lecture Notes in Computer Science, pages 50-67. Springer, 2007. [13] D. Boneh and B. Waters. “Conjunctive, subset, and range queries on encrypted data.” In Theory of Cryptography Conference (TCC `07), volume 4392 of Lecture Notes in Computer Science, pages 535-554. Springer, 2007. [14] K. Bowers, A. Juels, and A. Oprea. “Proofs of retrievability: Theory and implementation.” In ACM workshop on Cloud computing security (CCSW`09), pages 43-54. ACM, 2009.. 40 [15] J. W. Byun, H. S. Rhee, H.-A. Park, and D. H. Lee. “Off-line keyword guessing attacks on recent keyword search schemes over encrypted data.” In Secure Data Management, volume 4165 of Lecture Notes in Computer Science, pages 75-83. Springer, 2006. [16] Y. Chang and M. Mitzenmacher. “Privacy preserving keyword searches on remote encrypted data.” Applied Cryptography and Network Security (ACNS `05), volume 3531 of Lecture Notes in Computer Science, pages 442-455. Springer, 2005. [17] M. Chase. “Multi-authority attribute based encryption.” In Theory of Cryptography Conference(TCC `07), volume 4392 of Lecture Notes in Computer Science, pages 515-534. Springer, 2007. [18] M. Chase and S.M. Chow. “Improving privacy and security in multi-authority attribute-based encryption.” In ACM Conference on Computer and Communications Security (CCS `09), pages 121-130, New York, NY, USA, 2009. ACM. [19] R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. “Searchable symmetric encryption: Improved definitions and efficient constructions.” ACM Conference on Computer and Communications Security (CCS`06), pages 79-88. ACM, 2006. [20] Y. Dodis, S. Vadhan, and D. Wichs. “Proofs of retrievability via hardness ampli cation.” In Theory of Cryptography Conference, volume 5444 of Lecture Notes in Computer Science, pages 109-127. Springer, 2009. [21] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia. “Dynamic provable data possession.” In ACM conference on Computer and communications security (CCS `09), pages 213-222, New York, NY, USA, 2009. ACM. [22] T. Fuhr and P. Paillier. “Decryptable searchable encryption.” In International 41 Conference on Provable Security, volume 4784 of Lecture Notes in Computer Science, pages 228-236. Springer,2007. [23] E-J. Goh. “Secure indexes.” Technical Report 2003/216, IACR ePrint Cryptography Archive, 2003.. [24] P. Golle, J. Staddon, and B. Waters. “Secure conjunctive keyword search over encrypted data.” Applied Cryptography and Network Security Conference (ACNS `04), volume 3089 of Lecture Notes in Computer Science, pages 31-45. Springer, 2004. [25] V. Goyal, O. Pandey, A. Sahai, and B. Waters. “Attribute-based encryption for fine-grained access control of encrypted data.” In ACM conference on Computer and communications security(CCS `06), pages 89-98, New York, NY, USA, ACM, 2006. [26] A. Juels and B. Kaliski. “PORs: Proofs of retrievability for large files.” ACM Conference on Computer and Communication Security (CCS `07), pages 584-597, New York, NY, USA, ACM, 2007. [27] R. Ostrovsky, A. Sahai, and B. Waters. “Attribute-based encryption with non-monotonic access structures.” In ACM conference on Computer and communications security (CCS `07), pages 195-203, New York, NY, USA, ACM, 2007. [28] D. Park, K. Kim, and P. Lee. “Public key encryption with conjunctive field keyword search.” Workshop on Information Security Applications (WISA`04), volume 3325 of Lecture Notes in Computer Science, pages 73-86. Springer, 2004. [29] A. Sahai and B. Waters. “Fuzzy identity-based encryption.” Advances in Cryptology - EUROCRYPT `05, volume 3494 of Lecture Notes in Computer Science, pages 457-473. Springer, 2005. 42 [30] H. Shacham and B. Waters. “Compact proofs of retrievability.” In Advances in Cryptology - ASIACRYPT `08, volume 5350 of Lecture Notes in Computer Science, pages 90-107. Springer, 2008. [31] E. Shi, J. Bethencourt, T. Chan, D. Song, and A. Perrig. “Multi-dimensional range query over encrypted data.” In IEEE Symposium on Security and Privacy, pages 350-364, Washington, DC, USA, 2007. IEEE Computer Society. [32] D. Song, D. Wagner, and A. Perrig. “Practical techniques for searching on encrypted data.” In IEEE Symposium on Research in Security and Privacy, pages 44-55. IEEE Computer Society, 2000. [33] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou. “Enabling public verifiability and data dynamics for storage security in cloud computing.” In European Symposium on Research in Computer Security (ESORICS `09), volume 5789 of Lecture Notes in Computer Science, pages 355-370. Springer, 2009. [34] K. Zetter. “Compay caught in texas data center raid loses suit against FBI.” Wired Magazine, April 2009. [35] S. Kamara and K. Lauter. “Cryptographic Cloud Storage.” Financial Cryptography and Data Security, volume 6054 of Lecture Notes in Computer Science, pages 136-149. Springer, 2010. [36] S. T. Hsu, M.S. Hwang, and C.C. Yang. “A study of keyword Search over encrypted data in cloud storage service.” 2013 [37] 林峻立. “Unlinkable and Conjunctive Keyword Ciphertext Searching with Dynamic Maintenance” Cryptology and Information Security Conference 2013, pages 272-275.
描述	碩士國立政治大學資訊科學學系 101753038 102
資料來源	http://thesis.lib.nccu.edu.tw/record/#G0101753038
資料類型	thesis

dc.contributor.advisor	左瑞麟	zh_TW
dc.contributor.advisor	Tso, Ray Lin	en_US
dc.contributor.author (Authors)	邱哿振	zh_TW
dc.contributor.author (Authors)	Chiu, Ko Cheng	en_US
dc.creator (作者)	邱哿振	zh_TW
dc.creator (作者)	Chiu, Ko Cheng	en_US
dc.date (日期)	2013	en_US
dc.date.accessioned	21-Jul-2014 15:42:41 (UTC+8)	-
dc.date.available	21-Jul-2014 15:42:41 (UTC+8)	-
dc.date.issued (上傳時間)	21-Jul-2014 15:42:41 (UTC+8)	-
dc.identifier (Other Identifiers)	G0101753038	en_US
dc.identifier.uri (URI)	http://nccur.lib.nccu.edu.tw/handle/140.119/67627	-
dc.description (描述)	碩士	zh_TW
dc.description (描述)	國立政治大學	zh_TW
dc.description (描述)	資訊科學學系	zh_TW
dc.description (描述)	101753038	zh_TW
dc.description (描述)	102	zh_TW
dc.description.abstract (摘要)	所謂的SSE (Symmetric Searchable Encryption;對稱式可搜尋加密)就是將自己的資料用自己的密鑰加密外包放在一個網路或雲端上的資料庫DB，存放期間使用者能保有向DB搜尋資料的能力，而DB仍然可以在不知道資料明文的情況下，把使用者所欲搜尋的資料回傳給他。2013年林峻立等學者針對上述的雲端環境，提出了具動態維護及合取關鍵字搜尋之無連結性密文搜尋機制，此方案利用SSE的方式能讓雲端上的伺服器快速搜尋到所提交的關鍵字相關檔案，但此方案所提出之協議仍有安全上的弱點。因此，在此篇論文中，我們基於此方案，分析其安全性漏洞，並在兼顧安全性與低成本的特性下，提出新的SSE搜尋機制。	zh_TW
dc.description.tableofcontents	一個在主從式架構下SSE協議的安全性分析與改良 .............. 3 Security Analysis and Improvement on the SSE Protocol in Client-Server Model ...... 4 Table of Content .................... 5 List of Figures ............................. 8 List of Tables ............................ 8 Chapter 1 Introduction .................... 9 1.1 Research Background ................. 9 1.2 Research Motivation ............... 10 1.3 Research Purpose and Contribution .... 11 1.4 Research Scope ............. 12 1.5 Organization .................. 12 Chapter 2 Background Introduction.......... 14 2.1 Network Architecture .................. 14 2.1.1 Client-Server Model ................ 14 2.1.2 Client-Server Roles.................. 14 2.1.3 Client-Server Communication ................ 15 2.1.4 Comparison with Peer-to-Peer Architecture .... 16 2.2 Searchable Encryption............ 17 2.2.1 Searchable Encryption ........ 17 2.2.2 Symmetric Searchable Encryption (SSE) ......... 18 6 2.2.3 Asymmetric Searchable Encryption (ASE) ...... 19 2.2.4 Efficient ASE (ESE) .......... 20 2.2.5 Multi-User SSE (MSSE) ........ 21 Chapter 3 Related Literature ............. 22 3.1 Encryption and Storage Phase ............ 22 3.2 Search and Decryption Phase ............. 24 3.3 Dynamic Maintenance.......... 26 3.4 Conjunctive Keyword Search........ 26 3.5 What are Unlinkable Search and Ciphertext Patterns? ............... 27 3.5.1 Unlinkable Search Pattern .......... 27 3.5.2 Unlinkable Ciphertext Pattern ..... 28 Chapter 4 Security Problems of Lin et al. Scheme ..................... 29 4.1 Security Vulnerabilities of Unlinkable Search Pattern ............ 29 4.2 Security Vulnerabilities of Unlinkable Ciphertext Pattern ................. 30 4.3 Keywords Vulnerable to Brute Force Attacks ............................ 31 Chapter 5 Proposed Scheme and Security Analysis .............. 32 5.1 Encryption and Storage Phase ......... 32 5.2 Search and Decryption Phase ......... 32 5.3 Security Analysis of Proposed Scheme .........34 5.3.1 Confidentiality .......................... 34 5.3.2 Privacy ......................................... 34 5.3.3 Unlinkable Searching Pattern ......... 34 7 5.3.4 Unlinkable Ciphertext Pattern ..... 35 5.3.5 Keywords Less Vulnerable to Brute Force Attacks ................ 35 5.4 Efficiency Comparison of the Two Schemes ........................ 35 Chapter 6 Conclusion .............................. 37 References .............................................. 38	zh_TW
dc.format.extent	791440 bytes	-
dc.format.mimetype	application/pdf	-
dc.language.iso	en_US	-
dc.source.uri (資料來源)	http://thesis.lib.nccu.edu.tw/record/#G0101753038	en_US
dc.subject (關鍵詞)	SSE	zh_TW
dc.subject (關鍵詞)	ASE	zh_TW
dc.subject (關鍵詞)	關鍵字搜尋	zh_TW
dc.subject (關鍵詞)	雲端運算	zh_TW
dc.title (題名)	一個在主從式架構下SSE協議的安全性分析與改良	zh_TW
dc.title (題名)	Security Analysis and Improvement on the SSE Protocol in Client-Server Model	en_US
dc.type (資料類型)	thesis	en
dc.relation.reference (參考文獻)	[1] M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. M. Lee, G. Neven, P. Paillier, and H. Shi. “Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions.” Advances in Cryptology -CRYPTO `05, volume 3621 of Lecture Notes in Computer Science, pages 205-222. Springer, 2005. [2] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. “Provable data possession at untrusted stores.” In P. Ning, S. De Capitani di Vimercati, and P. Syverson, editors, ACM Conference on Computer and Communication Security (CCS `07), pages 598-609. ACM Press, 2007. [3] G. Ateniese, S. Kamara, and J. Katz. “Proofs of storage from homomorphic identication protocols.” Advances in Cryptology - ASIACRYPT `09, volume 5912 of Lecture Notes in Computer Science, pages 319-333. Springer, 2009. [4] G. Ateniese, R. Di Pietro, L. V. Mancini, and G. Tsudik. “Scalable and efficient provable data possession.” In Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm `08), pages 1-10, New York, NY, USA, 2008. ACM. [5] J. Baek, R. Safavi-Naini, and W. Susilo. “On the integration of public key data encryption and public key encryption with keyword search.” In International Conference on Information Security (ISC `06), volume 4176 of Lecture Notes in Computer Science, pages 217-232. Springer, 2006. [6] J. Baek, R. Safavi-Naini, and W. Susilo. “Public key encryption with keyword search revisited.” In International conference on Computational Science and Its Applications, volume 5072 of Lecture Notes in Computer Science, pages 1249-1259. Springer, 2008. [7] J. Bardin, J. Callas, S. Chaput, P. Fusco, F. Gilbert, C. Hoff, D. Hurst, S. Kumaraswamy, L. Lynch, S. Matsumoto, B. O`Higgins, J. Pawluk, G. Reese, J. Reich, J. Ritter, J. Spivey, and J. Viega. “Security guidance for critical areas of focus in cloud computing.” Technical report, Cloud Security Alliance, April 2009. [8] M. Bellare, A. Boldyreva, and A. O`Neill. “Deterministic and efficiently searchable encryption.” Advances in Cryptology - CRYPTO `07, Lecture Notes in Computer Science, pages 535-552. Springer, 2007. [9] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter. “Patient controlled encryption: Ensuring privacy of electronic medical records.” In ACM workshop on Cloud computing security (CCSW`09), pages 103-114. ACM, 2009. [10] J. Bethencourt, A. Sahai, and B. Waters. “Ciphertext-policy attribute-based encryption.” In IEEE Symposium on Security and Privacy, pages 321-334. IEEE Computer Society, 2007. [11] D. Boneh, G. di Crescenzo, R. Ostrovsky, and G. Persiano. “Public key encryption with keyword search.” Advances in Cryptology - EUROCRYPT `04, volume 3027 of Lecture Notes in Computer Science, pages 506-522. Springer, 2004. [12] D. Boneh, E. Kushilevitz, R. Ostrovsky, and W. Skeith. “Public-key encryption that allows PIR queries.” Advances in Cryptology - CRYPTO `07, volume 4622 of Lecture Notes in Computer Science, pages 50-67. Springer, 2007. [13] D. Boneh and B. Waters. “Conjunctive, subset, and range queries on encrypted data.” In Theory of Cryptography Conference (TCC `07), volume 4392 of Lecture Notes in Computer Science, pages 535-554. Springer, 2007. [14] K. Bowers, A. Juels, and A. Oprea. “Proofs of retrievability: Theory and implementation.” In ACM workshop on Cloud computing security (CCSW`09), pages 43-54. ACM, 2009.. 40 [15] J. W. Byun, H. S. Rhee, H.-A. Park, and D. H. Lee. “Off-line keyword guessing attacks on recent keyword search schemes over encrypted data.” In Secure Data Management, volume 4165 of Lecture Notes in Computer Science, pages 75-83. Springer, 2006. [16] Y. Chang and M. Mitzenmacher. “Privacy preserving keyword searches on remote encrypted data.” Applied Cryptography and Network Security (ACNS `05), volume 3531 of Lecture Notes in Computer Science, pages 442-455. Springer, 2005. [17] M. Chase. “Multi-authority attribute based encryption.” In Theory of Cryptography Conference(TCC `07), volume 4392 of Lecture Notes in Computer Science, pages 515-534. Springer, 2007. [18] M. Chase and S.M. Chow. “Improving privacy and security in multi-authority attribute-based encryption.” In ACM Conference on Computer and Communications Security (CCS `09), pages 121-130, New York, NY, USA, 2009. ACM. [19] R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. “Searchable symmetric encryption: Improved definitions and efficient constructions.” ACM Conference on Computer and Communications Security (CCS`06), pages 79-88. ACM, 2006. [20] Y. Dodis, S. Vadhan, and D. Wichs. “Proofs of retrievability via hardness ampli cation.” In Theory of Cryptography Conference, volume 5444 of Lecture Notes in Computer Science, pages 109-127. Springer, 2009. [21] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia. “Dynamic provable data possession.” In ACM conference on Computer and communications security (CCS `09), pages 213-222, New York, NY, USA, 2009. ACM. [22] T. Fuhr and P. Paillier. “Decryptable searchable encryption.” In International 41 Conference on Provable Security, volume 4784 of Lecture Notes in Computer Science, pages 228-236. Springer,2007. [23] E-J. Goh. “Secure indexes.” Technical Report 2003/216, IACR ePrint Cryptography Archive, 2003.. [24] P. Golle, J. Staddon, and B. Waters. “Secure conjunctive keyword search over encrypted data.” Applied Cryptography and Network Security Conference (ACNS `04), volume 3089 of Lecture Notes in Computer Science, pages 31-45. Springer, 2004. [25] V. Goyal, O. Pandey, A. Sahai, and B. Waters. “Attribute-based encryption for fine-grained access control of encrypted data.” In ACM conference on Computer and communications security(CCS `06), pages 89-98, New York, NY, USA, ACM, 2006. [26] A. Juels and B. Kaliski. “PORs: Proofs of retrievability for large files.” ACM Conference on Computer and Communication Security (CCS `07), pages 584-597, New York, NY, USA, ACM, 2007. [27] R. Ostrovsky, A. Sahai, and B. Waters. “Attribute-based encryption with non-monotonic access structures.” In ACM conference on Computer and communications security (CCS `07), pages 195-203, New York, NY, USA, ACM, 2007. [28] D. Park, K. Kim, and P. Lee. “Public key encryption with conjunctive field keyword search.” Workshop on Information Security Applications (WISA`04), volume 3325 of Lecture Notes in Computer Science, pages 73-86. Springer, 2004. [29] A. Sahai and B. Waters. “Fuzzy identity-based encryption.” Advances in Cryptology - EUROCRYPT `05, volume 3494 of Lecture Notes in Computer Science, pages 457-473. Springer, 2005. 42 [30] H. Shacham and B. Waters. “Compact proofs of retrievability.” In Advances in Cryptology - ASIACRYPT `08, volume 5350 of Lecture Notes in Computer Science, pages 90-107. Springer, 2008. [31] E. Shi, J. Bethencourt, T. Chan, D. Song, and A. Perrig. “Multi-dimensional range query over encrypted data.” In IEEE Symposium on Security and Privacy, pages 350-364, Washington, DC, USA, 2007. IEEE Computer Society. [32] D. Song, D. Wagner, and A. Perrig. “Practical techniques for searching on encrypted data.” In IEEE Symposium on Research in Security and Privacy, pages 44-55. IEEE Computer Society, 2000. [33] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou. “Enabling public verifiability and data dynamics for storage security in cloud computing.” In European Symposium on Research in Computer Security (ESORICS `09), volume 5789 of Lecture Notes in Computer Science, pages 355-370. Springer, 2009. [34] K. Zetter. “Compay caught in texas data center raid loses suit against FBI.” Wired Magazine, April 2009. [35] S. Kamara and K. Lauter. “Cryptographic Cloud Storage.” Financial Cryptography and Data Security, volume 6054 of Lecture Notes in Computer Science, pages 136-149. Springer, 2010. [36] S. T. Hsu, M.S. Hwang, and C.C. Yang. “A study of keyword Search over encrypted data in cloud storage service.” 2013 [37] 林峻立. “Unlinkable and Conjunctive Keyword Ciphertext Searching with Dynamic Maintenance” Cryptology and Information Security Conference 2013, pages 272-275.	zh_TW

學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

Google Scholar^TM