A Study on Encryption Techniques for Secure Database That Suports Dynamical Fine Grain Access Control and Keyword Search

View Statistics Email Alert RSS Feed

Information

Details

Project title

Code/計畫編號

NSC100-2218-E019-003

Translated Name/計畫中文名

可動態指定多人讀取權限及關鍵字搜尋之密文資料庫加密技術研究

Project Coordinator/計畫主持人

Pei-Yih Ting

Funding Organization/主管機關

National Science and Technology Council

Department/Unit

Department of Computer Science and Engineering

Website

https://www.grb.gov.tw/search/planDetail?id=2322482

Year

2011

Start date/計畫起

01-08-2011

Expected Completion/計畫迄

31-07-2012

Bugetid/研究經費

520千元

ResearchField/研究領域

資訊科學--軟體

自從 2007 年 Google 大力推動雲端運算概念 - 透過分攤軟體/硬體平台之成本提供極大的經濟價值，降低企業的開創成本與營運成本，同時在逐步建設的過程中也提供新技術發展成長的機會，各企業逐步應用雲端運算架構以節省成本，然而距離全面性的佈署雲端應用仍然有很大的距離，除了經濟與效率的考量之外，最主要的障礙在於雲端系統的安全性，企業主只要一想到潛在的資料安全性問題，就時時牽制著雲端架構的投資，目前許多企業以及政府單位仍然將重要的資料保留在企業內部，藉由傳統的應用程式或是比較能夠控制資料安全性的私雲架構進行內部硬體及軟體的虛擬化。為了徹底提昇企業主對於雲端服務中資料安全性的信心，本計劃中將由可証明安全性的公開金鑰密碼系統出發，專注於發展適用於雲端資料管理及資料查詢系統之安全技術，主要透過修改 Boneh 的空間加密系統，成為可以動態指定多人資料讀取權限且支援密文關鍵字搜尋的加密機制，加強Boneh 密文可搜尋加密系統中搜尋暗門的安全性，探討如何抵抗動態侵入各個分散式雲端伺服器的攻擊，整個機制中資料伺服器上儲存的都是密文，資料查詢時關鍵字也是密文，資料伺服器完全無法解密，期望能夠藉此提昇使用者對於雲端資料儲存服務中資料私密性的信心。Since Google promoted strongly the concept of cloud computing, which provides great economic values through the sharing of the costs of software and hardware platforms, the enterprises that accepted this technology saved a good deal of setup and operational costs and new technologies emerged during the accommodating process. The major obstacle that prevents a full-fledge deployment of cloud computing technology is the lack of control of data security in the cloud. Currently, many companies and government departments still keep their important data from going into the cloud by using stand alone application software/hardware or using more controllable private cloud architecture of virtualized systems. In the hope to enhance the confidence of data security of the business owners, this project focuses of the development of a cryptographically secure data storage and data query system based on public key encryption with provable security. In particular, we will modify Boneh’s ‘Spatial encryption’ scheme to provide dynamical assignments of data access privileges and to provide keyword search on the ciphertexts. We will also enhance Boneh’s ‘Public key encryption with keyword search’ mechanism such that only the specified server can perform the search and the search queries do not leak any information. In addition, we will consider non-committing encryption to withstand the attack of an adaptive adversary. In this mechanism, only ciphertexts are stored on the data server and the query keywords are also encrypted. The data center cannot perform any decryption and thus this scheme allows the outsourcing of computation over the cloud environment without outsourcing the control of data.

Keyword(s)

雲端運算安全性
雲端資料管理與資料查詢系統
密文可搜尋加密系統
空間加密系統
secure data storage and search mechanism in the cloud computing environment
general identity-based encryption
public key encryption with keyword search
spatial encryption

DSpace CRIS

A Study on Encryption Techniques for Secure Database That Suports Dynamical Fine Grain Access Control and Keyword Search

Details

Description