【作者】 赵莉；

【导师】 贾小华；

【作者基本信息】 哈尔滨工业大学 ， 计算机科学与技术， 2018， 硕士

【摘要】 随着云计算技术的快速发展和云存储服务器的大量普及,用户开始将本地数据库外包到云存储服务器,以此节省本地存储开销和避免繁琐的本地数据管理维护。由于云服务提供商的不完全可靠,外包会给数据拥有者的敏感数据及数据使用者的个人隐私带来安全隐患。为了保证数据安全和个人隐私,数据外包到云服务器之前需要先行加密,而加密的数据大大降低了数据原有的可用性,使得云服务器执行数据查询较为困难。因此,在保证数据外包安全及用户隐私安全的前提下,如何充分利用云服务器强大的计算及存储能力完成加密数据的高效搜索是一个值得进行深入研究的问题。外包数据库中的数据查询问题包括很多方面,本文重点研究了如何对已加密的外包数据进行快速的范围搜索,即:当可信的数据拥有者将数据先行加密并外包到云服务器后,云服务器能在不解密加密数据及无法获知查询范围的前提下,对落在用户给定的查询范围内的数据进行准确的搜索。本文在对数据外包安全及用户隐私问题进行系统研究的基础上,针对加密数据范围搜索问题进行深入的研究,提出了不同的算法分别处理一维及空间数据范围查询问题。一维数值型数据的范围查询一般是指对数据库中某属性列值的查询。基于安全索引、安全加密算法及布隆过滤器技术,本文提出的支持一维加密数据的范围查询的算法,可以使云服务器完成准确有效的范围搜索功能,并保证数据的安全及用户隐私。该算法无需进行复杂的密文字符串匹配操作,不必担心不完全可信的云服务器带来的安全隐患问题,可以充分利用云服务器的计算能力,且该算法可以应用在很多实际场景中。通过安全性分析及仿真实验,该算法具有较高的安全性和可行性。空间数据的范围查询一般是基于位置服务(LBS)对地理位置数据做给定查询范围的搜索。基于位置的服务可以根据移动终端用户提供的特定查询条件为其提供实时的周边搜索服务,在传统的基于位置的服务中,云服务提供商需要在本地通过维护地理数据库(Geo-DB)去获取移动终端用户的实时位置,但这也导致用户的个人隐私容易被泄露。针对这一问题,基于四叉编码索引树及布隆过滤器技术,本文提出了一种具有隐私保护的基于位置服务的范围搜索算法。在此算法中,数据拥有者使用加密的编码四叉树(ECQtree)为Geo-DB中的数据对象构建安全索引,使得用户在能加密的数据上做高效的查询;同时,使用基于布隆过滤器的方法,将用户的查询范围映射到布隆过滤器中,生成查询陷门(BF-vector),该查询陷门使得用户的位置信息对云服务器隐藏。该算法实现了对外包空间数据的范围查询,并能有效地保护用户位置隐私。仿真实验结果显示,该算法相比于相似问题的方案能有效地缩短空间数据的范围查询时间,降低数据拥有者和用户的计算开销,对于基于LBS的范围查询的实际应用具有重要的意义。更多还原

【Abstract】 With the rapid development of cloud computing and the popularity of cloud storage servers,users began to outsource local databases to cloud storage servers,thereby saving local storage overhead and avoiding cumbersome local data management and maintenance.Because cloud service providers are not completely reliable,outsourcing can pose a security risk to sensitive data of data owners and the privacy of data users.In order to ensure data security and personal privacy,data must be encrypted before being outsourced to the cloud server,and the encrypted data greatly reduces the original availability of the data,making it difficult for the cloud server to perform data query.Therefore,under the premise of ensuring the security of data outsourcing and the privacy of users,how to make full use of the powerful computing and storage capabilities of cloud servers to complete the efficient search of encrypted data is a problem worthy of further study.The data query problem in the outsourced database includes many aspects.This paper focuses on how to perform a fast range search on the encrypted outsourced data,that is,when the trusted data owner encrypts the data and outsources it to the cloud server,the cloud server can be accurately searched for data falling within the scope of the query given by the user without decrypting the encrypted data and not knowing the scope of the query.Based on the systematic research on data outsourcing security and user privacy,this thesis conducts in-depth research on the problem of encrypted data range search,and proposes different algorithms to deal with one-dimensional and multi-dimensional data range search problems.A range query for one-dimensional numeric data generally refers to a query for an attribute column value in the database.Based on the security index,security encryption algorithm and Bloom filter technology,the algorithm for supporting range query of onedimensional data proposed in this thesis can make the cloud server complete accurate and effective range search function,and ensure data security and user privacy.The algorithm does not need to perform complex ciphertext string matching operations,and does not need to worry about the security risks caused by the cloud server that is not completely trusted.The computing power of the cloud server can be fully utilized,and the algorithm can be applied in many practical scenarios.Through security analysis and simulation experiments,the algorithm has high security and search efficiency.Range queries for spatial data are generally based on location services(LBS)for a given query range of geographic location data.Location-based services can provide realtime perimeter search services based on specific query conditions provided by mobile terminal users.In traditional location-based services,cloud service providers need to maintain geodatabases locally(Geo-DB).)to get the real-time location of the mobile terminal user,but this also leads to the user’s personal privacy is easily leaked.Aiming at this problem,based on the quad-coded index tree and Bloom filter technology,this thesis proposes a location-based range-based search algorithm with privacy protection.In this algorithm,the data owner uses the encrypted coded quadtree(ECQtree)to build a secure index for the data objects in the Geo-DB,enabling the user to efficiently query on the data that can be encrypted;at the same time,using Bloom filtering The method of mapping the user’s query range to the Bloom filter generates a query trapdoor(BF-vector),which makes the user’s location information hidden from the cloud server.The algorithm implements a range query for outsourced spatial data and can effectively protect user location privacy.The simulation results show that the proposed algorithm can effectively shorten the range query time of spatial data and reduce the computational cost of data owners and users.It is of great significance for the practical application based on LBS range search.更多还原