关键词: Bloom过滤器, 加密数据库, 关键词查询, 伪随机函数

Abstract: In order to ensure the data security of sensitive information, users usually encrypt data before sending them to the cloud, which increases the difficulty for database management and queries on the encrypted data. This paper proposes a security query scheme which can obtain eligible query results without revealing sensitive information. Pseudo random functions and Bloom filters are employed to pre-process keywords of sensitive information to generate the corresponding index data structure. This scheme supports various number of keywords-query and efficient data update. In a query procedure, the client calculates trapdoors and sends it to the server, the server then executes the query according to the trapdoors. A multi-keywords query can be converted into single keyword query problems by concatenating trapdoors of multiple keywords, with the same time complexity. In addition, valid trapdoors can only be generated with secret keys by owners and the trapdoors don’t leak any sensitive information. This scheme does not rely on fully trusted database service providers. Compared with existing special double layer structure encryption methods, this scheme improves the efficiency and avoids revealing sensitive information during searching on the encrypt database. This scheme has strong compatibility, for it allows the user to encrypt sensitive information with various encryption method. The experiment is carried with TPC-H developing performance data. Experimental results show that the scheme very efficient in query execution.

Key words: Bloom filter, encrypted database, keyword query, Pseudo-Random Functions