【作者】 景旭；

【导师】 何东健；

【作者基本信息】 西北农林科技大学 ， 农业电气化与自动化， 2013， 博士

【摘要】 软件即服务(Software as a Service，SaaS)是一种21世纪完全创新的软件托管应用模式。它将软件部署为托管服务，租户(Tenant，企业/机构)通过互联网获得应用服务。由于应用的所有权和使用权、数据的所有权和维护权发生了分离，敏感信息安全成为制约SaaS发展的核心问题之一。针对保护租户敏感信息安全，导致系统复杂度增加、成本上升、密文计算效率低，且缺少安全信息共享方案的问题，论文综合运用密码学、信息安全的基本理论，研究保护单租户的单粒度和多粒度文本信息、实数域数值信息以及2个租户间通过服务提供方(Service Provider, SP)公平共享最少必要信息等安全方案。主要研究内容和结论如下：(1)基于分层的思想，改进了无完全可信私钥生成中心(Un-Credible Private KeyGenerator, Un-Credible PKG)的单个验证和批量验证分层身份签名(Identity-BasedSignature, IBS)。安全分析表明，2个签名均满足抗适应性选择消息下的存在性伪造攻击。(2)针对单粒度文本的安全问题，基于Un-Credible PKG的分层身份单个验证签名和批验证签名，提出了一个单个验证和批量验证Un-Credible PKG分层IBS方案。安全性分析表明，该方案具有敏感信息保密性、员工私钥产生与交付的可行性、用户私钥的私密性、敏感数据的数据完整性及不可否认性。(3)针对多粒度文本的安全问题，基于分层CES-CommitVector方案和广义指定多验证者签名，改进了一个Un-Credible PKG的分层身份CES-CommitVector方案和分层广义指定多验证者身份CES-CommitVector方案。安全分析表明，2个方案的摘录签名均正确，等价于签名者对摘录子文档的直接签名；当SP和租户的PKG无串通时，用户私钥具有私密性，满足内容摘录签名(Content Extraction Siganture, CES)的隐私性和不可伪造性。(4)在证明了Josep Domingo秘密同态(Privacy Homomorphism, PH)的4个性质的基础上，构造了一种实数域的PH。验证实例和安全性证明表明，构造的PH能够在实数域上直接执行加、减、乘和除等4种算术运算，能够抵抗已知明文攻击，可保证计算型敏感信息的保密性和隐私性。与Josep Domingo PH相比，构造的PH不存在泄露数量级的风险，克服了分母不同的加密数据不能直接执行同态运算的问题，且节省了存储空间。(5)基于跨私有数据库信息共享的思想，提出了交集、交集大小安全共享方案，分别实现了2个租户通过不完全可信SP，公平共享私有加密关系数据库属性的交集、交集大小。完备性、安全性证明表明，在半诚实模型下，2个协议均安全可证，满足最少必要信息共享。效率分析表明，2个协议的计算代价和通信代价分别仅为安全两方计算协议的40.00%和4.00%，是通过Rakesh交集安全查询协议实现安全共享的25.00%和66.67%。(6)基于跨私有数据库信息共享的思想，提出等值连接、等值连接大小安全共享方案，分别实现了2个租户通过不完全可信SP，公平共享私有加密关系数据库元组的等值连接、等值连接大小。完备性、安全性证明，在半诚实模型下，2个协议均安全可证，满足最少必要信息共享。效率分析表明，等值连接安全共享协议的计算代价和通信代价分别仅为Rakesh协议实现公平共享的57.14%和75.00%，等值连接大小共享协议的计算代价和通信代价分别仅为4×104Ce和4×107。(7)构建了一个肉牛生产SaaS信息安全测试与应用平台。测试分析表明，面向单租户的单粒度和多粒度文本信息、实数域算术运算PH以及2个租户间公平共享加密信息等安全方案均具有可行性。更多还原

【Abstract】 Software as a service (SaaS) is an application model which is regarded as a new hostedservice that springs up in the21st century. Software is deployed as a hosted service and tenantaccessed over the Internet. Because the ownership is separated from both usufruct ofapplication and maintenance of data, the problem of sensitive information security becomeone of the core constraints of SaaS.In order to protect tenant’s sensitive information security, accordance with the problemsthat it increased the system complexity, rose tenants’ costs, lowed the computationalefficiency of ciphertext, and lacked of secure information sharing scheme, based on the basictheories of cryptography and information security, they were researched to protect tenant’ssensitive text-information security of the single granularity and multi-granularity, thenumerical information of the real field in single tenant and share information between twotenants through the service provider (SP). The main researchs and results are as follows:(1) Based on hierarchical ideology, non-credible private key generator (PKG) hierarchialidentity-based signature (IBS) for single and batch validation were improved. It is shown bysafety analysis that they are resistant to the existential forgery under an adaptivelychosen-message attack.(2) For the secturity problems of the single granularity text-information, based on thenon-credible PKG hierarchial IBS for single and batch validation, the scheme of non-crediblePKG Hierarchial IBS for single and batch validation was proposed. It is shown by safetyanalysis that it has the confidentiality of sensitive information, and the feasibility of privatekey generated and delivered, and the privacy of user’s private key, the integrity and thenon-repudiation of sensitive information.(3) Aiming at the secturity problems of the multi-granularity text-information, based onboth hierarchial CES-CommitVector and universal designated multi-verifiers signature, thenon-credible PKG scheme of both hierarchial IBS CES-CommitVector and hierarchialdesignated multi-verifiers IBS CES-CommitVector were proposed. It is shown by safetyanalysis that both of the content extaction singnatures are correct, and equivalent to signaturethat signer sign the extraction subdocuments directly, user’s privator keys are privacy when PKG between SP and tenant are not collusion, they have CES’s privacy and unforgeability.(4) After four properties of Josep Domingo’s privacy homomorphism (PH) were prove, aPH in real field was constructed. It is shown by example and safety analysis that it candirectly run the arithmetic operations including addition, subtraction, multiplication anddivision on encrypted data in real field, be against the known-plaintext attack, and be sure tothe confidentiality and privacy of the numerical sensitive information. Comparing to JosepDomingo’s PH, it is not has the risk of leakage of magnitude, overcomes the problem that thedifferent denominator of the encrypted data can not be directly perform homomorphiccomputing, and saves the storage space.(5) Based on the ideology of information sharing across private databases, theinformation sharing scheme of both intersection and intersection size were proposed, whichcould fairly share the attributesof intersection and intersection size of private encryptedrelational database between two tenants by un-creditible SP. It is shown by the completenessand security proven that they are safty in the semi-honest model, and meet the minimalnecessary information sharing. It is shown by the efficiency analysis that the costs ofcomputation and communication are40.00%and4.00%of two-party secure computation,25.00%and66.67%of those in utilizing the fair sharing information by AGRAWAL’sprotocol.(6) Based on the ideology of information sharing across private databases, theinformation sharing scheme of both equijoin and equijoin size were proposed, which canfairly share the tuples of equijoin and equijoin size of private encrypted relational databasebetween two tenants by un-creditible SP. It is shown by the completeness and security proventhat they are safty in the semi-honest model, meet the minimal necessary information sharing.It is shown by the efficiency analysis that the equijoin schme’s cost of computation andcommunication are57.14%and75.00%, of those in utilizing the fair sharing information byRakesh’s protocol, the equijoin size schme’s cost of computation and communication are4×104Ceand4×107.(7) An information security testing and application SaaS platform of beef production wasconstructed. It is shown by test and analysis that All of tenant’s sensitive text-informationsecurity of single granularity and multi-granularity, the numerical information of the real fieldin single tenant and share information between two tenants through SP are feasible.更多还原