【作者】 汪志鹏；

【导师】 朱虹；

【作者基本信息】 华中科技大学 ， 计算机软件与理论， 2013， 博士

【摘要】 随着计算机、通信、网络技术的快速发展，利用网络存储、交换信息已成为人们的日常工作生活方式。然而，网络环境的复杂、用户行为的不确定等因素往往导致用户的隐私信息无法得到保障，因此提供一些方法保护用户的隐私信息十分重要。私有信息检索的提出就是为了解决这样一类问题：用户向数据库服务器提交查询时，在用户的查询信息不被泄露的条件下完成查询。针对现有的私有信息检索研究存在复杂度过高、缺乏隐私性度量方法、缺少与数据库结合的设计方法等不足，围绕私有信息检索的协议、度量等，展开了四个方面的研究工作。为降低私有信息检索协议的复杂度，提出了一个基于行的私有信息检索协议——Robac-PIR。该协议改进了基于二次剩余的私有信息检索协议，将用户对整个数据库服务器上数据的查询替换为对其上部分数据的查询，使得用户可以选择适量的数据块在隐私性与计算效率上进行折中。基于Robac-PIR协议，设计一个网络环境中的私有信息检索方案。将数据库服务器上已分块的数据分发给网络中的不同用户节点，把原本集中在服务器端的计算分担给多个节点并行执行，从而提高整体查询效率。实验表明，Robac-PIR协议及分布式Robac-PIR模式能够提供用户对隐私性与计算开销的灵活折中，且比起基于二次剩余的私有信息检索协议有更好的效率。为提高私有信息检索协议的实用性，提出了基于关键字的私有信息检索方案。首先对关键字建立哈希索引，然后以基于二次剩余的私有信息检索方法为例，将对关键字的查询转换为对索引的查询。将该方案应用于物联网，设计了支持用户查询隐私的发现服务器，以保护用户查询的目标关键字。该方法与已有的发现服务中的隐私保护方法相比，不需要复杂的密钥共享，也不用担心发现服务器节点的共谋，通过利用私有信息检索协议，能够完全保障用户的查询隐私。为解决私有信息检索研究中缺乏用户查询隐私性度量方法的问题，结合信息论，采用信息熵作为用户查询隐私性的量化方法。用提出的量化方法对Robac-PIR协议以及已有的一些私有信息检索协议进行量化分析。通过分析表明，该度量方法可以量化私有信息检索问题中用户查询的隐私性，具有可对不同类型的私有信息检索协议进行量化的特点。针对目前缺乏支持私有信息检索的数据库系统的问题，给出了支持私有信息检索的数据库系统设计的形式化分析与验证。在数据库客户端，对用户查询的私有信息检索转换是否满足隐私性要求进行分析验证；在数据库服务器端，从安全模型、形式化顶层规范等分析了数据库系统的设计。采用形式化工具COQ对形式化顶层规范进行了描述，并验证数据库系统行为、尤其是查询操作在服务器端也满足安全模型所规定的安全性质。更多还原

【Abstract】 With the rapid development of the information communication technology, usingnetwork for information storage and exchange has become a normal style for people’sworking and living. However, because of the complexity of the network environment andthe uncertainty of the user behavior, the client privacy can not be protected well. It isimportant to provide some methods to protect the clients’ private information. Privateinformation retrieval (PIR) was proposed to resolve such a problem: when clients retrievedata from a database, the intension of these queries should be hidden. For the existingproblems in PIR research such as high complexity, short of privacy metric, short ofcombination with database, etc, focusing on the PIR protocol, privacy metric, etc, weconduct deep research on four aspects.In order to lower the complexity of PIR protocols, a row based computational PIRprotocol called Robac-PIR is designed, which is improved on quadratic residuosity PIR. InRobac-PIR, queries are made on part of the data instead of the whole data in the server, sothat the client is able to make a tradeoff between privacy and efficiency. Furtherimprovement is made on Robac-PIR to propose a network enviroment PIR scheme. In thisscheme, data blocks are distributed to different client nodes in the network to share thecomputation work and the overall efficiency is increased. The experiments show that ourRobac-PIR protocol and distributed Robac-PIR scheme are flexible and superior inefficiency.In order to improve the practicability of PIR protocol, a keyword based PIR scheme isproposed to protect the client privacy in discovery service (DS) of internet of things. ThePIR scheme is based on hash index and well applicable to DS environment. Comparedwith existing client privacy preserving DS architectures, this scheme doesn’t need toworry about the collaboration between servers, complex pre-distribution of keys, and cancompletely protect the client privacy by private information retrieval.To resolve the problem that privacy metric is lacked in PIR research, based oninformation theory, the definition and the quantitative method are made for the clientquery privacy in PIR problem. Quantification and analysis are made for our Robac-PIRprotocol and some other existing PIR protocols using the proposed formula of quantifying.Analysis shows that our privacy metric does well for the client query privacy Nowadays there isn’t any design of the database system providing PIR query. Toresolve this problem, formal specification and verification are made on the design of thedatabase providing PIR query. On the client side, the PIR transformations for queries areanalysed and verified. On the server side, the model and the formal top-level specification(FTLS) are proposed for the database system. Proof assistant tool COQ is used to specifyand verify the FTLS of the database system, especially the PIR query operation within.The verification shows that the design of the database system and the query operationsatisfies the security properties in the security policy.更多还原