Privacy protection method and system supporting range query in data-as-a-service mode

Abstract

The invention relates to a privacy protection method and a system for supporting range query in a data-as-a-service mode. In a data-as-service management mode, a security policy of a data service provider may not be complete, and a data owner does not trust the security policy completely. Under the environment, designing of a mechanism which can be complete is necessary, can ensure data privacy security and is relatively efficient in data query. Existing data, namely a service management mode, have the risks of low time efficiency and privacy information attack. The invention provides a complete scheme which is private and safe and supports range query and data verification, and the core of the scheme is that indexes are obtained by partitioning data and adopting a hash function partial sum mode on the data in the same partition; in order to avoid false hit data and data verification during range query, query precision and a verification matrix are introduced. Through experimental verification, the method has good time efficiency, and data information leakage can be well reduced.

Description

technical field [0001] The invention belongs to the technical field of data security such as data management and privacy protection, and specifically designs a data-as-a-service (DaaS) data management mode that ensures user privacy and security. Background technique [0002] Data as a Service (DaaS) is already a data management model in the era of cloud computing. Data organizers obtain on-demand data storage services by purchasing services. By placing storage tasks in the cloud, they can reduce enterprise costs and increase data management capabilities. However, data privacy security has become an issue that data organizers must consider. At present, the leakage of user privacy has caused serious social problems. [0003] In the user privacy protection technology, the first is to set up a reasonable access authority mechanism, and illegal identities cannot obtain data access authority. The second is to implement data encryption technology, encrypt and store key data or al...

AI Technical Summary

Problems solved by technology

This method has already been implemented by algorithms, and related algorithms include OPE and OPES. However, the above method is time-consuming, and the complexity is high when inserting new data, which will consume more computing resources.

The method of bucketing is to divide the data range into several discrete intervals, and assign an identifier to each bucket. In an ideal state, if each bucket has at most one data, there will be no false hits in the query, but In actual situations, data is often not evenly distributed, and queries often have false hits

In terms of data verification technology, the current technology generally uses Merkle hash tree for verification. This method is difficult for multi-dimensional data verification and has relatively high space requirements.

Images