Search

CN-122001580-A - Secret state data query and analysis method for resisting hypercalculation attack

CN122001580ACN 122001580 ACN122001580 ACN 122001580ACN-122001580-A

Abstract

The invention discloses a secret state data query and analysis method for resisting super-computing attack, which is oriented to an untrusted or semi-trusted outsourcing computing environment, realizes query and analysis of sensitive data on the premise of ensuring that text data is not exposed, and resists super-computing and potential quantum computing attack. The method comprises the steps of performing encrypted storage on data based on a short period or session level key, associating a key version (KeyVersion) to realize security management, performing authentication and authorization on a query request, generating a query Token (Token) with a policy, compiling a query expression into a secret operator sequence and an execution Plan (Plan), performing encrypted execution on a cloud side, inhibiting information leakage in a query process through key version rotation, session isolation and access mode blurring, generating verification information (V) on a returned result, performing integrity verification, and performing controlled decryption output after verification in a trusted environment. The invention improves the safety, inquiry privacy and result credibility of the system in long-term operation through the closed loop design of key evolution, leakage inhibition and result verification, and has good engineering implementation property and expandability.

Inventors

  • QIAN JIAWEI
  • CHEN JIAHAO
  • LIN BINGZHENG
  • LIU YOUCHENG
  • ZHANG MENGTING
  • WANG SIHAN
  • WEN SIHAN
  • LI LINGFEI
  • Wei fujian
  • CHEN SILU

Assignees

  • 上海立信会计金融学院

Dates

Publication Date
20260508
Application Date
20260317

Claims (10)

  1. 1. The method is characterized by being applied to a system architecture comprising a data owner, a querying party, a cloud side executing party and a trusted domain, and comprises the following steps of: The method comprises the steps that S1, a data owner encodes and blocks original data to be queried, an encryption key managed based on a key version (KeyVersion) is used for encryption, a secret state data block and associated metadata (Meta) are generated and stored in a cloud side executive party, and the metadata at least records key version information corresponding to the secret state data block; S2, submitting a query request to a query direction system, authenticating and authorizing the query request by the trusted domain, and issuing a query Token (Token), wherein the Token at least defines an accessible data range, an operator set allowed to be executed, a key version range allowed to be used and a leakage suppression strategy; S3, compiling a query expression in the query request into a secret operator sequence according to the query token and the stored metadata by the system, and generating an execution Plan (Plan) containing input positioning information and randomizing factors; S4, the cloud side executive side executes the secret operator sequence to query or analyze the secret data block according to the execution plan to obtain a secret result, and the leakage suppression strategy is applied in the execution process to suppress the leakage of the access mode; s5, the cloud side executive generates verification information (V) bound with the query token, the execution plan and the key version while returning the secret state result; and S6, the trusted domain receives the secret state result and the verification information, verifies the verification information, and decrypts the secret state result in a trusted environment meeting the authorization condition of the query token only when verification passes, so as to output a final result.
  2. 2. The method according to claim 1, wherein in step S1, the key version (KeyVersion) is associated with an encryption algorithm parameter set (ParamSet) to form an evolvable security level, and the system supports re-encrypting the historical secret data block as needed to update the key version thereof based on a time threshold, a risk event or an access trigger.
  3. 3. The method according to claim 1, wherein in step S2, the leakage suppression policy includes at least one of injecting false accesses for query operations to confuse access paths, fixing the number of data blocks or buckets per query access to hide the true hit scale, and morphological normalization of returned secret results to fix output length.
  4. 4. The method for query and analysis of secret data against supercomputing attacks according to claim 1, wherein in the step S3, when generating an execution Plan (Plan), different randomization factors or session derivative keys are allocated to different query sessions, so that queries of the same logic have differentiated access paths or secret processing labels in different sessions, and session-level isolation is achieved.
  5. 5. The method according to claim 1, wherein in step S4, the secret operator sequence includes one or more of a controlled tag matching operator for equivalent queries, a bucket location operator for range queries, and a homomorphic aggregation operator for statistical analysis.
  6. 6. The method according to claim 1, wherein in step S5, the verification information (V) is generated by at least one of a hash chain constructed based on the input data digest and the output result, a cryptographic commitment to bind the execution plan and the result, and a verification code to sample and recalculate a part of the result.
  7. 7. The method for query and analysis of secret data against supercomputing attacks according to claim 1, wherein in the step S6, the output final result is in a form of a complete plaintext result, a desensitized statistical summary, or a secret result which can be processed further downstream.
  8. 8. The method for cryptographically secure data querying and analyzing against an supercomputing attack as claimed in any one of claims 1 to 7, wherein the method further comprises an audit step of generating an audit record for each query by the system, the audit record associating and binding at least the query token identification (TokenID), the execution plan digest (PLANDIGEST), the verification information (V) and the used key version (KeyVersion) to form a tamper-proof evidence chain.
  9. 9. A computer system comprising a memory and a processor, the memory storing a computer program, the processor implementing the steps of the method for secure data querying and analyzing against supercomputing attacks according to any one of claims 1 to 8 when the computer program is executed.
  10. 10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the steps of the method for secure data querying and analyzing against supercomputer attacks according to any of claims 1 to 8.

Description

Secret state data query and analysis method for resisting hypercalculation attack Technical Field The invention relates to the technical fields of data security, privacy protection calculation, password engineering and encryption databases, in particular to a secret state data query and analysis method for an ultra-computing attack and high-computing force adversary model. The invention is suitable for completing condition query, statistical analysis and calculation result output of sensitive data in an untrusted or semi-trusted computing environment (including public cloud, mixed cloud and third party managed data center) on the premise of not exposing plaintext data. The invention focuses on the problem of the reduction of the long-term security of the traditional password system under the background of the ultra-large-scale parallel computing capability and the potential quantum computing capability, and improves the long-term security, engineering feasibility and result reliability of the secret state data query and analysis system by introducing an anti-ultra-computation attack mechanism in the query, execution and result output stages. Background With the development of cloud computing, big data and artificial intelligence technology, data centralized storage and centralized analysis have become mainstream modes. A large amount of data related to personal privacy, business secrets, or country sensitive information is outsourced to the cloud for storage, querying, and analysis. However, cloud computing environments are often considered to be not fully trusted, resulting in leakage of sensitive information once the data is decrypted during the query or analysis phase. The existing secret state data query technology mainly relies on homomorphic encryption, searchable encryption or secure multiparty computation and other cryptographic primitives. The above techniques are mostly built on classical computational security assumptions, which generally assume that the attacker's computational power is limited. With the rapid development of super computing platforms and quantum computing research, the traditional cryptographic algorithm faces the potential risk of being accelerated to crack, so that potential safety degradation hazards exist in the long-term operation scene of the existing secret state query system. 1. Problems with existing solutions The existing scheme pays attention to the algorithm correctness of single query, lacks a unified design of query compiling, operator execution, key rotation, query mode leakage inhibition and result integrity verification from a system level, and is difficult to simultaneously meet the comprehensive requirements of high safety, high concurrency and engineering landability. 2. Security model and threat assumptions The invention adopts a super-computing level attacker model, wherein an attacker can have massive parallel computing capability and quantum acceleration capability in the future, can observe information such as a query request, an access path, index hit, return scale, time delay and the like for a long time, can read or tamper with secret data, metadata or an execution plan stored on the cloud side, and can return error, missing or rollback results. The default trusted boundary is the data owner and the trusted domain, and the cloud side executive is not completely trusted. 2.1 Participants, trust boundary, and asset definition The Data Owner (DO) holds the original data and the security policy and is responsible for data encryption generation and policy configuration; A querying party (QU) submits a query request and obtains output under the authorization condition; a cloud side executive (CS) stores the secret state data and executes the secret state operator according to the Plan, which may be dishonest; trusted Domain (TD) hosts master keying material, issues Token, verifies V and gates decryption output. The core protection assets include plaintext data, master keys and derived materials, query intents (predicates and selectivities), query output results, audit evidence chains and version governance information (KeyVersion/ParamSet, etc.). 2.2 Threat type refinement and countermeasure mapping is shown in table 1. TABLE 1 threat model and protection mechanism mapping Threat numberingThreat descriptionTypical attack pathThe coping mechanism of the inventionT1Historical backtracking decryptionFuture calculation power improvement/key leakage back tracing ciphertextKeyVersion versioning+rotation/re-encryption on demandT2Query pattern leakageIndex hit/access path/return scale/latency inferenceRandomization/fake access/fixed access length/morphology normalizationT3Result tampering or absenceFalsifying the returned, truncated results, rollback old resultsVerification information V+ gating decryption+ evidence chain bindingT4Rollback/downgrade attackRollback KeyVersion or parameter set induces weak securityToken limit KeyVersion Range+plan bindingT5Replay att