Abstract: This paper analyzes the major cloud service providers’ key technology and security mechanism to extract the security requirement of current popular cloud services. And based on this analysis, this paper proposes a security framework which integrates cryptography algorithms as attribute-based encryption (ABE), proof of retrievability and proxy re-encryption to ensure the confidentiality, integrity, availability of cloud data. Furthermore, this paper implements a prototype of cloud storage service based efficient search system which employs ABE for fine-grained access control to protect unauthorized users’ access to sensitive file information (abstract, keywords) during search process and at the same time keeps the efficiency.

Key words: secure search engine, cloud storage service, attribute-based encryption (ABE), proxy re-encryption, proof of retrievability

摘要： 详细分析了目前主流的云服务提供商各自的运行机制、关键技术、安全措施等，从中提取出云中安全需求。提出了一个结合属性加密、可回取证明、代理重加密等技术的云数据安全框架，从保密性、完整性、可用性三个方面保障了云端数据的安全，并由此实现了一个基于云存储服务的安全搜索引擎，使用细粒度的访问控制保证非授权的摘要、关键字等信息不会被泄露，同时仍保持较为高效的数据检索服务。

关键词: 安全搜索引擎, 云存储, 属性加密（ABE）, 代理重加密, 可回取证明