為了減少維護硬體設備的成本，現今有許多企業將它們的資料儲存外包給雲
端服務提供商。若企業的資料能被妥善地保護，不受第三方威脅，那雲端服務提
供商與企業之間的通訊可以只是一個安全通訊協定，例如SSL。然而，在這樣的
架構中，企業的資料必須是被以明文的形式儲存在雲端服務中，方能執行搜尋特
定資料。換言之，企業必須信任雲端服務提供商以及其管理員。
　　或者，將資料加密後儲存在雲端服務中，但一般的加密演算法的結果並
不適合被用來做搜尋。例如，當一個用戶希望可以找出包含有特定文字的文件時，
資料儲存伺服器無法在不失保密性的要求下事先知道如何處理請求的回應。而使
用我們所提出的加密方式帶來的優點在於，從客戶端產生的查尋會被轉化成一種
形式，使的它能直接以資料儲存伺服器中的加密資料來做評估。
用戶端會再解密資料儲存伺服器所產生的結果，以決定最終的搜尋結果。另
外，我們也采用了一有效率的糢糊關鍵字搜尋，使得我們的架構可以處理輸入錯
誤或文字誤用

Company data are very often outsourced to cloud service providers in order to lower costs of maintaining hardware. If the outsourced data are to be kept secure from a third party, the connection between the cloud service provider and the company could be secured by a protocol similar to SSL. This, however, requires that the data is stored at the cloud service provider in plaintext form, meaning the company has to trust the cloud service provider and its administrators in order to perform search on the outsourced data.

Alternatively, the data themselves could be encrypted, however, the outputs of typical cryptographic algorithms are not amenable to search. For example, if a client wishes to retrieve only documents containing certain words, it was not previously known how to let the data storage server perform the search and answer the query without loss of data confidentiality. By the advantage of our cryptography scheme a query generated at the client-side, is transformed into a representation so that it can be evaluated directly on encrypted data at the data storage server. The results might be processed by the client after decryption to determine the final answers. Additionally, we introduce an efficient common prefix keyword search which makes the scheme more tolerant of minor typos and format inconsistencies when exact keyword matching fails.

1 Introduction
2 Related Work
3 Design
4 Key Generation
5 Approach
6 Authentication
7 Implementation
8 Conclusions and Future Work

[1] Dropbox. https://www.dropbox.com.
[2] Google docs. https://docs.google.com.
[3] .net framework cryptographic services. http://msdn.microsoft.com/en-us/
library/92f9ye3s.aspx/.
[4] Windows communication foundation. http://msdn.microsoft.com/en-us/
library/ms731082.aspx.
[5] Xenserver. http://www.citrix.com/products/xenserver/overview.html.
[6] Zen load balancer. http://www.zenloadbalancer.com/.
[7] Microsoft virtual studio 2012. http://www.microsoft.com/visualstudio/
eng/office-dev-tools-for-visual-studio/, 2012.
[8] Anne Adams and Martina Angela Sasse. Users are not the enemy. Communi-
cations of the ACM, 42(12):40{46, 1999.
[9] Cloud Security Alliance. Security guidance for critical areas of focus in cloud
computing. http://www.cloudsecurityalliance.org, 2009.
[10] Casati F. Kuno H. Machiraju V. Alonso, G. Web Services: Concepts, Archi-
tectures and Applications. Springer,Heidelberg, 2004.
[11] Mikhail J Atallah, Florian Kerschbaum, and Wenliang Du. Secure and private
sequence comparisons. In Proceedings of the 2003 ACM workshop on Privacy
in the electronic society, pages 39{44. ACM, 2003.
[12] Don Box, David Ehnebuske, Gopal Kakivaya, Andrew Layman, Noah Mendel-
sohn, Henrik Frystyk Nielsen, Satish Thatte, and Dave Winer. Simple object
access protocol (soap) 1.1, 2000.
[13] Hilary Cotter and Michael Coles. Pro Full-Text Search in SQL Server 2008.
Apress, 2008.
[14] Jayramsingh Doma Doomun, Razvi and Sundeep Tengur. AES-CBC software
execution optimization. In Information Technology, 2008. ITSim 2008. Inter-
national Symposium on. Vol. 1. IEEE, 2008.
[15] Joan Feigenbaum, Yuval Ishai, Tal Malkin, Kobbi Nissim, Martin J Strauss,
and Rebecca N Wright. Secure multiparty computation of approximations. In
Automata, Languages and Programming, pages 927{938. Springer, 2001.
[16] Armando Fox, Rean Grith, A Joseph, R Katz, A Konwinski, G Lee, D Pat-
terson, A Rabkin, and I Stoica. Above the clouds: A berkeley view of cloud
computing. Dept. Electrical Eng. and Comput. Sciences, University of Califor-
nia, Berkeley, Rep. UCB/EECS, 28, 2009.
[17] Craig Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford
University, 2009.
[18] B. Gladman. Advanced encryption standard call. http://www.nist.gov/aes/,
1997.
[19] B. Gladman. A specication for rijndael, the aes algotithm. http://www.fp.
gladman.plus.com/, 2001.
[20] Oded Goldreich and Rafail Ostrovsky. Software protection and simulation on
oblivious rams. Journal of the ACM (JACM), 43(3):431{473, 1996.
[21] Doug Gross. Yahoo hacked, 450,000 passwords posted online. http://edition.
cnn.com/2012/07/12/tech/web/yahoo-users-hacked, 2012.
[22] Shengyue Ji, Guoliang Li, Chen Li, and Jianhua Feng. Ecient interactive
fuzzy keyword search. In Proceedings of the 18th international conference on
World wide web, pages 371{380. ACM, 2009.
[23] Martin Westergaard Jrgensen. Introduction to rainbow tables. http://www.
freerainbowtables.com/articles/introduction_to_rainbow_tables/.
[24] Burt Kaliski. "pkcs# 5: Password-based cryptography specication version 2.0.
http://tools.ietf.org/html/rfc2898, 2000.
[25] D. Kotzinos and N. Chrysoulakis. Design of GIS Web Services for Environ-
mental Monitoring: Using Satellite Imaging to Calculate Vegetation Indices.
In Proceedings of the International Symposium on GIS and Remote Sensing,
Volos, Creece., 2003.
[26] Jin Li, Qian Wang, Cong Wang, Ning Cao, Kui Ren, and Wenjing Lou. Fuzzy
keyword search over encrypted data in cloud computing. In INFOCOM, 2010
Proceedings IEEE, pages 1{5. IEEE, 2010.
[27] Alex Mackey. Windows communication foundation. In Introducing. NET 4.0,
pages 159{173. Springer, 2010.
[28] Declan McCullagh. Yahoo breach: Swiped passwords by the
numbers. http://news.cnet.com/8301-1009_3-57470878-83/
yahoo-breach-swiped-passwords-by-the-numbers/?tag=txt;title,
2012.
[29] Peter Mell and Tim Grance. Draft nist working denition of cloud computing.
Referenced on June. 3rd, 2009.
[30] ALISTAIR AUTOR MOFFAT, Timothy C Bell, et al. Managing gigabytes:
compressing and indexing documents and images. Morgan Kaufmann Pub,
1999.
[31] Robert Morris and Ken Thompson. Password security: A case history. In
Communications of the ACM 22.11, pages 594{597, 1979.
[32] Philippe Oechslin. Making a faster cryptanalytic time-memory trade-o. In
Advances in Cryptology-CRYPTO 2003, pages 617{630, 2003.
[33] Handshake Protocol and SSL Change Cipher Spec. Secure socket layer (ssl).
[34] M Rejman-Greene. Biometricsreal identities for a virtual world. BT Technology
Journal, 19(3):115{121, 2001.
[35] Dawn Xiaoding Song, David Wagner, and Adrian Perrig. Practical techniques
for searches on encrypted data. In Security and Privacy, 2000. S&P 2000.
Proceedings. 2000 IEEE Symposium on, pages 44{55. IEEE, 2000.