AKSER: Attribute-based keyword search with efficient revocation in cloud computing

doi:10.1016/j.ins.2017.09.029

Information Sciences

Volume 423, January 2018, Pages 343-352

https://doi.org/10.1016/j.ins.2017.09.029 Get rights and content

Highlights

•
We design a novel and scalable multi-certificate authority keyword search scheme supporting multiple data owners and multiple users based on attribute-based encryption.
•
The administration server is introduced as a trusted third party, which can realize the efficient revocation of the user.
•
This scheme improves the accuracy of the cloud server in the implementation of the search task.

Abstract

With the advent of cloud computing, it is becoming increasingly popular for data owners to outsource their data to public cloud servers while allowing indented data users to retrieve these data stored in the cloud. For security and privacy reasons, data owners usually encrypt their data prior to outsourcing to the cloud server. At the same time, users often need to find data related to specific keywords of interest, this motivates research on the searchable encryption technique. In this paper, we focus on a different, yet more challenging, scenario where the outsourced dataset can have contribution from multiple owners and are searchable by multiple users. Based on our research of attribute-based encryption (ABE), we propose an attribute-based keyword search with efficient revocation scheme (AKSER). Our scheme is highly efficient in terms of user revocation and can achieve fine-grained authorization of the search under the distributed multiple-attribute authorized institution. Security analysis demonstrates that the proposed scheme AKSER can achieve keyword semantic security, keyword secrecy, trapdoor unlinkability, and collusion resistance.

Introduction

Current cloud computing [1], [26] has become a popular new corporate IT structure. Many companies have already moved their applications and databases onto the cloud server (CS) and are experiencing the numerous unparalleled advantages of cloud computing, such as on-demand computing resource configuration [20], ubiquitous and flexible access, and considerable capital expenditure savings. However, privacy concerns remain a major obstacle to the increasing use of cloud computing. When sensitive data are outsourced to the cloud, data owners naturally worry about the privacy of their data on the cloud [14], [30]. Encryption prior to outsourcing is regarded as a fundamental means of protecting user data privacy against the cloud server [17], [22], [25], [33]. However, the effective utilization of these data poses a new challenge. Significant attention has been given and considerable effort has been made to address this issue, from secure search over encrypted data [21], [28] and secure function evaluation [14], to fully homeomorphic encryption systems [7], [10], [35] that provide generic theoretical solutions, but are not yet practical owing to the extremely high complexity.

Searchable encryption [29], [31] has been developed recently as a fundamental approach to enable searching over encrypted cloud data. In searchable encryption, data owners encrypt the documents and the associated keywords prior to outsourcing them to the cloud server. Search users generate the encrypted trapdoor containing keywords of interest to search over the dataset on the cloud server. Finally, after the search operation in the cloud server, the cloud server returns the matched results to the search user. To improve the search accuracy, the searchable encryption schemes should support multi-keyword instead of single-keyword search. Moreover, to enable the searchable encryption scheme for supporting more actual application scenarios, for example, in the scenario where the data is contributed by multiple data owners and can be searched by multiple search users, the scheme should support search authorization. This means the cloud server would only return the authorized results to the user who has obtained the authorization.

Compared with the single-owner scheme, the establishment of a full-fledged multi-owner scheme faces numerous challenges. First, in the single-owner scheme, the data owner is required to be online to generate the encryption index for data users. However, when there are a large number of data owners involved, requiring them to be online simultaneously to generate trapdoors would seriously affect the flexibility and usability of the search system. Second, different data owners may prefer to use their own secret keys to encrypt their secret data. Consequently, it is highly challenging to achieve a secure, flexible and efficient search over the data encrypted with different secret keys [5]. Third, when multiple data owners are involved, we should ensure efficient user enrollment and revocation mechanisms, so that our system enjoys excellent security and scalability.

To our knowledge, in all of the searchable encryption schemes, it is assumed that the user has his/her own decryption key when a search request is issued. Based on this assumption, it is further assumed that it is expected that the sender has to know the identity of the user querying the data to encrypt using the corresponding encryption key. Thus, the following question arises: what if the encrypted data is shared between several receivers and is kept in a remote shared storage that is not trusted for confidentiality, do we share decryption keys or do we have multiple ciphers of the data encrypted in different keys?

Attribute-based encryption (ABE) is proposed to solve this above problem [27]. An ABE is a scheme in which each user is identified by a set of attributes, and some functions of those attributes. The policy is used to determine decryption capabilities. ABE schemes are divided into two categories: ciphertext-policy ABE (CP-ABE) and key-policy ABE (KP-ABE), depending on the access policy embedded in the ciphertext or the users private key. In KP-ABE, the access policy is assigned in the private key, whereas, in CP-ABE, it is specified in ciphertext [4], [13].

In this paper, we propose AKSER, an attribute-based keyword search scheme with efficient revocation. In contrast to traditional keyword search technology, attribute-based keyword search focuses on the user’s attributes. The system generate the key to encrypt the data based on the user’s attributes. When the user sends a search request, the system determines whether the user has the power of search based on the user’s attributes. In AKSER, to ensure that the cloud server can perform a secure search without knowing the true values of the index and trapdoor, we systematically construct a novel secure search protocol. Authenticated data users can issue a query without knowing the secret keys of these different data owners. In AKSER, data owners use their own access policies to encrypt the file indices, which determines the type of user that can query the index. After the user has registered successfully, certificate authorities (CAs) assign the key and generate trapdoors. At the same time, we use the administration servers as the trusted authority (TA). The encrypted indices and the trapdoors which are generated by the data owner and the user can be transmitted to the cloud server through the re-encryption of administration servers, and efficient revocation of the user is realized.

The main contributions of this paper are summarized as follows:

(1)
We design a novel and scalable multi-certificate authority keyword search scheme that supports multiple data owners and multiple users based on attribute-based encryption.
(2)
We introduce the administration server as a trusted third party, that can realize efficient revocation of the user.
(3)
We improve the accuracy of the cloud server in the implementation of the search task.

The rest of this paper is organized as follows. We introduce some related work in Section 2; formulate the problem in Section 3; present the preliminaries in Section 4; introduce our novel scheme in Section 5; present security analysis in Section 6; evaluate the performance in Section 7; and, finally, conclude the paper in Section 8.

Section snippets

Related work

In this section, we review three categories of work: searchable encryption, authorized keyword search, and attribute-based encryption.

Problem formulation

In this section, we present a formal description of the target problem in this study. First, we define a system model and a corresponding threat model. Then, we elucidate the design goals of our solution scheme.

Preliminaries

Before we introduce our detailed construction, we first briefly introduce some techniques used later in this paper.

Proposed scheme

In this section, we show how to construct the AKSER. The AKSER consists of the following phases: System Setup, New User Enrollment, Secure Index Generation, Query Token Generation, Trapdoor Generation, Search and User Revocation.

A. System setup

The TA takes in a security parameter λ and outputs two cyclic groups G₁, G₂ of order p with a generation g, a map e: G₁ × G₁ → G₂, and a collision-resistant hash function H: {0, 1}* → Z_p. Then, the TA chooses randomly r ∈ Z_p, g₁ ∈ G₁, g₂ ∈ G₁ and computes

Security analysis

1.
Keyword semantic security
Given a probabilistic polynomial time adversary A asks the challenger B for the ciphertext of his submitted keywords for polynomial times. Then, A sends two keywords w₀ and w₁, which have not been challenged before, to B. B randomly sets μ ∈ {0, 1}, and returns an encrypted keyword ${\hat{ω}}_{μ}$ to A. A continues to ask B for the ciphertext of keyword w; the only restriction is that w is not w₀ or w₁. Finally, A outputs its guess μ′ for μ. We define the advantage that A breaks

Performance evaluation

In this section, we present the efficiency of AKSER, and compare it with Sun’s scheme [29] and ARMS [23] (Table 1).

In this subsection, we evaluate the performance of our proposed AKSER scheme and asymptotic computation of the complexity of secure index generation, trapdoor generation, efficient search, and user revocation. Let T_g be the time for an exponentiation operation in G₁, T_gt be the time for an exponentiation operation in G₂, T_h be the time that maps a string to an element of G₁, and T_p

Conclusions

In this paper, we propose an attribute-based keyword search scheme with efficient revocation. In our scheme, to ensure that the cloud server can perform a security search without knowing the true value of the index and the trapdoor, we construct a secure search protocol where different data owners can encrypt with different keys. Registered legitimate users can complete the search request without knowing the data owner’s key. In our scheme, data owners encrypt the secure index with their access

Acknowledgments

The work was supported by the National Natural Science Foundation of China (No. 61572001, No. 61502008), the Research Fund for the Doctoral Program of Higher Education (No. 20133401110004), the Natural Science Foundation of Anhui Province (No. 1508085QF132), and the Doctoral Research Start-up Funds Project of Anhui University. The authors are very grateful to the anonymous referees for their detailed comments and suggestions regarding this paper.

References (35)

M. Ali et al.
Security in cloud computing: Opportunities and challenges
Inf. Sci.
(2015)
C. Bobed et al.
Querygen: semantic interpretation of keyword queries over heterogeneous information systems
Inf. Sci.
(2016)
J.H. Cheon et al.
CRT-based fully homomorphic encryption over the integers
Inf. Sci.
(2015)
L. Fang et al.
Public key encryption with keyword search secure against keyword guessing attacks without random oracle
Inf. Sci.
(2013)
L. Wei et al.
Security and privacy for storage and computation in cloud computing
Inf. Sci.
(2014)
L. Ballard et al.
Achieving efficient conjunctive keyword searches over encrypted data
ICICS
(2005)
F. Bao et al.
Private query on encrypted data in multi-user settings
International Conference on Information Security Practice and Experience
(2008)
J. Bethencourt et al.
Ciphertext-policy attribute-based encryption
Security and Privacy, 2007. SP’07. IEEE Symposium on
(2007)
N. Cao et al.
Privacy-preserving multi-keyword ranked search over encrypted cloud data
IEEE Trans. Parallel Distrib. Syst.
(2014)
R. Curtmola et al.
Searchable symmetric encryption: improved definitions and efficient constructions
J. Comput. Secur.
(2011)

C. Gentry

A Fully Homomorphic Encryption Scheme

(2009)

E.-J. Goh

Secure indexes.

IACR Cryptol. ePrint Arch.

(2003)

P. Golle et al.

Secure conjunctive keyword search over encrypted data

ACNS

(2004)

V. Goyal et al.

Attribute-based encryption for fine-grained access control of encrypted data

Proceedings of the 13th ACM Conference on Computer and Communications Security

(2006)

Y. Huang et al.

Faster secure two-party computation using garbled circuits.

USENIX Security Symposium

(2011)

M.-S. Hwang et al.

A new public key encryption with conjunctive field keyword search scheme

Inf. Technol. Control

(2014)

Y. Hwang et al.

Public key encryption with conjunctive keyword search and its extension to a multi-user system

Pairing-Based Cryptography–Pairing 2007

(2007)

Cited by (74)

Privacy-preserving data dissemination scheme based on Searchable Encryption, publish–subscribe model, and edge computing
2023, Computer Communications
Attribute-based Searchable Encryption is emerging as a promising cryptographic technique supporting data protection, flexible access control, and keyword search over encrypted data. The current scientific literature already investigated its adoption in cloud-based services and additionally explored the usage of edge computing to implement some of the cryptographic tasks in scenarios with limited computational capabilities (such as Internet of Things). In the majority of the available solutions, however, the remote cloud is still responsible for data storage, keyword search over encrypted data, and delivery tasks. Indeed, the heavy computational load generated in scenarios with multiple data producers and data consumers (never studied yet) and large communication latencies can inevitably compromise the overall system performance. To bridge this gap, this work proposes a decentralized service architecture offering privacy-preserving data dissemination, by jointly leveraging attribute-based Searchable Encryption techniques, publish–subscribe communication model, and edge computing capabilities. Here, customized Edge Servers are deployed at the network edge to (i) collect subscription requests encoded via Searchable Encryption Trapdoors, (ii) receive data publications, encrypted via Attribute-based Searchable Encryption scheme, (iii) implement keyword search over encrypted data, and (iv) deliver encrypted data only to authorized requesters. Experimental tests explored the impact of network configuration and traffic load on both communication latency and energy consumption. Obtained results demonstrated the unique ability of the proposed solution to achieve shorter data delivery delays as well as less energy consumption with respect to cloud-based alternatives.
An improved multi-copy cloud data auditing scheme and its application
2023, Journal of King Saud University - Computer and Information Sciences
The security of the data in the cloud server suffers great challenges, and how to ensure the integrity of the outsourced data in the cloud servers is a problem that should be solved. Cloud data auditing technique is such a solution, which allows to check data integrity without retrieving them from the cloud. In case single-copy data may be violated by malicious attackers, Zhang et al. proposed a multi-copy cloud data auditing scheme MCAM in 2020. However, in their scheme, an attacker can forge the evidence for integrity verification only by exploiting public information and the cloud server can compromise the integrity verification even it does not store any data. In this paper, we identify these security flaws in MCAM and design a new evidence verification algorithm to fix them. Then, we propose a multi-copy cloud data auditing scheme based on our evidence verification algorithm and MCAM. In security analysis, we prove that our multi-copy cloud data auditing scheme can fix the security flaws of MCAM. Thus, our scheme is more secure than MCAM. In performance analysis, we show that our scheme is more communication efficient than MCAM. Finally, we point out one potential application of our scheme.
Multi-keyword searchable encryption for smart grid edge computing
2022, Electric Power Systems Research
Citation Excerpt :
They can obtain the data encrypted by the public key through search. Subsequently, Cui et al. [6] proposed searchable encryption schemes applied to various scenarios, which promoted the development of searchable encryption technology. The contributions of this paper are as follows:
Searchable encryption scheme allows users to search for encrypted data containing some keywords without decrypting data. It protects the data privacy of data owners while promoting efficient data access. The searchable encryption scheme only supports a single keyword, which is easy to cause the problem of data redundancy. It makes users have to filter again in a large amount of data. In order to achieve the search goal more accurately, researchers proposed multi-keyword searchable encryption scheme. In addition, searchable encryption schemes that only support a single keyword are vulnerable to the disclosure of user access and search pattern. Based on these two reasons, we propose a searchable encryption scheme based on multi- keyword, which supports users to input more complex retrieval requests, and users can get a better sense of search experience. At the same time, it reduces the possibility of leakage of user access and search pattern to a certain extent. We also define the security model and prove that the scheme can resist the internal keyword guessing attack under the standard model. Finally, we also compare theoretical performance with other schemes and evaluate the experimental performance of our scheme.
Decentralized and expressive data publish-subscribe scheme in cloud based on attribute-based keyword search
2021, Journal of Systems Architecture
Data publish-subscribe scheme is a valuable approach to share and retrieve data from cloud platforms selectively. However, the common practice of standard encryption hinders the effective keyword-based data subscription over outsourced data. Attribute-based keyword search (ABKS), which fulfills the functionality of attribute-based encryption and searchable encryption, is a promising cryptographic primitive to construct secure data publish-subscribe scheme. In this paper, for the first time, we propose a decentralized and expressive CP-ABKS scheme with computation outsourcing and collusion resistance. Then we construct a novel data publish-subscribe scheme based on the proposed CP-ABKS to realize secure and flexible data sharing among multiple users. Both the access and subscription policies are expressed with the Linear Secret Sharing Scheme structure that can be derived from any monotonic Boolean formula and any threshold gate. To protect the keyword privacy, the subscription policy is partially publicized, and a keyword localization method is designed to enable the server to reconstruct the subscription policy and execute the search protocol in linear time. Additionally, the proposed scheme adopts online/offline encryption and outsourced decryption in a fully decentralized setting. Security analysis and performance evaluation show that our scheme achieves a good balance between security goals and practical efficiency.
A Novel Attribute-Based Encryption Approach with Integrity Verification for CAD Assembly Models
2021, Engineering
Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing. This paper presents a novel attribute-based encryption (ABE) approach for computer-aided design (CAD) assembly models to effectively support hierarchical access control, integrity verification, and deformation protection for co-design scenarios in cloud manufacturing. An assembly hierarchy access tree (AHAT) is designed as the hierarchical access structure. Attribute-related ciphertext elements, which are contained in an assembly ciphertext (ACT) file, are adapted for content keys decryption instead of CAD component files. We modify the original Merkle tree (MT) and reconstruct an assembly MT. The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models. The proposed encryption scheme is demonstrated to be secure under the standard assumption. Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.
Revocable and verifiable weighted attribute-based encryption with collaborative access for electronic health record in cloud
2024, Cybersecurity

View all citing articles on Scopus

View full text

AKSER: Attribute-based keyword search with efficient revocation in cloud computing

Highlights

Abstract

Introduction

Section snippets

Related work

Problem formulation

Preliminaries

Proposed scheme

Security analysis

Performance evaluation

Conclusions

Acknowledgments

Inf. Sci.

Inf. Sci.

Inf. Sci.

Inf. Sci.

Inf. Sci.

Achieving efficient conjunctive keyword searches over encrypted data

ICICS

Private query on encrypted data in multi-user settings

International Conference on Information Security Practice and Experience

Ciphertext-policy attribute-based encryption

Security and Privacy, 2007. SP’07. IEEE Symposium on

Privacy-preserving multi-keyword ranked search over encrypted cloud data

IEEE Trans. Parallel Distrib. Syst.

Searchable symmetric encryption: improved definitions and efficient constructions

J. Comput. Secur.

A Fully Homomorphic Encryption Scheme

Secure indexes.

IACR Cryptol. ePrint Arch.

Secure conjunctive keyword search over encrypted data

ACNS

Attribute-based encryption for fine-grained access control of encrypted data

Proceedings of the 13th ACM Conference on Computer and Communications Security

Faster secure two-party computation using garbled circuits.

USENIX Security Symposium

A new public key encryption with conjunctive field keyword search scheme

Inf. Technol. Control

Public key encryption with conjunctive keyword search and its extension to a multi-user system

Pairing-Based Cryptography–Pairing 2007