Enabling verifiable multiple keywords search over encrypted cloud data
Introduction
During the outsourcing of data (e.g. text, image, video) to a remote cloud service provider, data owners (individuals and organizations) generally encrypt their (sensitive) data in order to ensure data confidentiality [7], [20], [24], [27], [36], [37], [38], [40]. In addition, some organizations may need to ensure that they are compliant with the relevant industry regulations and privacy requirements (e.g. the new European Union’s General Data Protection Regulation).
Despite the benefits of encrypting the data prior to outsourcing, searching over encrypted data (and dataset) remains a challenge. Searchable encryption (SE) was designed to allow users to securely search over ciphertexts, based on pre-defined keywords, and selectively retrieve files of interest [1], [25], [26], [29]. Examples of SE schemes include public key encryption with keyword search (PEKS), and the latter can be broadly categorize into certificate-based keyword search [3], [5] and identity (or attribute)-based keyword search [32], [43] schemes. In certificate-based keyword search schemes, the data owner shares his/her data by encrypting them with a specific data user’s public key. The key limitation is certificate management, as one needs to verify the certificates and public keys via the certificate management system. In other words, scalability can be a challenge in practice. The key limitation with identity (or attribute)-based keyword search schemes is key escrow, since the trusted authority center can decrypt any ciphertext in the system.
A number of researchers have attempted to address such limitations. For example, the keyword search scheme presented in [42] was designed to mitigate limitations in most existing SE schemes, such as those of [12], [13], [16]. However, the keyword search scheme presented in [42] assumes that the cloud is honest-but-curious, in the sense that the cloud service provider will faithfully follow the established protocols but at the same time, it is curious to deduce valuable information. Such an assumption is usually insufficient in practical applications, since the cloud may be financially motivated to return incomplete search results (e.g. to minimize computation and bandwidth resources). Therefore, we consider a semi-honest-but-curious cloud [2], which executes a fraction of the requested search operations and returns incomplete search results in practice. We then provide a result verification mechanism to guarantee the accuracy of the search results by appending a signature to each file stored in a cloud. We also observe that for verifiable keyword search schemes, there is a need to support multiple-keyword search in order to minimize bandwidth resources and improve user search experience (as a single keyword search returns many irrelevant search results [21], [30]).
To realize the above search functionalities simultaneously, we design a cryptographic primitive – hereafter referred to as Verifiable Multiple Keywords Search (VMKS). The latter allows one to perform a search over encrypted (cloud) data scheme by leveraging existing public auditing techniques, such as those presented in [33], [34]. In other words, a specific data user can issue multi-keyword search and verify the search results’ correctness with expressive index construction and certificateless signature. Moreover, the VMKS scheme can mitigate certificate management and key escrow limitations, and has constant trapdoor and ciphertexts retrieval sizes (both of which are important features when deploying on resource-constrained devices). We summarize the key features of the proposed VMKS scheme to be as follows:
- •
Multiple keywords search. The proposed VMKS scheme allows a specific data user to issue multiple keywords search1 which includes conjunctive keyword search and disconjunctive keyword search in a single search query without increasing the trapdoor size2 and ciphertexts search size, which improves the user search experience.
- •
Search results verification. The VMKS scheme allows one to verify the search results’ accuracy by appending a signature to each file.
- •
Certificateless. To eliminate the certificate management and key escrow limitations in the existing SE schemes, the VMKS scheme is certificateless.
The remainder of this paper is organized as follows. Sections 2 and 3 review the literature and background relevant to the proposed VMKS scheme. Section 4 presents the system model, threat model, scheme definition and security model. The concrete construction of VMKS scheme is given in Section 5. In Section 6, we demonstrate the correctness and evaluate the security and performance of the VMKS scheme. Section 7 concludes the paper.
Section snippets
Related work
As discussed earlier, there have been extensive research on SE as evidenced by the different types of SE schemes proposed in the literature (e.g. single keyword search [17], multi-keyword search [14], [15], and verifiable keyword search [21], [31]).
The first ciphertext retrieval scheme designed for a symmetric setting [9], [11] is first proposed by Song et al. [29], and a few years later Boneh et al. [1] presented the first PEKS scheme for a asymmetric setting [22], [23]. Since then, there have
Preliminaries
In this section, we review the relevant background materials required in the understanding of the VMKS scheme.
Let x ∈ RX denote an element x being selected uniformly at random from the set X, [1, Υ] be an integer set G1, G2 be two multiplicative cyclic groups of prime order p, and g be a generator of group G1. e is the bilinear map G1 × G1 → G2, with the following properties: (1) Bilinearlity. for all a, b ∈ RG1, ; (2) Non-degeneracy. e(g, g) ≠ 1;
Problem formulations
In this section, we present the system model, threat model, scheme definition and security model.
Construction of VMKS scheme
Based on the certificateless keyword search scheme [42], we aim to achieve a more practical SE scheme supporting both results verification and multi-keyword search. Specifically, the VMKS scheme should verify the search results’ validity and allow the DU to issue conjunctive keyword search. As for the certificateless results verification, the VMKS scheme appends a signature to each file and then verifies the search results’ correctness. Furthermore, the scheme needs to avoid both certificate
Analysis of VMKS scheme
In this section, we analyze the correctness, security and performance of the VMKS scheme.
Conclusions
The capability to search over encrypted data will be increasingly important as more of our data are being shared across services and organizations.
In this paper, we proposed a verifiable multiple keywords search scheme, which allows DUs to ensure the accuracy of search results with the help of PAS. Furthermore, the proposed scheme avoids certificate management and key escrow, as well as allowing the DUs to issue multiple keywords in a single search query. The latter feature significantly
Acknowledgment
This work was supported by the National Natural Science Foundation of China (No. 61702404, No. 61702105, No. 61672413, No. 61472310), the Project funded by China Postdoctoral Science Foundation (No. 2017M613080), the Fundamental Research Funds for the Central Universities (No. JB171504, No. 11618332), the Key Program of NSFC (No. U1405255), and the Shaanxi Science & Technology Coordination & Innovation Project (No. 2016TZC-G-6-3) and the 111 project (No. B16037).
References (43)
- et al.
A multi-user searchable encryption scheme with keyword authorization in a cloud storage
Future Gen. Comput. Syst.
(2017) - et al.
Fuzzy keyword search over encrypted data in cloud computing
Proc. IEEE Conference on Computer Communications (INFOCOM’10)
(2010) - et al.
Vcksm: verifiable conjunctive keyword search over mobile e-health cloud in shared multi-owner settings
Pervasive Mob. Comput.
(2017) - et al.
Public key encryption with keyword search
Proc. International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’04)
(2004) - et al.
Verifiable symmetric searchable encryption for semi-honest-but-curious cloud servers
Proc. IEEE International Conference on Communications (ICC’12)
(2012) - et al.
Server-aided public key encryption with keyword search
IEEE Trans. Inf. Forensics Secur.
(2016) - et al.
A new general framework for secure public key encryption with keyword search
Proc. Australasian Conference on Information Security and Privacy (ACISP’15)
(2015) - et al.
Dual-server public-key encryption with keyword search for secure cloud storage
IEEE Trans. Inf. Forensics Secur.
(2016) - et al.
Certificateless signatures: structural extensions of security models and new provably secure schemes
IACR Cryptol. ePrint Arch.
(2013) - et al.
Certificateless public auditing with privacy preserving for cloud-assisted wireless body area networks
Mobile Inf. Syst.
(2017)
Garbled searchable symmetric encryption
Proc. International Conference on Financial Cryptography and Data Security (FC’14)
How to update documents verifiably in searchable symmetric encryption
Proc. International Conference on Cryptology and Network Security (CANS’13)
How to construct uc-secure searchable symmetric encryption scheme
IACR Cryptol. ePrint Arch.
Personalized search over encrypted data with efficient and secure updates in mobile clouds
IEEE Trans. Emerg. Top Comput.
Engineering searchable encryption of mobile cloud networks: when qoe meets qop
IEEE Wireless Commun.
Enabling efficient multi-keyword ranked search over encrypted mobile cloud data through blind storage
IEEE Trans. Emerg. Top. Comput.
Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data
IEEE Trans. Dependable Secure Comput.
Ksf-oabe: outsourced attribute-based encryption with keyword search function for cloud storage
IEEE Trans. Serv. Comput.
Searchable ciphertext-policy attribute-based encryption with revocation in cloud storage
Int. J. Commun. Syst.
User collusion avoidance cp-abe with efficient attribute revocation for cloud storage
IEEE Syst. J.
Flexible and fine-grained attribute-based data storage in cloud computing
IEEE Trans. Serv. Comput.
Cited by (63)
Blockchain-assisted verifiable certificate-based searchable encryption against untrusted cloud server for Industrial Internet of Things
2024, Future Generation Computer SystemsProvably secure public key encryption with keyword search for data outsourcing in cloud environments
2023, Journal of Systems ArchitectureEdge-aided searchable data sharing scheme for IoV in the 5G environment
2023, Journal of Systems ArchitectureBlockchain-based verifiable and dynamic multi-keyword ranked searchable encryption scheme in cloud computing
2022, Journal of Information Security and ApplicationsCitation Excerpt :However, in a pay-as-you-go cloud storage environment, the malicious server can cheat the client by returning inconsistent or incorrect results for some reason, and the user may blame CS for sending wrong results and refusing to pay, resulting in service-payment inequity. Hence, to prevent such an attack, Miao et al. [19] implemented a new efficient multi-keyword verifiable SE scheme. The scheme is proven to resist KGAs.
Verifiable online/offline multi-keyword search for cloud-assisted Industrial Internet of Things
2022, Journal of Information Security and ApplicationsCitation Excerpt :Indeed, in these schemes, it is assumed that the cloud server performs the search process accurately. To address this problem, several verifiable searchable encryption schemes have been put forward [24–26,32–34]. However, in these schemes, users have to download the search results completely to verify their correctness.
Lattice-based public key searchable encryption with fine-grained access control for edge computing
2022, Future Generation Computer SystemsCitation Excerpt :Public key encryption with keyword search (PEKS) [20] is a way to retrieve encrypted data that is uploaded to the edge devices without leaking any information. After that, many PEKS schemes [21–29] with novel functionality were proposed, for instance, multiple keyword search, proxy keyword search, cross-lingual ranked search. Specifically, Chen et al. [30] put forward a witness-based PEKS to resist internal attacks in the edge computing, using homomorphic encryption.