ABSTRACT
Outsourcing a huge amount of local data to remote cloud servers that has been become a significant trend for industries. Leveraging the considerable cloud storage space, industries can also put forward the outsourced data to cloud computing. How to collect the data for computing without loss of privacy and confidentiality is one of the crucial security problems. Searchable encryption technique has been proposed to protect the confidentiality of the outsourced data and the privacy of the corresponding data query. This technique, however, only supporting search functionality, may not be fully applicable to real-world cloud computing scenario whereby secure data search, share as well as computation are needed. This work presents a novel encrypted cloud-based data share and search system without loss of user privacy and data confidentiality. The new system enables users to make conjunctive keyword query over encrypted data, but also allows encrypted data to be efficiently and multiply shared among different users without the need of the "download-decrypt-then-encrypt" mode. As of independent interest, our system provides secure keyword update, so that users can freely and securely update data's keyword field. It is worth mentioning that all the above functionalities do not incur any expansion of ciphertext size, namely, the size of ciphertext remains constant during being searched, shared and keyword-updated. The system is proven secure and meanwhile, the efficiency analysis shows its great potential in being used in large-scale database.
- M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi. Searchable encryption revisited: Consistency properties, relation to anonymous ibe, and extensions. J. Cryptology, 21(3):350--391, 2008. Google ScholarDigital Library
- M. Bellare, A. Boldyreva, and A. O'Neill. Deterministic and efficiently searchable encryption. In CRYPTO '07, vol. 4622 of LNCS, pp. 535--552. Springer, 2007. Google ScholarDigital Library
- S. Benabbas, R. Gennaro, and Y. Vahlis. Veri able delegation of computation over large datasets. In CRYPTO '11, vol. 6841 of LNCS, pp. 111--131. Springer, 2011. Google ScholarDigital Library
- M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT '98, pp. 127--144. Springer, 1998.Google ScholarCross Ref
- D. Boneh, X. Boyen, and E.-J. Goh. Hierarchical identity based encryption with constant size ciphertext. In EUROCRYPT '05, vol. 3494 of LNCS, pp. 440--456. Springer, 2005. Google ScholarDigital Library
- D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano. Public key encryption with keyword search. In EUROCRYPT '04, vol. 3027 of LNCS, pp. 506--522. Springer, 2004.Google Scholar
- D. Boneh and B. Waters. Conjunctive, subset, and range queries on encrypted data. In TCC '07, vol. 4392 of LNCS, pp. 535--554. Springer, 2007. Google ScholarDigital Library
- R. Canetti and S. Hohenberger. Chosen-ciphertext secure proxy re-encryption. In CCS '07, pp. 185--194. ACM, 2007. Google ScholarDigital Library
- M. Chase and S. Kamara. Structured encryption and controlled disclosure. In ASIACRYPT '10, vol. 6477 of LNCS, pp. 577--594. Springer, 2010.Google Scholar
- R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput., 33(1):167--226, January 2004. Google ScholarDigital Library
- L. Fang, W. Susilo, C. Ge, and J. Wang. Chosen-ciphertext secure anonymous conditional proxy re-encryption with keyword search. Theor. Comput. Sci., 462:39--58, 2012. Google ScholarDigital Library
- C. Gentry. Practical identity-based encryption without random oracles. In EUROCRYPT '06, vol. 4004 of LNCS, pp. 445--464. Springer, 2006. Google ScholarDigital Library
- P. Golle, J. Staddon, and B. R. Waters. Secure conjunctive keyword search over encrypted data. In ACNS '04, vol. 3089 of LNCS, pp. 31--45. Springer, 2004.Google Scholar
- M. Green and G. Ateniese. Identity-based proxy re-encryption. In ACNS '07, vol. 4512 of LNCS, pp. 288--306. Springer, 2007. Google ScholarDigital Library
- S. Hohenberger and B. Waters. Attribute-based encryption with fast decryption. In PKC '13, vol. 7778 of LNCS, pp. 162--179. Springer, 2013.Google Scholar
- C. Hu and P. Liu. An enhanced searchable public key encryption scheme with a designated tester and its extensions. Journal of Computers, 7(3):716--723, 2012.Google ScholarCross Ref
- Y. Hwang and P. Lee. Public key encryption with conjunctive keyword search and its extension to a multi-user system. In Pairing '07, vol. 4575 of LNCS, pp. 2--22. Springer, 2007. Google ScholarDigital Library
- T. Jiang, X. Chen, J. Li, D. S. Wong, J. Ma, and J. K. Liu. TIMER: secure and reliable cloud storage against data re-outsourcing. In ISPEC 2014, vol. 8434 of LNCS, pp. 346--358. Springer, 2014. Google ScholarDigital Library
- K. Liang, M. H. Au, J. K. Liu, W. Susilo, D. S. Wong, G. Yang, T. V. X. Phuong, and Q. Xie. A DFA-based functional proxy re-encryption scheme for secure public cloud data sharing. IEEE Trans. Inf. Forensics Security, 9(10):1667--1680, 2014. Google ScholarDigital Library
- K. Liang, M. H. Au, W. Susilo, D. S. Wong, G. Yang, and Y. Yu. An adaptively cca-secure ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. In ISPEC '14, vol. 8434 of LNCS, pp. 448--461, 2014. Google ScholarDigital Library
- K. Liang, C. Chu, X. Tan, D. S. Wong, C. Tang, and J. Zhou. Chosen-ciphertext secure multi-hop identity-based conditional proxy re-encryption with constant-size ciphertexts. Theor. Comput. Sci., 539:87--105, 2014.Google ScholarCross Ref
- K. Liang, L. Fang, D. S. Wong, and W. Susilo. A ciphertext-policy attribute-based proxy re-encryption scheme for data sharing in public clouds. Concurrency and Computation: Practice and Experience, 27(8):2004--2027, 2015. Google ScholarDigital Library
- K. Liang, J. K. Liu, D. S. Wong, and W. Susilo. An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In ESORICS '14, Part I, vol. 8712 of LNCS, pp. 257--272, 2014.Google Scholar
- K. Liang and W. Susilo. Searchable attribute-based mechanism with efficient data sharing for secure cloud storage. IEEE Trans. Inf. Forensics Security, 10(9):1981--1992, 2015.Google ScholarDigital Library
- K. Liang, W. Susilo, J. K. Liu, and D. S. Wong. Efficient and fully CCA secure conditional proxy re-encryption from hierarchical identity-based encryption. Comput. J., 58(10):2778--2792, 2015.Google ScholarCross Ref
- B. Libert and D. Vergnaud. Unidirectional chosen-ciphertext secure proxy re-encryption. In PKC '08, vol. 4939 of LNCS, pp. 360--379. Springer, 2008. Google ScholarDigital Library
- P. Library. http://crypto.stanford.edu/pbc, 2006. Online; accessed 18-Sep-2015.Google Scholar
- J. K. Liu, M. H. Au, W. Susilo, K. Liang, R. Lu, and B. Srinivasan. Secure sharing and searching for real-time video data in mobile cloud. IEEE Network, 29(2):46--50, 2015.Google ScholarDigital Library
- J. K. Liu, C. Chu, S. S. M. Chow, X. Huang, M. H. Au, and J. Zhou. Time-bound anonymous authentication for roaming networks. IEEE Trans. Inf. Forensics Security, 10(1):178--189, 2015.Google ScholarCross Ref
- M. Mambo and E. Okamoto. Proxy cryptosystems: Delegation of the power to decrypt ciphertexts. IEICE Transactions, E80-A(1):54--63, 1997.Google Scholar
- A. Miyaji, M. Nakabayashi, and S. Takano. New explicit conditions of elliptic curve traces for FR-reduction. IEICE transactions on fundamentals of electronics, communications and computer sciences, 84(5):1234--1243, 2001.Google Scholar
- J. T. Schwartz. Fast probabilistic algorithms for verification of polynomial identities. J. ACM, 27(4):701--717, 1980. Google ScholarDigital Library
- J. Shao, Z. Cao, X. Liang, and H. Lin. Proxy re-encryption with keyword search. Inf. Sci., 180(13):2576--2587, 2010. Google ScholarDigital Library
- E. Shi, J. Bethencourt, H. T. Chan, D. X. Song, and A. Perrig. Multi-dimensional range query over encrypted data. In S&P '07, pp. 350--364. IEEE Computer Society, 2007. Google ScholarDigital Library
- D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In S&P '00, pp. 44--55. IEEE Computer Society, 2000. Google ScholarDigital Library
- B. Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT '05, vol. 3494 of LNCS, pp. 114--127, 2005. Google ScholarDigital Library
- P. Xu, H. Jin, Q. Wu, and W. Wang. Public-key encryption with fuzzy keyword search: A provably secure scheme under keyword guessing attack. IEEE Trans. Computers, 62(11):2266--2277, 2013. Google ScholarDigital Library
- Q. Zheng, S. Xu, and G. Ateniese. VABKS: verifiable attribute-based keyword search over outsourced encrypted data. In INFOCOM '14, pp. 522--530. IEEE, 2014.Google ScholarCross Ref
- R. Zippel. Probabilistic algorithms for sparse polynomials. In EUROSAM '79, vol. 72 of LNCS, pp. 216--226. Springer, 1979. Google ScholarDigital Library
Index Terms
Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data
Recommendations
An efficient and secure data sharing framework using homomorphic encryption in the cloud
Cloud-I '12: Proceedings of the 1st International Workshop on Cloud IntelligenceDue to cost-efficiency and less hands-on management, data owners are outsourcing their data to the cloud which can provide access to the data as a service. However, by outsourcing their data to the cloud, the data owners lose control over their data as ...
Secure k-NN computation on encrypted cloud data without sharing key with query users
Cloud Computing '13: Proceedings of the 2013 international workshop on Security in cloud computingIn cloud computing, secure analysis on outsourced encrypted data is a significant topic. As a frequently used query for online applications, secure k-nearest neighbors (k-NN) computation on encrypted cloud data has received much attention, and several ...
A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing
Proxy Re-Encryption (PRE) is a useful cryptographic primitive that allows a data owner to delegate the access rights of the encrypted data stored on a cloud storage system to others without leaking the information of the data to the honest-but-curious ...
Comments