Shuo Zhang,Qiaoyan Wen,Wenmin Li,Hua Zhang,Zhengping Jin

DOI: https://doi.org/10.3390/s20236962

IF: 3.9

2020-12-05

Sensors

Abstract:Internet of Things (IoT) and cloud computing are adopted widely in daily life and industrial production. Sensors of IoT equipment gather personal, sensitive and important data, which is stored in a cloud server. The cloud helps users to save cost and collaborate. However, the privacy of data is also at risk. Public-key encryption with keyword search (PEKS) is convenient for users to use the data without leaking privacy. In this article, we give a scheme of PEKS for a multi-user to realize the multi-keyword search at once and extend it to show a rank based on keywords match. The receiver can finish the search by himself or herself. With private cloud and server cloud, most users’ computing can be outsourced. Moreover, the PEKS can be transferred to a multi-user model in which the private cloud is used to manage receivers and outsource. The store cloud and the private cloud both obtain nothing with the keyword information. Then our IoT devices can easily run these protocols. As we do not use any pairing operations, the scheme is under more general assumptions that means the devices do not need to take on the heavy task of calculating pairing.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Xueyan Liu,Xiaotao Yang,Yukun Luo,Qiang Zhang

DOI: https://doi.org/10.1109/jiot.2021.3056116

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The development of the Internet of Things (IoT) has given birth to new applications and services. Accordingly, because the IoT application system collects a large amount of data containing sensitive information, there are also new challenges in data security and privacy preservation. To locate the medical IoT (mIoT), this article proposes a multikeyword searchable encryption scheme based on attributes supporting the data privacy preservation and integrity verification of the electronic health files stored on the IoT cloud platform on the basis of ensuring the application business functions of mIoT: 1) to ensure data confidentiality and fine-grained search authorization, the attribute-based encryption mechanism is introduced to encrypt the symmetric key. Moreover, anonymous key generation tampers semitrusted center authority’s (CA) decryption of all ciphertexts of users and access policy is hidden to prevent access policy from leaking; 2) the convergence key is adopted to encrypt electronic health records (EHRs), thereby providing double verification of the correctness of the search results and partial decryption results; 3) a time-division mechanism is also established to provide the access validity of shared EHRs; and 4) fixed length ciphertext and outsourcing decryption mechanisms are used to reduce the calculation on the user side, in which the majority of the decryption calculations are done by the cloud server. Formal proofs and performance evaluation show that the proposed scheme can achieve data security, keyword security, integrity verification, hidden policy, and collusion resistance, and has high computational efficiency and search efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Pan Yang,Hongbo Li,Jianye Huang,Hao Zhang,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.future.2023.03.002

IF: 7.307

2023-01-01

Future Generation Computer Systems

Abstract:Public-key Authenticated Encryption with Keyword Search (PAEKS) is a cryptographic primitive that can resist inside keyword guessing attack (KGA). However, most of the previously proposed PAEKS frameworks suffered from certificate management problem and key escrow problem. Inspired by the ideas of certificate-based cryptography, we propose a secure-channel free certificateless searchable public key authenticated encryption with keyword search (SCF-CLPAEKS) scheme which sloves the key escrow problem in identity-based cryptosystems and the cumbersome certificate problem in conventional public key cryptosystems. Our scheme achieves security against keyword guessing attacks are performed by both inside and outside adversaries. Moreover, our scheme satisfies ciphertext indistinguishability (CI), trapdoor indistinguishability (TI), and designated testability simultaneously. The comparisons indicate that our SCF-CLPAEKS scheme enjoys a better performance compared with related schemes.

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.3390/info14030142

2023-01-01

Information

Abstract:Transforming data into ciphertexts and storing them in the cloud database is a secure way to simplify data management. Public key encryption with keyword search (PEKS) is an important cryptographic primitive as it provides the ability to search for the desired files among ciphertexts. As a variant of PEKS, certificateless public key authenticated encryption with keyword search (CLPAEKS) not only simplifies certificate management but also could resist keyword guessing attacks (KGA). In this paper, we analyze the security models of two recent CLPAEKS schemes and find that they ignore the threat that, upon capturing two trapdoors, the adversary could directly compare them and distinguish whether they are generated using the same keyword. To cope with this threat, we propose an improved security model and define the notion of strong trapdoor indistinguishability. We then propose a new CLPAEKS scheme and prove it to be secure under the improved security model based on the intractability of the DBDH problem and the DDH problem in the targeted bilinear group.

Qiong Huang,Peisen Huang,Hongbo Li,Jianye Huang,Hongyuan Lin

DOI: https://doi.org/10.1016/j.sysarc.2023.102839

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:To realize ciphertext retrieval without decryption in the public key settings, Boneh et al. in 2004 proposed a cryptographic primitive named Public-key Encryption with Keyword Search (PEKS) and proposed the first PEKS scheme. Following Boneh et al.’s work, various PEKS schemes were proposed; however, most schemes are vulnerable to inside keyword guessing attacks (IKGA). Huang and Li proposed a new primitive named Public-key Authenticated Encryption with Keyword Search (PAEKS) in 2017, which resists the IKGA in the setting of only one test server. Their main idea to resist IKGA is to require the data sender to authenticate the ciphertext while encrypting a keyword. However, in the era of big data, as the number of encrypted files increases, huge storage overhead and heavy retrieval costs become problems in PAEKS. In this paper, we proposed a new PAEKS scheme that costs low storage space and supports fast search. We introduced the ciphertext deduplication into PAEKS to reduce storage space and leveraged the inverted index to accelerate the retrieval process. We simulated the proposed scheme and several related schemes with a desktop computer. The experiment results show that our proposed scheme is of lower storage overhead and higher retrieval efficiency compared with related schemes.

YiHua Zhou,Bin Tang,YuGuang Yang

DOI: https://doi.org/10.1002/ett.4960

IF: 3.6

2024-03-22

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract Public key encryption with keyword search (PEKS) is able to enhance cloud data security. On the other hand, the existence of malicious cloud servers and untrusted central authorities, in addition the keyword space faces a low entropy, attackers often launch keyword guessing attacks (KGA), thereby leaking data privacy. Therefore, we use certificateless authentication and proxy re‐encryption technology to construct a lattice‐based verifiable PEKS scheme for Multi‐Data Users (MDU). Certificateless authentication can ensure that our scheme does not require key escrow, and proxy re‐encryption technology allows us to perform multi‐user authorization and use the verification block for data users to ensure the integrity of search results. Security research proves that, under the assumption that the learning with errors (LWE) problem is hard, the ciphertext is indistinguishable and resistant to KGA. Results from experiments show that our scheme is significantly more effective than current schemes.

telecommunications

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abdalla Hadabi,Zheng Qu,Mohammed Amoon,Chien-Ming Chen,Saru Kumari,Hu Xiong

DOI: https://doi.org/10.1016/j.compeleceng.2024.109373

IF: 4.152

2024-06-22

Computers & Electrical Engineering

Abstract:The security of Personal Health Records (PHRs) within the Internet of Medical Things (IoMT) infrastructure is a pressing issue in the healthcare sector. Edge-based IoMT devices like smart wearables and implantables often acquire PHRs. Cloud computing plays a vital role in handling computing and storage tasks for edge-based IoMT devices. However, concerns about trust with cloud servers require the use of encryption, which may complicate the retrieval of encrypted PHRs from the cloud. This paper presents certificateless public key encryption with plaintext-checkable encryption (CL-PKE-PCE). CL-PKE-PCE enables searching for encrypted data using plaintext keywords while eliminating key escrow and certificate management issues. The CL-PKE-PCE scheme facilitates the verification of ciphertexts against plaintexts without the need for decryption, thereby maintaining data privacy. Furthermore, the security of the proposed CL-PKE-PCE scheme has been substantiated under the bilinear Diffie–Hellman assumption. Compared to similar work, it efficiently lowers calculation costs for encryption, decryption, and search algorithms by 63.66%, 51.17%, and 61.62%, respectively. The findings demonstrate that the CL-PKE-PCE is simultaneously secure and efficient, affirming its suitability for edge-based IoMT scenarios.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Venkata Bhikshapathi Chenam,Suneeth Yadav Tummala,Syed Taqi Ali

DOI: https://doi.org/10.1007/s12083-023-01618-2

IF: 3.488

2024-02-09

Peer-to-Peer Networking and Applications

Abstract:Public Key Encryption with Keyword Search (PEKS) is a promising cryptographic primitive that allows searching over encrypted data in secure data outsourcing services. Initially, several PEKS schemes were developed for conjunctive keyword search, but they relied on certain assumptions regarding keyword fields. To address this limitation, an Efficient Public-Key Encryption with Field-free Conjunctive Keyword Search (PEFCK) scheme was introduced in 2015. PEFCK enables conjunctive keyword search without any specific ordering of the keywords. However, PEFCK is vulnerable to keyword guessing attacks (KGA), which compromise its security. To overcome the KGA vulnerability, we propose a new scheme called Public Key Authenticated Encryption with Field-free Subset Conjunctive and Disjunctive Keyword Search (PAEFSCDKS), which leverages the mathematical concept of Lagrange Polynomials. This scheme incorporates three key features: 1) Sender Authentication: The sender encrypts the keywords using both the receiver's public key and its private key, ensuring sender authenticity and integrity. 2) Secure Channel-free: Unlike traditional approaches, our scheme does not require a secure channel to transfer data from the receiver to the cloud server. This eliminates the need for additional secure communication overhead. 3) Subset Conjunctive and Disjunctive Keyword Search: The receiver can perform queries that involve both subset conjunctive and disjunctive keywords, enabling more flexible and powerful searches. Furthermore, we demonstrate that our proposed scheme achieves provable security under index indistinguishability and trapdoor indistinguishability against both internal and external adversaries. Finally, through performance analysis, we show that our proposed scheme outperforms similar PEKS schemes in terms of both theoretical and experimental evaluations.

computer science, information systems,telecommunications

Bin Wu,Caifen Wang,Hailong Yao

DOI: https://doi.org/10.1371/journal.pone.0230722

IF: 3.7

2020-04-09

PLoS ONE

Abstract:With the rapid development of informatization, an increasing number of industries and organizations outsource their data to cloud servers, to avoid the cost of local data management and to share data. For example, industrial Internet of things systems and mobile healthcare systems rely on cloud computing's powerful data storage and processing capabilities to address the storage, provision, and maintenance of massive amounts of industrial and medical data. One of the major challenges facing cloud-based storage environments is how to ensure the confidentiality and security of outsourced sensitive data. To mitigate these issues, He et al. and Ma et al. have recently independently proposed two certificateless public key searchable encryption schemes. In this paper, we analyze the security of these two schemes and show that the reduction proof of He et al.'s CLPAEKS scheme is incorrect, and that Ma et al.'s CLPEKS scheme is not secure against keyword guessing attacks. We then propose a channel-free certificateless searchable public key authenticated encryption (dCLPAEKS) scheme and prove that it is secure against inside keyword guessing attacks under the enhanced security model. Compared with other certificateless public key searchable encryption schemes, this scheme has higher security and comparable efficiency.

P. Punitha,Lakshmana Kumar,S. Revathi,R. Premalatha,R. S. Aiswarya

DOI: https://doi.org/10.1142/s0218843024500011

2024-03-19

International Journal of Cooperative Information Systems

Abstract:International Journal of Cooperative Information Systems, Ahead of Print. As with IoT devices, cloud computation increases its applicability to other areas that use the information and puts it in a commonplace that is necessary for computing and analysis. These devices need the cloud to store and retrieve data since they are unable to store and process data on their own. Cloud computing offers a variety of services to consumers, including IaaS, PaaS, and SaaS. The usage of cloud resources for data storage that may be accessible by all users associated with cloud computing is a key disadvantage of cloud computing. Without disclosing the data's contents, the usage of Public Key Encryptions with Keyword Search (PEKS) secures publicly encrypted keys against third-party search capabilities that are not trustworthy. PEKs provide a security risk every time Interior Keywords Guessing Attacks (IKGA) are discovered in the system since an unauthorized service estimates the keywords in the trapdoor. This issue can be resolved using various methodologies such as the Certificateless Fleshed Public Key Authenticated Encryption of Keyword Search (CL-HPAEKS), which also uses Altered Elliptic Curve Cryptography (MECC), and the Mutation Centred Flower Pollinations Algorithm (CM-FPA), which uses optimization in keys to be improving the algorithm's performance. The system's security is achieved by adding a Message Fragments 5 (MD5) scramble mechanism. The proposed system achieves system security of 96%, and it takes less time to implement than earlier encryption methods.

computer science, information systems

Nan Gao,Kai Fan,Haoyang Wang,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3288119

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Searchable encryption for Cloud-based Internet of Things has been widely explored with the increasing popularity of cloud computing. The public-key encryption with keyword search (PEKS) system support multi-user retrieval. However, the PEKS search time is linearly increasing as the index keyword number growth, and the search time would be huge if the index keywords consistently increase. In this paper, we introduce a novel scheme named as Public-key Inverted-index Keyword Search with Designated Tester and Multi-user Key Decryption (IDPEKS). First of all, we design an inverted index based on B-plus tree to reduce the search time to a logarithmic level. On this basis, we optimized the TF-IDF formula and added user preference factor and font size factor to make the relevance score calculation more consistent with needs of receiver. Besides, we design a multi-user key decryption algorithm to protect the system symmetric key. In addition, we set index server to perform the index-trapdoor retrieval process. The designated index server tester can resist the attack of the cloud server on keywords. The security proof shows that the scheme can resist the chosen keyword attack (CKA), keyword guessing attack (KGA) and key guessing attack (KeyGA). The experimental results show that the algorithm can improve retrieval efficiency while have a short encryption time.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mohammed Raouf Senouci,Abdelkader Senouci,Fagen Li

DOI: https://doi.org/10.1007/s11235-023-01095-1

2024-01-24

Telecommunication Systems

Abstract:With the rapid growth of the internet of things (IoT), resource-constrained devices have become an integral part of our daily lives. Public key encryption with keyword search (PEKS) enables users to search over encrypted data without revealing sensitive information. However, the computational and memory constraints of these devices pose challenges for implementing PEKS. Additionally, most of the existing schemes are either vulnerable to attacks like keyword guessing attacks, or they rely on bilinear-pairing operations that make them inefficient for resource-constrained devices, or both. To address these issues, we propose a lightweight and pairing-free certificateless authenticated searchable encryption scheme with multi-trapdoor guarantees for resource-constrained devices. Our scheme embeds a shared key in the ciphertext and in the trapdoor that is computable by both the sender and the receiver to ensure authentication and protection against keyword guessing attacks. We also make the trapdoor generation probabilistic to eliminate the need for a secure channel when transmitting the trapdoor, hence, achieving multi-trapdoor indistinguishability. Furthermore, we employ regular cryptography operations instead of bilinear-pairing operations to support deployment on resource-constrained devices. Our scheme is efficient, secure, and outperforms other compared schemes in terms of security guarantees, computational costs, and communication overhead.

telecommunications

Mohammed Raouf Senouci,Ilyas Benkhaddra,Abdelkader Senouci,Fagen Li

DOI: https://doi.org/10.1007/s11235-024-01121-w

2024-03-22

Telecommunication Systems

Abstract:Nowadays, users often opt to encrypt their sensitive data before outsourcing it to the cloud. While this encryption ensures data privacy, it compromises the search functionality. Public key encryption with keyword search (PEKS) has been posited as a potential solution to this challenge. However, many PEKS schemes are either inefficient or vulnerable to various types of attacks, such as inside keyword guessing attacks, outside keyword guessing attacks, etc. In response, we introduce a sustainable certificateless authenticated encryption system with a keyword search scheme. To the best of our knowledge, this proposed scheme is the first to consider multi-trapdoor indistinguishability within the certificateless primitive. Furthermore, our in-depth security analysis indicates that our scheme effectively protects against both online and offline keyword guessing attacksAdditionally, it ensures semantic security by offering both ciphertext indistinguishability and multi-trapdoor indistinguishability. Performance analysis results also suggest that our scheme is efficient and superior to existing alternatives.

telecommunications

Miao Wang,Liwang Sun,Zhenfu Cao,Xiaolei Dong

DOI: https://doi.org/10.1109/access.2024.3368908

IF: 3.9

2024-03-02

IEEE Access

Abstract:Lightweight devices in the Internet of Things (IoT) typically need to store massive data on a cloud server with strong processing and storage capabilities for later retrieval and usage. Since these data contain the participant's sensitive information, they cannot be delivered directly to the cloud server. Public-key Encryption with Keyword Search (PEKS) allows customers to search for target encrypted files using keywords. However, the majority of PEKS implementations are unable to repel malicious quantum-capable attackers. And with regard to forward security, they must search for many rounds to obtain the necessary data. To resolve these concerns, we propose a comprehensive Inner Product Outsourcing PEKS system (IPO-PEKS) with forward security based on LWE assumptions, which raises search efficiency by allowing authorized clients to find the information they desire in a single round and achieves more fine-grained searches. Furthermore, we offer an inner product outsourcing calculation technique that allows the server to compute the inner product result without knowing the details of both parties in order to conceal the relevant privacy data of transmitting and decryption states. The paradigm can be utilized for efficient state transition through the use of parallel computing to accomplish the target of one round of iteration.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wei Wang,Peng Xu,Hui Li,Laurence Tianruo Yang

DOI: https://doi.org/10.1016/j.future.2014.07.008

IF: 7.307

2016-01-01

Future Generation Computer Systems

Abstract:With a significant advance in ciphertext searchability, public-key encryption with keyword search (PEKS) guarantees both security and convenience for outsourced keyword search over ciphertexts. In this paper, we establish static index (SI) and dynamic index (DI) for PEKS to make search efficient and secure in the state of the art. Suppose there are u senders to generate n searchable ciphertexts for w keywords. The search complexity of PEKS always is O(n) for each query, even if the keyword has been searched for multiple times. It is obviously inefficient for massive searchable ciphertexts. Fortunately, SI and DI help PEKS lowering the burden respectively in two phases: if the queried keyword is the first time to be searched, apply SI to reduce the complexity from O(n) to O(u⋅w); otherwise, apply DI to reduce the complexity from O(n) to O(w). Because DI is invalid for the first time search on any keyword, SI and DI are simultaneously applied with PEKS to complete our work as the secure hybrid indexed search (SHIS) scheme. Since u≪w≪n in practice, our SHIS scheme is significantly more efficient than PEKS as demonstrated by our analysis. In the end, we show the extension of SHIS to multi-receiver applications, which is absent for pure PEKS.

Jie Zhao,Hejiao Huang,Yongliang Xu,Xiaojun Zhang,Hongwei Du,Chao Huang

DOI: https://doi.org/10.1016/j.tcs.2024.114895

IF: 1.002

2024-10-05

Theoretical Computer Science

Abstract:Cloud-assisted e-healthcare sharing systems (EHSSs) play an increasingly pivotal role in the contemporary healthcare field. By outsourcing electronic medical records (EMRs) to the cloud, hospitals can alleviate local storage and management burdens while facilitating data sharing. Due to the highly sensitive nature of EMRs, encryption is necessary before storing them on the cloud. Attribute-based keyword search (ABKS) enables the privacy protection of EMRs with efficient search services. However, there remain some limitations in practical application. Firstly, most ABKS schemes only support single keyword queries, resulting in inaccurate results and wastage of computing and bandwidth resources. Secondly, since sensitive information within EMRs is encrypted as a whole, different data users (including internal doctors and external researchers) should have varying access rights to prevent leakage of this sensitive information. Thirdly, incorrect search results could lead to misdiagnosis or endanger patients' lives and affect researchers' decision-making processes. To effectively tackle these challenges, this paper proposes a verifiable attribute-based multi-keyword search scheme with sensitive information hiding (VABMKS-SIH) for cloud-assisted EHSSs, where we present a secure model for multi-keyword search with two-level access structure by incorporating an improved blindness filtering technique into ciphertext-policy attribute-based encryption (CP-ABE) within existing keyword search framework. Our scheme employs a super-increasing sequence to aggregate multiple filtered data blocks into one unified ciphertext, thereby greatly reducing communication overhead during the transmission phases of ciphertext. To check the correctness of returned results, we introduce a lightweight algebraic signature algorithm based on fundamental algebraic operations. A security analysis demonstrates that VABMKS-SIH is provably secure under the random oracle mode. Additionally, we also evaluate the proposed scheme's performance to demonstrate its utility in cloud-assisted EHSSs.

computer science, theory & methods

Yunhong Zhou,Na Li,Yanmei Tian,Dezhi An,Licheng Wang

DOI: https://doi.org/10.3390/e22040421

2020-04-08

Abstract:With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.

Nyamsuren Vaanchig,Zhi Guang Qin

DOI: https://doi.org/10.3934/mbe.2019193

2019-05-05

Abstract:Public Key Encryption with Keyword Search (PEKS) is a desirable technique to provide searchable functionality over encrypted data in public key settings, which allows a user to delegate a third party server to perform the search operation on encrypted data by means of keyword search trapdoor without learning about the data. However, the existing PEKS schemes cannot be directly applied to practice due to keyword guessing attack or the absence of a mechanism to limit the lifetime of a trapdoor. By addressing these issues at the same time, this paper presents a Public Key Encryption Scheme with Temporary and Fuzzy Keyword Search (PETFKS) by using a fuzzy function and an encryption tree. The proposed PETFKS scheme is proven adaptively secure concerning keyword confidentiality and backward and forward secrecy in the random oracle model under the Bilinear Di e-Hellman assumption. Moreover, it is also proven selectively secure with regard to the resistance of keyword guessing attack. Furthermore, the security and e ciency analyses of the proposed scheme are provided by comparing to the related works. The analyses indicate that the proposed scheme makes a threefold contribution to the practical application of public key encryption with keyword search, namely o ering secure search operation, limiting the lifetime of a trapdoor and enabling secure time-dependent data retrieval.