Jingwei Wang,Xinchun Yin,Jianting Ning,Geong Sen Poh

DOI: https://doi.org/10.1007/978-3-030-14234-6_26

2018-01-01

Abstract:Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology and a key component that enable secure data sharing in a cloud environment through fine-grained access control. Since it was introduced, many interesting schemes have been proposed. However, in addition to managing data sharing through access control, a comprehensive scheme should also cater for user revocation and ciphertext queries. This is because in a cloud environment new users may join while existing users may leave the system. At the same time, given the potentially large amount of data stored in a cloud storage, user should be able to retrieve the required files efficiently in a privacy-preserving manner. To address the above issue, in this paper, we propose a practical searchable CP-ABE scheme supporting user revocation. In contrast to existing schemes that provide only single keyword query, our efficient search function provides conjunctive search, which allows user to locate a ciphertext related to a set of keywords. The computation overhead of our user revocation is at least on par with existing schemes. Besides, the security analysis indicates that the proposed scheme is secure under the decisional Bilinear Diffie-Hellman assumption. We also provide extensive experimental results to confirm the efficiency and feasibility of our proposed construction.

Je-Kuan Lin,Wun-Ting Lin,Ja-Ling Wu

DOI: https://doi.org/10.3390/cryptography7020028

2023-05-15

Cryptography

Abstract:Currently, cloud computing has become increasingly popular and thus, many people and institutions choose to put their data into the cloud instead of local environments. Given the massive amount of data and the fidelity of cloud servers, adequate security protection and efficient retrieval mechanisms for stored data have become critical problems. Attribute-based encryption brings the ability of fine-grained access control and can achieve a direct encrypted data search while being combined with searchable encryption algorithms. However, most existing schemes only support single-keyword or provide no ranking searching results, which could be inflexible and inefficient in satisfying the real world’s actual needs. We propose a flexible multi-keyword ranked searchable attribute-based scheme using search trees to overcome the above-mentioned problems, allowing users to combine their fuzzy searching keywords with AND–OR logic gates. Moreover, our enhanced scheme not only improves its privacy protection but also goes a step further to apply a semantic search to boost the flexibility and the searching experience of users. With the proposed index-table method and the tree-based searching algorithm, we proved the efficiency and security of our schemes through a series of analyses and experiments.

Xueyan Liu,Zhitao Guan,Xiaojiang Du,Longfei Wu,Zain Ul Abedin,Mohsen Guizani

DOI: https://doi.org/10.1109/icc.2019.8762004

2019-05-01

Abstract:Multi-user multi-keyword ranked search scheme in arbitrary language is a novel multi-keyword rank searchable encryption (MRSE) framework based on Paillier Cryptosystem with Threshold Decryption (PCTD). Compared to previous MRSE schemes constructed based on the k-nearest neighbor searchable encryption (KNN-SE) algorithm, it can mitigate some drawbacks and achieve better performance in terms of functionality and efficiency. Additionally, it does not require a predefined keyword set and support keywords in arbitrary languages. However, due to the pattern of exact matching of keywords in the new MRSE scheme, multilingual search is limited to each language and cannot be searched across languages. In this paper, we propose a cross-lingual multi-keyword rank search (CLRSE) scheme which eliminates the barrier of languages and achieves semantic extension with using the Open Multilingual Wordnet. Our CLRSE scheme also realizes intelligent and personalized search through flexible keyword and language preference settings. We evaluate the performance of our scheme in terms of security, functionality, precision and efficiency, via extensive experiments.

Yinbin Miao,Jiajia Liu,Jianfeng Ma

DOI: https://doi.org/10.1002/sec.1559

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:With the emergence of cloud storage, enabling cloud clients to securely store and efficiently retrieve ciphertext is a fundamental issue in cloud computing as data outsourcing can greatly ease heavy computation and management burden locally. Unfortunately, two challenging issues i.e., data security and privacy dramatically impede the adaption and practicability of cloud storage due to honest-but-curious cloud service provider CSP. Furthermore, data encryption mechanism seriously makes the information retrieval over ciphertext extremely difficult. Besides, dealing with single CSP is predicted to become less popular with cloud customers for fear of risks of single-point failure threats and potential malicious insiders. To this end, we propose two efficient keyword search over encrypted data in multi-cloud setting schemes which exploit Identity-Based Encryption IBE and Key-Policy Attribute-Based Encryption KP-ABE, respectively. Formal security analysis proves that our schemes can guarantee data privacy and reliability. As a further contribution, experimental results over real-world dataset show that our proposed schemes are feasible and efficient in practical applications. Copyright © 2016 John Wiley & Sons, Ltd.

Ru Meng,Yanwei Zhou,Jianting Ning,Kaitai Liang,Jinguang Han,Willy Susilo

DOI: https://doi.org/10.1007/978-3-319-68637-0_3

2017-01-01

Abstract:Public key encryption with keyword search (PEKS) is a promising cryptographic mechanism to enable secure search over encrypted data in cloud. The mechanism allows a semi-trusted cloud server to return related encrypted contents without knowing what the query is and what the corresponding contents are. It has been combined with attribute based encryption (ABE) to support more expressiveness in search. Most of the existing searchable ABE schemes, however, are restricted to heavy complexity. In particular, the size of ciphertext and pairing cost in the test phase are both linear in the size of the keyword set, say O(n), where n is the number of keyword. This limitation hinders the scalability of searchable ABE in practice. To address this long-lasting open problem, this paper proposes a new key-policy attribute-based search encryption (KP-ABSE) scheme. Our construction can be regarded as a novel combination of fast decryption, anonymous-like encryption, and KP-ABE technologies. As of independent interest, the scheme is built in asymmetric bilinear groups. The scheme is further proved secure under the asymmetric decisional DBDH, decisional q-BDHE and decisional linear assumptions in the standard model. Compared with existing KP-ABSE schemes, our new scheme achieves the following properties: (1) flexible access structure for search - any monotonic access structure, (2) constant ciphertext size, (3) constant pairing operations in the test phase.

Shangping Wang,Xiaoxue Zhang,Yaling Zhang

DOI: https://doi.org/10.1371/journal.pone.0167157

IF: 3.7

2016-11-29

PLoS ONE

Abstract:Cipher-policy attribute-based encryption (CP-ABE) focus on the problem of access control, and keyword-based searchable encryption scheme focus on the problem of finding the files that the user interested in the cloud storage quickly. To design a searchable and attribute-based encryption scheme is a new challenge. In this paper, we propose an efficiently multi-user searchable attribute-based encryption scheme with attribute revocation and grant for cloud storage. In the new scheme the attribute revocation and grant processes of users are delegated to proxy server. Our scheme supports multi attribute are revoked and granted simultaneously. Moreover, the keyword searchable function is achieved in our proposed scheme. The security of our proposed scheme is reduced to the bilinear Diffie-Hellman (BDH) assumption. Furthermore, the scheme is proven to be secure under the security model of indistinguishability against selective ciphertext-policy and chosen plaintext attack (IND-sCP-CPA). And our scheme is also of semantic security under indistinguishability against chosen keyword attack (IND-CKA) in the random oracle model.

Dan Wang,Po Wu,Bin Li,Haorui Du,Min Luo

DOI: https://doi.org/10.1016/j.epsr.2022.108223

IF: 3.818

2022-11-01

Electric Power Systems Research

Abstract:Searchable encryption scheme allows users to search for encrypted data containing some keywords without decrypting data. It protects the data privacy of data owners while promoting efficient data access. The searchable encryption scheme only supports a single keyword, which is easy to cause the problem of data redundancy. It makes users have to filter again in a large amount of data. In order to achieve the search goal more accurately, researchers proposed multi-keyword searchable encryption scheme. In addition, searchable encryption schemes that only support a single keyword are vulnerable to the disclosure of user access and search pattern. Based on these two reasons, we propose a searchable encryption scheme based on multi- keyword, which supports users to input more complex retrieval requests, and users can get a better sense of search experience. At the same time, it reduces the possibility of leakage of user access and search pattern to a certain extent. We also define the security model and prove that the scheme can resist the internal keyword guessing attack under the standard model. Finally, we also compare theoretical performance with other schemes and evaluate the experimental performance of our scheme.

engineering, electrical & electronic

Dequan Xu,Changgen Peng,Weizheng Wang,Hai Liu,Shoaib Ahmed Shaikh,Youliang Tian

DOI: https://doi.org/10.1109/tce.2023.3269045

2023-01-01

IEEE Transactions on Consumer Electronics

Abstract:With the rapid development of consumer electronics in Industry 5.0, personalized service supplement based on the cloud infrastructure for the Internet of Things (IoT) has been a promising requirement pushed to consumers. During the massive and frequent IoT data interaction from the consumer-centric in Industry 5.0, efficiently searchable encryption for multiple consumers are indispensable. Existing multi-user searchable encryption is based on attribute and predicate encryption technology to realize one-to-many rather than realistic many-to-many scenarios. Moreover, multi-keyword ranked search, dynamic update, and search pattern hiding have not been implemented in the multi-user scenario. In this paper, to address the above problems for consumer electronics in Industry 5.0, we present a privacy-preserving dynamic multi-keyword ranked search scheme over encrypted cloud data to accomplish pay-as-you-consume cloud data security sharing. Our scheme designs a specific tree-based index structure and a “Greedy Breadth-First Search” algorithm to achieve the sub-linear search. To support dynamic updates in the cloud, a novel secure maximum generation protocol is proposed. Finally, the security analysis and experiment evaluation prove our scheme cannot only preserve the privacy of index and search patterns but also support dynamic update operations under the multi-writer/multi-reader setting at an acceptable cost.

telecommunications,engineering, electrical & electronic

Zuojie Deng,Kenli Li,Keqin Li,Jingli Zhou

DOI: https://doi.org/10.1016/j.future.2016.05.017

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:Multi-user searchable encryption (MSE) allows a user to encrypt its files in such a way that these files can be searched by other users that have been authorized by the user. The most immediate application of MSE is to cloud storage, where it enables a user to securely outsource its files to an untrusted cloud storage provider without sacrificing the ability to share and search over it. Any practical MSE scheme should satisfy the following properties: concise indexes, sublinear search time, security of data hiding and trapdoor hiding, and the ability to efficiently authorize or revoke a user to search over a file. Unfortunately, there exists no MSE scheme to achieve all these properties at the same time. This seriously affects the practical value of MSE and prevents it from deploying in a concrete cloud storage system. To resolve this problem, we propose the first MSE scheme to satisfy all the properties outlined above. Our scheme can enable a user to authorize other users to search for a subset of keywords in encrypted form. We use asymmetric bilinear map groups of Type-3 and keyword authorization binary tree (KABtree) to construct this scheme that achieves better performance. We implement our scheme and conduct performance evaluation, demonstrating that our scheme is very efficient and ready to be deployed.

Ning Cao,Cong Wang,Ming Li,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2013.45

IF: 5.3

2013-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:With the advent of cloud computing, data owners are motivated to outsource their complex data management systems from local sites to the commercial public cloud for great flexibility and economic savings. But for protecting data privacy, sensitive data has to be encrypted before outsourcing, which obsoletes traditional data utilization based on plaintext keyword search. Thus, enabling an encrypted cloud data search service is of paramount importance. Considering the large number of data users and documents in the cloud, it is necessary to allow multiple keywords in the search request and return documents in the order of their relevance to these keywords. Related works on searchable encryption focus on single keyword search or Boolean keyword search, and rarely sort the search results. In this paper, for the first time, we define and solve the challenging problem of privacy-preserving multi-keyword ranked search over encrypted cloud data (MRSE). We establish a set of strict privacy requirements for such a secure cloud data utilization system. Among various multi-keyword semantics, we choose the efficient similarity measure of "coordinate matching", i.e., as many matches as possible, to capture the relevance of data documents to the search query. We further use "inner product similarity" to quantitatively evaluate such similarity measure. We first propose a basic idea for the MRSE based on secure inner product computation, and then give two significantly improved MRSE schemes to achieve various stringent privacy requirements in two different threat models. Thorough analysis investigating privacy and efficiency guarantees of proposed schemes is given. Experiments on the real-world dataset further show proposed schemes indeed introduce low overhead on computation and communication.

Yunong Liang,Zhenfu Cao,Xiaolei Dong,Jiachen Shen

DOI: https://doi.org/10.1007/978-3-030-01950-1_22

2018-01-01

Abstract:With highly development of cloud computing, data owners wish to outsource their data to clouds for computational and storage resource at a lower price. In order to protect the privacy of sensitive information, they should be encrypted before being uploaded to the cloud server. However, in this way, it is hard to find data in encrypted form according to search criticisms. To solve this problem, searchable encryption has merged. In this paper, we propose a secure and efficient searchable encryption scheme supporting multi-keyword search in 1-to-n setting. The scheme is mainly applicable to the scenes that the number of keywords is limited but the number of files is huge such as sharing a comprehensive knowledge base of a certain field. By tactfully leveraging multi-input inner-product functional encryption, the cloud server is able to complete search processes with search tokens which consist of only two items. It reduces communication and transportation overhead significantly. By using an inverted index structure and super-incremental sequence, our scheme achieves efficient multi-keyword search. In addition, our scheme avoids per-query interaction between the data owner and data users. That is to say, the data owner does not need to stay online waiting for data users to search in his archives. On the other hand, the scheme also achieves partial token privacy, index privacy and token privacy at the same time.

Wu Chuxin,Zhang Peng,Liu Hongwei,Chen Zehong,Zoe L. Jiang

DOI: https://doi.org/10.1007/978-3-030-05063-4_30

2018-01-01

Abstract:Due to the strong storage capacity and calculating power of cloud computing, more and more users outsource their data to the cloud. To avoid users’ data exposed to cloud, searchable encryption which can search over the encrypted data is studied. In this paper, based on the multi-keyword searchable encryption proposed by Cash et al., through enforcing access control for users, we present an efficient multi-keyword searchable encryption supporting multi-user access control(MMSE). MMSE supports multi-user scenarios, and only the users whose attributes satisfy the policy can generate the search token, no matter the data owner is online or not. The security and performance analysis shows that the proposed MMSE is secure and efficient. © Springer Nature Switzerland AG 2018.

Liao Zhenhua,Wang Jinmiao,Lang Bo

DOI: https://doi.org/10.1002/sec.1044

2015-01-01

Abstract:AbstractIn cloud computing, large amount of data can be effectively stored and managed. People could outsource the encrypted data using searchable encryption SE for data security and efficient retrieval. However, most existing SE schemes only support the single-user access, and multiuser searchable encryption is required in many enterprise applications. From the attribute-based encryption ABE, we found that the flexibility and usability of encryption schemes can be greatly improved by embedding attribute-based access policy in the ciphertext. In this paper, by using the idea of ABE, we propose a ciphertext-policy hidden vector encryption CPHVE scheme to support both encryption and search operations for multiple users. In the scheme, a keyword is encrypted with an attribute-based access policy, which can be searched when the users' attributes satisfy the policy. The security of CPHVE is also defined and proved in this paper. Moreover, the CPHVE scheme is based on standard complexity assumptions on bilinear groups of prime order, thus it is more efficient than the existing schemes. Copyright © 2014 John Wiley & Sons, Ltd.

Bin Tang,Yi-Hua Zhou,Yu-Guang Yang,Bei Gong,Zhenhu Ning

DOI: https://doi.org/10.1016/j.csi.2024.103956

IF: 3.721

2024-12-08

Computer Standards & Interfaces

Abstract:Searchable encryption (SE) enables the searchability of encrypted data in cloud environments, thereby safeguarding privacy. Despite this, the actual execution of ciphertext searches within a multi-user data-sharing context necessitates flexible access services for various authorized users. Although the existing solution has achieved ciphertext retrieval with multi-user authorization, it still exhibits shortcomings in areas such as dynamic and manageable permissions and the more granular access control on results. Our scheme, grounded in lattice cryptography, is designed to withstand quantum attacks. It leverages serverless cloud computing and incorporates ciphertext-policy attribute-based encryption (CP-ABE) along with proxy re-encryption (PRE) to construct a multi-user authorization searchable encryption system. This system facilitates keyword searches on encrypted data, supports dynamic multi-user authorization, and ensures scalable, results-on-demand capabilities. Security analysis confirms that our scheme is impervious to collusion attacks, chosen keyword attacks (CKA), and chosen plaintext attacks (CPA). Finally, the performance analysis demonstrates that our scheme is both secure and efficient, outperforming other multi-user searchable encryption schemes in terms of security and efficiency.

computer science, software engineering, hardware & architecture

Boshen Shan,Yuanzhi Yao,Weihai Li,Xiaodong Zuo,Nenghai Yu

DOI: https://doi.org/10.1109/trustcom56396.2022.00189

2022-01-01

Abstract:Due to the increasing popularity of cloud computing and privacy preservation concerns, sensitive data should be encrypted before outsourcing to the cloud and data utilization becomes a challenging issue. Searchable encryption (SE) is a promising technique to address this problem. Most existing searchable encryption schemes only support accurate keyword but fuzzy keyword search schemes are appreciated in practice. Moreover, in some application scenarios like the video on demand systems, data owners only hope to give the access of their data to those who have payed but authenticated user identity may often change. Therefore, dynamic user attribute updating should be considered. To solve about issues, we propose a fuzzy secure keyword search scheme over encrypted cloud data with dynamic fine-grained access control. We design a novel fuzzy keyword index to retrieve corresponding documents. To reduce the computation cost, the cloud server selects most relevant top-k documents and return them to the data users. The ciphertextpolicy attribute based encryption (CP-ABE) technique is introduced to implement fine-grained access control. Meanwhile, the basic CP-ABE is improved to meet the practical need of user attribute updating. Extensive security and performance analysis demonstrates that our proposed scheme is highly efficient and can satisfy the security requirements for fuzzy keyword search over encrypted cloud data.

Jinlu Liu,Bo Zhao,Jing Qin,Xi Zhang,Jixin Ma

DOI: https://doi.org/10.1093/comjnl/bxab153

2021-10-11

The Computer Journal

Abstract:Abstract Multi-keyword ranked searchable encryption (MRSE) supports multi-keyword contained in one query and returns the top-k search results related to the query keyword set. It realized effective search on encrypted data. Most previous works about MRSE can only make the complete keyword search and rank on the server-side. However, with more practice, users may not be able to express some keywords completely when searching. Server-side ranking increases the possibilities of the server inferring some keywords queried, leading to the leakage of the user’s sensitive information. In this paper, we propose a new MRSE system named ‘multi-keyword ranked searchable encryption with the wildcard keyword (MRSW)’. It allows the query keyword set to contain a wildcard keyword by using Bloom filter (BF). Using hierarchical clustering algorithm, a clustering Bloom filter tree (CBF-Tree) is constructed, which improves the efficiency of wildcard search. By constructing a modified inverted index (MII) table on the basis of the term frequency-inverse document frequency (TF-IDF) rule, the ranking function of MRSW is performed by the user. MRSW is proved secure under adaptive chosen-keyword attack (CKA2) model, and experiments on a real data set from the web of science indicate that MRSW is efficient and practical.

Maryam Zarezadeh,Hamid Mala,Maede Ashouri-Talouki

DOI: https://doi.org/10.1007/s12083-019-00736-0

2019-04-30

Abstract:With the advent of cloud computing, data owners are motivated to outsource their data to public clouds for decreasing the cost of management systems. For protecting data privacy, sensitive data must be encrypted before outsourcing. So, equipping cloud server with search service over encrypted data is an important issue. Considering the large number of data users and documents in the cloud, users may be interested to perform multi-keyword search and receive the most related data. In this paper, we investigate the Pasupuleti et al.'s scheme which is a multi-keyword ranked search over encrypted cloud data. Their scheme has problems in index construction, trapdoor generation and search procedures. We address these problems and suggest a multi-keyword ranked search over encrypted data on cloud storage. The proposed ranked searchable encryption scheme enhances system usability by ranking results instead of just sending undifferentiated results and ensures file retrieval accuracy. We also use the relevance score from information retrieval to build a secure searchable index, and apply an additive order-preserving encryption to protect the sensitive scores of files. Our scheme also guarantees access control of users during the data retrieval by attribute-based encryption. Analysis shows that our scheme is secure and efficient for cloud storage.

computer science, information systems,telecommunications

Haijiang Wang,Jianting Ning,Xinyi Huang,Guiyi Wei,Geong Sen Poh,Ximeng Liu

DOI: https://doi.org/10.1109/tdsc.2019.2916569

2019-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:E-Healthcare systems are increasingly popular due to the introduction of wearable healthcare devices and sensors. Personal health records (PHRs) are collected by these devices and stored in a remote cloud. Due to privacy concern, these records should not be accessible by any unauthorized party, and the cloud providers should not be able to learn any information from the stored records. To address the above issues, one promising solution is to employ attribute based encryption (ABE) for fine-grained access control and searchable encryption for keyword search on encrypted data. However, most of existing ABE schemes leak the privacy of access policy which may also contain sensitive information. On the other hand, for users' devices with limited computing power and bandwidth, the mechanism should enable them to be able to search the PHRs efficiently. Unfortunately, most existing works on ABE do not support efficient keyword search on encrypted data. In this work, we propose an efficient hidden policy ABE scheme with keyword search. Our scheme enables efficient keyword search with constant computational overhead and constant storage overhead. Moreover, we enhance the recipient's privacy which hides the access policy. As of independent interest, we present a trapdoor malleability attack and demonstrate that some of previous schemes may suffer from such attack.

Jianfei Sun,Shengnan Hu,Xuyun Nie

DOI: https://doi.org/10.1109/access.2019.2928441

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the rapid advance of the Internet of Things (IoT) and cloud computing technologies, the IoT-oriented health is expected to greatly improve the quality of healthcare service. However, data security and privacy concerns have become one of the biggest issues in smart health applications. As a potential and promising solution, attribute-based keyword search (ABKS) can provide fine-grained keyword search and access control over the encrypted data at the same time. Nevertheless, prior ABKS schemes cannot simultaneously support fine-grained, effective, and accurate data retrieval over hierarchical data. In this paper, to tackle these issues, we propose a fine-grained ranked multi-keyword search scheme over hierarchical data by leveraging ciphertext-policy hierarchical attribute-based encryption (CP-HABE) and ranked multi-keyword search (RMKS) technologies. Then, we prove that our proposed scheme is selectively secure through security analysis and we also show the practicability and feasibility of the proposed scheme by performance evaluation.

Chen Dongdong,Cao Zhenfu,Dong Xiaolei

DOI: https://doi.org/10.7544/issn1000-1239.2016.20160416

2016-01-01

Abstract:It is quite common for data ow ners to share the data via mobile phones in cloud computing . But because the cloud is not fully trusted ,a series of privacy concerns emerge from it ,and various schemes based on the attribute‐based encryption have been proposed to these problems . However , most work either cannot support the keyword search function for the encrypted data ,or bring a large of online computational cost in encryption and decryption phase .T he efficiency of the data sharing and information query as well as the fined‐grained of the data sharing will be affected by the most attribute‐based encryption mechanism .To deal with these challenging concerns ,we propose a new cryptographic primitive named online/offline ciphertext‐policy attribute‐based searchable encryption scheme (OO‐CP‐ABSE) .By using the online/offline attribute‐based encryption and the outsourcing decryption technique ,we construct our scheme with minimum online computational cost on the data owner side and least decrypted computational cost on the data user side .Furthermore ,we give the description of the application of OO‐CP‐ABSE in cloud computing for mobile devices .At last ,we also present the efficiency of our scheme in comparison to other schemes and the security in terms of data confidentiality ,keyword privacy ,controlled searching ,trapdoor privacy .