T. Nishide,K. Sakurai,Z. Liu,Z. Wang,R. A. Popa,N. Zeldovich

2016-01-01

Abstract:Cloud computing is latest technology widely serving client oriented applications. It has the capability of sharing selective encrypted data via public cloud storage with multiple users which may ease security over accidental data leaks in the cloud. Efficient key management is important in encryption schemes. For sharing multiple documents with different groups in cloud, separate encryption keys are needed. Security is required by owner to distribute large number of keys for encryption and searching, and by users to store received keys. Users have to submit equal number of trapdoors to the cloud for search operation. In such case features of security, storage and complexity are required at its best performance. Key-Aggregate Searchable Encryption (KASE) scheme addresses to the problem of storage management and security in group data sharing on cloud. Through this scheme only single key is distributed by owner to user for sharing multiple documents, and user also required to submit single trapdoor to receive shared documents. KASE scheme is efficient and secure as resulted by security analysis tests.

Masahiro Kamimura,Naoto Yanai,Shingo Okamura,Jason Paul Cruz

DOI: https://doi.org/10.1109/access.2020.2967793

IF: 3.9

2020-01-01

IEEE Access

Abstract:In the use of a cloud storage, sharing of data with efficient access control is an important requirement in addition to data security and privacy. Cui et al. (IEEE Trans. on Comp. 2016) proposed key-aggregate searchable encryption (KASE), which allows a data owner to issue an aggregate key that enables a user to search in an authorized subset of encrypted files by generating an encrypted keyword called trapdoor. While the idea of KASE is elegant, to the best of our knowledge, its security has never been discussed formally. In this paper, we discuss the security of KASE formally and propose provably secure schemes. We first introduce our provably secure scheme, named first construction, with respect to encrypted files and aggregate keys in a single-server setting. In comparison with the scheme of Cui et al., the first construction is secure without increased computational costs. Then, we introduce another provably secure scheme, named main construction, with respect to trapdoors in a two-server setting. The main construction guarantees the privacy of a search, encrypted files, and aggregate keys. Considering 5,000 encrypted keywords, the first construction can finish search within three seconds and the main construction can finish search within six seconds.

computer science, information systems,telecommunications,engineering, electrical & electronic

Axin Wu,Fagen Li,Xiangjun Xin,Yinghui Zhang,Jianhao Zhu

DOI: https://doi.org/10.1016/j.sysarc.2024.103104

IF: 5.836

2024-03-08

Journal of Systems Architecture

Abstract:Cloud storage offers data users relief from cumbersome management tasks and enhances overall efficiency. However, while it brings convenience, there is also the risk of privacy breaches. To address this, public-key encryption with keyword search (PEKE) presents a solution that balances efficiency, convenience, and security in the context of cloud storage. Nevertheless, PEKS is vulnerable to inside keyword guessing attacks and algorithm substitution attacks, posing a serious threat to its deployment. Cryptographic reverse firewall technique randomizes incoming messages to effectively defend against both types of attacks mentioned earlier through a gateway. However, this approach requires the gateway to store a random number for each keyword, increasing storage costs and potentially exposing keyword information. In response, we propose an improved scheme that inherits the remarkable properties of the method based on cryptographic reverse firewall. Additionally, the proposed scheme eliminates the need for gateways to store random numbers, reducing the management and storage burdens and supports multiple keywords for one document, a feature more aligned with real-world applications. Furthermore, we prove the security of the scheme, which achieves the same security goals as the existing scheme. Finally, we analyze the scheme s efficiency through theoretical analysis and performance evaluation, which demonstrates its efficiency.

computer science, software engineering, hardware & architecture

Hiral S. Trivedi,Sankita J. Patel

DOI: https://doi.org/10.1002/ett.4734

IF: 3.6

2023-01-27

Transactions on Emerging Telecommunications Technologies

Abstract:Key‐aggregate searchable encryption concurrently preserving multi‐user authorization and keyword untraceability. Adopting Internet‐of‐Things (IoT) enables pervasive computing by integrating distributed healthcare infrastructures to enhance conventional medical services. Integrated healthcare systems store numerous encrypted electronic health records (EHR) on clouds that multiple users frequently access as per delegated access rights. Sharing any group of selected EHR within any group of users involving different encryption keys potentially heightens security and privacy concerns over inadvertent data leaks. This necessitates a searchable encryption mechanism in distributed IoT requiring secure multi‐user authorization and efficient searchable keys management with compact trapdoors. Contemporary state‐of‐the‐art protocols utilize large numbers of expensive encryption keys and keyword trapdoors while lacking secure multi‐user authorization and keyword untraceability on clouds. This motivates us to design a novel key‐aggregate searchable encryption protocol that jointly achieves multi‐user authorization and keyword untraceability for distributed IoT applications. Key‐aggregation reduces complexity in sharing documents by executing a stand‐alone trapdoor, while token‐based authorization allows keyword search only to legitimate data users. Additionally, secure dynamic indexing achieves keyword untraceability on clouds. Security analysis illustrates correctness and resilience against typical attacks. Performance and empirical analysis demonstrate a relative advantage in storage, communication, and computational costs while incorporating secure multi‐user authorization and keyword untraceability as additional security features.

telecommunications

Zhirong Shen,Jiwu Shu,Wei Xue

DOI: https://doi.org/10.1109/jsen.2016.2634018

IF: 4.3

2016-01-01

IEEE Sensors Journal

Abstract:Cloud computing has become an increasingly popular service for data storage and processing. To keep users' data on the cloud from leaking to unauthorized users, probably including the cloud service providers, the data must be stored in an encrypted form. In the meantime, for data intended for sharing, an efficient access control must be provided. A common operation on the data is keyword search. Currently, search operation over encrypted search is performed at the cloud servers and access control for the in-cloud data is usually enforced by users. Separation of the two types of operations can lead to reduced efficiency and compromised privacy for users with a given set of access privileges to search over encrypted cloud data. In this paper, we study the problem of keyword search with access control over encrypted data in cloud computing. We first propose a scalable framework where user can use his attribute values and a search query to locally derive a search capability, and a file can be retrieved only when its keywords match the query and the user's attribute values can pass the policy check. Using this framework, we propose a novel scheme called KSAC. KSAC utilizes a recent cryptographic primitive called HPE to enforce fine-grained access control, perform multi-field query search, and support the derivation of the search capability. Intensive evaluations on real-world dataset are conducted to validate the applicability of the proposed scheme.

Yanping Li,Qiang Cao,Kai Zhang,Fang Ren

DOI: https://doi.org/10.1016/j.sysarc.2021.102006

IF: 5.836

2021-05-01

Journal of Systems Architecture

Abstract:<p>The keyword-based searchable encryption is a very promising technology in the cloud storage, which can supply data users with accurate search services over encrypted data based on queried keywords. An important security objective of this kind of schemes is to resist keyword privacy leakage because it may cause content leakage of to data itself and search preferences of data users. To protect keyword privacy, the existing methods mainly are implemented by keyword ciphertext indistinguishability and trapdoor indistinguishability. And there is few works to resist keyword privacy leakage from access pattern and search pattern simultaneously, which will inevitably affects the further application of this promising technology. In order to avoid keyword privacy leakage from above two patterns, we first construct a novel secure keyword index called the global index pair which is used to construct a k-nearest neighbour search, i.e., a data user can always receive the top-k encrypted files which are the most relevant to the search query. To effectively save computing costs and storage costs for DUs, a new order-preserving transformation is designed in our scheme to generate trapdoor without DUs computing the inverse of matrix. Secondly, our construction is independent of a specific searchable encryption scheme. Any kind of a keyword-based searchable encryption scheme can apply our method to resist the keyword privacy leakage both from access pattern and search pattern. Finally, the detailed security analyses are given to demonstrate that the advantage of any Level-3 attacker launching efficient inside attack from search pattern and access pattern is negligible, i.e., our construction can protect the keyword privacy against an inside attacker.</p>

computer science, software engineering, hardware & architecture

Jin Li,Qian Wang,Cong Wang,Ning Cao,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/infcom.2010.5462196

2010-01-01

Abstract:As Cloud Computing becomes prevalent, more and more sensitive information are being centralized into the cloud. For the protection of data privacy, sensitive data usually have to be encrypted before outsourcing, which makes effective data utilization a very challenging task. Although traditional searchable encryption schemes allow a user to securely search over encrypted data through keywords and selectively retrieve files of interest, these techniques support only exact keyword search. That is, there is no tolerance of minor typos and format inconsistencies which, on the other hand, are typical user searching behavior and happen very frequently. This significant drawback makes existing techniques unsuitable in Cloud Computing as it greatly affects system usability, rendering user searching experiences very frustrating and system efficacy very low. In this paper, for the first time we formalize and solve the problem of effective fuzzy keyword search over encrypted cloud data while maintaining keyword privacy. Fuzzy keyword search greatly enhances system usability by returning the matching files when users' searching inputs exactly match the predefined keywords or the closest possible matching files based on keyword similarity semantics, when exact match fails. In our solution, we exploit edit distance to quantify keywords similarity and develop an advanced technique on constructing fuzzy keyword sets, which greatly reduces the storage and representation overheads. Through rigorous security analysis, we show that our proposed solution is secure and privacy-preserving, while correctly realizing the goal of fuzzy keyword search.

Li Xu,Chi-Yao Weng,Lun-Pin Yuan,Mu-En Wu,Raylin Tso,Hung-Min Sun

DOI: https://doi.org/10.1007/s11227-015-1515-8

2015-01-01

Abstract:Cloud storage is one of the most important applications in our daily lives. User can store their own data into cloud storage and remotely access the saved data. Owing to the social media develops, users can share the digital files to other users, leading to the amount of data growing rapidly and searching abilities necessarily. In the some cases, servers cannot avoid data leakage even if the server provides complete access control. The encrypted data is a best way to resolve this problem but it may eliminate original structure and searching may become impossible. Applying searchable encryption for each receiver may produce messy duplication and occupy the quota of cloud storage from each receiver. User requires keeping their shared documents belonging up to date which are compared with the latest version. To this aim, we thus propose a sharable ID-based encryption with keyword search in cloud computing environment, which enables users to search in data owners’ shared storage while preserving privacy of data. For the performance analysis, we demonstrate the compared resultant with others ID-based or ID-relative encryption. In addition to that, we show the formal proof to verify the security of our proposed.

Cong Wang,Ning Cao,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2011.282

IF: 5.3

2012-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud computing economically enables the paradigm of data service outsourcing. However, to protect data privacy, sensitive cloud data have to be encrypted before outsourced to the commercial public cloud, which makes effective data utilization service a very challenging task. Although traditional searchable encryption techniques allow users to securely search over encrypted data through keywords, they support only Boolean search and are not yet sufficient to meet the effective data utilization need that is inherently demanded by large number of users and huge amount of data files in cloud. In this paper, we define and solve the problem of secure ranked keyword search over encrypted cloud data. Ranked search greatly enhances system usability by enabling search result relevance ranking instead of sending undifferentiated results, and further ensures the file retrieval accuracy. Specifically, we explore the statistical measure approach, i.e., relevance score, from information retrieval to build a secure searchable index, and develop a one-to-many order-preserving mapping technique to properly protect those sensitive score information. The resulting design is able to facilitate efficient server-side ranking without losing keyword privacy. Thorough analysis shows that our proposed solution enjoys “as-strong-as-possible” security guarantee compared to previous searchable encryption schemes, while correctly realizing the goal of ranked keyword search. Extensive experimental results demonstrate the efficiency of the proposed solution.

Chuang Li,Chunxiang Xu,Shanshan Li,Kefei Chen,Yinbin Miao

DOI: https://doi.org/10.1109/tcc.2021.3071779

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:With cloud services, data users can retrieve encrypted data while preserving data confidentiality. However, this new paradigm suffers from many security concerns. A major concern is how to avoid insider Keyword-Guessing Attacks (KGA), which implies that the internal attackers can guess the candidate keywords successfully in an off-line manner. To address this issue, recently, two verifiable searchable encryption schemes (published in IEEE Transactions on Cloud Computing, doi: 10.1109/TCC.2020.2989296) in cloud storage were proposed which enjoys many desirable features. In this letter, we demonstrate that the schemes are insecure against insider keyword-guessing attack. Specifically, we show that the adversary can derive the keywords in an off-line manner.

computer science, information systems, theory & methods

Yuan Zhang,Chunxiang Xu,Jianbing Ni,Hongwei Li,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/tcc.2019.2923222

IF: 5.697

2021-10-01

IEEE Transactions on Cloud Computing

Abstract:Cloud storage enables users to outsource data to storage servers and retrieve target data efficiently. Some of the outsourced data are very sensitive and should be prevented for any leakage. Generally, if users conventionally encrypt the data, searching is impeded. Public-key encryption with keyword search (PEKS) resolves this tension. Whereas, it is vulnerable to keyword guessing attacks (KGA), since keywords are low-entropy. In this paper, we present a secure PEKS scheme called SEPSE against KGA, where users encrypt keywords with the aid of dedicated key servers via a threshold and oblivious way. SEPSE supports key renewal to periodically replace an existing key with a new one on each key server to thwart the key compromise. Furthermore, SEPSE can efficiently resist online KGA, where each keyword request made by a user is integrated into a transaction on a public blockchain (e.g., Ethereum), which allows key servers to learn the number of keyword requests made by the user without requiring a synchronization between them for per-user rate limiting. Security analysis and performance evaluation demonstrate that SEPSE provides a stronger security guarantee compared with existing schemes, at the expense of acceptable computational costs.

computer science, information systems, theory & methods

Ling Huaze,Xue Kaiping,Wei David S.L.,Li Ruidong

DOI: https://doi.org/10.52396/JUST-2021-0071

2021-01-01

Journal of University of Science and Technology of China

Abstract:As more and more enterprises and individuals choose to outsource their encrypted private data to the cloud, Searchable Encryption ( SE) , which solves the issue of keyword-searching over encrypted data, is becoming much more important. To overcome typos and semantic diversity existing in query requests, fuzzy search is introduced to achieve a misspelling-tolerate search-supported encryption scheme. However, current schemes of fuzzy search over encrypted data not only bring in high computing and communication overhead in multi-user scenarios but also are unable to cover all kinds of error types under the premise of an effective accuracy. In this paper, we thus propose a multi-user multi-keyword fuzzy searchable encryption scheme. Specifically, we introduce the permuterm index to support multi-keyword wildcard search which can solve more kinds of misspelling with a higher degree of correctness. Moreover, by letting the cloud server re-encrypt indexes user encrypt, our scheme supports unshared-key multi-user fuzzy search, reducing users ' computing overhead effectively and improving the level of privacy-preserving. The results of experiments demonstrate that, compared with existing schemes, our scheme not only has a better accuracy rate, but also supports more varieties of misspelling keyword search with acceptable computational overhead.

Boshen Shan,Yuanzhi Yao,Weihai Li,Xiaodong Zuo,Nenghai Yu

DOI: https://doi.org/10.1109/trustcom56396.2022.00189

2022-01-01

Abstract:Due to the increasing popularity of cloud computing and privacy preservation concerns, sensitive data should be encrypted before outsourcing to the cloud and data utilization becomes a challenging issue. Searchable encryption (SE) is a promising technique to address this problem. Most existing searchable encryption schemes only support accurate keyword but fuzzy keyword search schemes are appreciated in practice. Moreover, in some application scenarios like the video on demand systems, data owners only hope to give the access of their data to those who have payed but authenticated user identity may often change. Therefore, dynamic user attribute updating should be considered. To solve about issues, we propose a fuzzy secure keyword search scheme over encrypted cloud data with dynamic fine-grained access control. We design a novel fuzzy keyword index to retrieve corresponding documents. To reduce the computation cost, the cloud server selects most relevant top-k documents and return them to the data users. The ciphertextpolicy attribute based encryption (CP-ABE) technique is introduced to implement fine-grained access control. Meanwhile, the basic CP-ABE is improved to meet the practical need of user attribute updating. Extensive security and performance analysis demonstrates that our proposed scheme is highly efficient and can satisfy the security requirements for fuzzy keyword search over encrypted cloud data.

Yilei Wang,Wenyi Bao,Yang Zhao,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.6633/ijns.201605.18(3).09

2016-01-01

Abstract:With the continuous development of cloud computing, more and more sensitive data needs to be centrally stored in the cloud storage. For protecting the privacy of data, sensitive data must be encrypted before being outsourced to the server. The traditional PEKS (Public Encryption Keyword Search) enables users to search data by using keywords in the condition of encryption, however, it not only needs the security channel but also tolerates the huge pairing-computation. Although the pairing-free public key encryption with keyword search has been proposed, it can not support fuzzy keyword search and this drawback greatly reduces the usability of the system. In this paper, the proposed scheme features three good aspects: First, the keywords and data have been encrypted under the server's public key and thus the secure channel of the keywords transmission has been eliminated in the sense that the outside attackers cannot obtain any information related to the keywords without the knowledge of the server's private key. Second, our scheme not only supports accurate keyword search encryption but also supports the search when the keywords input have any spelling mistakes or format inconsistencies, which significantly improved the availability of the system. Finally, the proposed scheme is constructed on the El Gamal encryption instead of the bilinear-pairing encryption, which greatly improve the computational efficiency.

Jie Niu,Xuelian Li,Juntao Gao,Yue Han

DOI: https://doi.org/10.1109/jiot.2019.2956322

IF: 10.6

2020-02-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) makes our life more intelligent. Its combination with the cloud server can solve big data processing problems to meet users' needs and bring us great convenience. However, there are two challenges we need to face: data sharing and key leakage. To solve the above challenges, attribute-based encryption (ABE) is used to achieve data sharing combined with searchable encryption (SE). Most of the existing attribute-based searchable encryption (SE) schemes are inefficient and not suitable for IoT devices because of the large amount of attributes and keys. The key-leakage problem is serious in practice which very little literature focused on it. In order to address both problems, in this article, we propose a key aggregation searchable encryption (KASE) scheme based on the blockchain with auxiliary input (AI), which is capable of achieving secure data sharing on the encrypted data. Our scheme is presented through a novel chosen plaintext attack (CPA) secure scheme. We prove our scheme is chosen ciphertext attack (CCA) secure against key leakage under the decisional Diffie–Hellman assumption and Goldreich–Leivin theorem. Moreover, we adopt the proposed scheme to establish a data-sharing system based on blockchain, which improves search efficiency and connects the global ecology. In addition, extensive performance evaluations are conducted, and the results indicate our scheme is really efficient in cloud-computing-enhanced IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yinbin Miao,Jianfeng Ma,Ximeng Liu,Zhiquan Liu,Limin Shen,Fushan Wei

DOI: https://doi.org/10.1007/s12083-016-0487-7

2016-08-15

Abstract:The advantages of cloud computing encourage individuals and enterprises to outsource their local data storage and computation to cloud server, however, data security and privacy concerns seriously hinder the practicability of cloud storage. Although searchable encryption (SE) technique enables cloud server to provide fundamental encrypted data retrieval services for data-owners, equipping with a result verification mechanism is still of prime importance in practice as semi-trusted cloud server may return incorrect search results. Besides, single keyword search inevitably incurs many irrelevant results which result in waste of bandwidth and computation resources. In this paper, we are among the first to tackle the problems of data-owner updating and result verification simultaneously. To this end, we devise an efficient cryptographic primitive called as verifiable multi-keyword search over encrypted cloud data for dynamic data-owner scheme to protect both data confidentiality and integrity. Rigorous security analysis proves that our scheme is secure against keyword guessing attack (KGA) in standard model. As a further contribution, the empirical experiments over real-world dataset show that our scheme is efficient and feasible in practical applications.

computer science, information systems,telecommunications

Zhenhua Chen,Shundong Li,Qiong Huang,Yilei Wang,Sufang Zhou

DOI: https://doi.org/10.1002/cpe.3754

2016-01-01

Concurrency and Computation Practice and Experience

Abstract:SummaryFor fine‐grained data access control in cloud computing, for the first time, we introduce a new concept called restricted proxy re‐encryption with keyword search, which combines the function of proxy re‐encryption with keyword search and that of threshold cryptosystem. To demonstrate this concept, we present the formal syntax for restricted proxy re‐encryption with keyword search, the security model, and a concrete construction. In our scheme, we take advantage of the techniques of threshold cryptosystem to restrict the capacity of the proxy cloud server, and in the meantime, we let the proxy cloud server can only re‐encrypt the data containing a specified keyword, which matches the trapdoor from delegatee to provide an accurate access control for users. While in this process, the proxy cloud server learns nothing about the contents of data and keyword. Our scheme is proved to be semantically secure under the modified bilinear Diffie–Hellman assumption and the q‐decisional bilinear Diffie–Hellman inversion assumption in the random oracle model. Finally, we apply the techniques in our scheme to some practical problems. Copyright © 2016 John Wiley & Sons, Ltd.

Sunaina Bagga

DOI: https://doi.org/10.55524/ijircst.2021.9.6.69

2021-11-01

Abstract:Numerous firm’s architectures management of data guarantees substantially alter method, gain access to maintain private commercial business. Occur additional facts protection problems. Existing statistics safety methods have limits in preventing records legal assaults, in particular these performed by utilizing companion diploma business executives to the cloud dealer to monitor data get right of entry to within the cloud and find out unusual records get right of entry to. Sorts require method of building a machine robust protection privateer’s statistic through files person team customer’s technique much documents. Not simply the encryption keys but also the search keys need to be utilized and consumers have to keep their keys resistant and disseminated. The cutting-edge current gadget the place the facts proprietor can solely share one key with the user, whether or not it is any kind of document, massive or small variety of documents, and the function of the person is to cross a lure in the cloud of overall performance checking out and safety evaluation of shared documents, which is an impenetrable and superb proposed gives schemes. And consumers are also extremely concerned about data sharing storage, inexplicable information leak in the cloud, and harmful attackers. In the article, an experiment is done to format a method for encryption for impenetrable statistics allocation.

Ye Li,Mengen Xiong,Junling Yuan,Qikun Zhang,Hongfei Zhu

DOI: https://doi.org/10.3390/electronics13163236

IF: 2.9

2024-08-16

Electronics

Abstract:In edge–cloud collaboration scenarios, data sharing is a critical technological tool, yet smart devices encounter significant challenges in ensuring data-sharing security. Attribute-based keyword search (ABKS) is employed in these contexts to facilitate fine-grained access control over shared data, allowing only users with the necessary privileges to retrieve keywords. The implementation of secure data sharing is threatened since most of the current ABKS protocols cannot resist keyword guessing attacks (KGAs), which can be launched by an untrusted cloud server and result in the exposure of sensitive personal information. Using attribute-based encryption (ABE) as the foundation, we build a secure data exchange paradigm that resists KGAs in this work. In our paper, we provide a secure data-sharing framework that resists KGAs and uses ABE as the foundation to achieve fine-grained access control to resources in the ciphertext. To avoid malicious guessing of keywords by the cloud server, the edge layer computes two encryption session keys based on group key agreement (GKA) technology, which are used to re-encrypt the data user's secret key of the keyword index and keyword trapdoor. The model is implemented using the JPBC library. According to the security analysis, the model can resist KGAs in the random oracle model. The model's performance examination demonstrates its feasibility and lightweight nature, its large computing advantages, and lower storage consumption.

engineering, electrical & electronic,computer science, information systems,physics, applied