Jianfei Sun,Hu Xiong,Xuyun Nie,Yinghui Zhang,Pengfei Wu

DOI: https://doi.org/10.1109/tdsc.2019.2953744

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recently in the IEEE Transactions on Dependable and Secure Computing (doi: 10.1109/TDSC.2019.28976752019), Miao et al. proposed a novel construction of Privacy-Preserving Attribute-Based Keyword Search in Shared Multi-owner Setting (ABKS-SM), which can delegate keyword search tasks to cloud server provider (CSP) without revealing any useful information. Although the authors claimed that the offline keyword guessing attacks can be resisted in ABKS-SM scheme, we show that this scheme indeed suffers from four types of offline keyword guessing attacks and hence fails to gain the claimed security property, which is an important goal to be achieved in searchable encryption schemes. Specifically, given the concrete attacks, we demonstrate that the underlying keyword information can be extracted from both encrypted keyword indexes and trapdoors by any malicious user and any adversarial CSP. We hope that the similar security vulnerabilities could be avoided in the future design of related searchable encryption schemes.

computer science, information systems, software engineering, hardware & architecture

Fucai Luo,Haiyan Wang,Changlu Lin,Xingfu Yan

DOI: https://doi.org/10.1109/tifs.2023.3301740

IF: 7.231

2023-08-19

IEEE Transactions on Information Forensics and Security

Abstract:The widespread adoption of cloud computing and the exponential growth of data highlight the need for secure data sharing and querying. Attribute-based keyword search (ABKS) has emerged as an efficient means of searching encrypted data stored in the cloud. However, existing ABKS schemes incur high end-to-end delay and are vulnerable to quantum computer attacks and/or (insider) keyword guessing attacks (KGA). To address these vulnerabilities, this paper introduces a new concept called attribute-based authenticated encryption with keyword search (ABAEKS) and proposes an efficient ABAEKS scheme. Our ABAEKS has low end-to-end delay, and is resistant to both quantum computer attacks and (insider) KGA. In addition, we formalize the security model of ABAEKS system and prove its security in the random oracle model. Finally, we conduct a comprehensive performance evaluation of ABAEKS, and the experimental results show that our ABAEKS is computationally efficient and outperforms current state-of-the-art ABKS schemes.

computer science, theory & methods,engineering, electrical & electronic

Jingwei Wang,Xinchun Yin,Jianting Ning,Geong Sen Poh

DOI: https://doi.org/10.1007/978-3-030-14234-6_26

2018-01-01

Abstract:Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology and a key component that enable secure data sharing in a cloud environment through fine-grained access control. Since it was introduced, many interesting schemes have been proposed. However, in addition to managing data sharing through access control, a comprehensive scheme should also cater for user revocation and ciphertext queries. This is because in a cloud environment new users may join while existing users may leave the system. At the same time, given the potentially large amount of data stored in a cloud storage, user should be able to retrieve the required files efficiently in a privacy-preserving manner. To address the above issue, in this paper, we propose a practical searchable CP-ABE scheme supporting user revocation. In contrast to existing schemes that provide only single keyword query, our efficient search function provides conjunctive search, which allows user to locate a ciphertext related to a set of keywords. The computation overhead of our user revocation is at least on par with existing schemes. Besides, the security analysis indicates that the proposed scheme is secure under the decisional Bilinear Diffie-Hellman assumption. We also provide extensive experimental results to confirm the efficiency and feasibility of our proposed construction.

Haijiang Wang,Xiaolei Dong,Zhenfu Cao,Dongmei Li

DOI: https://doi.org/10.1093/comjnl/bxy031

2018-01-01

The Computer Journal

Abstract:Attribute-based encryption with keyword search (ABKS) is a system that supports keyword search and access control. By inheriting from attribute-based encryption technology, most current ABKS schemes incur large computation costs in encryption phase and keyword search phase. In a typical implementation, the size of ciphertext is proportional to the number of attributes associated with the access policy, so that the keyword search time and the decryption time are proportional to the number of attributes used in the access policy. To deal with the above problem, we present a new ciphertext-policy attribute-based encryption with fast keyword search scheme. Our scheme preserves the fine-grained access control inherited from the ABE system while supporting hidden policy and fast keyword search. In particular, the proposed scheme can efficiently support AND-gate access policy with multiple attribute values. Moreover, our scheme features multi-value-independent which have constant computation costs compared with the existing ABKS schemes. With the "aggregation" technique, the keyword search phase only needs three pairings, which is a great advantage over previous ABKS schemes. We offer rigorous security proof of our scheme, and the performance analysis demonstrates the efficiency of our scheme.

Jiguo Li,Min Wang,Yang Lu,Yichen Zhang,Huaqun Wang

DOI: https://doi.org/10.1016/j.csi.2020.103471

2021-02-01

Abstract:<p>In order to guarantee security and privacy of sensitive data, attribute-based keyword search (ABKS) enables data owners to upload their encrypted data to cloud servers, and authorizes intended data users to retrieve it. Meanwhile, ABKS outsources heavy search work to cloud servers, which makes ABKS adaptive to mobile computing environment. However, as cloud servers can both generate keyword ciphertexts and run search algorithm, the existing most ABKS schemes are vulnerable to keyword guessing attack. In this paper, we show the fundamental cause that the existing ABKS schemes do not resist keyword guessing attack is any entity can generate keyword ciphertext. To solve the above problem, in the phase of keyword ciphertext generation, we use private key of data owner to sign keyword prior to generating keyword ciphertext. Therefore, any other entity does not forge keyword ciphertext, which can resist keyword guessing attack. We give the formal definition and security model of attributed-based keyword search secure against keyword guessing attack (ABKS-SKGA). Furthermore, we provide an ABKS-SKGA scheme. The ABKS-SKGA scheme is proved secure against chosen-plaintext attack (CPA). Performance analysis shows that the proposed scheme is practical.</p>

computer science, software engineering, hardware & architecture

Xu Yang,Qiuhao Wang,Saiyu Qi,Ke Li,Jianfeng Wang,Wenjia Zhao,Yong Qi

DOI: https://doi.org/10.1109/tnse.2024.3445343

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Data outsourcing is a key service of cloud computing. While data encryption ensures confidentiality, it limits the ability to search encrypted data. Recently, ciphertext-policy attribute-based keyword search(CP-ABKS)schemes, which combine symmetric searchable encryption (SSE) and ciphertext policy attribute-based encryption (CP-ABE), have gained attention. However, most CP-ABKS schemes depend on an independent key management server (KMS) for key distribution, risking key leakage if the KMS is compromised. Additionally, these schemes lack secure update operations and efficient search result verification. To address these issues, we propose VKSA, a verifiable encrypted keyword search scheme with authorization for cloud-based multi-client environments. VKSA features a novel policy-hidden index for proxy-free authorized searches, a state-based secure update strategy for forward and backward security, and a delegated search result verification mechanism to ensure efficient and privacy-preserving verification. We further optimize VKSA for improved computational and enclave-storage efficiency. Security analysis and experiments confirm the security and efficiency of our schemes.

Ye Li,Mengen Xiong,Junling Yuan,Qikun Zhang,Hongfei Zhu

DOI: https://doi.org/10.3390/electronics13163236

IF: 2.9

2024-08-16

Electronics

Abstract:In edge–cloud collaboration scenarios, data sharing is a critical technological tool, yet smart devices encounter significant challenges in ensuring data-sharing security. Attribute-based keyword search (ABKS) is employed in these contexts to facilitate fine-grained access control over shared data, allowing only users with the necessary privileges to retrieve keywords. The implementation of secure data sharing is threatened since most of the current ABKS protocols cannot resist keyword guessing attacks (KGAs), which can be launched by an untrusted cloud server and result in the exposure of sensitive personal information. Using attribute-based encryption (ABE) as the foundation, we build a secure data exchange paradigm that resists KGAs in this work. In our paper, we provide a secure data-sharing framework that resists KGAs and uses ABE as the foundation to achieve fine-grained access control to resources in the ciphertext. To avoid malicious guessing of keywords by the cloud server, the edge layer computes two encryption session keys based on group key agreement (GKA) technology, which are used to re-encrypt the data user's secret key of the keyword index and keyword trapdoor. The model is implemented using the JPBC library. According to the security analysis, the model can resist KGAs in the random oracle model. The model's performance examination demonstrates its feasibility and lightweight nature, its large computing advantages, and lower storage consumption.

engineering, electrical & electronic,computer science, information systems,physics, applied

Kai Zhang,Zhe Jiang,Jianting Ning,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2022.3172627

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Secure cloud search service allows resource-constrained clients to effectively search over encrypted cloud storage. Towards enabling owner-enforced search authorization, the notion of attribute-based keyword search (ABKS) has been introduced and widely deployed in practice. To enhance traditional security of ABKS, two state-of-the-art solutions are presented to address keyword guessing attacks or setup inconsistency for secret key. Nevertheless, they have not simultaneously considered the following threats to a data user: (i) inconsistent secret key/cipher-index caused by outside dishonest authority and/or data owner; (ii) algorithm substitution attacks (ASA) launched by inside adversarial eavesdropping. These attacks may unfortunately lead to cloud data breach and user information exposure. To tackle such outside and inside threats, we introduce subversion-resistance and consistency for secure and fine-grained cloud document search services. In particular, we propose a consistent ABKS system with cryptographic reverse firewalls (CRF). Technically, we refer to verifiable functional encryption and employ non-interactive zero-knowledge proofs of discrete logarithm equality to ensure strong input consistency for ABKS. In addition, we build a trusted CRF zone for sanitizing algorithm outputs against ASA attacks. Moreover, we formalize the security model and formally prove security of our system. To clarify practical performance, we implement state-of-the-art solutions and our system in real cloud environment based on Enron dataset. The results show that our system achieves more enhanced security properties without obviously sacrificing performance. In particular, our system achieves comparable time and storage cost for document-index encryption and document search, as compared to state-of-the-art solutions.

Raylin Tso,Kaibin Huang,Yu-Chi Chen,Sk Md Mizanur Rahman,Tsu-Yang Wu

DOI: https://doi.org/10.1109/access.2020.3017745

IF: 3.9

2020-01-01

IEEE Access

Abstract:Chen et al. indicated the inner keyword guessing attack coming from the low entropy of keywords, which eliminates the semantic security of most keyword search schemes. Then, they accordingly propose the first dual-server PEKS scheme (abbreviated as DS-PEKS) and its related security models to prevent such attacks. In the DS-PEKS architecture, two non-collusive servers must corporate to execute the keyword search procedure. No individual server has the capability of determining the equivalence between keywords alone, and thus the inner keyword guessing attacks can be avoided. In this article, we found that the security models are lack of soundness and strength, so our first result is to define new stronger and sounder security models which implies all security aspects of original models. Secondly, we also propose a generic construction of DS-PEKS schemes based on IND-CCA2 secure PKE schemes. Finally, we analyze the newly proposed DS-PEKS scheme, and proof its security with the stronger models based on the IND-CCA2 security in the standard model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.3390/info14030142

2023-01-01

Information

Abstract:Transforming data into ciphertexts and storing them in the cloud database is a secure way to simplify data management. Public key encryption with keyword search (PEKS) is an important cryptographic primitive as it provides the ability to search for the desired files among ciphertexts. As a variant of PEKS, certificateless public key authenticated encryption with keyword search (CLPAEKS) not only simplifies certificate management but also could resist keyword guessing attacks (KGA). In this paper, we analyze the security models of two recent CLPAEKS schemes and find that they ignore the threat that, upon capturing two trapdoors, the adversary could directly compare them and distinguish whether they are generated using the same keyword. To cope with this threat, we propose an improved security model and define the notion of strong trapdoor indistinguishability. We then propose a new CLPAEKS scheme and prove it to be secure under the improved security model based on the intractability of the DBDH problem and the DDH problem in the targeted bilinear group.

Lixue Sun,Chunxiang Xu

DOI: https://doi.org/10.1109/compcomm.2017.8322780

2017-01-01

Abstract:Attribute-based encryption with keyword search (ABKS) enables data owners to delegate the keyword search ability to other users complying with the specified access control policy. However, most existing ABKS schemes cannot guarantee the privacy of the access structures, which may contain sensitive information. Furthermore, current ABKS schemes are designed for single-keyword searches, which may affect the user's experience in practical application. To solve these problems, we propose a novel primitive named hidden policy ciphertext-policy attribute based encryption with conjunctive keyword search (HP-CPABCK). In addition to supporting conjunctive keyword search, HP-CPABCK makes the data user learn nothing about the access structure if his/her attribute cannot satisfy the access control policy specified by the data owner. Moreover, the data owner designates a server to perform the test operation in HP-CPABCK to resist off-line keyword guessing attacks. We formulate a security model for the proposed HP-CPABCK scheme, and show its security in the standard model. Finally, the performance evaluation demonstrate the applicability of our scheme.

Yinbin Miao,Robert H. Deng,Kim-Kwang Raymond Choo,Ximeng Liu,Jianting Ning,Hongwei Li

DOI: https://doi.org/10.1109/TDSC.2019.2940573

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Ciphertext-Policy Attribute-Based Keyword Search (CP-ABKS) schemes support both fine-grained access control and keyword-based ciphertext retrieval, which make these schemes attractive for resource-constrained users (i.e., mobile or wearable devices, sensor nodes, etc.) to store, share and search encrypted data in the public cloud. However, ciphertext length and decryption overhead in the existing CP-ABKS schemes grow with the complexity of access policies or the number of data users' attributes. Moreover, such schemes generally do not consider the practical multi-owner setting (e.g., each file needs to be signed by multiple data owners before being uploaded to the cloud server) or prevent malicious cloud servers from returning incorrect search results. To overcome these limitations, in this paper we first design an optimized Verifiable Fine-grained Keyword Search scheme in the static Multi-owner setting (termed as basic VFKSM), which achieves short ciphertext length, fast ciphertext transformation, accelerated search process, and authentic search result verification. Then, we extend the basic VFKSM to support multi-keyword search and multi-owner update (also called as extended VFKSM). Finally, we prove that the basic (or extended) VFKSM resists the Chosen-Keyword Attack (CKA) and external Keyword-Guessing Attack (KGA). We also evaluate the performance of these schemes using various public datasets.

Shangping Wang,Xiaoxue Zhang,Yaling Zhang

DOI: https://doi.org/10.1371/journal.pone.0167157

IF: 3.7

2016-11-29

PLoS ONE

Abstract:Cipher-policy attribute-based encryption (CP-ABE) focus on the problem of access control, and keyword-based searchable encryption scheme focus on the problem of finding the files that the user interested in the cloud storage quickly. To design a searchable and attribute-based encryption scheme is a new challenge. In this paper, we propose an efficiently multi-user searchable attribute-based encryption scheme with attribute revocation and grant for cloud storage. In the new scheme the attribute revocation and grant processes of users are delegated to proxy server. Our scheme supports multi attribute are revoked and granted simultaneously. Moreover, the keyword searchable function is achieved in our proposed scheme. The security of our proposed scheme is reduced to the bilinear Diffie-Hellman (BDH) assumption. Furthermore, the scheme is proven to be secure under the security model of indistinguishability against selective ciphertext-policy and chosen plaintext attack (IND-sCP-CPA). And our scheme is also of semantic security under indistinguishability against chosen keyword attack (IND-CKA) in the random oracle model.

WeiDong Zhong,Xu An Wang,Ziqing Wang,Yi Ding

DOI: https://doi.org/10.1109/CIS.2011.217

2011-01-01

Abstract:Proxy re-encryption (PRE) allows a proxy to transform a cipher text for Alice (delegator) to be the one which can be decrypted by Bob (delegatee). Since it is introduced by Blaze et al. in 1998, many variants of PRE have been proposed. In this paper, we concentrate on two of them: anonymous conditional proxy re-encryption (ACPRE) and constrained proxy re-encryption with keyword search (PRES). Conditional proxy re-encryption (CPRE) is a primitive which only allows those cipher texts satisfying the condition can be re-encrypted correctly by the proxy. Anonymous conditional proxy re-encryption (ACPRE) requires the proxy not knowing which condition the cipher text associated with. PRES is a primitive which allows the proxy simultaneously re-encrypt and search the delegator's cipher text. Based on the PRES proposed by Shao et al., We show the definition of constrained proxy re-encryption with keyword search (CPRES), give its security models and discuss its potential applications. At last, based on a concrete ACPRE scheme, we construct a concrete CPRES scheme.

Axin Wu,Fagen Li,Xiangjun Xin,Yinghui Zhang,Jianhao Zhu

DOI: https://doi.org/10.1016/j.sysarc.2024.103104

IF: 5.836

2024-03-08

Journal of Systems Architecture

Abstract:Cloud storage offers data users relief from cumbersome management tasks and enhances overall efficiency. However, while it brings convenience, there is also the risk of privacy breaches. To address this, public-key encryption with keyword search (PEKE) presents a solution that balances efficiency, convenience, and security in the context of cloud storage. Nevertheless, PEKS is vulnerable to inside keyword guessing attacks and algorithm substitution attacks, posing a serious threat to its deployment. Cryptographic reverse firewall technique randomizes incoming messages to effectively defend against both types of attacks mentioned earlier through a gateway. However, this approach requires the gateway to store a random number for each keyword, increasing storage costs and potentially exposing keyword information. In response, we propose an improved scheme that inherits the remarkable properties of the method based on cryptographic reverse firewall. Additionally, the proposed scheme eliminates the need for gateways to store random numbers, reducing the management and storage burdens and supports multiple keywords for one document, a feature more aligned with real-world applications. Furthermore, we prove the security of the scheme, which achieves the same security goals as the existing scheme. Finally, we analyze the scheme s efficiency through theoretical analysis and performance evaluation, which demonstrates its efficiency.

computer science, software engineering, hardware & architecture

Zhirong Shen,Jiwu Shu,Wei Xue

DOI: https://doi.org/10.1109/jsen.2016.2634018

IF: 4.3

2016-01-01

IEEE Sensors Journal

Abstract:Cloud computing has become an increasingly popular service for data storage and processing. To keep users' data on the cloud from leaking to unauthorized users, probably including the cloud service providers, the data must be stored in an encrypted form. In the meantime, for data intended for sharing, an efficient access control must be provided. A common operation on the data is keyword search. Currently, search operation over encrypted search is performed at the cloud servers and access control for the in-cloud data is usually enforced by users. Separation of the two types of operations can lead to reduced efficiency and compromised privacy for users with a given set of access privileges to search over encrypted cloud data. In this paper, we study the problem of keyword search with access control over encrypted data in cloud computing. We first propose a scalable framework where user can use his attribute values and a search query to locally derive a search capability, and a file can be retrieved only when its keywords match the query and the user's attribute values can pass the policy check. Using this framework, we propose a novel scheme called KSAC. KSAC utilizes a recent cryptographic primitive called HPE to enforce fine-grained access control, perform multi-field query search, and support the derivation of the search capability. Intensive evaluations on real-world dataset are conducted to validate the applicability of the proposed scheme.

Qiang Cao,Yanping Li,Zhenqiang Wu,Yinbin Miao,Jianqing Liu

DOI: https://doi.org/10.1007/s11280-019-00671-3

2019-01-01

World Wide Web

Abstract:Cloud storage over the internet gives opportunities for easy data sharing. To preserve the privacy of sharing data, the outsourced data is usually encrypted. The searchable encryption technique provides a solution to find the target data in the encrypted form. And the public-key encryption with keyword search is regarded as a major approach for the searchable encryption technique. However, there are still several privacy leakage challenges for the further adoption of these major schemes. One is how to resist the keyword guessing attack which still leaks data user’s keywords privacy. Another is how to construct the access control policy to prevent illegal access of outsourced data sharing since illegal access always leak the privacy of user’s attribute. In our paper, we firstly try to design a novel secure keyword index to resist the keyword guessing attack from access pattern and search pattern. Second, we propose an attribute-based encryption scheme which supports an enhanced fine-grained access control search. This allows the authenticated users to access different data although their searching request contains the same queried keywords, and meanwhile unauthenticated users cannot get any attribute privacy information. Third, we give security proofs to show that the construction of keyword index is against keyword guessing attack from the access pattern and search pattern, and our scheme is proved to be IND-CPA secure (the indistinguishability under chosen plaintext attack) under the standard model. Finally, theoretical analyses and a series of experiments are conducted to demonstrate the efficiency of our scheme.

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Boshen Shan,Yuanzhi Yao,Weihai Li,Xiaodong Zuo,Nenghai Yu

DOI: https://doi.org/10.1109/trustcom56396.2022.00189

2022-01-01

Abstract:Due to the increasing popularity of cloud computing and privacy preservation concerns, sensitive data should be encrypted before outsourcing to the cloud and data utilization becomes a challenging issue. Searchable encryption (SE) is a promising technique to address this problem. Most existing searchable encryption schemes only support accurate keyword but fuzzy keyword search schemes are appreciated in practice. Moreover, in some application scenarios like the video on demand systems, data owners only hope to give the access of their data to those who have payed but authenticated user identity may often change. Therefore, dynamic user attribute updating should be considered. To solve about issues, we propose a fuzzy secure keyword search scheme over encrypted cloud data with dynamic fine-grained access control. We design a novel fuzzy keyword index to retrieve corresponding documents. To reduce the computation cost, the cloud server selects most relevant top-k documents and return them to the data users. The ciphertextpolicy attribute based encryption (CP-ABE) technique is introduced to implement fine-grained access control. Meanwhile, the basic CP-ABE is improved to meet the practical need of user attribute updating. Extensive security and performance analysis demonstrates that our proposed scheme is highly efficient and can satisfy the security requirements for fuzzy keyword search over encrypted cloud data.

Kaibin Huang,Raylin Tso

DOI: https://doi.org/10.1109/ivsw.2017.8031542

2017-07-01

Abstract:In public key encryption with keyword search (PEKS) framework, see Figure 1(a), the cloud server stores index $l_{w}$ and verifies the equivalence whether w=w&#x27; or not on receiving a keyword search request through a trapdoor $T_{w&#x27;}$. Aside from the traditional secrecy concerns over index, a new threat called inner keyword guessing attack which addressed the secrecy of trapdoors against off-line brute force attacks, was indicated by Chen et al. First, the index $I_{w}$ is publicly computable; second, the domain of keywords is not big enough to resist brute force attacks; and third, the cloud server can verify the equivalence between keywords of index and trapdoors by itself. As a curious server, on input a trapdoor $T_{w^{&#x27;}}$, the server can keep computing index with different keywords $w$ and tests the equivalence by itself until finding the keyword $w^{\prime}$ hidden in the trapdoors. That is, the secrecy of trapdoors can be easily broken. Furthermore, the ‘hacked trapdoor’ can be utilized to test all the index in the database, which indirectly impacts the secrecy of index. Chen et al. propose a dual-server PEKS (DS-PEKS) syntax to deal with this issue. There are a front server and a back server in their architecture (see Figure 1(b)) and the keyword search test is done by the co-operation of two servers. Assume that these two servers do not collude, the DS-PEKS scheme will be secure against offline inner keyword guessing attacks (although that the on-line inner keyword guessing attacks still work). However, several flaws occur in Chen et al.&#x27;s works so that the secrecy of index and trapdoors are not well-protected even against outside adversaries. In this work, we propose a new DS-PEKS construction based on the Cramer Shoup encryption, whose index and trapdoors are provably indistinguishable against chosen keyword attacks based on the IND-CCA2 security of the Cramer Shoup encryption without random oracle model.