Axin Wu,Fagen Li,Xiangjun Xin,Yinghui Zhang,Jianhao Zhu

DOI: https://doi.org/10.1016/j.sysarc.2024.103104

IF: 5.836

2024-03-08

Journal of Systems Architecture

Abstract:Cloud storage offers data users relief from cumbersome management tasks and enhances overall efficiency. However, while it brings convenience, there is also the risk of privacy breaches. To address this, public-key encryption with keyword search (PEKE) presents a solution that balances efficiency, convenience, and security in the context of cloud storage. Nevertheless, PEKS is vulnerable to inside keyword guessing attacks and algorithm substitution attacks, posing a serious threat to its deployment. Cryptographic reverse firewall technique randomizes incoming messages to effectively defend against both types of attacks mentioned earlier through a gateway. However, this approach requires the gateway to store a random number for each keyword, increasing storage costs and potentially exposing keyword information. In response, we propose an improved scheme that inherits the remarkable properties of the method based on cryptographic reverse firewall. Additionally, the proposed scheme eliminates the need for gateways to store random numbers, reducing the management and storage burdens and supports multiple keywords for one document, a feature more aligned with real-world applications. Furthermore, we prove the security of the scheme, which achieves the same security goals as the existing scheme. Finally, we analyze the scheme s efficiency through theoretical analysis and performance evaluation, which demonstrates its efficiency.

computer science, software engineering, hardware & architecture

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yilei Wang,Wenyi Bao,Yang Zhao,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.6633/ijns.201605.18(3).09

2016-01-01

Abstract:With the continuous development of cloud computing, more and more sensitive data needs to be centrally stored in the cloud storage. For protecting the privacy of data, sensitive data must be encrypted before being outsourced to the server. The traditional PEKS (Public Encryption Keyword Search) enables users to search data by using keywords in the condition of encryption, however, it not only needs the security channel but also tolerates the huge pairing-computation. Although the pairing-free public key encryption with keyword search has been proposed, it can not support fuzzy keyword search and this drawback greatly reduces the usability of the system. In this paper, the proposed scheme features three good aspects: First, the keywords and data have been encrypted under the server's public key and thus the secure channel of the keywords transmission has been eliminated in the sense that the outside attackers cannot obtain any information related to the keywords without the knowledge of the server's private key. Second, our scheme not only supports accurate keyword search encryption but also supports the search when the keywords input have any spelling mistakes or format inconsistencies, which significantly improved the availability of the system. Finally, the proposed scheme is constructed on the El Gamal encryption instead of the bilinear-pairing encryption, which greatly improve the computational efficiency.

Yunhong Zhou,Na Li,Yanmei Tian,Dezhi An,Licheng Wang

DOI: https://doi.org/10.3390/e22040421

2020-04-08

Abstract:With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.

Chang Xu,Ruijuan Wang,Liehuang Zhu,Chuan Zhang,Rongxing Lu,Kashif Sharif

DOI: https://doi.org/10.48550/arXiv.2203.13662

2022-03-25

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) supports keyword search over outsourced symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a variant of SSE, further enables data updating. Most DSSE works with conjunctive keyword search primarily consider forward and backward privacy. Ideally, the server should only learn the result sets involving all keywords in the conjunction. However, existing schemes suffer from keyword pair result pattern (KPRP) leakage, revealing the partial result sets containing two of query keywords. We propose the first DSSE scheme to address aforementioned concerns that achieves strong privacy-preserving conjunctive keyword search. Specifically, our scheme can maintain forward and backward privacy and eliminate KPRP leakage, offering a higher level of security. The search complexity scales with the number of documents stored in the database in several existing schemes. However, the complexity of our scheme scales with the update frequency of the least frequent keyword in the conjunction, which is much smaller than the size of the entire database. Besides, we devise a least frequent keyword acquisition protocol to reduce frequent interactions between clients. Finally, we analyze the security of our scheme and evaluate its performance theoretically and experimentally. The results show that our scheme has strong privacy preservation and efficiency.

Jianwei Li,Xiaoming Wang,Qingqing Gan,Fengling Wang

DOI: https://doi.org/10.1016/j.comcom.2022.04.026

IF: 5.047

2022-04-01

Computer Communications

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) allows users to outsource data with ciphertext format to untrusted servers and supports the operations of data adding and deleting, which is adopted in common usage by government and business. Recently, the primitive of Forward Privacy in DSSE has drawn great public interest owing to its beneficial feature, which is that it can guard against the newly uploaded files from linking to previous search tokens. However, most of existing Forward Private Searchable Encryption (FPSE) schemes focus on single-user environment, which means that only the users themselves can utilize the data, greatly limits the wide application in cloud computing. To our knowledge, it is difficult to migrate the FPSE schemes to multi-user network. First, to realize forward privacy, the data owner should share the entire key group to the legitimate users, which means the users have the privilege of tampering or deleting data rather than query only; secondly, some FPSE schemes use the special structures and can not be directly developed to multi-user network. Inspired by this, we present a scheme of multi-user forward private searchable encryption with dynamic authorization. The proposed scheme is based on a new structure of Multi-user State Chain and involves dynamic keyword-oriented authorization management. We prove our scheme can meet the secure characteristics, then conduct the performance evaluation and experiments. The results demonstrate that compared with the existing solutions, our scheme is superior in efficiency and practicability.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yuan Zhang,Chunxiang Xu,Jianbing Ni,Hongwei Li,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/tcc.2019.2923222

IF: 5.697

2021-10-01

IEEE Transactions on Cloud Computing

Abstract:Cloud storage enables users to outsource data to storage servers and retrieve target data efficiently. Some of the outsourced data are very sensitive and should be prevented for any leakage. Generally, if users conventionally encrypt the data, searching is impeded. Public-key encryption with keyword search (PEKS) resolves this tension. Whereas, it is vulnerable to keyword guessing attacks (KGA), since keywords are low-entropy. In this paper, we present a secure PEKS scheme called SEPSE against KGA, where users encrypt keywords with the aid of dedicated key servers via a threshold and oblivious way. SEPSE supports key renewal to periodically replace an existing key with a new one on each key server to thwart the key compromise. Furthermore, SEPSE can efficiently resist online KGA, where each keyword request made by a user is integrated into a transaction on a public blockchain (e.g., Ethereum), which allows key servers to learn the number of keyword requests made by the user without requiring a synchronization between them for per-user rate limiting. Security analysis and performance evaluation demonstrate that SEPSE provides a stronger security guarantee compared with existing schemes, at the expense of acceptable computational costs.

computer science, information systems, theory & methods

Pan Yang,Hongbo Li,Jianye Huang,Hao Zhang,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.future.2023.03.002

IF: 7.307

2023-01-01

Future Generation Computer Systems

Abstract:Public-key Authenticated Encryption with Keyword Search (PAEKS) is a cryptographic primitive that can resist inside keyword guessing attack (KGA). However, most of the previously proposed PAEKS frameworks suffered from certificate management problem and key escrow problem. Inspired by the ideas of certificate-based cryptography, we propose a secure-channel free certificateless searchable public key authenticated encryption with keyword search (SCF-CLPAEKS) scheme which sloves the key escrow problem in identity-based cryptosystems and the cumbersome certificate problem in conventional public key cryptosystems. Our scheme achieves security against keyword guessing attacks are performed by both inside and outside adversaries. Moreover, our scheme satisfies ciphertext indistinguishability (CI), trapdoor indistinguishability (TI), and designated testability simultaneously. The comparisons indicate that our SCF-CLPAEKS scheme enjoys a better performance compared with related schemes.

Venkata Bhikshapathi Chenam,Suneeth Yadav Tummala,Syed Taqi Ali

DOI: https://doi.org/10.1007/s12083-023-01618-2

IF: 3.488

2024-02-09

Peer-to-Peer Networking and Applications

Abstract:Public Key Encryption with Keyword Search (PEKS) is a promising cryptographic primitive that allows searching over encrypted data in secure data outsourcing services. Initially, several PEKS schemes were developed for conjunctive keyword search, but they relied on certain assumptions regarding keyword fields. To address this limitation, an Efficient Public-Key Encryption with Field-free Conjunctive Keyword Search (PEFCK) scheme was introduced in 2015. PEFCK enables conjunctive keyword search without any specific ordering of the keywords. However, PEFCK is vulnerable to keyword guessing attacks (KGA), which compromise its security. To overcome the KGA vulnerability, we propose a new scheme called Public Key Authenticated Encryption with Field-free Subset Conjunctive and Disjunctive Keyword Search (PAEFSCDKS), which leverages the mathematical concept of Lagrange Polynomials. This scheme incorporates three key features: 1) Sender Authentication: The sender encrypts the keywords using both the receiver's public key and its private key, ensuring sender authenticity and integrity. 2) Secure Channel-free: Unlike traditional approaches, our scheme does not require a secure channel to transfer data from the receiver to the cloud server. This eliminates the need for additional secure communication overhead. 3) Subset Conjunctive and Disjunctive Keyword Search: The receiver can perform queries that involve both subset conjunctive and disjunctive keywords, enabling more flexible and powerful searches. Furthermore, we demonstrate that our proposed scheme achieves provable security under index indistinguishability and trapdoor indistinguishability against both internal and external adversaries. Finally, through performance analysis, we show that our proposed scheme outperforms similar PEKS schemes in terms of both theoretical and experimental evaluations.

computer science, information systems,telecommunications

Yu Chen,Jiajun Huang,Mingwu Zhang

DOI: https://doi.org/10.1109/JSYST.2020.2997932

IF: 4.802

2021-06-01

IEEE Systems Journal

Abstract:Cloud computing provides an appearing application for compelling vision in managing big-data files and responding queries over a distributed cloud platform. To overcome privacy revealing risks, sensitive documents and private data are usually stored in the clouds in a cipher-based manner. However, it is inefficient to search the data in traditional encryption systems. Searchable encryption is a useful cryptographic primitive to enable users to retrieve data in ciphertexts. However, the traditional searchable encryptions provide lower search efficiency and cannot carry out fuzzy multikeyword queries. To solve this issue, in this article, we propose a searchable encryption that supports privacy-preserving fuzzy multikeyword search (SE-PPFM) in cloud systems, which is built by asymmetric scalar-product-preserving encryptions and Hadamard product operations. In order to realize the functionality of efficient fuzzy searches, we employ Word2vec as the primitive of machine learning to obtain a fuzzy correlation score between encrypted data and queries predicates. We analyze and evaluate the performance in terms of token of multikeyword, retrieval and match time, file retrieval time and matching accuracy, etc. The experimental results show that our scheme can achieve a higher efficiency in fuzzy multikeyword ciphertext search and provide a higher accuracy in retrieving and matching procedure.

Computer Science

Boshen Shan,Yuanzhi Yao,Weihai Li,Xiaodong Zuo,Nenghai Yu

DOI: https://doi.org/10.1109/trustcom56396.2022.00189

2022-01-01

Abstract:Due to the increasing popularity of cloud computing and privacy preservation concerns, sensitive data should be encrypted before outsourcing to the cloud and data utilization becomes a challenging issue. Searchable encryption (SE) is a promising technique to address this problem. Most existing searchable encryption schemes only support accurate keyword but fuzzy keyword search schemes are appreciated in practice. Moreover, in some application scenarios like the video on demand systems, data owners only hope to give the access of their data to those who have payed but authenticated user identity may often change. Therefore, dynamic user attribute updating should be considered. To solve about issues, we propose a fuzzy secure keyword search scheme over encrypted cloud data with dynamic fine-grained access control. We design a novel fuzzy keyword index to retrieve corresponding documents. To reduce the computation cost, the cloud server selects most relevant top-k documents and return them to the data users. The ciphertextpolicy attribute based encryption (CP-ABE) technique is introduced to implement fine-grained access control. Meanwhile, the basic CP-ABE is improved to meet the practical need of user attribute updating. Extensive security and performance analysis demonstrates that our proposed scheme is highly efficient and can satisfy the security requirements for fuzzy keyword search over encrypted cloud data.

Qiong Huang,Peisen Huang,Hongbo Li,Jianye Huang,Hongyuan Lin

DOI: https://doi.org/10.1016/j.sysarc.2023.102839

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:To realize ciphertext retrieval without decryption in the public key settings, Boneh et al. in 2004 proposed a cryptographic primitive named Public-key Encryption with Keyword Search (PEKS) and proposed the first PEKS scheme. Following Boneh et al.’s work, various PEKS schemes were proposed; however, most schemes are vulnerable to inside keyword guessing attacks (IKGA). Huang and Li proposed a new primitive named Public-key Authenticated Encryption with Keyword Search (PAEKS) in 2017, which resists the IKGA in the setting of only one test server. Their main idea to resist IKGA is to require the data sender to authenticate the ciphertext while encrypting a keyword. However, in the era of big data, as the number of encrypted files increases, huge storage overhead and heavy retrieval costs become problems in PAEKS. In this paper, we proposed a new PAEKS scheme that costs low storage space and supports fast search. We introduced the ciphertext deduplication into PAEKS to reduce storage space and leveraged the inverted index to accelerate the retrieval process. We simulated the proposed scheme and several related schemes with a desktop computer. The experiment results show that our proposed scheme is of lower storage overhead and higher retrieval efficiency compared with related schemes.

Jin Li,Qian Wang,Cong Wang,Ning Cao,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/infcom.2010.5462196

2010-01-01

Abstract:As Cloud Computing becomes prevalent, more and more sensitive information are being centralized into the cloud. For the protection of data privacy, sensitive data usually have to be encrypted before outsourcing, which makes effective data utilization a very challenging task. Although traditional searchable encryption schemes allow a user to securely search over encrypted data through keywords and selectively retrieve files of interest, these techniques support only exact keyword search. That is, there is no tolerance of minor typos and format inconsistencies which, on the other hand, are typical user searching behavior and happen very frequently. This significant drawback makes existing techniques unsuitable in Cloud Computing as it greatly affects system usability, rendering user searching experiences very frustrating and system efficacy very low. In this paper, for the first time we formalize and solve the problem of effective fuzzy keyword search over encrypted cloud data while maintaining keyword privacy. Fuzzy keyword search greatly enhances system usability by returning the matching files when users' searching inputs exactly match the predefined keywords or the closest possible matching files based on keyword similarity semantics, when exact match fails. In our solution, we exploit edit distance to quantify keywords similarity and develop an advanced technique on constructing fuzzy keyword sets, which greatly reduces the storage and representation overheads. Through rigorous security analysis, we show that our proposed solution is secure and privacy-preserving, while correctly realizing the goal of fuzzy keyword search.

Ling Huaze,Xue Kaiping,Wei David S.L.,Li Ruidong

DOI: https://doi.org/10.52396/JUST-2021-0071

2021-01-01

Journal of University of Science and Technology of China

Abstract:As more and more enterprises and individuals choose to outsource their encrypted private data to the cloud, Searchable Encryption ( SE) , which solves the issue of keyword-searching over encrypted data, is becoming much more important. To overcome typos and semantic diversity existing in query requests, fuzzy search is introduced to achieve a misspelling-tolerate search-supported encryption scheme. However, current schemes of fuzzy search over encrypted data not only bring in high computing and communication overhead in multi-user scenarios but also are unable to cover all kinds of error types under the premise of an effective accuracy. In this paper, we thus propose a multi-user multi-keyword fuzzy searchable encryption scheme. Specifically, we introduce the permuterm index to support multi-keyword wildcard search which can solve more kinds of misspelling with a higher degree of correctness. Moreover, by letting the cloud server re-encrypt indexes user encrypt, our scheme supports unshared-key multi-user fuzzy search, reducing users ' computing overhead effectively and improving the level of privacy-preserving. The results of experiments demonstrate that, compared with existing schemes, our scheme not only has a better accuracy rate, but also supports more varieties of misspelling keyword search with acceptable computational overhead.

Xiaoguo Li,Tao Xiang,Peng Wang

DOI: https://doi.org/10.1016/j.jnca.2020.102755

IF: 7.574

2020-09-01

Journal of Network and Computer Applications

Abstract:<p>It is commonsense that the data should be encrypted by searchable encryption before being outsourced to the cloud for its confidentiality and availability. Most of existing studies focus on forward privacy, we initiate the study of forward unforgeability, which defines the time periods when files can be uploaded while the forward privacy defines the time periods when files can be queried. For example in log-files management, we should block the attackers from revising the logs of previous time periods. We find that forward unforgeability is helpful in dealing with the problem. However, it is still challenging to achieve forward unforgeability in case of searchable encryption. In this paper, we formalize the key exposure problem in keyword-field-free conjunctive keyword search (KFF-CKS) and define the forward unforgeability of KFF-CKS formally. Then we design a general framework where any forward unforgeable KFF-CKS scheme can be applied there for practical use. After that, we construct a novel KFF-CKS scheme with forward unforgeability (FU-KFF-CKS) under this framework. Furthermore, we formally prove the security properties of our FU-KFF-CKS under random oracle model and compare our construction with previous ones in a theoretical view. Finally, we conduct extensive experiments and the results validate the effectiveness and efficiency of the proposed FU-KFF-CKS.</p>

computer science, interdisciplinary applications, software engineering, hardware & architecture

Zhirong Shen,Jiwu Shu,Wei Xue

DOI: https://doi.org/10.1109/jsen.2016.2634018

IF: 4.3

2016-01-01

IEEE Sensors Journal

Abstract:Cloud computing has become an increasingly popular service for data storage and processing. To keep users' data on the cloud from leaking to unauthorized users, probably including the cloud service providers, the data must be stored in an encrypted form. In the meantime, for data intended for sharing, an efficient access control must be provided. A common operation on the data is keyword search. Currently, search operation over encrypted search is performed at the cloud servers and access control for the in-cloud data is usually enforced by users. Separation of the two types of operations can lead to reduced efficiency and compromised privacy for users with a given set of access privileges to search over encrypted cloud data. In this paper, we study the problem of keyword search with access control over encrypted data in cloud computing. We first propose a scalable framework where user can use his attribute values and a search query to locally derive a search capability, and a file can be retrieved only when its keywords match the query and the user's attribute values can pass the policy check. Using this framework, we propose a novel scheme called KSAC. KSAC utilizes a recent cryptographic primitive called HPE to enforce fine-grained access control, perform multi-field query search, and support the derivation of the search capability. Intensive evaluations on real-world dataset are conducted to validate the applicability of the proposed scheme.

Guiquan Yang,Sha Ma,Hongbo Li,Husheng Yang,Qiong Huang

DOI: https://doi.org/10.1007/978-981-97-0942-7_15

2024-01-01

Abstract:To efficiently and securely search encrypted files in cloud storage, Boneh et al. proposed the notion of Public Key Encryption with Keyword Search(PEKS) in 2004. However, original PEKS is susceptible to internal keyword guessing attacks(KGA) launched by server due to the limited keyword space. To resist this attack, Huang and Li introduced the notion of Public Key Authenticated Encryption with Keyword Search (PAEKS), which effectively resists KGA from server by additional authentication between the sender and receiver before encryption. Since both the sender and receiver can generate a common authentication key, a curious sender can use the authentication key to launch KGA, resulting in easily guessing keyword from a given trapdoor. To address this issue, we propose an improved security model for PAEKS that captures both offline KGA and online KGA launched by the curious sender. Then, we present a concrete Stronger Security Public Key Authenticated Encryption with Multi-keyword Search (S-PAEMKS) scheme, which not only supports multi-keyword search but also successfully counters KGA from curious senders. Finally, the experimental results show that our scheme achieves remarkable efficiency in the encryption phase and comparable efficiency in the trapdoor and testing phases.

Shuo Zhang,Qiaoyan Wen,Wenmin Li,Hua Zhang,Zhengping Jin

DOI: https://doi.org/10.3390/s20236962

IF: 3.9

2020-12-05

Sensors

Abstract:Internet of Things (IoT) and cloud computing are adopted widely in daily life and industrial production. Sensors of IoT equipment gather personal, sensitive and important data, which is stored in a cloud server. The cloud helps users to save cost and collaborate. However, the privacy of data is also at risk. Public-key encryption with keyword search (PEKS) is convenient for users to use the data without leaking privacy. In this article, we give a scheme of PEKS for a multi-user to realize the multi-keyword search at once and extend it to show a rank based on keywords match. The receiver can finish the search by himself or herself. With private cloud and server cloud, most users’ computing can be outsourced. Moreover, the PEKS can be transferred to a multi-user model in which the private cloud is used to manage receivers and outsource. The store cloud and the private cloud both obtain nothing with the keyword information. Then our IoT devices can easily run these protocols. As we do not use any pairing operations, the scheme is under more general assumptions that means the devices do not need to take on the heavy task of calculating pairing.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

YiHua Zhou,Bin Tang,YuGuang Yang

DOI: https://doi.org/10.1002/ett.4960

IF: 3.6

2024-03-22

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract Public key encryption with keyword search (PEKS) is able to enhance cloud data security. On the other hand, the existence of malicious cloud servers and untrusted central authorities, in addition the keyword space faces a low entropy, attackers often launch keyword guessing attacks (KGA), thereby leaking data privacy. Therefore, we use certificateless authentication and proxy re‐encryption technology to construct a lattice‐based verifiable PEKS scheme for Multi‐Data Users (MDU). Certificateless authentication can ensure that our scheme does not require key escrow, and proxy re‐encryption technology allows us to perform multi‐user authorization and use the verification block for data users to ensure the integrity of search results. Security research proves that, under the assumption that the learning with errors (LWE) problem is hard, the ciphertext is indistinguishable and resistant to KGA. Results from experiments show that our scheme is significantly more effective than current schemes.

telecommunications

Hongbo Li,Qiong Huang,Jianye Huang,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2022.3224308

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:To improve the quality of medical care and reduce unnecessary medical errors, electronic medical records (EMRs) are widely applied in hospital information systems. However, rapidly increasing EMRs bring heavy storage burden to hospitals. Professional data management service provided by cloud server can save the hospital local storage, and meanwhile, realize EMRs sharing among external researchers. However, the risk of leaking information of patients discourages hospitals to outsource patients’ EMRs to the remote cloud server. In this paper, a secure and efficient cloud storing and sharing method can be achieved by applying the proposed public key authenticated encryption with ciphertext update and keyword search (PAUKS). The proposed PAUKS scheme enables EMRs to be encrypted and queried without decryption, and is secure against inside keyword guessing attacks. Compared with the recently proposed PAEKS in literature, the PAUKS scheme enjoys smaller computation and communication overheads. The required number of trapdoors per query is constant in PAUKS scheme, instead of the linearly expanding as the number of senders increases in PAEKS. Furthermore, an inverted index can be built safely in PAUKS scheme to accelerate the query procedure. Experiment results show that our PAUKS scheme owns a comparable running overhead, but enjoys a higher query efficiency after ciphertexts update.