A fine-grained authorized keyword secure search scheme with efficient search permission update in cloud computing

Abstract

With the rapid development of cloud computing, secure search has become a hot research spot, which is a promising technique that allows a data user to perform privacy-preserving keyword-based search over encrypted cloud data. In this paper, we further consider the secure search problem based on a practical application scenario that a data owner needs to grant different keyword query permissions for different data users to achieve flexible access control on outsourced encrypted data in the cloud computing environment. To address this problem, we propose a fine-grained authorized keyword secure search scheme by leveraging the ciphertext policy attribute-based encryption (ABE), which not only supports privacy-preserving keyword-based search over encrypted data, but also inherits flexible and fine-grained data privilege control properties of ABE. Moreover, our proposed scheme is able to achieve fine-grained search permission update with very small communication and computation cost. By running the attribute revocation sub-protocol and attribute addition sub-protocol, the data owner can flexibly and efficiently update a data user’s keyword search permissions when the data user’s system role changes. We provide detailed performance analysis and rigorous security proof for our scheme. Extensive experiments demonstrate the correctness and practicality of the proposed scheme.