CP-ABSE: A Ciphertext-Policy Attribute-Based Searchable Encryption Scheme

Abstract

Searchable encryption provides an effective mechanism that achieves secure search over encrypted data. A popular application model of searchable encryption is that a data owner stores encrypted data to a server and the server can effectively perform keyword-based search over encrypted data according to a query trapdoor submitted by a data user, where the owner’s data and the user’s queries are kept secret in the server. Recently, many searchable encryptions have been proposed to achieve better security and performance, provide secure data updatable feature ( dynamics ), and search results verifiable capability ( verifiability ). However, most of the existing works endow the data user an unlimited search capacities and do not consider a data user’s search permissions. In practical application, granting search privileges for data users is a very important measure to enforce data access control. In this paper, we propose an attribute-based searchable encryption scheme by leveraging the ciphertext-policy attribute-based encryption technique. Our scheme allows the data owner to conduct a fine-grained search authorization for a data user. The main idea is that a data owner encrypts an index keyword under a specified access policy, if and only if, a data user’s attributes satisfy the access policy, the data user can perform search over the encrypted index keyword. We provide the detailed correctness analyses, performance analyses, and security proofs for our scheme. The extensive experiments demonstrate that our proposed scheme outperforms the similar work CP-ABKS proposed by Zheng on many aspects.