KASE-AKA: Key-aggregate keyword searchable encryption against keyword guessing attack and authorization abuse

Abstract

Key-Aggregate Searchable (KASE) can enable a data owner to delegate search rights over a set of data files to multiple users through a single aggregated authorization key in multi-user data sharing environments. Despite the elegance of the KASE concept, designing a KASE scheme that simultaneously prevents authorization from being abused and resists offline keyword guessing attacks is a formidable challenge. To respond the challenge, we propose a secure Key Aggregation Keyword Searchable Encryption against Keyword Guessing Attack and Authorization Abuse (KASE-AKA) scheme. Compared with existing KASE schemes, our KASE-AKA scheme has the following merits: (1) supporting dynamic update of user data search right through a user data search right list maintained by the semi-trust cloud server. (2) preventing the authorization from being abused since the authorization key (aggregate key) associates the user’s public key, a subset of access rights, and a common secret value that only the cloud and data owner can collaboratively generate. (3) providing resistance against offline keyword guessing attacks. Correctness proof, security analysis and performance evaluation demonstrate that the proposed KASE-AKA scheme is provably secure, highly efficient and more feasible in practical application scenarios.