Multi-Key Similar Data Search on Encrypted Storage With Secure Pay-Per-Query

Abstract

Many commercial cloud service providers (CSPs) adopt pay-per-query pricing models, in which data owners are charged based on the amount of data scanned by each query. In such a data sharing model, not only the privacy preservation for the data and queries but also the trustworthiness of the underlying billing system is of the utmost importance. In this paper, we revisit multi-key searchable encryption (MKSE), an efficient and secure data search algorithm allowing a data owner to grant users the ability to retrieve data of interest over the outsourced, encrypted datasets. We first investigate which factor in existing MKSE schemes renders authorized users over-privileged such that, without risking their credits (e.g., leaking the private keys and/or the passwords for their accounts associated with a project where the shared data resides), they can allow unauthorized users to make valid queries. Unfortunately, this concern may be devastating because the queries made by unauthorized users would incur unexpected financial damage to the owner in practical pay-per-query models. We then propose a novel multi-key data search scheme that is resilient to unauthorized queries. The proposed scheme features a novel user authorization mechanism that carefully limits user privilege such that even an authorized user cannot illegally invite unauthorized users to query unless he entirely leaks his credit. We demonstrate the proposed scheme is comparable to prior work in terms of performance while achieving a higher level of security.