Multi-Client Boolean File Retrieval With Adaptable Authorization Switching for Secure Cloud Search Services

Abstract

Secure cloud search services provide a cost-effective way for resource-constrained clients to search encrypted files in the cloud, where data owners can customize search authorization. Despite providing fine-grained authorization, traditional attribute-based keyword search (ABKS) solutions generally support single keyword search. Towards expressive queries over encrypted data, multi-client searchable symmetric encryption (MC-SSE) was introduced. However, current search authorizations of existing MC-SSEs:(i) cannot support dynamic updating; (ii) are (semi-)black-box implementations of attribute-based encryption; (iii) incur significant cost during system initialization and file encryption. To address these limitations, we present AasBirch, an MC-SSE system with fast fine-grained authorization that supports adaptable authorization switching from one policy to any other one. AasBirch achieves constant-size storage and lightweight time cost for system initialization, file encryption and file searching. We conduct extensive experiments based on Enron dataset in real cloud environment. Compared to state-of-the-art MC-SSE with fine-grained authorization, AasBirch achieves 30∼200× smaller public parameter and secret key size, with the assumed least frequent keyword in a query ( <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">s</i> -term) as 21. Moreover, it runs 10∼20× faster for file encryption and >20× faster for file searching. In addition, AasBirch outperforms 80,000× (resp. 7,850×) faster with <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">s</i> -term = 1 (resp. = 21), as compared to classic dynamic ABKS system.