Multi-user Searchable Encryption with Efficient Access Control for Cloud Storage

Abstract

Data encryption is an effective way to ensure the data security in the cloud. To make retrieval of such encrypted data easy for multiple users, searchable encryption in the multi-user setting is addressed. However, it introduces a new critical requirement: access control. Cipher text-Policy Attribute-Based Encryption (CP-ABE) is a promising technique to solve this issue, but it also faces several challenges, such as the inefficiency of decrypt able files search, attributes verification and decryption. In this paper, we propose a multiuser searchable encryption scheme with efficient access control for cloud storage, where the keyword index and trapdoor can be generated with the help of a proxy server. To achieve the efficient access control, we present the first solution to search the data that a user can decrypt by using the partial order relations. We also design a new method to verify each user's attributes without disclosing the relation of his identity and attributes. To reduce the decryption overhead, our scheme enables the users to delegate most CP-ABE decryption to the proxy server. Moreover, the security analysis and simulation results show that the proposed scheme is provably secure and highly efficient.