Attribute-based Keyword Search Schemes Research Articles

Verifiable attribute-based multi-keyword search scheme with sensitive information hiding for cloud-assisted e-healthcare sharing systems

Cloud-assisted e-healthcare sharing systems (EHSSs) play an increasingly pivotal role in the contemporary healthcare field. By outsourcing electronic medical records (EMRs) to the cloud, hospitals can alleviate local storage and management burdens while facilitating data sharing. Due to the highly sensitive nature of EMRs, encryption is necessary before storing them on the cloud. Attribute-based keyword search (ABKS) enables the privacy protection of EMRs with efficient search services. However, there remain some limitations in practical application. Firstly, most ABKS schemes only support single keyword queries, resulting in inaccurate results and wastage of computing and bandwidth resources. Secondly, since sensitive information within EMRs is encrypted as a whole, different data users (including internal doctors and external researchers) should have varying access rights to prevent leakage of this sensitive information. Thirdly, incorrect search results could lead to misdiagnosis or endanger patients' lives and affect researchers' decision-making processes. To effectively tackle these challenges, this paper proposes a verifiable attribute-based multi-keyword search scheme with sensitive information hiding (VABMKS-SIH) for cloud-assisted EHSSs, where we present a secure model for multi-keyword search with two-level access structure by incorporating an improved blindness filtering technique into ciphertext-policy attribute-based encryption (CP-ABE) within existing keyword search framework. Our scheme employs a super-increasing sequence to aggregate multiple filtered data blocks into one unified ciphertext, thereby greatly reducing communication overhead during the transmission phases of ciphertext. To check the correctness of returned results, we introduce a lightweight algebraic signature algorithm based on fundamental algebraic operations. A security analysis demonstrates that VABMKS-SIH is provably secure under the random oracle mode. Additionally, we also evaluate the proposed scheme's performance to demonstrate its utility in cloud-assisted EHSSs.

An efficient multi-data owner cooperative resource sharing scheme against key regeneration in edge computing

In cloud storage, attribute-based keyword searchable encryption realizes multi-user fine-grained authorization access control and outsourcing data sharing. However, (1) resisting key regeneration is an urgent problem to be solved in practical applications of attribute-based keyword search; (2) the general attribute-based keyword search scheme ignores the application scenario where multiple data owners jointly manage files. In addition, the interaction of data between intelligent terminals and cloud servers has become more frequent, leading to issues such as central load, transmission efficiency, and data privacy protection in cloud computing. To address the above issues, we propose an attribute-based searchable encryption scheme with the multi-data owner based on edge computing. In this scheme, the Pedersen (k,n) secret sharing protocol and the Reciprocal protocol are used to realize the common management and sharing of data by the multi-data owner to enhance data security. Secondly, the attribute set and identity information of each user are embedded into the private key to prevent key regeneration and resist user collusion attacks. Thirdly, edge computing is introduced, and part of the storage and decryption work is outsourced to edge nodes to reduce the computing load of users and data transmission bandwidth. Security proof and performance analysis show that the proposed scheme has strong security and practicability in multi-user sharing scenarios such as Online Education with multi-data owners.

Verifiable attribute-based keyword search scheme over encrypted data for personal health records in cloud

Personal health record (PHR) is a medical model in which patients can upload their medical records and define the access control by themselves. Since the limited local storage and the development of cloud computing, many PHR services have been outsourced to the cloud. In order to ensure the privacy of electronic medical records, patients intend to encrypt their health records before uploading them. However, encrypted PHR can not be accessed directly and not be retrieved by legitimate users. To solve these issues, in this article we propose a new searchable encryption scheme with ciphertext-policy attributes, which achieves fine-grained access control and exact keyword search over encrypted PHRs. Moreover, in our proposed scheme, the receiver can verify the integrity of the search result that the cloud server returns. Finally, we simulate our scheme, and the experiments show that our scheme has high practicability for cloud-based healthcare systems and has high efficiency in aspects of keyword search and results verification.

An Attribute-Based Keyword Search Scheme for Multiple Data Owners in Cloud-Assisted Industrial Internet of Things

The cloud-assisted industrial Internet of Things (IIoT) architecture can sustain highly available computation and massive storage services for modern industrial systems. When data owners store IIoT data to remote cloud platforms, the data security will face tough challenges. Cryptographic technologies endow an ability to guarantee data confidentiality. However, traditional encryption techniques make data access control and data searching malfunctioning. Recently emerging attribute-based keyword search (ABKS) primitive achieves fine-grained access control and effective data searching over ciphertexts. However, existing ABKS schemes only consider single data owner scenarios and may be an inappropriate choice for IIoT applications, where there exists multiple data owners for an integrated industrial system. Directly extending state-of-the-art single owner schemes to ones for multiowner environment will impose a complicated key management issue. We present an ABKS scheme for multiowners in the cloud-assisted IIoT architecture. By designing a novel master key generation and private key aggregation mechanism with desired communication overheads, our scheme eliminates the complex key management issue in the multiowner model. Formal security proof demonstrates that our scheme is secure against the cloud server. Experimental evaluations also demonstrate its correctness and practicality.

Self-Verifiable Attribute-Based Keyword Search Scheme for Distributed Data Storage in Fog Computing With Fast Decryption

Presently many searchable encryption schemes have been proposed for cloud and fog computing, which use fog nodes (or fog servers) to partly undertake some computational tasks. However, these related schemes still retain cloud servers to undertake most computational tasks, which result in large communication costs between edge devices and cloud servers. Therefore, in this paper we propose a self-verifiable attribute-based keyword search scheme for distributed data storage (SV-KSDS) in full fog computing, where each decryption operation on the data required by a user must meet the negotiated decryption rule between fog servers. Our SV-KSDS scheme first provides attribute-based distributed data storage among fog servers through the <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$(w, \sigma)$ </tex-math></inline-formula> threshold secret-sharing scheme, where fog servers can provide self-verifiable keyword search and data decryption for terminal users. Compared with the data storage in cloud computing, our scheme extends it to the distributed structure while providing fine-grained access control for distributed data storage through attribute-based encryption. The access control policy of our scheme is constructed on linear secret-sharing scheme, whose security is reduced to the decisional bilinear Diffie-Hellman assumption against chosen-keyword attack and the decisional <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${q}$ </tex-math></inline-formula> -parallel bilinear Diffie-Hellman assumption against chosen-plaintext attack in the standard model. Based on theoretical analysis and practical testing, our SV-KSDS scheme generates less computation and communication costs, which further unloads some computational tasks from terminal users to fog servers so as to reduce computing costs of terminal users.

Attribute-Based Keyword Search over the Encrypted Blockchain

To address privacy concerns, data in the blockchain should be encrypted in advance to avoid data access from all users in the blockchain. However, encrypted data cannot be directly retrieved, which hinders data sharing in the blockchain. Several works have been proposed to deal with this problem. However, the data retrieval in these schemes requires the participation of data owners and lacks finer-grained access control. In this paper, we propose an attribute-based keyword search scheme over the encrypted blockchain, which allows users to search encrypted files over the blockchain based on their attributes. In addition, we build a file chain structure to improve the efficiency of searching files with the same keyword. Security analysis proves the security of the proposed scheme. Theoretical analysis and experimental results in performance evaluation show that our scheme is feasible and efficient.

An attribute-based keyword search for m-Health networks

m-Health stands for mobile health, where mobile devices are used for collecting and distributing health-related data. As the information related to personal health is sensitive in nature, so it should be encrypted first before storing it at the potentially untrusted servers. However, encryption severely affects basic sharing and search operations. To address these issues, a combination of attribute-based encryption and searchable encryption is devised, which enables secure fine-grained search over encrypted data. But the resultant technique incurs high computational complexity, which makes it unsuitable for resource-constrained mobile devices. So, in order to deploy it to mobile devices, searchable encryption should generate constant size secret keys and ciphertexts. However, in existing attribute-based keyword search (ABKS) schemes, the size of the secret key and the ciphertext is proportional to the number of attributes, thus resulting in linear complexity. In this paper, we have proposed a novel ABKS scheme with constant-size secret keys and ciphertexts, thus further reducing the computational cost. Our scheme uses a ciphertext-policy (CP) design framework and supports an AND gate access structure. Further, the proposed CP-ABKS scheme can be proved secure in the selective security model under augmented multi-sequence of exponents decisional Diffie-Hellman assumption.

Privacy Preserving Time Efficient Access Control Aware Keyword Search Over Encrypted Data on Cloud Storage

Cloud computing delivers storage service to users accessed via Internet. Infrastructure used to store outsourced data is under the control of the cloud service provider. The extensive use of virtualization technology in infrastructure leads to security concern for users using public storage service. Hence, data confidentiality becomes a primary challenge in the cloud environment. Development of new technologies to protect data privacy and to provide processing capabilities to the data storage is the current requirement. This paper proposes a novel approach for access control aware keyword search over encrypted. The proposed Ciphertext-Policy Attribute-Based Keyword Search scheme allows only the authorized data users to search data stored on cloud. Encrypted index set stored along with the ciphertext on provider storage. Index set is partitioned over index server to perform parallel search. The proposed model ensures the confidentiality of data and then returns only ranked documents that match the query given by data requester. The experimental result shows that the search time reduces when using term-partitioned index set. Also, ensures security by allowing search on encrypted data without leaking any information to cloud server.

Providing a Secure Cloud Storage by Using Attribute Based Temporary Key Word Search Scheme

The cloud providers are not fully trusted in the accept of temporary keyword search on confidential data. Hence this is the main focus of this research, it is necessary to outsource data in the encrypted format. In the attribute-based keyword search scheme the authorized users generate some tokens which were in encrypted format and send them to cloud for the search operation. These tokens can be used to extract all the cipher texts which are generated at any time and contain the search token which were generated by authorized users. Since this may lead to some information leakage, a new cryptographic primitive is introduced which is more secure to propose a scheme in which the search tokens can only extract the cipher texts generated in a specified time interval and that cryptographic primitive is called key-policy attribute-based temporary keyword search (KPABTKS) which provide this property. To evaluate the security, we have to prove that the proposed scheme achieves the keyword secrecy property and is secure against selectively chosen keyword attack (SCKA) both in the random oracle model and Decisional Bilinear Diffie-Hellman (DBDH) assumption. And at last the research will show the complexity of the encryption algorithm is linear with respect to the number of the involved attributes.

OOABKS: Online/offline attribute-based encryption for keyword search in mobile cloud

Mobile cloud computing is a new computing method for mobile applications, which enables storage and computation migration from mobile users to resource-rich and powerful cloud server. More and more mobile phone users share their information through the mobile cloud. As the cloud server is not fully trusted, for security and privacy concerns, data owners usually encrypt their data before outsourcing them to the cloud server. In response to above questions, some attribute-based keyword search (ABKS) schemes have been proposed. However, the key generation, encryption and decryption for ABE take up a lot of computing resources in these schemes. In this paper, we propose an online/offline attribute-based keyword search scheme for mobile cloud (OOABKS). We use online/offline ABE technology and outsource ABE technology to reduce the online calculation cost and the local calculation cost of mobile users. And, we implement the fine-grained access control for the user. Security analysis demonstrates that our scheme can achieve trapdoor unlinkability, keyword security, data privacy security and search controllability. Efficiency analysis shows, in terms of functionalities and the computation overhead, OOABKS is more practical and efficient than existing approaches.

A lightweight secure conjunctive keyword search scheme in hybrid cloud

Keyword search over encrypted sensitive data is an essential technique in cloud computing. Many traditional secure retrieval schemes of the encrypted data mainly apply to single file-owner and single retrieval-party scenario, which cannot be used in cloud environment effectively. The emergence of Attribute-Based Encryption (ABE) provides a new solution to deliver secure and multi-parties keyword search over the encrypted data. However, most existing attribute-based keyword search schemes suffer problems, such as, imposed heavy computational burden for file-owner, limited expressive capability of access control policy, supported for single keyword search only, etc. Hence, we present a Lightweight secure Conjunctive Keyword Search scheme in hybrid cloud environment (LCKS) based on ciphertext-policy ABE algorithm, which supports file-owner authorized conjunctive keyword search for multi-parties. By delegating most computational tasks to private cloud servers, LCKS enables file-owners to generate keyword index efficiently while delivering a fine-grained access control policy through adopting an expressive tree structure. Both security analysis and performance evaluation show that LCKS is secure, highly efficient, and well suited for hybrid cloud.

Verifiable keyword search over encrypted cloud data in smart city

In smart city, which integrates the Information and Communication Technologies (ICT) including cloud computing and internet of things, all kinds of data collected by smart devices help to make everything intelligent. Through outsourcing encrypted data to cloud server, data owners can reduce the high storage and computational burden on resources-constrained smart devices. To further avoid the semi-honest-but-curious cloud server returning a fraction of false search results, this paper proposes a verifiable attribute-based keyword search scheme, thereby allowing users to check the correctness of the search results and achieving the fine-grained access control. Besides, our scheme considers the access privileges of the same data according to attribute-based priority tree. The formal security analysis proves that our scheme is secure against the chosen-keyword attacks in the generic bilinear group model, and the experimental simulations using a real-world dataset demonstrate its efficiency and feasibility in practice.

Protecting Your Right: Verifiable Attribute-Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud

Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a different yet more challenging scenario where the outsourced dataset can be contributed from multiple owners and are searchable by multiple users, i.e., multi-user multi-contributor case. Inspired by attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e., file-level) search authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud server independently. Users can generate their own search capabilities without relying on an always online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-encryption techniques, we are able to delegate heavy system update workload during user revocation to the resourceful semi-trusted cloud server. We formalize the security definition and prove the proposed ABKS-UR scheme selectively secure against chosen-keyword attack. To build confidence of data user in the proposed secure search system, we also design a search result verification scheme. Finally, performance evaluation shows the efficiency of our scheme.