Attribute-based Searchable Encryption Schemes Research Articles

Lattice-based multi-authority ciphertext-policy attribute-based searchable encryption with attribute revocation for cloud storage

Multi-authority attribute-based searchable encryption (MABSE) is an flexible and efficient way to securely share and search encrypted data. Compared with single-authority systems, MABSE has more complex access control policies and key management mechanism. However, most existing MABSE schemes rely on traditional number-theoretic assumptions, which maybe vulnerable to attack in the era of quantum-computers. Besides, the effective revocation of user attributes is also crucial in searchable encryption. To overcome these challenges, this paper proposes a new multi-authority ciphertext-policy attribute-based searchable encryption scheme for securely sharing encrypted data in the cloud. By calling Shamir’s threshold secret-sharing technology twice, we achieve co-management of the master key by attribute authorities and interactive generation of user private keys. Furthermore, the KUNodes algorithm is employed for attribute revocation, offering a mechanism to update private keys for non-revoked users. Compared to other schemes, MCP-ABSE-AR introduces multiple attribute authorities responsible for managing user attributes collectively. Additionally, it provides functionalities for keyword searching and attribute revocation. Finally, the proposed scheme is proved to be semantically secure under the decision learning with errors problem in the standard model.

Offline/online attribute-based searchable encryption scheme from ideal lattices for IoT

Offline/online attribute-based searchable encryption scheme from ideal lattices for IoT

A Blockchain-Based Anonymous Attribute-Based Searchable Encryption Scheme for Data Sharing

A Blockchain-Based Anonymous Attribute-Based Searchable Encryption Scheme for Data Sharing

An efficient multi-data owner cooperative resource sharing scheme against key regeneration in edge computing

In cloud storage, attribute-based keyword searchable encryption realizes multi-user fine-grained authorization access control and outsourcing data sharing. However, (1) resisting key regeneration is an urgent problem to be solved in practical applications of attribute-based keyword search; (2) the general attribute-based keyword search scheme ignores the application scenario where multiple data owners jointly manage files. In addition, the interaction of data between intelligent terminals and cloud servers has become more frequent, leading to issues such as central load, transmission efficiency, and data privacy protection in cloud computing. To address the above issues, we propose an attribute-based searchable encryption scheme with the multi-data owner based on edge computing. In this scheme, the Pedersen (k,n) secret sharing protocol and the Reciprocal protocol are used to realize the common management and sharing of data by the multi-data owner to enhance data security. Secondly, the attribute set and identity information of each user are embedded into the private key to prevent key regeneration and resist user collusion attacks. Thirdly, edge computing is introduced, and part of the storage and decryption work is outsourced to edge nodes to reduce the computing load of users and data transmission bandwidth. Security proof and performance analysis show that the proposed scheme has strong security and practicability in multi-user sharing scenarios such as Online Education with multi-data owners.

Verifiable Keyword Search Encryption Scheme That Supports Revocation of Attributes

In recent years, searchable encryption technology and attribute encryption technology have been widely used in cloud storage environments, and attribute-based searchable encryption schemes can both achieve the retrieval of encrypted data and effectively solve the access control problem. Considering that existing attribute-based searchable encryption schemes for cloud storage only support keyword search and do not support attribute revocation, most of the schemes that support attribute revocation only consider the computational overhead of users and ignore the large amount of computational resources consumed by attribute authorization centers when updating keys. In addition, keyword search may lead to partial errors in the returned search results, leading to the wastage of computational and broadband resources. To solve these issues, this paper proposes an attribute-based searchable encryption scheme that supports attribute revocation and is verifiable. To realize fine-grained ciphertext search of encrypted data, support scenarios of dynamic changes of user attributes, and ensure that third-party servers perform the search process reliably and honestly while minimizing computation and storage costs, first, this paper implements attribute revocation with the attribute authorization center by creating a user revocation list and an attribute key revocation list. At the same time, the system updates the attribute key at the time of user search request, which effectively reduces the computational overhead. Second, a third-party auditor is introduced to ensure the correctness of the search results. Finally, the security of this paper is verified by theoretical analysis, and the efficiency and practicality of this paper are verified by comparing it to other schemes through simulation experiments.

Privacy-preserving data dissemination scheme based on Searchable Encryption, publish–subscribe model, and edge computing

Attribute-based Searchable Encryption is emerging as a promising cryptographic technique supporting data protection, flexible access control, and keyword search over encrypted data. The current scientific literature already investigated its adoption in cloud-based services and additionally explored the usage of edge computing to implement some of the cryptographic tasks in scenarios with limited computational capabilities (such as Internet of Things). In the majority of the available solutions, however, the remote cloud is still responsible for data storage, keyword search over encrypted data, and delivery tasks. Indeed, the heavy computational load generated in scenarios with multiple data producers and data consumers (never studied yet) and large communication latencies can inevitably compromise the overall system performance. To bridge this gap, this work proposes a decentralized service architecture offering privacy-preserving data dissemination, by jointly leveraging attribute-based Searchable Encryption techniques, publish–subscribe communication model, and edge computing capabilities. Here, customized Edge Servers are deployed at the network edge to (i) collect subscription requests encoded via Searchable Encryption Trapdoors, (ii) receive data publications, encrypted via Attribute-based Searchable Encryption scheme, (iii) implement keyword search over encrypted data, and (iv) deliver encrypted data only to authorized requesters. Experimental tests explored the impact of network configuration and traffic load on both communication latency and energy consumption. Obtained results demonstrated the unique ability of the proposed solution to achieve shorter data delivery delays as well as less energy consumption with respect to cloud-based alternatives.

Comment on an Attribute-Based Searchable Encryption Scheme with Receiver Anonymity

Comment on an Attribute-Based Searchable Encryption Scheme with Receiver Anonymity

A fast and flexible attribute-based searchable encryption scheme supporting multi-search mechanism in cloud computing

How to use efficient search mechanisms to realize data sharing while ensuring data security has become an important research topic at present. In this paper, we propose a new searchable algorithm based on LSSS (Linear Secret Sharing Scheme) access policy, which is superior to previous work in computational and storage efficiency. Our scheme supports various search mechanisms, such as exact search, boolean search and range search mechanism. We use 0,1-coding theory to reduce the number of the numeric keywords, thus improving the range search mechanism. We also prove that our scheme is secure against the selectively chosen-keyword attack (SCKA) in the generic bilinear group model. Furthermore, we evaluate the performance of our scheme by theoretical analysis and experimental simulation, and the result show that our scheme achieves significant improvement in both computational and storage efficiency. To enhance the security and practicality of our scheme, we also deploy our scheme on a private chain and conduct extensive experiments to demonstrate its practical performance.

A scoping review of searchable encryption schemes in cloud computing: taxonomy, methods, and recent developments

With the emergence of cloud computing, data owners are showing interest to outsource the data to the cloud servers and allowing the data users to access the data as and when required. However, outsourcing sensitive data into the cloud leads to privacy issues. Encrypting the data before outsourcing provides privacy, but it does not provide search functionality. To achieve search over encrypted data without compromising the privacy, searchable encryption (SE) schemes have been proposed. It protects the user’s sensitive information by providing searchability on encrypted data stored in the cloud. In this paper, we surveyed different SE schemes which are existed in the cloud domain. In this survey, we presented the taxonomy of the SE schemes: symmetric searchable encryption, public key searchable encryption, and attribute-based searchable encryption schemes, and then provided a detailed discussion on the SE schemes in terms of index structure and search functionality. A comparative analysis of SE schemes is also provided on security and performance. Furthermore, we discussed the challenges, future directions, and applications of SE schemes.

Verifiable and Multi-Keyword Searchable Attribute-Based Encryption Scheme for Cloud Storage

In attribute-based searchable encryption (ABSE) scheme, data owners can encrypt their data with access policy for security consideration, and encrypt keywords to obtain keyword index for privacy keyword search, and data users can search interesting keyword on keyword indexes by keyword search trapdoor. However, many existing searchable encryption schemes only support single keyword search and most of the existing attribute-based encryption (ABE) schemes have high computational costs at user client. These problems significantly limit the application of attribute-based searchable encryption schemes in practice. In this paper, we propose a verifiable and multi-keyword searchable attribute-based encryption (VMKS-ABE) scheme for cloud storage, in our new scheme, multi-keyword can be searched and the search privacy is protected. That is, the cloud server can search the multi-keyword with keyword search trapdoor but it does not know any information about the keywords searched. In the proposed scheme, many computing tasks are outsourced to the cloud proxy server, which greatly reduces the computing burden at the user client. Besides, the scheme also supports the verification of the correctness of the outsourced private key. The proposed scheme is proved secure that the keyword index is indistinguishable under the adaptive keyword attacks in the general group model, and the ciphertext is selective secure under selective plaintext attacks in the random oracle model. The security and experimental results show that our scheme is suitable for practicability.

Multi-Keyword Searchable and Data Verifiable Attribute-Based Encryption Scheme for Cloud Storage

In a data sharing system, it is a basic requirement for a user, who has an appropriate privilege to perform keyword retrieval for encrypted documents stored in the cloud. Although traditional searchable encryption technology can provide data protection and retrieval characteristic, there are some main issues should also be considered. First, most existing attribute-based searchable encryption schemes only support single-keyword search, which may return abundant irrelevant search results, resulting in a waste of computational and broadband resources. Second, the user often needs to seek some data related to some particular keywords but his attributes may be altered frequently. Third, the cloud server is not completely loyal which sometimes returns a fraction of erroneous search results. Focus on these issues, a practical multi-keyword searchable encryption scheme is proposed for data integrity verification and attribute revocation by combining the ciphertext policy attribute-based encryption (CP-ABE) and auditing ideas. The scheme on one hand supports multi-keyword search which avoids the cloud server yield ample irrelevant documents by narrowing the search scope, and the other hand can implement effectively attribute revocation by entrusting ciphertext updates to the powerful cloud server, thereby preventing access by illegal users. Furthermore, third-party audits use verification algorithms to ensure the correctness of search results and reduce the amount of computing by end users. The most critically, the scheme proved to be resistant to selective plaintext attacks and selective keyword attacks under the general group model. The extensive experimental results demonstrate that the scheme is more expressive, efficient, and feasible in the practical applications.

KS-ABESwET: A Keyword Searchable Attribute-Based Encryption Scheme With Equality Test in the Internet of Things

With the widespread application of the Internet of Things (IoT) technology, it is expected to become a new data management model. But IoT devices have limited resource storage and computing power, they are highly vulnerable to hackers and leak sensitive information to third parties. The traditional attribute-based searchable encryption schemes usually require an intelligent terminal to perform complex calculations while accessing data, therefore IoT devices may not be able to withstand excessive calculation burden. In this paper, we present a keyword searchable attribute-based encryption scheme with equality test (KS-ABESwET) in the IoT by combining the notions of attribute-based searchable encryption (ABSE) with equality test. The proposed scheme adopts a keyword search algorithm based on the inverted index and equality test mechanism. If the keyword token match index is successful, the cloud server sends all ciphertexts that meet the conditions to the data user. Then, data user classifies the ciphertexts by equality test mechanism, which is executed by the authorized cloud server to determine whether the two ciphertexts encrypted by different access policies contain the same plaintext without decrypting. In this way, data user does not need to decrypt all ciphertexts, which decreases storage resource consumption of IoT devices and simplifies the complex operations generated by the traditional ABSE schemes. Using outsourcing technology, most calculations in the scheme are outsourced to the server, and IoT devices only perform a few calculations, which reduces greatly the computing and storage burden. Based on the decisional $q-1$ assumption and decisional Diffie-Hellman (DDH) assumption, the proposed scheme proves that has chosen-plaintext security and chosen-keyword security. Moreover, through comparative analysis and experimental simulation, our scheme is effective and suitable for IoT environment.

CP-ABSE: A Ciphertext-Policy Attribute-Based Searchable Encryption Scheme

Searchable encryption provides an effective mechanism that achieves secure search over encrypted data. A popular application model of searchable encryption is that a data owner stores encrypted data to a server and the server can effectively perform keyword-based search over encrypted data according to a query trapdoor submitted by a data user, where the owner’s data and the user’s queries are kept secret in the server. Recently, many searchable encryptions have been proposed to achieve better security and performance, provide secure data updatable feature ( dynamics ), and search results verifiable capability ( verifiability ). However, most of the existing works endow the data user an unlimited search capacities and do not consider a data user’s search permissions. In practical application, granting search privileges for data users is a very important measure to enforce data access control. In this paper, we propose an attribute-based searchable encryption scheme by leveraging the ciphertext-policy attribute-based encryption technique. Our scheme allows the data owner to conduct a fine-grained search authorization for a data user. The main idea is that a data owner encrypts an index keyword under a specified access policy, if and only if, a data user’s attributes satisfy the access policy, the data user can perform search over the encrypted index keyword. We provide the detailed correctness analyses, performance analyses, and security proofs for our scheme. The extensive experiments demonstrate that our proposed scheme outperforms the similar work CP-ABKS proposed by Zheng on many aspects.

A New Inter-Domain Information Sharing Smart System Based on ABSES in SDN

With the continuous innovation and development of agent technology, the application of smart technique is gradually changing to intelligent and human-centered technology. Also, intelligent technique is involved in many fields, and software defined network (SDN) is one of them. SDN is one of the most popular and most promising new technologies in the current network area, which has particular advantages over other traditional networks. However, most of the research work focus on the efficiency and function of SDN, while the access control and ciphertext search function in SDN have not been taken into full consideration. In this paper, we propose a new smart system based on SDN. It also equips with the functions of fine-grained access control and searchable encryption function, which combines a novel attribute-based searchable encryption scheme (ABSES) with SDN architecture. Our construction realizes inter-domain information sharing, fine-grained access control, and ciphertext searchable function. The proposed ABSES effectively ensures the security of ciphertext stored in data center, and that users cannot obtain unauthorized information or illegal network resources without any certification. It reduces network bandwidth and local resources, while improving the scalability and flexibility of SDN access control at the meantime. Finally, our ABSES is proved to be correct and secure under chosen-keyword attack. The comparison with other representative attribute-based searchable encryption schemes demonstrates that our ABSES has somewhat better performance. The proposed new smart system can be used in human life and add more convenience to our daily life.