Key-aggregate Searchable Encryption Research Articles

Blockchain-Enabled Key Aggregate Searchable Encryption Scheme for Personal Health Record Sharing With Multidelegation

Blockchain-Enabled Key Aggregate Searchable Encryption Scheme for Personal Health Record Sharing With Multidelegation

On the Security of Key-Aggregate Searchable Encryption

The sharing of encrypted data in cloud computing is an essential functionality with countless applications in our everyday life. However, the issue of how to securely, efficiently and flexibly share encrypted data in multi-user settings has not been well solved. As a promising and elegant technique, the key-aggregate searchable encryption (KASE) scheme can efficiently support selective sharing of a large number of documents with a set of users using only a single, constant-size authorization key (i.e., the aggregated key). However, by conducting cryptanalysis on existing KASE schemes, we classify the attack methods into two types: offline keyword guessing attacks and authorization abuse. For the former attacks, we first employ the known keyword guessing attack methods to cryptanalyze several existing KASE schemes. Furthermore, we propose two novel keyword guessing attack methods, namely (1) Keyword guessing attack by modifying ciphertext and (2) Keyword guessing attack by constructing verification equation. For the latter attacks, we first utilized the known authorization abuse attack methods to cryptanalyze several existing KASE schemes. Furthermore, we develop a novel attack method in which the attacker can independently upgrade their own authorization and gain enhanced search privileges without colluding with multiple authorized users.

Verifiable Key-Aggregate Searchable Encryption With a Designated Server in Multi-Owner Setting

Verifiable Key-Aggregate Searchable Encryption With a Designated Server in Multi-Owner Setting

Key-aggregate searchable encryption supporting conjunctive queries for flexible data sharing in the cloud

Searchable encryption (SE) meets users' demand for the keyword search on encrypted data. Key-aggregate searchable encryption (KASE) improves data owners' ability to selectively share encrypted data with users. In KASE, the data owner encrypts different documents/document classes with distinct keys and can share any selected subset of documents by simply transmitting an aggregate key to the user. The user only uploads an aggregate trapdoor to the server for querying these shared documents. However, the existing KASE schemes have some limitations: the security definition is incomplete, only single-keyword search is supported, and the provable security scheme relies on the random oracle model. For these reasons, in this paper, we propose the Key-Aggregate Searchable Encryption supporting Conjunctive Queries (KASE-CQ) framework and its two security models: indistinguishability against selective-document chosen keyword attack and existential unforgeability against selective-document chosen keyword attack. These models reflect the indistinguishability of ciphertext and the unforgeability of the aggregate key, respectively. Our system supports flexible data sharing and the conjunctive keyword search on encrypted data. Furthermore, we design a concrete KASE-CQ construction, which can be proven secure in the standard model. We also demonstrate that our construction is secure against the insider trapdoor attack presented by Zhou et al. [40]. Finally, performance analysis and comparisons with Cui et al.'s scheme [10] illustrate the superior efficiency of our scheme.

Optimal and Efficient Searchable Encryption with Single Trapdoor for Multi-Owner Data Sharing in Federated Cloud Computing

Cloud computing, an Internet based computing model, has changed the way of data owners store and manage data. In such environment, data sharing is very important with more efficient data access control. Issuing an aggregate key to users on data enables and authorizes them to search for data of select encrypted files using trapdoor or encrypted keyword. The existing schemes defined for this purpose do have certain limitations. For instance, Cui et al. scheme is elegant but lacks in flexibility in access control in presence of multiple data owners sharing data to users. Its single trapdoor approach needs transformation into individual trapdoors to access data of specific data owner. Moreover, the existing schemes including that of Cui et al. does not support federated cloud. In this paper we proposed an efficient key aggregate searchable encryption scheme which enables multiple featuressuch as support for truly single aggregate key to access data of many data owners, federated cloud support,query privacy, controlled search process and security against cross-pairing attack. It has algorithms for setup, keygen, encrypt, extract, aggregate, trapdoor, test and federator. In multi-user setting it is designed to serve data owners and users with secure data sharing through key aggregate searchable encryption The proposed scheme supports federated cloud. Experimental results revealed that the proposed scheme is provably secure withrelatively less computational overhead and time complexity when compared with the state of the art.

A Secure Data Sharing Based on Key Aggregate Searchable Encryption in Fog-Enabled IoT Environment

Cloud server and fog computing have been utilized to manage enormous volumes of data with low service transmission time in Internet of Things (IoT) environment. However, untrustworthy relationships between network entities and cloud server cause a lot of security concerns. Many researches have been studied based on traditional cryptosystems for data sharing systems. But they lead to key management difficulty and do not ensure the data owner's authority by depending on Trusted Third Party (TTP). Therefore, we use key aggregate searchable encryption (KASE), which enables owners to exercise their rights in data management and sharing without the help of TTP and resolves the key management problem. In this paper, we propose a secure data sharing system based on KASE in fog-enabled IoT environment using blockchain. We prove the resistance of the proposed scheme against various attacks through informal analysis and Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool. We prove the guarantee of secure mutual authentcation using Burrows-Abadi-Needham (BAN) logic. Furthermore, we compare security features and performance of the proposed scheme with existing schemes through Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL).

Revocable key aggregate searchable encryption with user privacy and anonymity

Revocable key aggregate searchable encryption with user privacy and anonymity

Revocable key aggregate searchable encryption with user privacy and anonymity

The KASE schemes allow fine-grained delegation of search rights over a selected dataset using an aggregate key. However, when the existing KASE schemes are deployed in real-time applications, the support of revocation of delegated rights is highly required to manage users' access control. Therefore, in this paper we propose two solutions for the fine-grained revocation of delegated rights considering two different scenarios. First, we present a basic scheme that supports fine-grained revocation of the delegated rights on document level, instead of coarse-grained all-or-nothing access. Then, the user is not allowed to search the document by the old trapdoor if his search privileges are revoked on that document. Under a multi-user setting, we propose an advance scheme that can make the fine-grained revocation of the delegated rights on the user level. The proposed approaches also preserve users' privacy and anonymity. We present the schemes' correctness proof, formal security analysis, and performance analysis, which confirm that they are provably secure and practically efficient.

"Research on Decryption Methodologies and Key Aggregate Searchable Encryption for Data Security Storage in Cloud"

Numerous firm’s architectures management of data guarantees substantially alter method, gain access to maintain private commercial business. Occur additional facts protection problems. Existing statistics safety methods have limits in preventing records legal assaults, in particular these performed by utilizing companion diploma business executives to the cloud dealer to monitor data get right of entry to within the cloud and find out unusual records get right of entry to. Sorts require method of building a machine robust protection privateer’s statistic through files person team customer’s technique much documents. Not simply the encryption keys but also the search keys need to be utilized and consumers have to keep their keys resistant and disseminated. The cutting-edge current gadget the place the facts proprietor can solely share one key with the user, whether or not it is any kind of document, massive or small variety of documents, and the function of the person is to cross a lure in the cloud of overall performance checking out and safety evaluation of shared documents, which is an impenetrable and superb proposed gives schemes. And consumers are also extremely concerned about data sharing storage, inexplicable information leak in the cloud, and harmful attackers. In the article, an experiment is done to format a method for encryption for impenetrable statistics allocation.

A Secure Key Aggregate Searchable Encryption with Multi Delegation in Cloud Data Sharing Service

As the amount of data generated in various distributed environments is rapidly increasing, cloud servers and computing technologies are attracting considerable attention. However, the cloud server has privacy issues, including personal information and requires the help of a Trusted Third Party (TTP) for data sharing. However, because the amount of data generated and value increases, the data owner who produces data must become the subject of data sharing. In this study, we use key aggregate searchable encryption (KASE) technology, which enables keyword search, to efficiently share data without using TTP. The traditional KASE scheme approach only discusses delegation of authority from the data owner to another user. However, if the delegated entity cannot perform time-critical tasks because the shared data are unavailable, the delegate must further delegate the rights given to other users. Consequently, this paper proposes a new KASE scheme that enables multi-delegation without TTP and includes an authentication technique between the user and the server. After that, we perform informal and formal analysis using BAN logic and AVISPA for security evaluation, and compare the security and performance aspects with existing schemes.

Provably Secure Key Aggregate Searchable Encryption with Verifiability for Online Data Sharing in Cloud Computing

Provably Secure Key Aggregate Searchable Encryption with Verifiability for Online Data Sharing in Cloud Computing

P 2 KASE A 2 —privacy‐preserving key aggregate searchable encryption supporting authentication and access control on multi‐delegation

Delegation is a technique that allows a subject receiving a delegation (the delegatee) to act on behalf of the delegating subject (the delegator). Although the existing Key Aggregate Searchable Encryption (KASE) schemes support delegation of search rights over any set of ciphertexts using a key of constant-size, two critical issues still should be considered. Firstly, an adversary can intercept the aggregate key or query trapdoor from the insecure communication channels involving the cloud server and impersonate as an authorized user to the server for accessing the data. Secondly, the existing KASE schemes only discuss the delegation of rights from the data owner to other users. However, if a subject receiving a delegation cannot perform the time-critical task on the shared data because of the unavailability, it becomes necessary for the delegatee to further delegate his received rights to another user. In this paper, we propose a novel KASE scheme that allows a fine-grained multi-delegation, i.e., if the attributes of the delegatee satisfy the hidden access policy (defined by the data owner), the delegatee can delegate his received rights to another user, without compromising data privacy. The proposed scheme provides security against the impersonation attack by verifying the user's authentication.

R-OO-KASE: Revocable Online/Offline Key Aggregate Searchable Encryption

The existing Key Aggregate Searchable Encryption (KASE) schemes allow searches on the encrypted dataset using a single query trapdoor, with a feature to delegate the search rights of multiple files using a constant size key. However, the operations required to generate the ciphertext and decrypt it in these schemes incur higher computational costs, due to the computationally expensive pairing operations in encryption/decryption. This makes the use of such schemes in resource-constrained devices, such as Radio Frequency Identification Devices, Wireless Sensor Network nodes, Internet of Things nodes, infeasible. Motivated with the goal to reduce the computational cost, in this paper, we propose a Revocable Online/Offline KASE (R-OO-KASE) scheme, based on the idea of splitting the encryption/decryption operations into two distinct phases: online and offline. The offline phase computes the majority of costly operations when the device is on an electrical power source. The online phase generates final output with the minimal computational cost when the message (or ciphertext) and keywords become known. In addition, the proposed scheme R-OO-KASE also offers multi-keyword search capability and allows the data owners to revoke the delegated rights at any point in time, the two features are not supported in the existing schemes. The security analysis and empirical evaluations show that the proposed scheme is efficient to use in resource-constrained devices and provably secure as compared to the existing KASE schemes.

A Secure Key-Aggregate Keyword Retrieval Scheme Over Encrypted Data in Cloud Computing

Key-aggregate keyword retrieval primitive enables a cloud server on behalf of delegated users to securely perform a keyword search over the data encrypted with various public keys. However, existing key-aggregate searchable encryption schemes are insecure against keyword guessing attacks, which result in the privacy leakage of keyword ciphertext and trapdoor. In this paper, we for the first time formulate a secure and efficient key-aggregate searchable encryption for cloud-assisted IoT applications, which not only enables a data owner to securely share the selected documents to multiple users, but also supports data users in delegating the capability of keyword search to a cloud server for searching the desired documents without leaking any privacy of keyword ciphertext and trapdoor. Then, the security of the proposed scheme is formally defined and proven to be secure against the indistinguishable selective-file chosen keyword attacks. The flexibility and practicability of the formulated scheme is also demonstrated by theoretical evaluations and experimental simulations.

CRSQ-KASE: Key Aggregate Searchable Encryption Supporting Conjunctive Range and Sort Query on Multi-owner Encrypted Data

The existing key aggregate searchable encryption (KASE) schemes allow searches on the encrypted dataset using a single query trapdoor, with a feature to delegate the search rights of multiple files using a constant-size key. However, the limitation of the existing KASE schemes is they only support the exact keyword match $$ (Keyword = Value)$$ search query for a single query keyword. In addition, to perform a conjunctive keyword search using the existing KASE schemes, the user requires to submit different trapdoors for each individual keyword to the server. Considering the existence of numeric keywords, the KASE should support different types of query such as range query$$ (Value_1 \le Keyword \le Value_2) $$, comparison query($$ (Keyword \ge Value)$$ or $$ (Keyword \le Value)$$), and sort query. Therefore, a novel KASE scheme is proposed in this paper that supports the conjunctive range and sort query (i.e., CRSQ-KASE) on the encrypted dataset and enhances the query expressiveness of the existing KASE schemes. The proposed CRSQ-KASE scheme supports search among different keyword fields considering both numeric and non-numeric keywords. The user can search over shared encrypted dataset by giving arbitrary conjunctive queries $$ (Keyword_1 = Value_1\wedge Keyword_2 \le Value_2 \wedge \cdots \wedge Value_{n_1} \le Keyword_n \le Value_{n_2}) $$ using a single trapdoor. Furthermore, in the multi-owner setting, the user can search over multiple users’ documents set using a single query trapdoor. The theoretical, empirical, and security analyses show that the proposed CRSQ-KASE scheme performs better than the existing KASE schemes. To the best of our knowledge, the CRSQ-KASE is the first attempt that efficiently supports multi-dimensional, conjunctive keyword searches on the multi-owner encrypted dataset and gives the sorted search result.

MULKASE: a novel approach for key-aggregate searchable encryption for multi-owner data

Recent attempts at key-aggregate searchable encryption (KASE) combine the advantages of searching encrypted data with support for data owners to share an aggregate searchable key with a user delegating search rights to a set of data. A user, in turn, is required to submit only one single aggregate trapdoor to the cloud to perform a keyword search across the shared set of data. However, the existing KASE methods do not support searching through data that are shared by multiple owners using a single aggregate trapdoor. Therefore, we propose a MULKASE method that allows a user to search across different data records owned by multiple users using a single trapdoor. In MULKASE, the size of the aggregate key is independent of the number of documents held by a data owner. The size of an aggregate key remains constant even though the number of outsourced ciphertexts goes beyond the predefined limit. Security analysis proves that MULKASE is secure against chosen message attacks and chosen keyword attacks. In addition, the security analysis confirms that MULKASE is secure against cross-pairing attacks and provides query privacy. Theoretical and empirical analyses show that MULKASE performs better than the existing KASE methods. We also illustrate how MULKASE can carry out federated searches.

Key-Aggregate Searchable Encryption, Revisited: Formal Foundations for Cloud Applications, and Their Implementation

In the use of a cloud storage, sharing of data with efficient access control is an important requirement in addition to data security and privacy. Cui et al. (IEEE Trans. on Comp. 2016) proposed \textit{key-aggregate searchable encryption (KASE)}, which allows a data owner to issue an \textit{aggregate key} that enables a user to search in an authorized subset of encrypted files by generating an encrypted keyword called \textit{trapdoor}. While the idea of KASE is elegant, to the best of our knowledge, its security has never been discussed formally. In this paper, we discuss the security of KASE formally and propose provably secure schemes. The construction of a secure KASE scheme is non-trivial, and we will show that the KASE scheme of Cui et al. is insecure under our definitions. We first introduce our provably secure scheme, named \textit{first construction}, with respect to encrypted files and aggregate keys in a single-server setting. In comparison with the scheme of Cui et al., the first construction is secure without increased computational costs. Then, we introduce another provably secure scheme, named \textit{main construction}, with respect to trapdoors in a two-server setting. The main construction guarantees the privacy of a search, encrypted files, and aggregate keys. Considering 5,000 encrypted files, the first construction can finish search within three seconds and the main construction can finish search within six seconds.

Lattice-Based Key-Aggregate (Searchable) Encryption in Cloud Storage

In cloud storage, selectively sharing encrypted data is becoming increasingly important. One key design challenge is the management of encryption keys. Traditionally, a large quantity of encryption keys have to be managed by the data owner, and an equally large number of keyword trapdoors must be sent to the cloud for the purpose of searching over the shared data, which are cumbersome in terms of secure communication and management. Recently, key-aggregate (searchable) encryption schemes have been introduced to alleviate the problem. However, they were only designed under the Bilinear Diffie-Hellman Exponent assumption in the prior works. Lattice-based key-aggregate (searchable) encryption schemes are valuable, because they have security against quantum computing attacks, average-case to worse-case equivalence as well as simplicity and potential efficiency. Here we propose a key-aggregate encryption scheme and a key-aggregate searchable encryption scheme which are both based on a lattice problem (i.e., the Learning with Errors problem). Some key techniques are employed during the construction of the schemes. A basis delegation algorithm is designed to generate the aggregate key without increasing the lattice dimension. The encryption algorithms of the two schemes are trickily devised to make the encrypted files decryptable or searchable. To overcome the problem of general matrix multiplication failing to satisfy commutative law, a hash function is designed by using diagonalizable matrices to make the encrypted file decryptable and the trapdoor adjustable. We present the schemes' correctness proof, formal security analysis as well as performance analysis, which confirm that they are provably secure and practically efficient. To the best of our knowledge, the former is the first lattice-based key-aggregate encryption scheme and the latter is the first lattice-based key-aggregate searchable encryption scheme. We also demonstrate their application to cloud storage for searchable group data sharing by combining the two schemes.

Key-aggregate searchable encryption under multi-owner setting for group data sharing in the cloud

Key-aggregate searchable encryption under multi-owner setting for group data sharing in the cloud

Key-aggregate searchable encryption under multi-owner setting for group data sharing in the cloud

In recent years, the with keyword search has been widely used in cloud data sharing system to protect privacy and confidentiality when the ciphertext is retrieving. However, selectively sharing encrypted data and related searching abilities among different users via the existing searchable technology certainly will generate a large number of searching trapdoors making the system inflexible and impractical. In this paper, we propose the concept of multi-owner key-aggregate searchable encryption scheme and its implementation, in which a user can only submit a trapdoor for querying the documents shared by multiple owners who only need to distribute an aggregate key for sharing massive data. Thus, the scheme supports effective data sharing for both multiple owners and users by reducing unnecessary trapdoors which are hard for generating by mobile devices during the querying step. Finally we conduct security analysis and performance evaluation which can show that our system is practical and secure.