Searchable Encryption Scheme Research Articles

An optimized dynamic attribute-based searchable encryption scheme.

Cloud computing liberates enterprises and organizations from expensive data centers and complex IT infrastructures by offering the on-demand availability of vast storage and computing power over the internet. Among the many service models in practice, the public cloud for its operation cost saving, flexibility, and better customer support popularity in individuals and organizations. Nonetheless, this shift in the trusted domain from the concerned users to the third-party service providers pops up many privacy and security concerns. These concerns hindrance the wide adaptation for many of its potential applications. Furthermore, classical encryption techniques render the encrypted data useless for many of its valuable operations. The combined concept of attribute-based encryption (ABE) and searchable encryption (SE), commonly known as attribute-based keyword searching (ABKS), emerges as a promising technology for these concerns. However, most of the contemporary ABE-based keyword searching schemes incorporate costly pairing and computationally heavy secret sharing mechanisms for its realization. Our proposed scheme avoids the expensive bilinear pairing operation during the searching operation and costly Lagrange interpolation for secret reconstruction. Besides, our proposed scheme enables the updation of access control policy without entirely re-encrypting the ciphertext. The security of our scheme in the selective-set model is proved under the Decisional Bilinear Diffie-Hellmen (DBDH) assumption and collision-free. Finally, the experimental results and performance evaluation demonstrate its communication and overall efficiency.

Secure and Efficient Multi-keyword Fuzzy Search Over Encrypted Data on Alliance Chain

Background:: Data regulation can effectively resist data privacy leakage and abuse in the process of external sharing of energy big data, but how to securely retrieve vast amounts of regulatory data is a challenge. Objective:: To securely retrieve vast amounts of regulatory data, a secure and efficient searchable encryption scheme that supports multi-keyword fuzzy retrieval on the alliance chain is proposed. Method:: This scheme encrypts and stores the regulatory data on the hyperledger fabric alliance chain. Energy big data files (EBDF) are encrypted and stored on a cloud server. Using the symmetric searchable encryption technology to achieve secure retrieval of regulatory data on the chain and secure access to EBDF. To improve search efficiency, we propose a SDPHashMap index structure and use the special manhatton distance matrix(SMDM) measurement to calculate the similarity of queried keywords and index keywords to locate the trapdoor retrieval hash address. Utilizing the cuckoo filter cluster to test the membership of queried keywords. Results:: This scheme stores EBDF off-chain, effectively relieving the storage and communication pressure of the blockchain, improving search speed, and providing more accurate retrieval services than single keyword fuzzy retrieval. By the simulation-based adversary- challenger game model, the security analysis demonstrates that the proposed scheme has adaptive selected keyword attack semantic security. Conclusion:: Experimental results show that the proposed scheme has high efficiency in trapdoor generation and multi-keyword search stages.

SEDCPT: A secure and efficient Dynamic Searchable Encryption scheme with cluster padding assisted by TEE

Dynamic Searchable Symmetric Encryption (DSSE), which enables users to search and update encrypted data on an untrusted server without decryption, is a proven method when dealing with availability issues for outsourced data. However, the existing DSSE schemes suffer from forward and backward privacy problems. Although forward and backward privacy DSSE schemes can prevent these attacks, they still suffer from other challenges, such as count attacks, high communication overhead, and low computing efficiency. To solve the above problems simultaneously, we propose a secure and efficient dynamic searchable encryption scheme, which integrates a clustering algorithm, padding strategy, and trusted execution environments (TEE). The purpose of the scheme is to prevent count attacks while ensuring forward and backward privacy security. Our scheme also reduces the computing overhead and storage cost of the client by using TEE (e.g. Intel Software Guard Extension, Intel SGX) while maximizing the protection of client privacy. Furthermore, the scheme provides a secure hardware isolation environment for the cluster padding and search/update process to prevent malicious attacks from external software or super administrators. Finally, we provide corresponding security proofs and experimental evaluation which demonstrate both the security and efficiency of our scheme, respectively.

A privacy-preserving image retrieval scheme with access control based on searchable encryption in media cloud

With the popularity of the media cloud computing industry, individuals and organizations outsource image computation and storage to the media cloud server to reduce the storage burden. Media images usually contain a large amount of private information. To prevent disclosure of privacy of the image owners, media images are encrypted before uploading to the server. However, this operation will greatly limit the utilization of the image for the user, such as content-based image retrieval. We propose an efficient similarity query algorithm with access control based on Bkd-tree in this paper, in which a searchable encryption scheme is designed for similarity image retrieval, and the encrypted image is used to extract image features by a pre-trained CNN model. The Bkd-tree is utilized to generate an index tree for the image features to speed up retrieval and make it faster than linear indexing. Finally, the security performances of the proposed scheme is analyzed and the performance of this scheme is evaluated by experiments. The results show that the security of the image content and image features can be ensured, and it has a shorter retrieval time and higher retrieval efficiency.

Comment on an Attribute-Based Searchable Encryption Scheme With Receiver Anonymity

Comment on an Attribute-Based Searchable Encryption Scheme With Receiver Anonymity

Lattice-based multi-authority ciphertext-policy attribute-based searchable encryption with attribute revocation for cloud storage

Multi-authority attribute-based searchable encryption (MABSE) is an flexible and efficient way to securely share and search encrypted data. Compared with single-authority systems, MABSE has more complex access control policies and key management mechanism. However, most existing MABSE schemes rely on traditional number-theoretic assumptions, which maybe vulnerable to attack in the era of quantum-computers. Besides, the effective revocation of user attributes is also crucial in searchable encryption. To overcome these challenges, this paper proposes a new multi-authority ciphertext-policy attribute-based searchable encryption scheme for securely sharing encrypted data in the cloud. By calling Shamir’s threshold secret-sharing technology twice, we achieve co-management of the master key by attribute authorities and interactive generation of user private keys. Furthermore, the KUNodes algorithm is employed for attribute revocation, offering a mechanism to update private keys for non-revoked users. Compared to other schemes, MCP-ABSE-AR introduces multiple attribute authorities responsible for managing user attributes collectively. Additionally, it provides functionalities for keyword searching and attribute revocation. Finally, the proposed scheme is proved to be semantically secure under the decision learning with errors problem in the standard model.

Searchable Encryption Scheme for Large Data Sets in Cloud Storage Environment

Searchable Encryption Scheme for Large Data Sets in Cloud Storage Environment

Blockchain-Enabled Key Aggregate Searchable Encryption Scheme for Personal Health Record Sharing With Multidelegation

Blockchain-Enabled Key Aggregate Searchable Encryption Scheme for Personal Health Record Sharing With Multidelegation

A Certificateless Verifiable Bilinear Pair-Free Conjunctive Keyword Search Encryption Scheme for IoMT

With superior computing power and efficient data collection capability, Internet of Medical Things (IoMT) significantly improves the accuracy and convenience of medical work. As most communications are over open networks, it is critical to encrypt data to ensure confidentiality before uploading them to cloud storage servers (CSSs). Public key encryption with keyword search (PEKS) allows users to search for specific keywords in ciphertext and plays an essential role in IoMT. However, PEKS still has the following problems: 1. As a semi-trusted third party, the CSSs may provide wrong search results to save computing and bandwidth resources. 2. Single-keyword searches often produce many irrelevant results, which is undoubtedly a waste of computing and bandwidth resources. 3. Most PEKS schemes rely on bilinear pairings, resulting in computational inefficiencies. 4. Public key infrastructure (PKI)-based or identity-based PEKS schemes face the problem of certificate management or key escrow. 5. Most PEKS schemes are vulnerable to offline keyword guessing attacks, online keyword guessing attacks, and insider keyword guessing attacks. We present a certificateless verifiable and pairing-free conjunctive public keyword searchable encryption (CLVPFC-PEKS) scheme. An efficiency analysis shows that the performance advantage of the new scheme is far superior to that of the existing scheme. More importantly, we provide proof of security under the standard model (SM) to ensure the reliability of the scheme in practical applications.

On the Security of Key-Aggregate Searchable Encryption

The sharing of encrypted data in cloud computing is an essential functionality with countless applications in our everyday life. However, the issue of how to securely, efficiently and flexibly share encrypted data in multi-user settings has not been well solved. As a promising and elegant technique, the key-aggregate searchable encryption (KASE) scheme can efficiently support selective sharing of a large number of documents with a set of users using only a single, constant-size authorization key (i.e., the aggregated key). However, by conducting cryptanalysis on existing KASE schemes, we classify the attack methods into two types: offline keyword guessing attacks and authorization abuse. For the former attacks, we first employ the known keyword guessing attack methods to cryptanalyze several existing KASE schemes. Furthermore, we propose two novel keyword guessing attack methods, namely (1) Keyword guessing attack by modifying ciphertext and (2) Keyword guessing attack by constructing verification equation. For the latter attacks, we first utilized the known authorization abuse attack methods to cryptanalyze several existing KASE schemes. Furthermore, we develop a novel attack method in which the attacker can independently upgrade their own authorization and gain enhanced search privileges without colluding with multiple authorized users.

Ethical Encrypted Search Scheme for Medical Database

E-medical records are highly sensitive and require secure storage, typically in encrypted form. However, encrypting the records can make them difficult to search and utilize within existing medical database systems. Additionally, managing access to these records, especially when multiple authorities are involved, presents challenges in ensuring security and scalability.To address these issues, we propose an authorized searchable encryption scheme designed for a multi-authority setting. This scheme utilizes the RSA (Rivest-Shamir-Adleman) function to enable each authority to control and limit search capabilities based on clients' privileges. Furthermore, to enhance scalability, we employ multi-authority attribute-based encryption, allowing the authorization process to be streamlined even across policies from multiple authorities.We have conducted thorough security and cost analyses, as well as experimental evaluations, demonstrating that our proposed scheme introduces only moderate overhead to existing searchable encrypted systems. Keywords--e-medical system, cloud storage, forward security.

A lattice‐based searchable encryption scheme with multi‐user authorization for the certificateless cloud computing environment

AbstractPublic key encryption with keyword search (PEKS) is able to enhance cloud data security. On the other hand, the existence of malicious cloud servers and untrusted central authorities, in addition the keyword space faces a low entropy, attackers often launch keyword guessing attacks (KGA), thereby leaking data privacy. Therefore, we use certificateless authentication and proxy re‐encryption technology to construct a lattice‐based verifiable PEKS scheme for Multi‐Data Users (MDU). Certificateless authentication can ensure that our scheme does not require key escrow, and proxy re‐encryption technology allows us to perform multi‐user authorization and use the verification block for data users to ensure the integrity of search results. Security research proves that, under the assumption that the learning with errors (LWE) problem is hard, the ciphertext is indistinguishable and resistant to KGA. Results from experiments show that our scheme is significantly more effective than current schemes.

On the Construction of Perfect Keyword Secure PEKS Scheme

With the growing popularity of cloud computing, searchable encryption has become centre of attraction to enhance privacy and usability of the shared data. First searchable encryption scheme under the public key setting was proposed by Bonah et al. which is known as PEKS. In the PEKS scheme, one can easily link between cipher text and the trapdoor. In Information Sciences 2017 paper, Huang et al. proposed a public key SE scheme. In this scheme, encryption of a document or keyword requires the secret key of the data sender. The data sender generates ciphertexts, and upload them onto the cloud server. The data receiver generates trapdoors depending upon the public key of the sender and its own secret key. Thus, the PEKS scheme of Huang et al. circumvents the above attack by linking the ciphertext and the trapdoor to the key of the sender. However no work is available in the literature to stop attacks against linking user key and cipher text and server key and cipher text. In this paper we address these issues. We formalize the two new security notions, namely UKI-security and SKI-security. We have shown that our scheme is secure under these newly introduced security notions.

Implementation of A Blockchain-based Searchable Encryption for Securing Contact Tracing Data

<p>We developed a blockchain-based multi-keyword searchable encryption scheme for securing COVID-19 contact tracing data. In this scheme, we used AES-GCM to encrypt the contact tracing data, guaranteeing that only authorized users can perform decryption. Our scheme employed a Ciphertext-Policy Attribute-based searchable encryption to encrypt the search index, ensuring only users with appropriate attributes can perform search operations. The scheme supports dynamic updates of the search index. The blockchain-based storage with smart contract ensures immutability and non-repudiation of storage and retrieval. Overall, the evaluation of the scheme shows that it works efficiently without compromising the security goals. This is one of the first works to implement a solution for secure storage and search of contact tracing data with blockchain-based searchable encryption. Compared to the existing searchable contact tracing schemes, it provides more features and maintains efficiency even if a large search index is used.</p> <p> </p>

Efficient secure channel free identity-based searchable encryption schemes with privacy preserving for cloud storage service

Cloud storage is a basic service model of the cloud computing. Since the cloud data is stored in the ciphertext for the data confidentiality, how to search the cloud data again in ciphertext state for users is a natural requirement. The searchable encryption (SE) gives an efficient solution to achieve both the data confidentiality and the searchable requirement simultaneously. In SE schemes, the user can transfer a search trapdoor to the cloud server from a secure channel and the cloud server can use the received trapdoor to search the corresponding keyword ciphertext. Since the keywords are with low entropy, the traditional SE is vulnerable to keyword guessing attack. In order to remove the need of the secure channel and also to achieve the security against the keyword guessing attack, we build a single-user identity-based secure channel free SE scheme in the random oracle model by using lattice-based tools. Only the designated cloud server can finish the ciphertext search which means the secure channel between the user and the cloud server is not needed in the proposed scheme. Under the hardness of the learning with errors problem, we prove that the proposed scheme is ciphertext indistinguishable under the selective identity and chosen keyword attacks. Moreover, the proposed scheme also satisfies the trapdoor indistinguishability which directly leads to the security against the outside offline keyword guessing attack. Furthermore, we extend the proposed single-user scheme into the multi-user scenario. The proposed multi-user scheme inherits all functions achieved in the single-user scheme, such as secure channel free. Meanwhile, ciphertext length is fixed with the number of users increasing, which is more suitable for the large group users. In addition, we analyze the theoretical evaluation and experimental evaluation between the proposed schemes and some known literatures respectively. The results demonstrate that our proposed algorithms have several advantages in the both single-user and multi-user schemes, for example, the ciphertext lengths in the single/multi-user schemes are only 5.632KB and 6.016KB respectively and the running time of Test algorithm for any user groups is fixed to be 0.65ms in our simulated experiments.

Fast Multi-User Searchable Encryption with Forward and Backward Private Access Control

Untrusted servers are servers or storage entities lacking complete trust from the data owner or users. This characterization implies that the server hosting encrypted data may not enjoy full trust from data owners or users, stemming from apprehensions related to potential security breaches, unauthorized access, or other security risks. The security of searchable encryption has been put into question by several recent attacks. Currently, users can search for encrypted documents on untrusted cloud servers using searchable symmetric encryption (SSE). This study delves deeply into two pivotal concepts of privacy within dynamic searchable symmetric encryption (DSSE) schemes: forward privacy and backward privacy. The former serves as a safeguard against the linkage of recently added documents to previously conducted search queries, whereas the latter guarantees the irretrievability of deleted documents in subsequent search inquiries. However, the provision of fine-grained access control is complex in existing multi-user SSE schemes. SSE schemes may also incur high computation costs due to the need for fine-grained access control, and it is essential to support document updates and forward privacy. In response to these issues, this paper suggests a searchable encryption scheme that uses simple primitive tools. We present a multi-user SSE scheme that efficiently controls access to dynamically encrypted documents to resolve these issues, using an innovative approach that readily enhances previous findings. Rather than employing asymmetric encryption as in comparable systems, we harness low-complexity primitive encryption tools and inverted index-based DSSE to handle retrieving encrypted files, resulting in a notably faster system. Furthermore, we ensure heightened security by refreshing the encryption key after each search, meaning that users are unable to conduct subsequent searches with the same key and must obtain a fresh key from the data owner. An experimental evaluation shows that our scheme achieves forward and Type II backward privacy and has much faster search performance than other schemes. Our scheme can be considered secure, as proven in a random oracle model.

Offline/online attribute-based searchable encryption scheme from ideal lattices for IoT

Offline/online attribute-based searchable encryption scheme from ideal lattices for IoT

Efficient keyword search on encrypted dynamic cloud data

Sensitive information is increasingly being outsourced to the cloud. In order to protect the privacy of such sensitive data, cloud users (clients) encrypt their data before outsourcing. However, this poses a difficulty to later perform search operations on the encrypted data. Searchable encryption schemes enable a client to search and retrieve the cloud data (based on the keywords present in the data) when the data is encrypted. Dynamic searchable encryption schemes allow the client to search over the encrypted cloud data even when new documents are added to or deleted from the encrypted data. There is a trade-off between security (that is measured in terms of information leaked to the cloud) and the efficiency of dynamic searchable encryption schemes. Stronger security guarantees often come at a cost of less efficiency.In this work, we propose a new dynamic searchable encryption scheme for cloud data that achieves better security guarantees and improved efficiency compared to popular dynamic searchable encryption schemes. Our scheme uses an efficient data structure that reduces storage, lookup (search) time, and database modification time. We build a prototype of our scheme and experiment on large real-life datasets. We show our scheme performs better than the existing schemes, which provide similar (or weaker) security.

Enhancing IoT security and efficiency: a blockchain-assisted multi-keyword searchable encryption scheme

Enhancing IoT security and efficiency: a blockchain-assisted multi-keyword searchable encryption scheme

A Blockchain-Based Anonymous Attribute-Based Searchable Encryption Scheme for Data Sharing

A Blockchain-Based Anonymous Attribute-Based Searchable Encryption Scheme for Data Sharing