Optimized Space-Filling Curve-Driven Forward-Secure Range Query on Location-Related Data for Unmanned Aerial Vehicle Networks

Abstract

Unmanned aerial vehicle networks (UAVNs) are widely used to collect various location-related data, with applications ranging from military reconnaissance to the low-altitude economy. Data security and privacy are critical concerns when outsourcing location-related data to a public cloud. To alleviate these concerns, location-related data are encrypted before outsourcing to the public cloud. However, encryption decreases the operability of the outsourced encrypted data; thus, unmanned aerial vehicles cannot operate on the encrypted data directly. Among operations on encrypted location-related data, the forward-secure range query is one of the most fundamental operations. In this paper, we present a forward-secure range query based on spatial division to achieve a highly efficient range query on encrypted location-related data while preserving both data security and privacy. Specifically, various space-filling curves were experimentally investigated for both the range query and the k-nearest-neighbor query. Then, a forward-secure range query (namely, OSFC-FSQ) was constructed on an encrypted dual dictionary. The proposed scheme was evaluated on real-world datasets, and the results show that it outperforms state-of-the-art schemes in terms of accuracy and query time in the cloud.

1. Introduction

Unmanned aerial vehicle networks (UAVNs) [1] are widely used to collect various location-related data, with applications ranging from military reconnaissance to the low-altitude economy. UAVNs are composed of numerous unmanned aerial vehicles (UAVs) that are capable of completing crowdsourcing tasks, such as data collection, fire risk inspection, and so on. The above tasks inevitably use query operations on location-related data, which are usually outsourced to a public cloud to reduce the costs of infrastructure investments and maintenance. Among these query operations, the range query is a typical operation that retrieves all data points within a given range to monitor the statuses of UAVs, plan flight paths, and mine hotspot tasks, among other tasks.

However, malicious attacks on public clouds can occur at any time, posing significant challenges to privacy and security [2,3]. Recently, by integrating non-orthogonal multiple access and autonomous aerial vehicles, He et al. [4] proposed an innovative approach to enhance both communication efficiency and data security in vehicle platooning scenarios within the IoV. The focus on maximizing secure rates and incorporating robust optimization techniques underscores their commitment to addressing critical data security challenges in modern vehicular networks. Karmakar et al. [5] introduced IntSHU, which is a significant advancement in the management of handovers in UAV-enabled 5G networks, with a strong emphasis on data security. Through the integration of dynamic parameter adjustment, PUF-based encryption, and blockchain technology, IntSHU not only improves the reliability of handovers but also fortifies the network against potential security threats. However, the above solutions are not sufficient to resolve data security problems in UAVNs. In particular, this outsourcing model for location-based data query services poses the risk of leaking users’ private data. By integrating users’ query records with datasets containing location information, the cloud can infer sensitive private information, such as users’ preferences, occupations, addresses, and even health conditions. In the spring of 2024, several Snowflake customers experienced data breaches as cybercriminals claimed to have obtained datasets from prominent clients, including TicketMaster, LendingTree, Neiman Marcus, and Santander (https://www.breaches.cloud/incidents/snowflake/, accessed on 7 May 2025).

In UAVNs, location-related data consist of sensitive information for both UAVs and consumers, and they are also subject to the same privacy leakage risks as discussed above. Due to their sensitive nature, these data cannot be directly outsourced to a public cloud. Before outsourcing, it is advisable to encrypt these data using a pre-defined security policy to protect the security and privacy of the data [6]. However, encryption breaks the semantics of location-related data, and thus, UAVs cannot operate on the encrypted data directly. To address this issue, researchers have proposed a series of searchable encryption schemes to support secure query operations in the cloud [7]. Searchable encryption schemes pre-construct a secure index for the original dataset and upload it to the cloud together with the encrypted dataset. The cloud can quickly locate the query results based on the secure index, thereby reducing the computational complexity to an acceptable level.

Among searchable encryption schemes, there exist several models [8,9] that focus on resolving range queries on encrypted location-related data. Most of them employ various space-filling curves to build secure indices for fast and secure data pruning. The main objectives of these schemes are to design a secure index structure. However, there are various kinds of space-filling curves [10] (row-wise curve, z-order curve, Gray curve, Hilbert curve, etc.), and their performance on range queries has not been well investigated. The selection of space-filling curves directly affects the query performance of a searchable encryption scheme. Additionally, most existing secure range query schemes cannot resist file-injection attacks and, thus, are not forward-secure. Forward security is a critical security property for secure range query schemes. It ensures that the security of the current key cannot be compromised even if previous keys are leaked. However, it is still challenging to design a forward-secure range query scheme for UAVNs.

In this paper, we propose a forward-secure query scheme—namely, OSFC-FSQ—for spatial data (i.e., location-related data, as mentioned above) that balances security, query efficiency, and result accuracy. We first constructed an index for spatial data in plaintext form using space-filling curves. Through extensive experimental analysis, we identified the optimal curve for range queries and k-nearest-neighbor (kNN) queries, as illustrated in Figure 1, two commonly used query types. By partitioning the original points using the optimal curve, we built a secure index that enables forward-secure queries over spatial data.

The main contributions of this study are as follows:

• The performance of four classic space-filling curves, namely, row-wise, Z-order, Gray, and Hilbert curves, is investigated. We constructed spatial indices on plaintext datasets using encoding algorithms specifically designed for each curve. Subsequently, we conducted query experiments on real-world geographic information datasets, focusing on two classic query types, range queries and kNN queries. Finally, by leveraging the unique properties of each space-filling curve, we performed both theoretical and experimental analyses to identify the optimal curves for different query scenarios.
• A forward-secure range query scheme is presented. We first partition the original dataset into subsets using the corresponding optimal curves. We then apply a greedy merging algorithm and a dummy-point insertion algorithm to balance the number of data points within each subset, resulting in greedy subsets. Each greedy subset is encrypted with a distinct key, and a key mapping table is generated accordingly. We construct a secure index based on these encrypted subsets and upload it to the cloud server along with the ciphertext dataset. Finally, a concrete forward-secure range query scheme is proposed.
• We implemented the proposed scheme and conducted extensive experiments on both real-world and synthetic datasets containing 100 million to 1 billion objects. The experimental results demonstrate that our scheme significantly outperforms existing schemes in terms of query time and accuracy. In particular, the accuracy of our scheme is improved by 20% to 30%, and the query time is reduced by 8% to 15% compared to the state-of-the-art schemes.

The rest of this paper is organized as follows. In Section 2, we review related works. In Section 3, we present the system overview, security model, and preliminaries. Then, the performance of various space-filling curves is investigated in Section 4. In Section 5, we describe the proposed OSFC-FSQ scheme in detail, followed by a theoretical analysis in Section 6. In Section 7, we evaluate the performance of OSFC-FSQ based on the results of extensive experiments. Finally, we conclude this paper in Section 8.

2. Related Works

In the domain of secure queries on spatial data, there are three primary approaches to achieving secure queries: query methods based on complex cryptographic techniques, query methods based on anonymity, and query methods based on secure indices.

Semantically secure solutions. Among these, most methods based on complex cryptographic techniques adopt traditional security models, such as IND-CPA, and customized semantic security. For instance, in 2007, Boneh et al. [11] proposed a complex cryptographic query scheme based on bilinear pairings, which is applicable to both relational and spatial databases. In 2015, Gay et al. [12] introduced a secure query scheme based on homomorphic encryption. In 2018, Yang et al. [13] proposed a secure query scheme that incorporates predicate encryption, while these methods ensure the confidentiality of spatial data, they do not address long-term storage and retrieval security in the context of frequent data updates in the big data era.

Anonymous solutions. The anonymity-based query approach leverages k-anonymity techniques [14], adding k − 1 random noises to the queries to confuse potential attackers, thereby limiting the probability that an attacker can identify the query point to no more than 1/k. Subsequent improvements to anonymity-based secure query methods have been proposed. However, to date, none have guaranteed forward security, and the addition of random noise increases bandwidth consumption.

Solutions for secure range queries. In 2007, Khoshgozaran et al. [8] proposed a query scheme that constructs a secure index structure based on linear ordering, addressing both nearest-neighbor and range queries over encrypted spatial data. Subsequently, researchers improved upon traditional R-tree structures to develop novel tree-based secure index structures. For instance, in 2009, Yiu et al. [15] introduced a secure index leveraging symmetric encryption. Then, in 2016, Demertzis et al. [16] proposed a secure index utilizing the Paillier homomorphic encryption method. Following that, in 2019, Cui et al. [17] presented a secure index structure based on bilinear pairings. These tree-based secure index structures ensure the security of indices, data, and queries during the secure query process. However, similar to the aforementioned methods based on complex cryptographic and anonymity techniques, they adopt traditional security models, resulting in multiple rounds of interaction between the client and the server, which leads to high communication overhead and low computational efficiency. In 2022, Peng et al. [9] proposed the forward-secure range query scheme LS-RQ, which uses locality-sensitive hashing (LSH) to map two-dimensional spatial data to one dimension before constructing a secure index. This scheme achieves single-round interaction between the user and the cloud server in a cloud-based service model, reducing communication overhead. Moreover, it is one of the few spatial query schemes that provide forward security.

To summarize, existing solutions predominantly concentrate on enhancing efficiency, bolstering security, or attaining forward security. Regrettably, they overlook the pivotal role that the selection of space-filling curves plays in shaping the performance of query schemes. The choice of space-filling curves is of paramount significance to the efficiency of query schemes, as it has a direct bearing on the construction of secure indices and the query process itself. Unfortunately, current schemes fail to offer a comprehensive analysis of various space-filling curves, which may result in suboptimal performance in terms of query efficiency and accuracy. Against this backdrop, designing a query scheme that concurrently satisfies requirements for efficiency, accuracy, and forward security by leveraging an optimized space-filling curve emerges as not only a highly promising research direction but also an urgent issue that demands immediate attention in the domain of secure queries.

3. System Overview and Preliminaries

In this section, we describe the system overview, security model, and preliminaries in detail.

3.1. System Overview

There are three entities in OSFC-FSQ, as illustrated in Figure 2.

• The data owner is assumed to be fully honest and trustworthy and will not perform any malicious operations on users’ spatial data, such as privately replacing data, altering outputs, or selling data. The data owner is responsible for managing the security parameters and the related keys generated based on these parameters. The data owner also handles all tasks required to preprocess the original dataset, including partitioning data subsets, encrypting original data points, and constructing secure indices. After completing preprocessing, the encrypted dataset and the secure index are uploaded to the cloud server.
• The cloud is assumed to be semi-honest. This means that it follows the protocol and does not perform malicious attacks on the data, such as modifying the data or altering the results of inputs and outputs. However, it remains highly curious about the data it stores, for example, by recording intermediate results and inferring additional information based on them. After the data owner completes data preprocessing, the cloud server receives and stores the uploaded encrypted dataset and secure index. During the query process, the cloud server retrieves the ciphertext labels of the candidate structure set by matching the received query token with the secure index. Finally, it completes the query based on the ciphertext and returns the candidate result set to the user.
• The user initiates a query request by specifying the query range and generating a query token locally using the security parameters. The query token is then sent to the cloud. Upon receiving the encrypted candidate result set from the cloud, the user decrypts it and performs a secondary fine-grained query to obtain the final query result set.

The secure range query, as shown in Figure 1a, can be achieved by instantiating an OSFC-FSQ scheme. First, the user generates a query token $\tau$ based on the specified query range $(q_1,q_2)$ and sends $\tau$ to the cloud. The cloud server then matches the query token with the secure index to retrieve the encrypted candidates that fall within $(q_1,q_2)$ with a high probability. These encrypted candidates are returned to the user. Finally, the user decrypts the encrypted candidate set and performs a linear scan on it to obtain the final query result.

3.2. Security Model

To conduct a security evaluation of a security model, it is first necessary to define a leakage function, and the standard security definition follows the ideal or real simulation paradigm [18,19]. The core of this standard security definition is that an attacker cannot obtain any information beyond what is provided by the leakage function itself and what can be inferred from it. Moreover, through this security definition, the information that an attacker might obtain can be distilled into a describable algorithm.

Corresponding to the framework introduced in Section 3.1, the leakage function in this paper is defined in Equation (1). Specifically, ${\mathcal{L}}_S,{\mathcal{L}}_Q,{\mathcal{L}}_A,{\mathcal{L}}_D,{\mathcal{L}}_U$ correspond to the leakage functions for initialization, query, addition, deletion, and update, respectively. The compound leakage function is defined as follows:

$$\mathcal{L}=({\mathcal{L}}_S,{\mathcal{L}}_Q,{\mathcal{L}}_A,{\mathcal{L}}_D,{\mathcal{L}}_U).$$

(1)

Definition 1

($\mathcal{L}$-forward-adaptive security for OSFC-FSQ). An OSFC-FSQ scheme is $\mathcal{L}$ -forward-adaptive secure if, for any probabilistic polynomial-time adversary $\mathcal{A}$, there exists an efficient simulator $\mathcal{S}$ and a leakage function $\overline{\mathcal{L}}$ such that the following equations hold:

$$\left\{\begin{array}{c}|\mathsf{Pr}[{\mathsf{Game}}_{\mathcal{R}}=1]-\mathsf{Pr}[{\mathsf{Game}}_{\mathcal{S}}=1]|\le \mathsf{negl}\left(\lambda \right),\hfill \\ {\mathcal{L}}_I\left({\left\{(I{D}_i,{\mathit{p}}_i)\right\}}_{i=1}^n\right)=\overline{\mathcal{L}}\left({\left\{I{D}_i\right\}}_{i=1}^n\right).\hfill \end{array}\right.$$

(2)

Here, ${\mathsf{Game}}_{\mathcal{R}}$ denotes the real game, ${\mathsf{Game}}_{\mathcal{S}}$ denotes the ideal game, and $\mathsf{negl}\left(\lambda \right)$ denotes a negligible function. ${\left\{(I{D}_i,{\mathit{p}}_i)\right\}}_{i=1}^n$ denotes the inserted dataset, and ${\left\{I{D}_i\right\}}_{i=1}^n$ denotes the corresponding IDs of the inserted data.

3.3. Preliminaries

In this section, we introduce the basic concepts and definitions used in OSFC-FSQ.

3.3.1. Inverted and Forward Indices

Both inverted and forward indices are data structures designed for file data retrieval. The construction of the secure index in this study draws on the principles of their indexing methods.

Specifically, the data structure of an inverted index is based on keywords, where each keyword corresponds to a set of file labels that represent the files containing the keyword. The collection of such “keyword–file label” pairs constitutes an inverted index, also commonly referred to as a reverse index (as shown in Figure 3a). In contrast, a forward index is based on files, with each file corresponding to all the keywords it contains. The collection of “file label–keyword” pairs forms a forward index, also known as a direct index (as shown in Figure 3b).

For large-scale file collections, when users need to retrieve files containing a specific keyword, an inverted index can be employed to efficiently map the keyword to its corresponding file labels, thereby directly locating the relevant files. This approach significantly reduces the computational overhead associated with linearly scanning all files in the collection, as would be required in a brute-force search. However, when the retrieval requirement shifts to finding keywords within files, especially in scenarios involving the addition or deletion of files, the inverted index becomes less efficient. In such cases, locating all keywords associated with a file in the inverted index and updating the corresponding file labels can involve high computational complexity, rendering the inverted index unsuitable. In contrast, a forward index allows the direct retrieval of all keywords contained in a file based on its file label. Adding or deleting a file simply involves creating or removing an index block, respectively.

3.3.2. Pseudo-Random Function

A pseudo-random function (PRF) [20] is a deterministic function that behaves like a random function. Specifically, a PRF is a function $F:{\{0,1\}}^{\lambda }\times {\{0,1\}}^{\lambda }\to {\{0,1\}}^{\lambda }$ that satisfies the following two properties:

• Efficiency: For any input $x\in {\{0,1\}}^{\lambda }$, the function $F(x,·)$ can be computed in polynomial time.
• Pseudo-randomness: For any probabilistic polynomial-time adversary $\mathcal{A}$, the probability that $\mathcal{A}$ can distinguish between F and a truly random function is negligible.

3.3.3. Proxy Re-Encryption

Proxy re-encryption (PRE) [21] is a cryptographic primitive that allows a semi-trusted proxy to transform ciphertext encrypted with one key into ciphertext encrypted with another key. Specifically, a PRE scheme consists of three pivotal algorithms: $\mathsf{KeyGen}$, $\mathsf{ReKeyGen}$, and $\mathsf{ReEnc}$. The $\mathsf{KeyGen}$ algorithm generates a public key and a secret key for the data owner. The $\mathsf{ReKeyGen}$ algorithm generates a re-encryption key for the proxy. The inputs of the $\mathsf{ReEnc}$ algorithm are a ciphertext encrypted with the data owner’s public key and the re-encryption key generated by the proxy, and the output is a new ciphertext encrypted with the proxy’s public key.

A PRE scheme must have the following security properties:

• Correctness: For any ciphertext c encrypted with the data owner’s public key $pk$, if the proxy generates a re-encryption key $rk$, then the ciphertext $c$ obtained by re-encrypting c using $rk$ must be decryptable using the data owner’s secret key $sk$.
• Security: For any probabilistic polynomial-time adversary $\mathcal{A}$, the probability that $\mathcal{A}$ can distinguish between a ciphertext c encrypted with the data owner’s public key $pk$ and a ciphertext $c$ obtained by re-encrypting c using $rk$ generated by the proxy is negligible.

4. Analyses of Space-Filling Curves for Spatial Data

In this section, a spatial data query framework is first introduced based on indexing using space-filling curves, and the characteristics of these curves are analyzed. Subsequently, encoding algorithms are designed for each type of curve to generate uniformly structured codes for spatial data points according to the specific encoding rules of different curves. Spatial indices are then constructed for plaintext data points based on the obtained codes. Extensive experiments were conducted in range query and k-nearest-neighbor query scenarios. The analysis combines the characteristics of the curves with experimental results to derive conclusions on the optimal curves suitable for different scenarios.

4.1. Spatial Query Framework

The spatial query framework based on space-partitioning indexing is illustrated in Figure 4. The whole process can be divided into the following steps:

• Data partitioning: The space containing the original spatial data is divided into grids, thereby partitioning the original data into subsets corresponding to each grid. When constructing indices using space-filling curves, each grid is traversed non-repetitively according to the rules of the specific curve, and a unique, incrementally assigned identifier is allocated to each traversed grid. This process reduces unordered two-dimensional or higher-dimensional spatial data from a multidimensional space to a one-dimensional space, resulting in a linear sequence.
• Filtering: The input query conditions (query point or query range) are processed to obtain a query identifier using the same rules as those for the original data points. The corresponding number of candidate sets is returned based on the specific query conditions.
• Refining: An exact query is conducted within the candidate set obtained in step (2), significantly reducing the number of query points and thereby shortening the query time.

The space-filling curves investigated in this paper include the row-wise curve, Z-order curve, Gray curve, and Hilbert curve, as illustrated in Figure 5, which are typical curves adopted in various studies. Tao et al. [22] proposed the LSB-Forest index structure, which incorporates space-filling curves into the LSH index. Their focus was on using the Z-order curve to adaptively expand the search radius during nearest-neighbor queries. Liu et al. [23] introduced SK-LSH, aiming to improve I/O efficiency by reordering data points reduced by LSH using row-wise curve and Hilbert curve techniques, respectively, thereby reducing disk access during queries. Gustavo Niemeyer’s GeoHash algorithm encodes geographic data by independently encoding latitude and longitude coordinates and merging them in the traversal order of the Z-order curve [24]. The Google S2 [25] library maps spherical coordinates to a plane, divides the plane into grids according to specific rules, and uses Hilbert curve techniques to assign one-dimensional encodings to each grid, simplifying subsequent spatial indexing. However, to date, no studies or experiments have explicitly compared the performance of different space-filling curves in terms of query efficiency and accuracy when constructing indices for two-dimensional spatial data.

4.2. Encoding Algorithms for Space-Filling Curves

Different space-filling curves traverse the divided grids according to their own rules and incrementally assign a unique number to each grid. This number serves as the dimensionality reduction result for the two-dimensional data points within the grid. Consequently, it is necessary to design encoding algorithms for spatial data tailored to each type of curve, enabling each spatial data point to obtain uniformly formatted encodings from different curves.

Here, we employ binary encoding for spatial data and introduce a parameter, length, to represent the encoding length, that is, the number of bits in the binary code. Correspondingly, the number of grids is $2^{length}$. For example, when an original data space is divided into 2 × 2 grids, the encoding length is set to length = 2, and the encodings for the four grids are sequentially 00, 01, 10, and 11. For different space-filling curves, the total number of bits and the format of the encoding for each data point remain the same. However, the encoding order for data points at the same position varies according to the traversal rules of different curves. The following sections sequentially describe the process of obtaining curve-specific encodings for spatial data with row-wise, Z-order, Gray, and Hilbert curves.

Encoding algorithm for the row-wise curve: Assume that the coordinates of a grid are $(x,y)$, and the total number of grids along the Y-axis is I. The grid index $S_{rw}$ can be calculated using $S_{rw}=x+y\times I$. However, the coordinate values of data points along both the X- and Y-axes have been normalized to the interval $[0,1]$ during deployment. Therefore, the coordinate values of the data points must be separately processed to obtain the desired encoding. The specific procedure is detailed in Algorithm 1.

Algorithm 1 Encoding algorithm $\mathsf{GETRowwiseCode}(O_i(x,y),length)$ for row-wise curve

1: $width\leftarrow {\displaystyle \frac{length}{2}}$; 2: $I\leftarrow 2^{width}$; 3: $x\prime \leftarrow \lfloor x\times width\rfloor$, $y\prime \leftarrow \lfloor y\times width\rfloor$; 4: $S_{rw}^{\prime }\leftarrow x\prime +y\prime \times I$; 5: $S_{rw}\leftarrow \mathsf{Binary}\left(S_{rw}^{\prime }\right)$; 6: return $S_{rw}$;

Encoding algorithm for the Z-order curve: The process of encoding using the Z-order curve is recursive in nature. Essentially, it involves encoding each dimension separately and then concatenating the encodings of the two dimensions in the order of the x-coordinate followed by the y-coordinate to obtain the final encoding. The specific procedure is detailed in Algorithm 2.

Algorithm 2 Encoding algorithm $\mathsf{GETZOrderCode}(O_i(x,y),length)$ for Z-order curve

1: $width\leftarrow {\displaystyle \frac{length}{2}}$, $I\leftarrow 2^{width}$; 2: $s_x\leftarrow \mathsf{GETSingleCode}(x,width)$; //$\mathsf{GETSingleCode}$ is defined in Algorithm 3; 3: $s_y\leftarrow \mathsf{GETSingleCode}(y,width)$; 4: $s_z\leftarrow \mathsf{MERGE}(s_x,s_y)$; 5: return $S_z$;

Algorithm 3 Encoding algorithm $\mathsf{GETSingleCode}(x,width)$

1: $min\leftarrow 0$, $max\leftarrow 1$; 2: $s\leftarrow null$; 3: for $i\leftarrow 0$ to $width-1$ do 4:     $mid\leftarrow (min+max)/2.0$; 5:     if $x>mid$ then 6:         $s.\mathsf{APPEND}\left(1\right)$; 7:         $min\leftarrow mid$; 8:     else 9:         $s.\mathsf{APPEND}\left(0\right)$; 10:         $min\leftarrow mid$; 11:     end if 12: end for 13: returns;

Encoding algorithm for Gray curve: The filling process of the Gray space-filling curve can be regarded as the generation process of Gray codes. An n-bit Gray code $S_g^n$ can be constructed by appending a single “0” or “1” to an (n-1)-bit Gray code $S_g^{n-1}$; the detailed principle behind this construction is not provided in this section. A Gray code of length $length$ can be obtained using the following equation:

$$S_g^n=\left\{\begin{array}{cc}{S}_g^{n-1}+0\mathrm{or}1\hfill & \mathrm{if}n>1\hfill \\ 0\mathrm{or}1\hfill & \mathrm{if}n=1\hfill \end{array}\right.$$

(3)

Encoding algorithm for Hilbert curve: The Hilbert curve is a continuous yet nowhere differentiable curve that can fill an entire space regardless of how finely the space is divided into grids. Moreover, as the encoding length increases, that is, as the number of grids in the space grows, the positions of data points along the curve become increasingly stable. The encoding algorithm for the Hilbert curve is detailed in Algorithm 4.

Algorithm 4 Encoding algorithm $\mathsf{GETHilbertCode}(O_i(x,y),length)$ for Hilbert curve

1: Initialize $S_H\leftarrow 0$; 2: for $i=0$ to $length-1$ do 3:     $bit\_x\leftarrow (x\gg i)\&1$; 4:     $bit\_y\leftarrow (y\gg i)\&1$; 5:     $S_H\leftarrow S_H\ll 2$; 6:     $S_H\leftarrow S_H|(bit\_x\oplus bit\_y)$; 7:     if $bit\_y==1$ then 8:         $S_H\leftarrow S_H|(3-bit\_x)$; 9:     else 10:         $S_H\leftarrow S_H|bit\_x$; 11:     end if 12: end for 13: return $S_H$;

4.3. Experimental Analysis of Space-Filling Curves

Space-filling curves exhibit distinct characteristics based on their unique filling rules. When applied to the two classic querying methods (i.e., range queries and kNN queries), each curve’s performance varies due to these inherent differences. This section first provides a theoretical analysis of the curves’ performance for each querying method. Subsequently, comparative experiments on curve performance are presented, and the results are analyzed to identify the optimal curves for both query types. The performance evaluation metrics for different curves in spatial data querying primarily include query efficiency, search accuracy, etc.

To evaluate the trends in query accuracy and efficiency for range and kNN queries, increases in the length value from 2 to 16 in increments of 2 are illustrated in Figure 6. This corresponds to the number of grids increasing from 4 to 2¹⁶ in multiples of 4. The data shown are experimental results from the HK dataset, with fixed inputs of 100 range query intervals and 100 query points and a fixed k value of 10.

As shown in Figure 6a,c, the query accuracy gradually decreases with increasing length values until it stabilizes around a length value of 10. For range queries, the row-wise and Z-order curves maintain a query accuracy of 1 throughout, while the Gray and Hilbert curves exhibit a decreasing–stabilizing pattern. For kNN queries, the ratio value increases and gradually stabilizes as it moves away from 1, also following a decreasing–stabilizing trend in query accuracy. Figure 6b indicates that the query efficiency for range queries follows an increasing–stabilizing–decreasing trend as the length value increases. Figure 6d shows that the query efficiency for kNN queries increases and stabilizes with increasing length values, with significant changes observed as the length increases from 2 to 6. The subsequent segment is less visible in the figure due to the large timescale differences. However, in actual data, when the length value exceeds 12, the ART value also exhibits a slight upward trend.

In sum, for range queries, it is essential to ensure that data points within the same locality in a two-dimensional space have identical or similar encodings in a one-dimensional space. The row-wise curve performs optimally in this regard. For kNN queries, the encoding order in one dimension must preserve the spatial proximity of data points when mapped back to two dimensions. The Hilbert curve achieves the best performance in this context.

5. Construction of OSFC-FSQ

In this section, we describe the construction of OSFC-FSQ by detailing the secure index construction and query mechanism.

5.1. Secure Index Construction

In OSFC-FSQ, after the index construction, each data item is represented as a triplet $({\Delta }_i^{\left(I\right)},{\Delta }_i^{\left(ID\right)},{\mathrm{data}}_i)$. Here, ${\Delta }_i^{\left(ID\right)}$ and ${\mathrm{data}}_i$ represent the encrypted label and coordinate value of the data point, respectively. The coordinate value has practical significance, namely, the true geographical location information. ${\Delta }_i^{\left(I\right)}$ represents the encrypted label of the subset derived from the partitioning of the original dataset. The security parameter $\lambda$ provided by the user is applied to the hash function $H:{\{0,1\}}^{*}\times {\{0,1\}}^{\lambda }\to {\{0,1\}}^{\lambda }$, and the label encryption of the data point subset is completed according to the hash function ${\Delta }^{\left(I\right)}=H(I,sk)$.

As mentioned above, both queries and data updates are followed by immediate updates to the ciphertext dataset and the security index to ensure the forward security of the scheme. Since the encryption methods for index values and data point values differ, the security index of this scheme can withstand the aforementioned passive attacks. Moreover, the cloud server in this scheme is assumed to be semi-honest and will not launch active attacks on the stored data. Thus, the aforementioned active attack scenarios can be disregarded.

In the preprocessing phase of this scheme, each spatial coordinate point in the original dataset is encoded using an optimal space-filling curve. Data points with the same encoding are grouped into the same data subset, and this encoding serves as the label for the subset. However, spatial data inherently have non-uniform distributions, which can lead to uneven numbers of data points in the resulting subsets. This uneven distribution may partially reveal the underlying data distribution, allowing attackers to infer the overall dataset from the ciphertext and potentially obtain the plaintext. To address this issue, before constructing the secure index, we introduce the greedy merging algorithm and the dummy-point insertion algorithm to balance the number of data points in each curve-encoded subset.

Then, the security index is represented as $\phi \mathrm{Index}=\left\{({\Delta }_i^{\left(I\right)},{\Delta }_i^{\left(ID\right)},{\mathrm{data}}_i)\right\}$, which is stored in the form of a dictionary, where $e_i=({\Delta }_i^{\left(I\right)},{\Delta }_i^{\left(ID\right)},{\mathrm{data}}_i)$ denotes the triplet entry corresponding to each original data item. Kim et al. [26] designed a dual-dictionary data structure that incorporates both inverted and forward indices. The inverted index is used for fast data retrieval, while the forward index is employed for quickly locating data to be updated, primarily targeting document data.

After spatial data are partitioned into corresponding subsets using a space-filling curve, the subsets can be analogized to document data. The idea of inverted and forward indices can then be applied to construct the entire $\phi \mathrm{Index}$ dictionary. The label corresponding to each data subset acts as the identifier keyword in document data, while the data points within the subset correspond to the specific content within the document. Each triplet data item e has the following mappings: from ${\Delta }^{\left(ID\right)}$ to ${\Delta }^{\left(I\right)}$, indicating a one-to-one correspondence between a data point and its greedy subset, and from ${\Delta }^{\left(I\right)}$ to the set of data points $\left\{({\Delta }_i^{\left(I\right)},{\mathrm{data}}_i)\right\}$, representing the correspondence between a greedy subset label and all data points within that subset. All of these mappings constitute ${\mathsf{Dic}}_{\mathsf{I}}$.

In summary, the secure index $\phi \mathrm{Index}$ enables data queries by mapping from ${\Delta }^{\left(I\right)}$ to the set of data points $\left\{({\Delta }_i^{\left(I\right)},{\mathrm{data}}_i)\right\}$, returning the candidate subset as the preliminary query result. Data updates, including replacement, addition, and deletion, are performed by mapping from ${\Delta }^{\left(ID\right)}$ to ${\Delta }^{\left(I\right)}$. Specifically, the location of the greedy subset corresponding to the data point is first identified, and the update operation is then completed by the cloud server.

5.2. Query Mechanism

The query mechanism of OSFC-FSQ is divided into three stages: trapdoor generation, the query on the cloud, and the query on the user side.

Trapdoor generation: To complete a query (taking the range query as an example), the user must provide the query range and security parameters, while the data owner must supply two mapping tables. These elements are used to generate a secure query token $\tau$ and the key mapping table ${\mathsf{Dic}}_{\mathsf{key}}$ for the encrypted candidate set within the query range. The key mapping table is defined as ${\mathsf{Dic}}_{\mathsf{key}}=\{I_i,(<cp{k}_i,cs{k}_i>,<up{k}_i,us{k}_i>,<np{k}_i,ns{k}_i>)\}$ and is utilized for subsequent decryption. Here, $cp{k}_i$ is used to encrypt existing data, $up{k}_i$ is used to encrypt inserted data, and $np{k}_i$ is used to re-encrypt both of the aforementioned data types for forward security. The secure query token $\tau$ is then transmitted to the cloud to formally initiate the query request. Given a range query $(q_1,q_2)$, the trapdoor generation process is detailed in Algorithm 5.

Algorithm 5 Trapdoor generation algorithm $\mathsf{TrapdoorGen}(q_1,q_2,{\mathsf{Dic}}_{\mathsf{key}},{\mathsf{Dic}}_{\mathsf{I}})$

1: $Curv{e}_1\leftarrow \mathsf{GETRowwiseCode}(q_1,length)$; 2: $Curv{e}_2\leftarrow \mathsf{GETRowwiseCode}(q_2,length)$; 3: Calculate the minimum and maximum subset identifiers $I_1$ and $I_2$ with $Curv{e}_1$ and $Curv{e}_2$; 4: $\tau \leftarrow \varnothing$, ${\mathsf{Dic}}_{\mathsf{sk}}\leftarrow \varnothing$; 5: for each $I_i\in [I_1,I_2]$ do 6:     $\langle npk,nsk\rangle \leftarrow \mathsf{PRE}.\mathsf{KeyGen}\left(\right)$; 7:     $(\langle cpk,csk\rangle ,\langle upk,usk\rangle )\leftarrow {\mathsf{Dic}}_{\mathsf{sk}}\left(i\right)$; 8:     ${\Delta }_1\leftarrow H(i,csk)$, ${\Delta }_2\leftarrow H(i,usk)$, and $\Delta \prime \leftarrow H(i,nsk)$; 9:     $r{k}_{c\to n}\leftarrow \mathsf{PRE}.\mathsf{ReKeyGen}(csk,nsk)$ and $r{k}_{u\to n}\leftarrow \mathsf{PRE}.\mathsf{ReKeyGen}(csk,usk)$; 10:     Add $\{{\Delta }_1,{\Delta }_2,\Delta ,r{k}_{c\to n},r{k}_{u\to n}\}$ into $\tau$; 11:     Add $\{{\Delta }_1,csk\}$ into ${\mathsf{Dic}}_{\mathsf{sk}}$; 12:     Add $\{{\Delta }_2,usk\}$ into ${\mathsf{Dic}}_{\mathsf{sk}}$; 13:     $\langle np{k}^{\prime },nsk\prime \rangle \leftarrow \mathsf{PRE}.\mathsf{KeyGen}\left(\right)$; 14:     ${\mathsf{Dic}}_{\mathsf{key}}.\mathsf{Update}(i,(\langle npk,nsk\rangle ,\langle np{k}^{\prime },nsk\prime \rangle ,\varnothing ))$; 15: end for 16: return $\tau$ and ${\mathsf{Dic}}_{\mathsf{sk}}$;

Query on the cloud: The cloud server receives the secure query token $\tau$ and performs a search on $\phi \mathrm{Index}$ based on the greedy subset information contained within $\tau$. It identifies the ciphertext labels of each greedy subset and retrieves all data points within these subsets as the initial query candidate set. The mapping between the greedy subset labels and the candidate subsets is recorded in the mapping table ${\mathsf{Dic}}_{\mathsf{Can}}$. During this process, the cloud server also considers the inserted dataset, where ${\left\{({\Delta }^{\left(ID\right)},\mathrm{data})\right\}}_1$ represents the original dataset and ${\left\{({\Delta }^{\left(ID\right)},\mathrm{data})\right\}}_2$ represents the inserted dataset. To ensure the forward security of the query process, the cloud server uses the re-encryption keys contained in the query token $\tau$ to re-encrypt the data points within each subset without decryption. The labels of the greedy subsets are updated from ${\Delta }^{\left(i\right)}$ to ${\Delta }^{{\left(i\right)}^{\prime }}$. The re-encrypted ciphertext dataset and the updated greedy subset labels are then merged into the corresponding encrypted dataset and secure index $\phi \mathsf{Index}$. Finally, the candidate set ${\mathsf{Dic}}_{\mathsf{Can}}$ and its corresponding greedy subset labels are returned to the client. The query process in the cloud is detailed in Algorithm 6.

Algorithm 6 Query algorithm $\mathsf{QueryOnCloud}(\tau ,\phi \mathsf{Index})$ in the cloud

1: ${\mathsf{Dic}}_{\mathsf{Can}}\leftarrow \varnothing$; 2: for each $<{\Delta }_1,{\Delta }_2,\Delta ,r{k}_{c\to n},r{k}_{u\to n}>\in \tau$ do 3:     $Can\leftarrow \varnothing$; 4:     ${\left\{({\Delta }^{\left(ID\right)},data)\right\}}_1\leftarrow \phi \mathsf{Index}.\mathsf{Get}\left({\Delta }_1\right)$; 5:     ${\left\{({\Delta }^{\left(ID\right)},data)\right\}}_2\leftarrow \phi \mathsf{Index}.\mathsf{Get}\left({\Delta }_2\right)$; 6:     for each $({\Delta }^{\left(ID\right)},data)\in {\left\{({\Delta }^{\left(ID\right)},data)\right\}}_1$ do 7:         Add $({\Delta }^{\left(ID\right)},data)$ into $Can$; 8:         $data\prime \leftarrow \mathsf{PRE}.\mathsf{ReEnc}(r{k}_{c\to n},data)$; 9:         $\phi \mathsf{Index}.\mathsf{Update}({\Delta }^{\left(ID\right)},data\prime )$; 10:     end for 11:     ${\mathsf{Dic}}_{\mathsf{Can}}.Insert({\Delta }_1,Can)$, $Can\leftarrow \varnothing$; 12:     $({\Delta }^{\left(B\right)},\left\{({\Delta }^{\left(ID\right)},data)\right\})\leftarrow (\Delta \prime ,\left\{({\Delta }^{\left(ID\right)},data)\right\})$; 13:     for each $({\Delta }^{\left(ID\right)},data)\in {\left\{({\Delta }^{\left(ID\right)},data)\right\}}_2$ do 14:         Add $({\Delta }^{\left(ID\right)},data)$ into $Can$; 15:         $data\prime \leftarrow \mathsf{PRE}.\mathsf{ReEnc}(r{k}_{u\to n},data)$; 16:         $\phi \mathsf{Index}.{\mathsf{Dic}}_{\mathsf{I}}.\mathsf{Insert}({\Delta }^{\left(B\right)},data\prime )$; 17:     end for 18:     ${\mathsf{Dic}}_{\mathsf{Can}}.Insert({\Delta }_2,Can)$, $Can\leftarrow \varnothing$; 19: end for 20: return ${\mathsf{Dic}}_{\mathsf{Can}}$;

Query on the user side: The user first initializes the candidate result set $\mathsf{ResSet}$ and the final result set $\mathsf{Res}$ to be empty. Upon receiving the candidate set ${\mathsf{Dic}}_{\mathsf{Can}}$ from the cloud, the client retrieves the corresponding ciphertext subsets and decryption keys from ${\mathsf{Dic}}_{\mathsf{Can}}$ and ${\mathsf{Dic}}_{\mathsf{sk}}$ using the ciphertext greedy subset labels obtained from Algorithm 7. It then decrypts the returned encrypted candidate set and traverses the decrypted results to filter out false positives, thereby obtaining the candidate result set $\mathsf{ResSet}$. Finally, the client performs an exact query within the remaining plaintext candidate set $\mathsf{ResSet}$ based on the query range $(q_1,q_2)$ to obtain the final result Res. The query process on the user side is detailed in Algorithm 7.

Algorithm 7 Query algorithm $\mathsf{QueryAtUserSide}({\mathsf{Dic}}_{\mathsf{Can}},{\mathsf{Dic}}_{\mathsf{sk}},\phi \mathsf{Index},q_1,q_2)$ on the user side

1: $\mathsf{ResSet}\leftarrow \varnothing$, $\mathsf{Res}\leftarrow \varnothing$; 2: for each $(\Delta ,Can)\in {\mathsf{Dic}}_{\mathsf{Can}}$ do 3:     $sk\leftarrow {\mathsf{Dic}}_{\mathsf{sk}}.\mathsf{Get}(\Delta )$; 4:     for each $({\Delta }^{\left(ID\right)},data)\in Can$ do 5:         $p\leftarrow \mathsf{PRE}.\mathsf{Dec}(sk,data)$; 6:         If $ID>0$ then add p into $ResSet$; 7:     end for 8: end for 9: for each $p\in \mathsf{ResSet}$ do 10:     if $p\in (q_1,q_2)$ then 11:         Add p into $\mathsf{Res}$; 12:     end if 13: end for 14: return $\mathsf{Res}$;

6. Theoretical Analysis

In this section, OSFC-FSQ is theoretically analyzed from the perspectives of security and complexity.

6.1. Security Analysis

Forward-secure range queries represent a promising direction in dynamic searchable symmetric encryption. Like most dynamic symmetric searchable encryption schemes, the cloud server in the proposed OSFC-FSQ scheme is assumed to be semi-honest. With the secure query, the cloud server can return the corresponding results according to the established protocol without gaining any additional plaintext information. The following sections provide a security analysis of OSFC-FSQ from two aspects: access pattern leakage and $\mathcal{L}$-adaptive forward security.

Resistance to access pattern attack: In the field of searchable encryption, researchers have identified security vulnerabilities that allow attackers to reconstruct one-dimensional datasets by exploiting access patterns leaked during the query process. For instance, in the query scenarios discussed in this paper, the number of data points in the range query results [27,28] and the access patterns themselves [29,30] can be utilized. The implementation of the aforementioned attacks hinges on two conditions. The first is that elements within the dataset must exhibit a clear partial order, and the second is that the leakage of access patterns must be specific and accurate.

Firstly, datasets with explicit partial orders typically consist of elements with inherent keywords or one-dimensional numerical values (e.g., salary or age). This is because the mapping relationships constructed based on such data inherently contain keywords, and the partial order of one-dimensional numerical values is naturally defined. However, for the dataset containing spatial data (i.e., two-dimensional data) targeted in this study’s experiments, a clear partial order cannot be established between any pair of data points unless their coordinates are identical. Moreover, it is challenging to precisely define the relationship between two-dimensional geographic coordinates. Therefore, OSFC-FSQ does not satisfy the first condition.

Moreover, in many existing secure query mechanisms, the returned encrypted candidate sets are specific and accurate, containing no false positives or false negatives. That is, the leakage of their access patterns is entirely correlated with the true results, thus satisfying the second condition. In contrast, in the proposed OSFC-FSQ scheme, the preprocessing phase encodes all data points in the dataset using a space-filling curve and groups points with identical encodings into the same subset. During ciphertext-based retrieval in the cloud, the scheme returns all data points within the queried subset. As shown in Section 3.3.2, the results of plaintext retrieval using space-filling curves indicate a non-negligible proportion of false positives. Therefore, the access patterns available to the cloud server are neither specific nor accurate, and OSFC-FSQ does not meet the second condition.

In summary, OSFC-FSQ fails to meet either of the two critical conditions required for attacks based on access pattern leakage. Consequently, it can be demonstrated that OSFC-FSQ is resilient to access pattern attacks.

$\mathcal{L}$-adaptive forward security: The OSFC-FSQ scheme satisfies L-adaptive forward security, with the leakage function defined as follows:

$$\begin{array}{cc}\hfill \mathcal{L}& =({\mathcal{L}}_S,{\mathcal{L}}_Q,{\mathcal{L}}_A,{\mathcal{L}}_D,{\mathcal{L}}_U),\hfill \\ \hfill {\mathcal{L}}_S\left(\lambda \right)& =\varnothing ,\hfill \\ \hfill {\mathcal{L}}_Q\left(\mathbf{Q}\right)& =\left(sp\right(\mathbf{Q}),Hist(\mathbf{Q}\left)\right),\hfill \\ \hfill {\mathcal{L}}_A\left({\{I{D}_i,p_i\}}_{i=1}^n\right)& ={\left\{I{D}_i\right\}}_{i=1}^n,\hfill \\ \hfill {\mathcal{L}}_{D}ID& =\varnothing ,\hfill \\ \hfill {\mathcal{L}}_U(ID,p)& =\varnothing ,\hfill \end{array}$$

In the above expression, $\mathbf{Q}$ denotes the sequence of all issued queries, where each tuple in the sequence is of the form $(I{D}_i,q_i)$. Here, $ID$ is a temporal identifier, and q represents the query itself. The search pattern $sp\left(\mathbf{Q}\right)$ is represented as a two-dimensional matrix $sp\left(\mathbf{Q}\right)=\left[s{p}_{ij}\right]$, where $s{p}_{ij}=1$ if and only if $q_i=q_j\in \mathbf{Q}$. $Hist\left(\mathbf{Q}\right)$ denotes the list of historical access points, containing $\left|\mathbf{Q}\right|$ queries. From the aforementioned definitions, it is evident that ${\mathcal{L}}_S$, ${\mathcal{L}}_D$, and ${\mathcal{L}}_U$ do not leak any information, while ${\mathcal{L}}_Q$ leaks $sp\left(\mathbf{Q}\right)$ and $Hist\left(\mathbf{Q}\right)$, and ${\mathcal{L}}_A$ only leaks the ID set of the added dataset.

Moreover, during the query period of OSFC-FSQ, all transmitted data are encrypted using proxy re-encryption algorithms, ensuring the confidentiality of both data and queries. In OSFC-FSQ, the leakage during the addition phase is merely the ID set of the newly added points, and the ciphertext dataset is promptly updated after data addition, followed by re-encryption using the re-encryption keys. This ensures the forward security of the scheme. Therefore, OSFC-FSQ satisfies the two necessary conditions for $\mathcal{L}$-adaptive forward security.

In summary, OSFC-FSQ is L-adaptive forward-secure and resilient to attacks based on access pattern leakage.

6.2. Complexity Analysis

To facilitate the quantitative analysis of time and space overheads in the subsequent sections, we define the following key parameters and their corresponding variables for OSFC-FSQ. We define the following parameters for OSFC-FSQ: n as the size of the original dataset, $n$ as the size of the added dataset, $length$ as the encoding length of the space-filling curve determining grid granularity and data subset size, $Su{b}_n$ as the size of data subsets after preprocessing, c as the number of greedy subsets within the query range $(q_1,q_2)$, $\lambda$ as the security parameter determining bit lengths for the hash function H and label encryption, $t_h$ as the time for a single hash function H, $t_u$ as the time for a single update operation on the secure index, $t_c$ as the time for a single deduplication operation, $t_e$ as the time for a single encryption operation, $t_d$ as the time for a single decryption operation, $t_r$ as the time for a single re-encryption operation, $t_k$ as the time to generate a key pair, $t_{rk}$ as the time to generate a re-encryption key, and $t_{\pi }$ as the time for a single pseudo-random permutation.

Time complexity for the data owner: During the process, the primary time-consuming operations involve regenerating the greedy subset labels for the user-submitted query range and generating re-encryption keys, with a time overhead of $3c{t}_h+2c{t}_{rk}$. In the data addition process, the data owner is responsible for preprocessing the added data, incurring a time overhead of $c{t}_h+n\prime (t_h+t_{\pi })$. The time overhead for the data update and deletion operations is $2t_h+2t_e+t_{\pi }$.

Storage complexity for the data owner: The data owner manages two mapping tables: ${\mathsf{Dic}}_{\mathsf{I}}$ for mapping curve-based subset labels to greedy subset labels, and ${\mathsf{Dic}}_{\mathsf{key}}$ for mapping greedy subset labels to their key pairs. These tables are stored in the form of $(Curve,I)$ and $(I,\langle cpk,csk\rangle ,\langle upk,usk\rangle ,\langle npk,nsk\rangle )$, respectively. The storage space overhead for the data owner is $7\lambda c+2^{(l+1)}\lambda$ bits.

Time complexity for the cloud: During a single query process in the cloud, the most time-consuming operation is the update of the secure index, with a time overhead of ${\displaystyle \frac{10·n·t_u}{c}}$. For data addition, update, and deletion operations, the time overhead in the cloud is $t_u$.

Storage complexity for the cloud: The cloud server is responsible for storing the secure index $\phi \mathsf{Index}$ and the encrypted dataset. These are stored in the forms $({\Delta }^{\left(I\right)},{\Delta }^{\left(ID\right)},data)$ and $({\Delta }^{\left(ID\right)},data)$, respectively. Ignoring the number of dummy points, the storage space overhead in the cloud server is $5\lambda n$ bits.

Time complexity for the user: During the fine-grained query process, the primary time overhead for the user involves decrypting and filtering the returned candidate set, with a time cost of $c·Su{b}_n·t_d+c{t}_c$.

7. Experimental Evaluation

In this section, OSFC-FSQ is validated and analyzed based on the results of simulation experiments. We first introduce and explain the experimental settings, including the experimental environment, datasets used, and performance evaluation metrics. Subsequently, multiple experiments are designed to analyze the impact of key parameters on the query performance, the accuracy of query results, and the efficiency of the query process based on the experimental outcomes.

7.1. Compared Schemes

To evaluate the performance of OSFC-FSQ, we compare it with two existing schemes: CRT [31], SKD, and LS-RQ [9]. In the CRT scheme, the dataset is organized using an R-tree, in which all nodes are encrypted using a symmetric encryption algorithm, while recursively searching the R-tree, the cloud server sends the encrypted nodes to the client for decryption and determining the child nodes to be accessed. In this way, the client can obtain the query results without revealing the data to the cloud server. SKD is a novel range query scheme that encrypts nodes in a KD-tree using comparable encryption (CE) [32]. This encryption scheme is highly efficient and allows for direct comparisons between ciphertexts. Both CRT and SKD are used as reference schemes to demonstrate the superiority of $\phi \mathtt{Dic}$ over popular index structures such as R-tree and KD-tree. The LS-RQ scheme is a recent approach that utilizes a Z-order curve to construct a secure index for range queries. The comparison of OSFC-FSQ with CRT, SKD, and LS-RQ allows us to highlight its advantages in terms of both query efficiency and security.

7.2. Experimental Settings

All experiments in this section were conducted on a platform equipped with an CPU at 2.20 GHz and 256 GB of memory and running Ubuntu 16.04. In the experimental studies, the PRE described in [33] was adopted. SHA1 was adopted as the hash function with the security parameter $\lambda =160$. To comprehensively evaluate the performance of the proposed scheme, four datasets were employed: two real-world geographic datasets and two synthetic datasets.

• The NE dataset contains 123,593 data points, each representing real location information in the northeastern United States.
• The HK dataset contains 1,384,420 data points, each representing real location information in the Hong Kong region.
• The UN dataset is a synthetic dataset with 1,000,000 data points uniformly distributed in a two-dimensional space.
• The GA dataset is also a synthetic dataset with 1,000,000 data points following a Gaussian distribution in a two-dimensional space.

The experimental results and corresponding analyses are presented in terms of result accuracy, query efficiency, and storage overhead. The accuracy of the query results is evaluated based on the ratio of the number of true positive data points to the total number of data points in the query result. The query efficiency is measured by the average response time (ART) of the query process, which is the time taken to complete a single query. The storage overhead is calculated based on the number of bits required to store the secure index and the encrypted dataset.

7.3. Effect of $Length$

The parameter $length$, representing the number of bits in the space-filling curve encoding for each data point, directly affects the granularity of grid partitioning and is a crucial factor influencing both the query accuracy and efficiency of OSFC-FSQ. As shown in the experimental results in Section 4.3, the impact of $length$ on query accuracy is minimal for range queries. However, due to the incorporation of the greedy merging algorithm and dummy-point insertion algorithm during secure index construction, the query process relies on returning candidate subsets based on greedy subsets. Therefore, this subsection re-evaluates the optimal $length$ value by considering its combined effects on query accuracy and efficiency.

Figure 6 illustrates the trends in query accuracy and efficiency for range queries as the $length$ value increases from 2 to 16 in increments of 2 (i.e., the number of grids increases from 4 to $2^{16}$ in multiples of 4). The figure includes results from the NE dataset with a fixed input of 100 range query intervals. All other datasets exhibit similar trends, with the results omitted for brevity.

In OSFC-FSQ, even though ciphertext queries in the cloud are based on greedy subsets, the row-wise curve maintains its superiority in query result accuracy during the ciphertext query process. This is because the index values for the query range, generated during query token creation, follow the curve encoding values corresponding to greedy subset encodings obtained from the mapping table ${\mathsf{Dic}}_{\mathsf{I}}$. As a result, the row-wise curve ensures an accuracy rate of 1 with all four datasets. Smaller $length$ values, which make the query process closer to a brute-force search, lead to a significant increase in the ART.

When the $length$ value reaches 10, the average response time of the client stabilizes. This is because, as the grid granularity becomes finer, the size of the candidate set returned by the query process also stabilizes. However, when the $length$ value exceeds 14, the ART begins to rise again. This is due to the increased number of greedy subsets in the returned candidate set as the grid granularity continues to decrease, which slows down the filtering and decryption processes, thereby reducing query efficiency.

In summary, for the subsequent experiments, length was fixed at $length=12$, as illustrated in

Table 1. Details of parameters.

Parameter	Meaning	Value
$length$	The number of bits in the space-filling curve encoding for each data point	12
$\lambda$	The security parameter	160 bits
$\left|pk\right|$	The size of public and private keys in PRE	256 bits

.

7.4. Preprocessing Performance

In OSFC-FSQ, the preprocessing step lays the foundation for the entire query process. During this step, the client generates the secure index and the ciphertext dataset, which are then uploaded to the cloud server. This enables the cloud server to perform ciphertext-based queries using the secure index and the secure query tokens submitted by the client. Specifically, the client’s preprocessing tasks include partitioning the curve encoding subsets, partitioning the greedy subsets, constructing the mapping table ${\mathsf{Dic}}_{\mathsf{I}}$ from curve encoding subsets to greedy subsets, constructing the mapping table ${\mathsf{Dic}}_{\mathsf{key}}$ from greedy subsets to key pairs, and executing a series of encryption operations. The encryption targets include the ID values of data points in the original dataset, the encoding values of greedy subsets, and the coordinate information of data points. This subsection provides details on preprocessing experiments, which were conducted on all four datasets. The experimental results show that, compared to the encryption process, the time required for other operations is negligible. Additionally, since the number of data points in the dataset is much larger than the number of greedy subsets, the encryption time for greedy subset encodings is also negligible. Therefore, the preprocessing time overhead is defined as the sum of the encryption times for data point IDs and data point coordinates. The experimental results are shown in Figure 7.

To ensure the forward security of the query scheme, the encryption method used in the preprocessing phase employs proxy re-encryption algorithms, thereby facilitating subsequent key update operations. Except for the NE dataset, which has a smaller data scale, the encryption time for data point IDs is on the order of seconds, while the encryption time for data point coordinates is on the order of minutes for the other three datasets. Although the preprocessing time overhead is significant due to the use of proxy re-encryption, it remains acceptable.

7.5. Storage Performance

The storage performance is summarized in

Table 2. Storage performance for all datasets.

Dataset	No. of Locations	No. of Fake Locations	No. of Encrypted Locations	Storage Overhead (GB)
NE	123,593	13,687	137,283	0.605
HK	1,384,420	208,084	1,592,504	7.018
GA	1,000,000	249,638	1,249,638	5.507
UN	1,000,000	642,496	1,642,496	7.239

for all datasets. The data indicate that the size of the ciphertext storage is positively correlated with the size of the original plaintext dataset. Specifically, the UN dataset, which is uniformly distributed in a two-dimensional space, has a more even distribution of data points within its space-filling curve encoding subsets compared to the other datasets. As a result, fewer subsets need to be merged by the greedy merging algorithm, leading to a higher number of greedy subsets requiring dummy points. This also reflects the spatial distance-preserving property of space-filling curves. The storage overhead in the fourth column of the table represents the sum of the storage costs for each ciphertext data point. The storage format of the ciphertext dataset is $({\Delta }^{\left(ID\right)},data)$, where the ciphertext label ${\Delta }^{\left(ID\right)}$ occupies 48 bytes, and the ciphertext coordinate information $data$ occupies 4684 bytes. These values can be used to calculate the storage overhead for the ciphertext dataset.

7.6. Query Performance and Comparison

This subsection compares the proposed scheme with the existing LS-RQ scheme [9] in terms of query result accuracy and query efficiency. To ensure a consistent hardware environment, the comparison scheme was locally re-implemented in this study. Specific experimental results and analyses are provided based on this implementation.

To ensure the stability of the test results, the following experiments employed a fixed set of 100 randomly generated query ranges without any specific constraints. For each of the five query range spans (1%, 2%, 3%, 4%, and 5%), 100 queries were conducted sequentially, and the final results were averaged.

Comparison of accuracy. Figure 8 presents a comprehensive comparison of query result accuracy between the OSFC-FSQ scheme and the other compared schemes. Our findings indicate that OSFC-FSQ consistently outperforms LS-RQ in terms of query precision, regardless of whether a fixed query range span is specified. This superior performance of OSFC-FSQ can be primarily attributed to the unique dimension-prioritized traversal property of the row-wise curve. This property ensures that the curve encoding values on the one-dimensional line order can fully cover all data points within the query range in rectangular queries. As a result, it introduces only a few false-positive objects and significantly enhances query accuracy. However, this approach is inherently limited by the characteristics of the space-filling curves used. Nevertheless, the precision of OSFC-FSQ is improved by 20% to 30% compared to other schemes. Our extensive experiments further validated the accuracy advantage of the row-wise curve over other space-filling curves, especially in range queries. The row-wise curve’s ability to cover all relevant data points without significant false positives leads to more precise query results. Additionally, the other two compared schemes (i.e., CRT and SKD) exhibit lower or nearly equal accuracy rates compared to OSFC-FSQ. This is primarily because both schemes utilize a tree-based index structure, which inherently limits their ability to accurately capture the spatial relationships between data objects. In summary, the OSFC-FSQ scheme, leveraging the row-wise curve, demonstrates a clear and substantial improvement in query result accuracy. This makes OSFC-FSQ a more effective solution for range queries compared to the LS- RQ scheme.

Comparison of query efficiency. We evaluated multiple schemes for query processing, including SKD, CRT, OSFC-FSQ, and LS-RQ. Among these, the SKD scheme achieves the highest query efficiency by utilizing symmetric cryptographic techniques. However, this approach comes at a significant cost: it fails to provide forward security, a critical requirement for ensuring the long-term confidentiality and integrity of data. The CRT scheme, on the other hand, involves multiple rounds of interaction between the client and the server. This multi-round interaction significantly increases the communication overhead and latency compared to single-round interaction schemes such as OSFC-FSQ and LS-RQ. As a result, CRT’s performance is notably inferior in terms of query efficiency and overall system responsiveness. Given these limitations, our detailed comparison is focused on the OSFC-FSQ and LS-RQ schemes in the following sections.

The average client response times for the four datasets are illustrated in Figure 9. As the query range span increases, the time overhead also rises. This is because a larger query range span results in a larger candidate set, thereby increasing the decryption overhead on the client side. For the smaller NE dataset, the response time is measured in seconds, while for larger datasets with broader query ranges, it is measured in minutes. Comparative experiments across the four datasets reveal that OSFC-FSQ incurs significantly lower client time overhead than LS-RQ, which is forward-secure. This is attributed to the use of the row-wise curve for data mapping during subset partitioning in our scheme, which, while ensuring high query result accuracy, also leads to a lower number of false positives in the candidate set. Additionally, both the CRT and SKD schemes exhibit lower client response times compared to OSFC-FSQ, primarily because both schemes are less secure than OSFC-FSQ and LS-RQ. The compromise of security in these schemes allows for faster query processing, but at the cost of data confidentiality. In contrast, OSFC-FSQ and LS-RQ prioritize security while maintaining reasonable query efficiency.

Furthermore, the time overhead for the cloud server using the four datasets is illustrated in Figure 10. Similar to the client-side time overhead, the query time for the cloud server increases with the query range span and is on the order of minutes in the hardware environment used in this study. The query times with the OSFC-FSQ and LS-RQ schemes for the cloud server are quite close, with the former showing a slight advantage. This is because the use of multiple LSH functions to reduce false positives in the LS-RQ scheme increases the ciphertext storage overhead and the ciphertext update overhead at the cloud server.

In summary, the scheme proposed in this paper demonstrates lower overheads for both the client and the cloud server. However, the client query overhead is significantly smaller than that for the cloud server. Specifically, our scheme achieves a 20% to 30% improvement in accuracy and an 8% to 15% reduction in query time compared to state-of-the-art schemes. By ensuring forward security, the majority of the computational burden shifts to the cloud server, thereby reducing the client query overhead. The experimental results confirm that our scheme significantly outperforms existing schemes in terms of query time and accuracy.

8. Conclusions

This study focused on secure data retrieval in UAVNs when data are outsourced to third-party cloud computing platforms. Through experimental analysis, we identified the optimal space-filling curves for range queries and k-nearest-neighbor queries, which are commonly used in location-based data. Using these optimal curves, we partitioned the original points (i.e., spatial data) into subsets and then applied the greedy merging algorithm and dummy-point insertion algorithm to achieve uniformly sized greedy subsets. Drawing on the concepts of inverted and forward indices, we constructed OSFC-FSQ to resolve forward-secure range queries. Finally, leveraging proxy re-encryption algorithms, we implemented forward-secure queries on spatial data. The experimental results demonstrate that our scheme significantly outperforms existing schemes in terms of query time and accuracy. In particular, the accuracy of our scheme is improved by 20% to 30% and the query time is reduced by 8% to 15% when compared to the state-of-the-art schemes.

The OSFC-FSQ scheme proposed in this paper currently supports only a single type of query based on a single secure index. However, in practical applications, it is highly desirable to use a single indexing framework to support multiple types of queries to reduce deployment costs. This capability is expected to be a key focus and an emerging trend in future research within this field.