Search Results (19)

Searchable Encryption (SE) schemes enable data users to securely search over outsourced encrypted data stored in the cloud. To support fine-grained access control, Attribute-Based Encryption with Keyword Search (ABKS) extends SE by associating access policies with user attributes. However, existing ABKS schemes often suffer from limited security and functionality, such as lack of verifiability, vulnerability to collusion, and insider keyword-guessing attacks (IKGA), or inefficiency in multi-authority and post-quantum settings, restricting their practical deployment in real-world distributed systems. In this paper, we propose a verifiable ciphertext-policy multi-authority ABKS (MA-CP-ABKS) scheme based on the Module Learning with Errors (MLWE) problem, which provides post-quantum security, verifiability, and resistance to both collusion and IKGA. Moreover, the proposed scheme supports multi-keyword searchability and forward security, enabling secure and efficient keyword search in dynamic environments. We formally prove the correctness, verifiability, completeness, and security of the scheme under the MLWE assumption against selective chosen-keyword attacks (SCKA) in the standard model and IKGA in the random oracle model. The scheme also maintains efficient computation and manageable communication overhead. Implementation results confirm its practical performance, demonstrating that the proposed MA-CP-ABKS scheme offers a secure, verifiable, and efficient solution for multi-organizational cloud environments. Full article

Safeguarding data confidentiality and enforcing precise access regulation in cloud platforms continue to be major research concerns. Attribute-based encryption (ABE) offers a versatile framework for policy-driven control, whereas public key encryption with keyword search (PEKS) supports efficient querying of encrypted datasets. However, ABE lacks keyword search support, and PEKS offers limited control over access policies. To overcome these limitations, attribute-based keyword search (ABKS) schemes have been proposed, with recent advances such as ciphertext-policy decryptable ABKS (CP-DABKS) enabling secure channel-free keyword search. Nevertheless, the existing CP-DABKS schemes still face important challenges: the master public key grows linearly with the attribute universe, secure channels are often required to deliver trapdoors, and many designs remain vulnerable to keyword guessing attacks. This work introduces an efficient CP-DABKS scheme built upon a Type-3 pairing framework to directly overcome these limitations. The proposed design employs a commit-to-point mechanism that prevents linear key growth, eliminates the need for secure trapdoor transmission, and resists keyword guessing attacks. We implement and evaluate the proposed scheme using real-world data from the Enron Email dataset and demonstrate its practicality for secure and searchable cloud-based storage. We also discuss implementation considerations and outline directions for future enhancement of privacy-preserving searchable encryption systems. Full article

With the advancement of technologies such as 5G, digital twins, and edge computing, the Internet of Things (IoT) as a critical component of intelligent systems is profoundly driving the transformation of various industries toward digitalization and intelligence. However, the exponential growth of network connection nodes has expanded the attack exposure surface of IoT devices. The IoT devices with limited storage and computing resources struggle to cope with new types of attacks, and IoT devices lack mature authorization and authentication mechanisms. It is difficult for traditional data-sharing solutions to meet the security requirements of cloud-based shared data. Therefore, this paper proposes a blockchain-based multi-authority IoT data-sharing scheme with attribute-based searchable encryption for intelligent system (BM-ABSE), aiming to address the security, efficiency, and verifiability issues of data sharing in an IoT environment. Our scheme decentralizes management responsibilities through a multi-authority mechanism to avoid the risk of single-point failure. By utilizing the immutability and smart contract function of blockchain, this scheme can ensure data integrity and the reliability of search results. Meanwhile, some decryption computing tasks are outsourced to the cloud to reduce the computing burden on IoT devices. Our scheme meets the static security and IND-CKA security requirements of the standard model, as demonstrated by theoretical analysis, which effectively defends against the stealing or tampering of ciphertexts and keywords by attackers. Experimental simulation results indicate that the scheme has excellent computational efficiency on resource-constrained IoT devices, with core algorithm execution time maintained in milliseconds, and as the number of attributes increases, it has a controllable performance overhead. Full article

With the widespread deployment of video surveillance systems, effective access control is essential to enhance the accuracy and security of video anomaly detection. This paper proposes a Searchable and Revocable Attribute-Based Encryption scheme (ABE-RS) that is specifically designed for dynamic video anomaly detection scenarios. By integrating a user management tree structure, attribute-based key distribution, and keyword grouping techniques, the proposed scheme enables efficient user-level revocation along with dynamic updates to ciphertexts and keyword indexes. Furthermore, an inverted index structure is introduced to accelerate keyword search, facilitating the rapid detection and retrieval of anomalous video events. Formal security analysis demonstrates that the scheme is secure against chosen plaintext attacks (CPAs) and chosen keyword attacks (CKAs). The experimental results demonstrate that the scheme maintains millisecond-level revocation efficiency in methodology involving 512 users and either 50 attributes or a thousand keywords. Full article

Cloud-to-Vehicle (C2V) integration serves as a fundamental infrastructure to provide robust computing and storage support for Vehicular Social Networks (VSNs). However, the proliferation of sensitive personal data within VSNs poses significant challenges in achieving secure and efficient data sharing while maintaining data usability and precise retrieval capabilities. Although existing searchable attribute-based encryption schemes offer the secure retrieval of encrypted data and fine-grained access control mechanisms, these schemes still exhibit limitations in terms of bilateral access control, dynamic index updates, and search result verification. This study presents a Dual-Policy Attribute-based Searchable Encryption (DP-ABSE) scheme with dynamic keyword update functionality for VSNs. The scheme implements a fine-grained decoupling mechanism that decomposes data attributes into two distinct components: immutable attribute names and mutable attribute values. This decomposition transfers the attribute verification process from data owners to the encrypted files themselves, enabling data attribute-level granularity in access control. Through the integration of an identity-based authentication mechanism derived from the data owner’s unique identifier and bilinear pairing verification, it achieves secure updates of the specified keywords index while preserving both the anonymity of the non-updated data and the confidentiality of the message content. The encryption process employs an offline/online two-phase design, allowing data owners to pre-compute ciphertext pools for efficient real-time encryption. Subsequently, the decryption process introduces an outsourcing local-phase mechanism, leveraging key encapsulation technology for secure attribute computation outsourcing, thereby reducing the terminal computational load. To enhance security at the terminal decryption stage, the scheme incorporates a security verification module based on retrieval keyword and ciphertext correlation validation, preventing replacement attacks and ensuring data integrity. Security analysis under standard assumptions confirms the theoretical soundness of the proposed solution, and extensive performance evaluations showcase its effectiveness. Full article

Searchable encryption (SE) allows users to efficiently retrieve data from encrypted cloud data, but most of the existing SE solutions only support precise keyword search. Fuzzy searchable encryption agrees with practical situations well in the cloud environment, as search keywords that are misspelled to some extent can still generate search trapdoors that are as effective as correct keywords. In scenarios where multiple users can search for ciphertext, most fuzzy searchable encryption schemes ignore the security issues associated with malicious cloud services and are inflexible in multi-user scenarios. For example, in medical application scenarios where malicious cloud servers may exist, diverse types of files need to correspond to doctors in the corresponding departments, and there is a lack of fine-grained access control for sharing decryption keys for different types of files. In the application of medical cloud storage, malicious cloud servers may return incorrect ciphertext files. Since diverse types of files need to be guaranteed to be accessible by doctors in the corresponding departments, sharing decryption keys with the corresponding doctors for different types of files is an issue. To solve these problems, a verifiable fuzzy searchable encryption with blockchain-assisted multi-user scenarios is proposed. Locality-sensitive hashing and bloom filters are used to realize multi-keyword fuzzy search, and the bigram segmentation algorithm is optimized for keyword conversion to improve search accuracy. To realize fine-grained access control in multi-user scenarios, ciphertext-policy attribute-based encryption (CP-ABE) is used to distribute the shared keys. In response to the possibility of malicious servers tampering with or falsifying users’ search results, the scheme leverages the blockchain’s technical features of decentralization, non-tamperability, and traceability, and uses smart contracts as a trusted third party to carry out the search work, which not only prevents keyword-guessing attacks within the cloud server, but also solves the verification work of search results. The security analysis leads to the conclusion that the scheme is secure under the adaptively chosen-keyword attack. Full article

In edge–cloud collaboration scenarios, data sharing is a critical technological tool, yet smart devices encounter significant challenges in ensuring data-sharing security. Attribute-based keyword search (ABKS) is employed in these contexts to facilitate fine-grained access control over shared data, allowing only users with the necessary privileges to retrieve keywords. The implementation of secure data sharing is threatened since most of the current ABKS protocols cannot resist keyword guessing attacks (KGAs), which can be launched by an untrusted cloud server and result in the exposure of sensitive personal information. Using attribute-based encryption (ABE) as the foundation, we build a secure data exchange paradigm that resists KGAs in this work. In our paper, we provide a secure data-sharing framework that resists KGAs and uses ABE as the foundation to achieve fine-grained access control to resources in the ciphertext. To avoid malicious guessing of keywords by the cloud server, the edge layer computes two encryption session keys based on group key agreement (GKA) technology, which are used to re-encrypt the data user’s secret key of the keyword index and keyword trapdoor. The model is implemented using the JPBC library. According to the security analysis, the model can resist KGAs in the random oracle model. The model’s performance examination demonstrates its feasibility and lightweight nature, its large computing advantages, and lower storage consumption. Full article

The smart grid, as a crucial part of modern energy systems, handles extensive and diverse data, including inputs from various sensors, metering devices, and user interactions. Outsourcing data storage to remote cloud servers presents an economical solution for enhancing data management within the smart grid ecosystem. However, ensuring data privacy before transmitting it to the cloud is a critical consideration. Therefore, it is common practice to encrypt the data before uploading them to the cloud. While encryption provides data confidentiality, it may also introduce potential issues such as limiting data owners’ ability to query their data. The searchable attribute-based encryption (SABE) not only enables fine-grained access control in a dynamic large-scale environment but also allows for data searches on the ciphertext domain, making it an effective tool for cloud data sharing. Although SABE has become a research hotspot, existing schemes often have limitations in terms of computing efficiency on the client side, weak security of the ciphertext and the trapdoor. To address these issues, we propose an efficient server-aided ciphertext-policy searchable attribute-based encryption scheme (SA-CP-SABE). In SA-CP-SABE, the user’s data access authority is consistent with the search authority. During the search process, calculations are performed not only to determine whether the ciphertext matches the keyword in the trapdoor, but also to assist subsequent user ciphertext decryption by reducing computational complexity. Our scheme has been proven under the random oracle model to achieve the indistinguishability of the ciphertext and the trapdoor and to resist keyword-guessing attacks. Finally, the performance analysis and simulation of the proposed scheme are provided, and the results show that it performs with high efficiency. Full article

The global production of information continuously increases in quantity and variety. However, the tools and technologies developed to handle such large volumes of data have not adequately met the security and privacy requirements. Existing cloud security systems, often managed by a trusted third party, are susceptible to various security risks. To address these challenges and ensure the protection of personal information, blockchain technology emerges as a crucial solution with substantial potential. This research uses the blockchain-powered attribute-aware encryption method to establish a real-time secure communication approach over the cloud. By employing attribute-based encryption technology, data owners can implement fine-grained search permissions for data users. The proposed solution incorporates accessible encryption technology to enable secure access to encrypted data and facilitate keyword searches on the blockchain. This study provides a functional comparison of recently developed attribute-based encryption algorithms. The access control strategy comprises two access tree types and a linear secret-sharing system, serving as the main components. The elliptic curve’s base field was set to 512b, and the bilinear pairing parameter type used was Type-A. This approach involves storing keywords on a remote server and encrypting them using attribute-based encryption. Furthermore, the encrypted data blockchain and the corresponding ciphertext are stored in the blockchain. Numerical experiments were conducted to evaluate the system’s key generation, trapdoor building, and keyword retrieval capabilities. Full article

The widespread adoption of cloud infrastructures has revolutionized data storage and access. However, it has also raised concerns regarding the privacy of sensitive data. To address these concerns, encryption techniques have been widely used. However, traditional encryption schemes limit the efficient search and retrieval of encrypted data. To tackle this challenge, innovative approaches have emerged, such as the utilization of Homomorphic Encryption (HE) in Searchable Encryption (SE) schemes. This paper provides a comprehensive analysis of the advancements in HE-based privacy-preserving techniques, focusing on their application in SE. The main contributions of this work include the identification and classification of existing SE schemes that utilize HE, a comprehensive analysis of the types of HE used in SE, an examination of how HE shapes the search process structure and enables additional functionalities, and the identification of promising directions for future research in HE-based SE. The findings reveal the increasing usage of HE in SE schemes, particularly Partially Homomorphic Encryption. The popularity of this type of HE schemes, especially Paillier’s cryptosystem, can be attributed to its simplicity, proven security properties, and widespread availability in open-source libraries. The analysis also highlights the prevalence of index-based SE schemes using HE, the support for ranked search and multi-keyword queries, and the need for further exploration in functionalities such as verifiability and the ability to authorize and revoke users. Future research directions include exploring the usage of other encryption schemes alongside HE, addressing omissions in functionalities like fuzzy keyword search, and leveraging recent advancements in Fully Homomorphic Encryption schemes. Full article

Currently, cloud computing has become increasingly popular and thus, many people and institutions choose to put their data into the cloud instead of local environments. Given the massive amount of data and the fidelity of cloud servers, adequate security protection and efficient retrieval mechanisms for stored data have become critical problems. Attribute-based encryption brings the ability of fine-grained access control and can achieve a direct encrypted data search while being combined with searchable encryption algorithms. However, most existing schemes only support single-keyword or provide no ranking searching results, which could be inflexible and inefficient in satisfying the real world’s actual needs. We propose a flexible multi-keyword ranked searchable attribute-based scheme using search trees to overcome the above-mentioned problems, allowing users to combine their fuzzy searching keywords with AND–OR logic gates. Moreover, our enhanced scheme not only improves its privacy protection but also goes a step further to apply a semantic search to boost the flexibility and the searching experience of users. With the proposed index-table method and the tree-based searching algorithm, we proved the efficiency and security of our schemes through a series of analyses and experiments. Full article

In recent years, searchable encryption technology and attribute encryption technology have been widely used in cloud storage environments, and attribute-based searchable encryption schemes can both achieve the retrieval of encrypted data and effectively solve the access control problem. Considering that existing attribute-based searchable encryption schemes for cloud storage only support keyword search and do not support attribute revocation, most of the schemes that support attribute revocation only consider the computational overhead of users and ignore the large amount of computational resources consumed by attribute authorization centers when updating keys. In addition, keyword search may lead to partial errors in the returned search results, leading to the wastage of computational and broadband resources. To solve these issues, this paper proposes an attribute-based searchable encryption scheme that supports attribute revocation and is verifiable. To realize fine-grained ciphertext search of encrypted data, support scenarios of dynamic changes of user attributes, and ensure that third-party servers perform the search process reliably and honestly while minimizing computation and storage costs, first, this paper implements attribute revocation with the attribute authorization center by creating a user revocation list and an attribute key revocation list. At the same time, the system updates the attribute key at the time of user search request, which effectively reduces the computational overhead. Second, a third-party auditor is introduced to ensure the correctness of the search results. Finally, the security of this paper is verified by theoretical analysis, and the efficiency and practicality of this paper are verified by comparing it to other schemes through simulation experiments. Full article

Population aging is currently a tough problem of many countries. How to utilize modern technologies (including both information and medical technologies) to improve the service quality of health information is an important issue. Personal Health Record (PHR) could be regarded as a kind of health information records of individuals. A ciphertext policy attribute-based encryption (CP-ABE) is a cryptographic primitive for fine-grained access control of outsourced data in clouds. In order to enable patients to effectively store his medical records and PHR data in medical clouds, we propose an improved multi-user CP-ABE scheme with the functionality of keyword search which enables data users to seek for specific ciphertext in the cloud server by using a specific keyword. Additionally, we adopt an independent proxy server in the proposed system architecture to isolate the communication between clients and the cloud server, so as to prevent cloud servers from suffering direct attacks and also reduce the computational loading of cloud servers. Compared with the previous approach, the proposed encryption algorithm takes less running time and the ciphertext length is also relatively short. Moreover, the procedures of re-encryption and pre-decryption only require one exponentiation computation, respectively. Full article

In the area of searchable encryption, public key encryption with keyword search (PEKS) has been a critically important and promising technique which provides secure search over encrypted data in cloud computing. PEKS can protect user data privacy without affecting the usage of the data stored in the untrusted cloud server environment. However, most of the existing PEKS schemes concentrate on data users’ rich search functionalities, regardless of their search permission. Attribute-based encryption technology is a good method to solve the security issues, which provides fine-grained access control to the encrypted data. In this paper, we propose a privacy-preserving and efficient public key encryption with keyword search scheme by using the ciphertext-policy attribute-based encryption (CP-ABE) technique to support both fine-grained access control and keyword search over encrypted data simultaneously. We formalize the security definition, and prove that our scheme achieves selective indistinguishability security against an adaptive chosen keyword attack. Finally, we present the performance analysis in terms of theoretical analysis and experimental analysis, and demonstrate the efficiency of our scheme. Full article

With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS. Full article