Search Results (6)

Searchable Encryption (SE) schemes enable data users to securely search over outsourced encrypted data stored in the cloud. To support fine-grained access control, Attribute-Based Encryption with Keyword Search (ABKS) extends SE by associating access policies with user attributes. However, existing ABKS schemes often suffer from limited security and functionality, such as lack of verifiability, vulnerability to collusion, and insider keyword-guessing attacks (IKGA), or inefficiency in multi-authority and post-quantum settings, restricting their practical deployment in real-world distributed systems. In this paper, we propose a verifiable ciphertext-policy multi-authority ABKS (MA-CP-ABKS) scheme based on the Module Learning with Errors (MLWE) problem, which provides post-quantum security, verifiability, and resistance to both collusion and IKGA. Moreover, the proposed scheme supports multi-keyword searchability and forward security, enabling secure and efficient keyword search in dynamic environments. We formally prove the correctness, verifiability, completeness, and security of the scheme under the MLWE assumption against selective chosen-keyword attacks (SCKA) in the standard model and IKGA in the random oracle model. The scheme also maintains efficient computation and manageable communication overhead. Implementation results confirm its practical performance, demonstrating that the proposed MA-CP-ABKS scheme offers a secure, verifiable, and efficient solution for multi-organizational cloud environments. Full article

Among searchable encryption techniques, multi-user dynamic searchable encryption (MUDSE) schemes are an important research direction. After the data owner transfers data to the cloud, it may be necessary to authorize different users to access some or all of the data while allowing for dynamic updates. Enabling dynamic data sharing in cloud storage while preserving users’ ability to search the data is crucial for promoting data flow and maximizing its value. This approach is particularly significant in addressing the data silo problem. However, existing security mechanisms remain imperfect, and most current scenarios assume that cloud servers are merely “curious but honest”. In reality, cloud servers may exhibit malicious behavior, such as returning incorrect or incomplete search results. Similarly, malicious users might falsify search results—for example, to avoid payment—or collude with cloud servers to steal other users’ search privacy. To address these challenges, this paper proposes an updatable multi-user dynamic searchable encryption scheme with bidirectional verification. The scheme enables secure dynamic data sharing in multi-user scenarios by constructing an index structure using homomorphic message authentication codes and bitmaps. This ensures secure updates to encrypted data without revealing the relationship between files and keyword search keys while providing forward and backward security. Regarding privilege management, the scheme employs updatable keys, ensuring that users can only generate valid search commands if they possess the latest encryption key. Additionally, blockchain technology is introduced to assist in verifying user honesty. Through actual testing and security analysis, the proposed solution demonstrates improved search speed over traditional methods while maintaining security. It also exhibits high adaptability for handling frequently changing cloud data. Full article

Data outsourcing has become more and more popular due to its low cost and flexibility. However, there is a problem that the cloud server used to store data is partially trusted. Searchable encryption is an efficient technology that is devoted to helping people conduct accurate searches without leaking information. Nonetheless, most existing schemes cannot support dynamic updates or meet the privacy requirements of all users. There have been some experiments to solve these issues by implementing a dynamically searchable asymmetric encryption scheme. This paper proposes an efficient searchable encryption scheme based on the Authenticator Bloom Filter (ABF). The solution can support dynamic updates and multiple users and meet forward and backward security. This paper uses an ABF to improve the efficiency of searches and updates while playing a significant role in dynamic updates. This paper designs a new token encryption scheme and file set encryption scheme, which not only helps users reduce time in searches and updates but also supports multi-user modes. Experiments show that the proposed scheme takes less time in searching and updating algorithms, especially when the keyword does not exist. The solution also takes into account the problem of history storage when updating, which reduces the unnecessary consumption of memory and avoids multiple storage states for the same file. Full article

Untrusted servers are servers or storage entities lacking complete trust from the data owner or users. This characterization implies that the server hosting encrypted data may not enjoy full trust from data owners or users, stemming from apprehensions related to potential security breaches, unauthorized access, or other security risks. The security of searchable encryption has been put into question by several recent attacks. Currently, users can search for encrypted documents on untrusted cloud servers using searchable symmetric encryption (SSE). This study delves deeply into two pivotal concepts of privacy within dynamic searchable symmetric encryption (DSSE) schemes: forward privacy and backward privacy. The former serves as a safeguard against the linkage of recently added documents to previously conducted search queries, whereas the latter guarantees the irretrievability of deleted documents in subsequent search inquiries. However, the provision of fine-grained access control is complex in existing multi-user SSE schemes. SSE schemes may also incur high computation costs due to the need for fine-grained access control, and it is essential to support document updates and forward privacy. In response to these issues, this paper suggests a searchable encryption scheme that uses simple primitive tools. We present a multi-user SSE scheme that efficiently controls access to dynamically encrypted documents to resolve these issues, using an innovative approach that readily enhances previous findings. Rather than employing asymmetric encryption as in comparable systems, we harness low-complexity primitive encryption tools and inverted index-based DSSE to handle retrieving encrypted files, resulting in a notably faster system. Furthermore, we ensure heightened security by refreshing the encryption key after each search, meaning that users are unable to conduct subsequent searches with the same key and must obtain a fresh key from the data owner. An experimental evaluation shows that our scheme achieves forward and Type II backward privacy and has much faster search performance than other schemes. Our scheme can be considered secure, as proven in a random oracle model. Full article

Focusing on the fine-grained access control challenge of multi-user searchable encryption, we propose a hierarchical searchable encryption scheme using blockchain-based indexing (HSE-BI). First, we propose a hierarchical search index structure based on a DAG-type access policy and a stepwise hierarchical key derivation mechanism; which we outsourced to the blockchain network to achieve reliable hierarchical search. We design a dynamic append-only update protocol for the blockchain-based index to deal with adding and deleting files. Secondly, we propose a hierarchical authorization mechanism based on broadcast encryption to achieve fine-grained search permission granting and revoking, which can prevent a malicious server from colluding with corrupted users. The security and complexity analysis shows that HSE-BI achieves optimal search time while satisfying adaptive secure and revocation secure. Our experimental results are encouraging, e.g., compared with the traditional multi-user searchable encryption schemes, HSE-BI’s hierarchical search policy does not impact the search performance visually. The growth rate of the search latency decreases with the increasing number of hierarchical users, which can act as an efficient crypto tool to open up venues for other applications. We demonstrate that HSE-BI is more suitable for actual applications with fine-grained access requirements and can act as an efficient crypto tool to open up venues for other applications. Full article

With the advent of cloud computing, more and more users begin to outsource encrypted files to cloud servers to provide convenient access and obtain security guarantees. Searchable encryption (SE) allows a user to search the encrypted files without leaking information related to the contents of the files. Searchable symmetric encryption (SSE) is an important branch of SE. Most of the existing SSE schemes considered single-user settings, which cannot meet the requirements for data sharing. In this work, we propose a multi-user searchable symmetric encryption scheme with dynamic updates. This scheme is applicable to the usage scenario where one data owner encrypts sensitive files and shares them among multiple users, and it allows secure and efficient searches/updates. We use key distribution and re-encryption to achieve multi-user access while avoiding a series of issues caused by key sharing. Our scheme is constructed based on the index structure where a bit matrix is combined with two static hash tables, pseudorandom functions and hash functions. Our scheme is proven secure in the random oracle model. Full article