PCSE: Privacy-Preserving Collaborative Searchable Encryption for Group Data Sharing in Cloud Computing

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Mobile Computing Pub Date : 2025-01-07 DOI:10.1109/TMC.2025.3526232

Yongliang Xu;Hang Cheng;Ximeng Liu;Changsong Jiang;Xinpeng Zhang;Meiqing Wang

{"title":"PCSE: Privacy-Preserving Collaborative Searchable Encryption for Group Data Sharing in Cloud Computing","authors":"Yongliang Xu;Hang Cheng;Ximeng Liu;Changsong Jiang;Xinpeng Zhang;Meiqing Wang","doi":"10.1109/TMC.2025.3526232","DOIUrl":null,"url":null,"abstract":"Collaborative searchable encryption for group data sharing enables a consortium of authorized users to collectively generate trapdoors and decrypt search results. However, existing countermeasures may be vulnerable to a keyword guessing attack (KGA) initiated by malicious insiders, compromising the confidentiality of keywords. Simultaneously, these solutions often fail to guard against hostile manufacturers embedding backdoors, leading to potential information leakage. To address these challenges, we propose a novel privacy-preserving collaborative searchable encryption (PCSE) scheme tailored for group data sharing. This scheme introduces a dedicated keyword server to export server-derived keywords, thereby withstanding KGA attempts. Based on this, PCSE deploys cryptographic reverse firewalls to thwart subversion attacks. To overcome the single point of failure inherent in a single keyword server, the export of server-derived keywords is collaboratively performed by multiple keyword servers. Furthermore, PCSE extends its capabilities to support efficient multi-keyword searches and result verification and incorporates a rate-limiting mechanism to effectively slow down adversaries’ online KGA attempts. Security analysis demonstrates that our scheme can resist KGA and subversion attack. Theoretical analyses and experimental results show that PCSE is significantly more practical for group data sharing systems compared with state-of-the-art works.","PeriodicalId":50389,"journal":{"name":"IEEE Transactions on Mobile Computing","volume":"24 5","pages":"4558-4572"},"PeriodicalIF":7.7000,"publicationDate":"2025-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10829788/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Collaborative searchable encryption for group data sharing enables a consortium of authorized users to collectively generate trapdoors and decrypt search results. However, existing countermeasures may be vulnerable to a keyword guessing attack (KGA) initiated by malicious insiders, compromising the confidentiality of keywords. Simultaneously, these solutions often fail to guard against hostile manufacturers embedding backdoors, leading to potential information leakage. To address these challenges, we propose a novel privacy-preserving collaborative searchable encryption (PCSE) scheme tailored for group data sharing. This scheme introduces a dedicated keyword server to export server-derived keywords, thereby withstanding KGA attempts. Based on this, PCSE deploys cryptographic reverse firewalls to thwart subversion attacks. To overcome the single point of failure inherent in a single keyword server, the export of server-derived keywords is collaboratively performed by multiple keyword servers. Furthermore, PCSE extends its capabilities to support efficient multi-keyword searches and result verification and incorporates a rate-limiting mechanism to effectively slow down adversaries’ online KGA attempts. Security analysis demonstrates that our scheme can resist KGA and subversion attack. Theoretical analyses and experimental results show that PCSE is significantly more practical for group data sharing systems compared with state-of-the-art works.

查看原文本刊更多论文

云计算中群体数据共享的隐私保护协同可搜索加密

用于组数据共享的协作可搜索加密使授权用户联盟能够共同生成陷阱门并解密搜索结果。然而，现有的对策可能容易受到恶意内部人员发起的关键字猜测攻击（KGA），从而损害关键字的机密性。同时，这些解决方案往往无法防范恶意厂商嵌入后门，从而导致潜在的信息泄露。为了解决这些挑战，我们提出了一种针对群体数据共享的新颖的保护隐私的协作可搜索加密（PCSE）方案。该方案引入了专用的关键字服务器来导出服务器派生的关键字，从而承受KGA尝试。在此基础上，PCSE部署了加密反向防火墙来阻止颠覆攻击。为了克服单个关键字服务器固有的单点故障，服务器派生关键字的导出由多个关键字服务器协同执行。此外，PCSE扩展了其功能，以支持有效的多关键字搜索和结果验证，并结合了速率限制机制，以有效地减缓对手的在线KGA尝试。安全性分析表明，该方案能够抵抗KGA攻击和颠覆攻击。理论分析和实验结果表明，PCSE在群数据共享系统中具有较好的实用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Mobile Computing 工程技术-电信学

CiteScore

12.90

自引率

2.50%

发文量

403

审稿时长

6.6 months

期刊介绍： IEEE Transactions on Mobile Computing addresses key technical issues related to various aspects of mobile computing. This includes (a) architectures, (b) support services, (c) algorithm/protocol design and analysis, (d) mobile environments, (e) mobile communication systems, (f) applications, and (g) emerging technologies. Topics of interest span a wide range, covering aspects like mobile networks and hosts, mobility management, multimedia, operating system support, power management, online and mobile environments, security, scalability, reliability, and emerging technologies such as wearable computers, body area networks, and wireless sensor networks. The journal serves as a comprehensive platform for advancements in mobile computing research.