Algorithm Substitution-Resistant SM9-Based Searchable Encryption With Cryptographic Reverse Firewall for Cloud Storage

Abstract

To protect data privacy in cloud storage, sensitive data is commonly encrypted before being uploaded to a cloud storage server (CSS). This process challenges secure and efficient ciphertext retrieval. Identity-based encryption with keyword search (IBEKS) enables secure ciphertext retrieval but remains vulnerable to internal adversary attacks, particularly algorithm substitution attacks (ASA) in SM9-based searchable encryption schemes. Additionally, existing protocols lack proactive defense mechanisms, making them vulnerable to insider threats that compromise system integrity. To address these challenges, this article proposes SM9-based Searchable Encryption with Cryptographic Reverse Firewall (SM9SE-CRF), a novel scheme designed to resist internal attacks while ensuring efficient ciphertext retrieval. Initially, a re-randomizable IBEKS framework is developed as the foundation for constructing the SM9 searchable encryption scheme, enhancing both security and performance. Furthermore, Cryptographic reverse firewalls are deployed at both the Key Generation Center (KGC) and user ends, which dynamically re-randomize cryptographic parameters to mitigate risks posed by internal adversaries. The SM9SE-CRF scheme is implemented using the JPBC library and evaluated through comprehensive security and performance analyses. Results demonstrate that SM9SE-CRF effectively mitigates offline keyword guessing attacks and ASA threats from malicious insiders. Performance evaluations reveal that at a 128-bit security level, SM9SE-CRF achieves a 93% reduction in runtime compared to existing schemes, with the cryptographic reverse firewall adding merely 1.16% overhead. This minimal computational cost highlights the practical applicability of SM9SE-CRF in privacy-preserving cloud storage systems, particularly in enterprise data sharing, secure outsourced storage, and cloud-based information retrieval applications.