通过外包加密数据授权的多客户端可验证加密关键字搜索方案

IF 6.7 2区计算机科学 Q1 ENGINEERING, MULTIDISCIPLINARY

IEEE Transactions on Network Science and Engineering Pub Date : 2024-08-21 DOI:10.1109/TNSE.2024.3445343

Xu Yang;Qiuhao Wang;Saiyu Qi;Ke Li;Jianfeng Wang;Wenjia Zhao;Yong Qi

{"title":"通过外包加密数据授权的多客户端可验证加密关键字搜索方案","authors":"Xu Yang;Qiuhao Wang;Saiyu Qi;Ke Li;Jianfeng Wang;Wenjia Zhao;Yong Qi","doi":"10.1109/TNSE.2024.3445343","DOIUrl":null,"url":null,"abstract":"Data outsourcing is a key service of cloud computing. While data encryption ensures confidentiality, it limits the ability to search encrypted data. Recently, ciphertext-policy attribute-based keyword search (CP-ABKS) schemes, which combine symmetric searchable encryption (SSE) and ciphertext-policy attribute-based encryption (CP-ABE), have gained attention. However, most CP-ABKS schemes depend on an independent key management server (KMS) for key distribution, risking key leakage if the KMS is compromised. Additionally, these schemes lack secure update operations and efficient search result verification. To address these issues, we propose VKSA, a verifiable encrypted keyword search scheme with authorization for cloud-based multi-client environments. VKSA features a novel policy-hidden index for proxy-free authorized searches, a state-based secure update strategy for forward and backward security, and a delegated search result verification mechanism to ensure efficient and privacy-preserving verification. We further optimize VKSA for improved computational and enclave-storage efficiency. Security analysis and experiments confirm the security and efficiency of our schemes.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"11 6","pages":"6356-6371"},"PeriodicalIF":6.7000,"publicationDate":"2024-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Multi-Client Verifiable Encrypted Keyword Search Scheme With Authorization Over Outsourced Encrypted Data\",\"authors\":\"Xu Yang;Qiuhao Wang;Saiyu Qi;Ke Li;Jianfeng Wang;Wenjia Zhao;Yong Qi\",\"doi\":\"10.1109/TNSE.2024.3445343\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Data outsourcing is a key service of cloud computing. While data encryption ensures confidentiality, it limits the ability to search encrypted data. Recently, ciphertext-policy attribute-based keyword search (CP-ABKS) schemes, which combine symmetric searchable encryption (SSE) and ciphertext-policy attribute-based encryption (CP-ABE), have gained attention. However, most CP-ABKS schemes depend on an independent key management server (KMS) for key distribution, risking key leakage if the KMS is compromised. Additionally, these schemes lack secure update operations and efficient search result verification. To address these issues, we propose VKSA, a verifiable encrypted keyword search scheme with authorization for cloud-based multi-client environments. VKSA features a novel policy-hidden index for proxy-free authorized searches, a state-based secure update strategy for forward and backward security, and a delegated search result verification mechanism to ensure efficient and privacy-preserving verification. We further optimize VKSA for improved computational and enclave-storage efficiency. Security analysis and experiments confirm the security and efficiency of our schemes.\",\"PeriodicalId\":54229,\"journal\":{\"name\":\"IEEE Transactions on Network Science and Engineering\",\"volume\":\"11 6\",\"pages\":\"6356-6371\"},\"PeriodicalIF\":6.7000,\"publicationDate\":\"2024-08-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Network Science and Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10643298/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network Science and Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10643298/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

摘要

数据外包是云计算的一项关键服务。数据加密在确保保密性的同时，也限制了搜索加密数据的能力。最近，结合了对称可搜索加密（SSE）和基于密文策略属性的加密（CP-ABE）的基于密文策略属性的关键字搜索（CP-ABKS）方案受到了关注。然而，大多数 CP-ABKS 方案都依赖于独立的密钥管理服务器（KMS）来分发密钥，一旦 KMS 遭到破坏，密钥就有泄漏的风险。此外，这些方案缺乏安全的更新操作和高效的搜索结果验证。为了解决这些问题，我们提出了 VKSA，这是一种可验证的加密关键词搜索方案，具有授权功能，适用于基于云的多客户端环境。VKSA 的特点包括：用于免代理授权搜索的新型策略隐藏索引、用于前向和后向安全性的基于状态的安全更新策略，以及用于确保高效和隐私保护验证的委托搜索结果验证机制。我们进一步优化了 VKSA，以提高计算和飞地存储效率。安全分析和实验证实了我们方案的安全性和效率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Multi-Client Verifiable Encrypted Keyword Search Scheme With Authorization Over Outsourced Encrypted Data

Data outsourcing is a key service of cloud computing. While data encryption ensures confidentiality, it limits the ability to search encrypted data. Recently, ciphertext-policy attribute-based keyword search (CP-ABKS) schemes, which combine symmetric searchable encryption (SSE) and ciphertext-policy attribute-based encryption (CP-ABE), have gained attention. However, most CP-ABKS schemes depend on an independent key management server (KMS) for key distribution, risking key leakage if the KMS is compromised. Additionally, these schemes lack secure update operations and efficient search result verification. To address these issues, we propose VKSA, a verifiable encrypted keyword search scheme with authorization for cloud-based multi-client environments. VKSA features a novel policy-hidden index for proxy-free authorized searches, a state-based secure update strategy for forward and backward security, and a delegated search result verification mechanism to ensure efficient and privacy-preserving verification. We further optimize VKSA for improved computational and enclave-storage efficiency. Security analysis and experiments confirm the security and efficiency of our schemes.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Network Science and Engineering Engineering-Control and Systems Engineering

CiteScore

12.60

自引率

9.10%

发文量

393

期刊介绍： The proposed journal, called the IEEE Transactions on Network Science and Engineering (TNSE), is committed to timely publishing of peer-reviewed technical articles that deal with the theory and applications of network science and the interconnections among the elements in a system that form a network. In particular, the IEEE Transactions on Network Science and Engineering publishes articles on understanding, prediction, and control of structures and behaviors of networks at the fundamental level. The types of networks covered include physical or engineered networks, information networks, biological networks, semantic networks, economic networks, social networks, and ecological networks. Aimed at discovering common principles that govern network structures, network functionalities and behaviors of networks, the journal seeks articles on understanding, prediction, and control of structures and behaviors of networks. Another trans-disciplinary focus of the IEEE Transactions on Network Science and Engineering is the interactions between and co-evolution of different genres of networks.