Blockchain-Based Revocable Key-Aggregate Searchable Encryption for Group Data Sharing in Cloud-Assisted Industrial IoT

In the cloud-assisted Industrial Internet of Things (IIoT), flexible and secure data sharing promotes industry processes optimization and new products making. To enable selective data retrieval over categorized data collected by IoT devices in the encryption domain, key-aggregate searchable encryption (KASE) is adopted for group data sharing in IIoT due to efficient management of encryption keys. Nonetheless, existing solutions rarely consider user revocation property and suffered from the following limitations: 1) the user revocation needs interaction process between data owner and cloud and 2) the nonrevoked users may be accidentally revoked. Therefore, we propose a blockchain-based revocable KASE system (BC-RKASE) that achieves noninteractive user revocation and trusted revoked user management. Technically, the result is nontrivially obtained from revisiting the generation of aggregate keys and key updates via secret sharing, along with redesigning trapdoor adjustment and providing public verifiable proof for key updates by public blockchain. Besides formal security analysis, we conduct extensive experiments in a real cloud environment and thin IoT devices (Raspberry Pi) using a public IIoT dataset to confirm the practical performance of BC-RKASE. In particular, BC-RKASE outperforms state-of-the-art schemes with $13.4{\times {\sim }}15\times $ time efficiency accelerating for data retrieval and runs more than $16\times $ faster for user revocation.