Protecting your right: Attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud

Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor...

Full description

Saved in:
Bibliographic Details
Published inIEEE INFOCOM 2014 - IEEE Conference on Computer Communications pp. 226 - 234
Main Authors Wenhai Sun, Shucheng Yu, Wenjing Lou, Hou, Y. Thomas, Hui Li
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.04.2014
Subjects
Authorization
Data privacy
Encryption
Indexes
Keyword search
Servers
Online AccessGet full text
ISSN0743-166X
DOI10.1109/INFOCOM.2014.6847943

Cover

More Information
Summary:Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a different yet more challenging scenario where the outsourced dataset can be contributed from multiple owners and are searchable by multiple users, i.e. multi-user multi-contributor case. Inspired by attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e. file-level) search authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud server independently. Users can generate their own search capabilities without relying on an always online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-encryption techniques, we are able to delegate heavy system update workload during user revocation to the resourceful semi-trusted cloud server. We formalize the security definition and prove the proposed ABKS-UR scheme selectively secure against chosen-keyword attack. Finally, performance evaluation shows the efficiency of our scheme.
ISSN:0743-166X
DOI:10.1109/INFOCOM.2014.6847943