Searchable Attribute-Based Encryption Schemes: Comparison
View Latest Version
Please note this is a comparison between Version 2 by Peter Tang and Version 1 by WunTing Lin.

Given the massive amount of data and the fidelity of cloud servers, adequate security protection and efficient retrieval mechanisms for stored data have become critical problems. Attribute-based encryption brings the ability of fine-grained access control and can achieve a direct encrypted data search while being combined with searchable encryption algorithms.

  • attribute-based encryption
  • searchable encryption
  • index tabl

1. Introduction

Cloud and IoT [1] services have become increasingly popular because of the rise in streaming services [2] and the development of machine learning, especially in the era of COVID-19. Outsourcing data to the cloud saves space for local storage and brings convenience so that users can access and share their data without any space and time limitations. However, since cloud service providers, or cloud servers for short, are not fully trustable, directly uploading sensitive data to the cloud is dangerous and undermines user privacy. Encrypting data and then uploading them seems a safer approach. Nevertheless, in many situations, traditional public key encryption (PKE) [3] schemes can only achieve secrecy but lack proper access controllability. For example, in some cases, we want to authorize files to only a specified group of people. Under PKE, we must copy files many times and encrypt them, respectively. Moreover, the management of secret keys is increasingly cumbersome and difficult. This challenge is specifically severe for medical and financial data because users have the right to decide who can review their sensitive medical and financial records. With attribute-based encryption (ABE) [4[4][5][6][7][8][9],5,6,7,8,9], we can make fine-grained access control much more manageable by only allowing some people with specified attributes (i.e., conditions) to access and view the files.
In addition to the access control, how to fetch the required data rapidly among the massive data stored in the cloud is also a critical issue. Downloading and decrypting all the data and then performing a search can reach the target, but it is not feasible because a massive amount of computation and storage is required on the user end. Apart from the excessive time overhead, these operations may be unsafe. Searchable encryption (SE) algorithms [10,11,12,13,14,15][10][11][12][13][14][15] bring reasonable solutions to this problem. Go a step further; combining the ABE and SE schemes allows users to have fine-grained access controls and searching capabilities regarding encrypted data.
Many searchable attribute-based encryption schemes (ABS) [16,17,18,19,20,21,22,23,24][16][17][18][19][20][21][22][23][24] have provided fine-grained access control, dynamic updates, and attribute revocations. However, searching capabilities could be more potent in most schemes to fulfill actual needs. Usually, they can embed only a single keyword into ciphertexts, which could be inconvenient and make searching more cumbersome. Although some schemes allow for combining multiple keywords and provide ranked search results, users can only fetch files containing all the keywords. More complicated relationships between keywords such as disjunctive logic “OR” can usually not be expressed. In addition, some advanced designs in searchable encryption algorithms have rarely been implemented on such systems.

2. Attribute-Based Encryption

Attribute-based encryption (ABE) is a technique that allows data owners to declare their access policies such as: “(Doctor OR Researcher) AND (Chest OR Surgery)”. Only data users who meet the policy’s attribute requirements are qualified to access the files. For instance, users with the attributes “Doctor and Surgery” can read the text, but ones with “Doctor and Researcher” cannot. Most ABE schemes can be categorized into the following two classes: ciphertext-policy attribute-based encryption (CP-ABE) and key-policy attribute-based encryption (KP-ABE). Wang et al. [27][25] proposed a constant-size ciphertext KP-ABE scheme, while Water et al. [4] proposed the first practical CP-ABE scheme. The main difference between KP-ABE and CP-ABE is that CP-ABE puts the access policy into ciphertexts while KP-ABE puts it into the users’ secret keys. In CP-ABE schemes, data owners can easily decide who can access the files, so it is more suitable for cloud storage applications. Hence, wthe researchers adopted it to construct ourthe systems. Over time, more powerful ABE schemes have been developed. Li [7] proposed an attribute-revocable scheme, and Chi et al. [5] proposed a policy-hiding scheme to protect data owners’ privacy further. In addition, most ABE schemes involve bilinear pairing operations, which are very time-expensive, especially for resource-restricted devices such as mobiles and IoT devices. Han et al. [6] proposed a decentralized scheme to reduce the burden of data users by outsourcing the corresponding computational tasks.

3. Searchable Encryption

The main characteristic of searchable encryption (SE) is it allows users to search over many encrypted data without the decrypting of the documents in the dataset. High-level concepts of SE are that data owners extract keywords from plaintext files to build a “Secure Index” and then encrypt plaintexts with symmetric encryption schemes. Data owners transform searching keywords into corresponding trapdoors afterward. Finally, cloud servers match the Secure Indexes with the trapdoors to produce search results containing the target keywords the user longs for. For this purpose, there are many ways to build the pre-described Secure Index. Most of the existing SE schemes involve calculating the term frequency-index document frequency (TF-IDF) values of keywords. Cao et al. [28][26] and Tzouramanis et al. [12] both use the K-nearest neighbors (KNN) method to build the Secure Index. It is effective; however, the associated neighborhood-related matrix will be too large, and therefore, the associated operations become time-consuming when too many keywords are involved in the system. Other methods include secure random masking, tree-based, and secure linked-list ones. The scheme proposed by Zhang et al. [25][27] used the secure linked-list method to build an index table, which the weresearchers also adopted in ourthe work for its efficiency. Many functional search schemes have been developed to provide a more powerful search capability. For example, Wang et al. [13] proposed a tree-based method to provide range search. It is especially suitable for numerical datasets such as financial records. Aritomo et al. [29][28] and Fu et al. [10] both achieved semantic-based searching, while Zhang et al. [15] provided an efficient predicate search. Liu et al. [11] proposed a robust scheme combining semantic and fuzzy searches using fingerprint methods, which will also be adopted in ourthe schemes. However, this scheme did not take any access control mechanism into account. They used fully homomorphic encryption (FHE) schemes [30,31,32][29][30][31] to encrypt the index table instead. Due to complexity considerations, outhe researchers' work has not considered FHE schemes in ourthe current system implementation. However, FHE schemes have lots of potential for constructing effective ABE schemes if the required complexity can be handled properly. An FHE-based ABE approach is exciting and can reduce the storage requirement of ciphertexts. We The researchers choose to put it into ourthe future investigations.

4. Searchable ABE Schemes

Many ABE schemes have searching abilities. For this kind of scheme, it is crucial to allow only the qualified files to be searched. Otherwise, malicious users may launch keyword attacks to guess the contents of files and breach privacy. On the other hand, it is a waste of time for users to decrypt those unqualified files with failure. Sun et al. [22] proposed a famous searchable attribute scheme (ABKS) to hide the access policy. However, they use AND GATE as the access structure for policy hiding, which limits the access policy’s expressiveness. Wang et al. [23] proposed a scheme that is aimed at E-health applications. They achieve a constant computational overhead, constant storage overhead, and policy hiding by hashing user attributes and keywords. However, the access policy’s flexibility and searching are restricted due to its data structures. Moreover, they directly embed keyword hashes into ciphertexts, so it takes much time to match search results when there are many files in the dataset or only a single keyword can be used at a time. Miao et al. [21] and Sun et al. [33][32] proposed ABKS schemes with the ability for attribute revocations. Nevertheless, the searching capabilities of these schemes are weak because users can only use a single keyword once without any modifications to protocols.

References

  1. Saxena, A.; Shinghal, K.; Misra, R.; Agarwal, A. Automated Enhanced Learning System using IoT. In Proceedings of the 2019 4th International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU), Ghaziabad, India, 18–19 April 2019; pp. 1–5.
  2. Korupolu, M.; Jannabhatla, S.; Kommineni, V.S.; Kalyanam, H.; Vasantham, V. Video Streaming Platform Using Distributed Environment in Cloud Platform. In Proceedings of the 2021 7th International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 19–20 March 2021; Volume 1, pp. 1414–1417.
  3. Xiong, H.; Yao, T.; Wang, H.; Feng, J.; Yu, S. A Survey of Public-Key Encryption with Search Functionality for Cloud-Assisted IoT. IEEE Internet Things J. 2021, 9, 401–418.
  4. Bethencourt, J.; Sahai, A.; Waters, B. Ciphertext-Policy Attribute-Based Encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP’07), Berkeley, CA, USA, 20–23 May 2007; pp. 321–334.
  5. Chi, P.-W.; Wang, M.-H.; Shiu, H.-J. How to Hide the Real Receiver Under the Cover Receiver: CP-ABE with Policy Deniability. IEEE Access 2020, 8, 89866–89881.
  6. Han, J.; Susilo, W.; Mu, Y.; Zhou, J.; Au, M.H.A. Improving Privacy and Security in Decentralized Ciphertext-Policy Attribute-Based Encryption. IEEE Trans. Inf. Forensics Secur. 2015, 10, 665–678.
  7. Li, J.; Yao, W.; Han, J.; Zhang, Y.; Shen, J. User Collusion Avoidance CP-ABE with Efficient Attribute Revocation for Cloud Storage. IEEE Syst. J. 2017, 12, 1767–1777.
  8. Moffat, S.; Hammoudeh, M.; Hegarty, R. A Survey on Ciphertext-Policy Attribute-based Encryption (CP-ABE) Approaches to Data Security on Mobile Devices and its Application to IoT. In Proceedings of the ICFNDS’17: Proceedings of the International Conference on Future Networks and Distributed Systems, Cambridge, UK, 19–20 July 2017; Association for Computing Machinery: New York, NY, USA, 2017; p. 34.
  9. Yahiatene, Y.; Menacer, D.E.; Riahla, M.A.; Rachedi, A.; Tebibel, T.B. Towards a distributed ABE based approach to protect privacy on online social networks. In Proceedings of the 2019 IEEE Wireless Communications and Networking Conference (WCNC), Marrakesh, Morocco, 15–18 April 2019; pp. 1–7.
  10. Fu, Z.; Shu, J.; Sun, X.; Zhang, D. Semantic keyword search based on tree over encrypted cloud data. In Proceedings of the SCC’14—Proceedings of the 2nd International Workshop on Security in Cloud Computing, Kyoto, Japan, 3 June 2014; Association for Computing Machinery: New York, NY, USA, 2014; pp. 59–62.
  11. Liu, G.; Yang, G.; Bai, S.; Zhou, Q.; Dai, H. FSSE: An Effective Fuzzy Semantic Searchable Encryption Scheme over Encrypted Cloud Data. IEEE Access 2020, 8, 71893–71906.
  12. Tzouramanis, T.; Manolopoulos, Y. Secure reverse k-nearest neighbors search over encrypted mult-dimensional databases. In Proceedings of the IDEAS’18: Proceedings of the 22nd International Database Engineering & Applications Symposium, Calabria, Italy, 18–20 June 2018; Association for Computing Machinery: New York, NY, USA, 2018.
  13. Wang, B.; Hou, Y.; Li, M.; Wang, H.; Li, H. Maple: Scalable multi-dimensional range search over encrypted cloud data with tree-based index. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, Kyoto, Japan, 4–6 June 2014; Association for Computing Machinery: New York, NY, USA, 2014; pp. 111–122.
  14. Yoshino, M.; Naganuma, K.; Kunihiro, N.; Sato, H. Practical Query-based Order Revealing Encryption from Symmetric Searchable Encryption. In Proceedings of the 2020 15th Asia Joint Conference on Information Security (AsiaJCIS), Taipei, Taiwan, 20–21 August 2020; pp. 16–23.
  15. Zhang, M.; Wang, X.A.; Yang, X.; Cai, W. Efficient Predicate Encryption Supporting Construction of Fine-Grained Searchable Encryption. In Proceedings of the 2013 5th International Conference on Intelligent Networking and Collaborative Systems, Xi’an, China, 9–11 September 2013; pp. 438–442.
  16. Cao, L.; Kang, Y.; Wu, Q.; Wu, R.; Guo, X.; Feng, T. Searchable encryption cloud storage with dynamic data update to support efficient policy hiding. China Commun. 2020, 17, 153–163.
  17. Chaudhari, P.; Das, M.L. A2BSE: Anonymous attribute based searchable encryption. In Proceedings of the 2017 ISEA Asia Security and Privacy (ISEASP), Surat, India, 29 January–1 February 2017; pp. 1–10.
  18. Khan, S.; Khan, S.; Zareei, M.; Alanazi, F.; Kama, N.; Alam, M.; Anjum, A. ABKS-PBM: Attribute-Based Keyword Search with Partial Bilinear Map. IEEE Access 2021, 9, 46313–46324.
  19. Li, H.; Liu, D.; Jia, K.; Lin, X. Achieving authorized and ranked multi-keyword search over encrypted cloud data. In Proceedings of the 2015 IEEE International Conference on Communications (ICC), London, UK, 8–12 June 2015; pp. 7450–7455.
  20. Liu, L.; Wang, S.; He, B.; Zhang, D. A Keyword-Searchable ABE Scheme from Lattice in Cloud Storage Environment. IEEE Access 2019, 7, 109038–109053.
  21. Miao, Y.; Deng, R.; Liu, X.; Choo, K.-K.R.; Wu, H.; Li, H. Multi-authority Attribute-Based Keyword Search over Encrypted Cloud Data. IEEE Trans. Dependable Secur. Comput. 2019, 18, 1667–1680.
  22. Sun, W.; Yu, S.; Lou, W.; Hou, Y.T.; Li, H. Protecting your right: Attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud. In Proceedings of the IEEE INFOCOM 2014—IEEE Conference on Computer Communications, Toronto, ON, Canada, 27 April–2 May 2014; pp. 226–234.
  23. Wang, H.; Ning, J.; Huang, X.; Wei, G.; Poh, G.S.; Liu, X. Secure Fine-grained Encrypted Keyword Search for e-Healthcare Cloud. IEEE Trans. Dependable Secur. Comput. 2019, 18, 1307–1319.
  24. Wang, S.; Zhang, D.; Zhang, Y.; Liu, L. Efficiently Revocable and Searchable Attribute-Based Encryption Scheme for Mobile Cloud Storage. IEEE Access 2018, 6, 30444–30457.
  25. Wang, C.-J.; Luo, J.-F. A Key-policy Attribute-based Encryption Scheme with Constant Size Ciphertext. In Proceedings of the 2012 Eighth International Conference on Computational Intelligence and Security, Guangzhou, China, 17–18 November 2012; pp. 447–451.
  26. Cao, N.; Wang, C.; Li, M.; Ren, K.; Lou, W. Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data. IEEE Trans. Parallel Distrib. Syst. 2013, 25, 222–233.
  27. Zhang, L.; Su, J.; Mu, Y. Outsourcing Attributed-Based Ranked Searchable Encryption with Revocation for Cloud Storage. IEEE Access 2020, 8, 104344–104356.
  28. Aritomo, D.; Watanabe, C.; Matsubara, M.; Morishima, A. A Privacy-Preserving Similarity Search Scheme over Encrypted Word Embed-Dings; Association for Computing Machinery: New York, NY, USA, 2019; pp. 403–412, iiWAS2019.
  29. Fan, J.; Vercauteren, F. Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Arch. 2012, 144.
  30. Gentry, C. A Fully Homomorphic Encryption Scheme. Ph.D. Thesis, Stanford University, Stanford, CA, USA, 2009. aAI3382729.
  31. Yu, J.; Lu, P.; Zhu, Y.; Xue, G.; Li, M. Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud Data. IEEE Trans. Dependable Secur. Comput. 2013, 10, 239–250.
  32. Sun, J.; Ren, L.; Wang, S.; Yao, X. Multi-Keyword Searchable and Data Verifiable Attribute-Based Encryption Scheme for Cloud Storage. IEEE Access 2019, 7, 66655–66667.
More
© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/)
Video Production Service
Feedback