Public-key authenticated encryption with keyword search revisited: Security model and constructions

Abstract In cloud era, it is necessary to store sensitive data in an encrypted form. This arises the interesting and challenging problem of searching on encrypted data. However, previous Public-key Encryption with Keyword Search (PEKS) inherently cannot resist against inside keyword guessing attacks. To alleviate this issue, recently Huang and Li proposed the notion of Public-key Authenticated Encryption with Keyword Search (PAEKS), which requires the data sender not only encrypting a keyword using the receiver’s public key, but also authenticating it using his secret key. This paper first revisits HL-PAEKS security model and finds that it did not capture a realistic threat, called (outside) chosen multi-ciphertext attacks. That is, an outside adversary can decide whether two encrypted files share some identical keywords or not. To resolve this issue, we propose a new PAEKS security model that captures both (outside) chosen multi-ciphertext attacks and (inside) keyword guessing attacks. Then, we give a concrete PAEKS scheme and prove its security in the new PAEKS security model. We also propose a method to simplify data sender’s key management using identity-based key exchange protocol. Finally, we provide implementation results of our schemes to show the comparable efficiency of our schemes with previous PEKS/PAEKS schemes.

[1]  Xiaohui Liang,et al.  Proxy re-encryption with keyword search , 2010, Inf. Sci..

[2]  Sherali Zeadally,et al.  Certificateless Public Key Authenticated Encryption With Keyword Search for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[3]  Yannan Li,et al.  Blockchain-Based Solutions to Security and Privacy Issues in the Internet of Things , 2018, IEEE Wireless Communications.

[4]  Pil Joong Lee,et al.  Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System , 2007, Pairing.

[5]  Qiong Huang,et al.  A restricted proxy re‐encryption with keyword search for fine‐grained data access control in cloud storage , 2016, Concurr. Comput. Pract. Exp..

[6]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[7]  Fuchun Guo,et al.  Server-Aided Public Key Encryption With Keyword Search , 2016, IEEE Transactions on Information Forensics and Security.

[8]  Dong Hoon Lee,et al.  Trapdoor security in a searchable public-key encryption scheme with a designated tester , 2010, J. Syst. Softw..

[9]  Kenneth G. Paterson,et al.  Programmable Hash Functions in the Multilinear Setting , 2013, CRYPTO.

[10]  Keita Emura,et al.  Keyword Revocable Searchable Encryption with Trapdoor Exposure Resistance and Re-generateability , 2015, TrustCom 2015.

[11]  Jia Yu,et al.  Strong Key-Exposure Resilient Auditing for Secure Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[12]  Bok-Min Goi,et al.  Off-Line Keyword Guessing Attacks on Recent Public Key Encryption with Keyword Search Schemes , 2008, ATC.

[13]  Jia Yu,et al.  Enabling efficient and verifiable multi-keyword ranked search over encrypted cloud data , 2017, Inf. Sci..

[14]  Qiong Huang,et al.  An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks , 2017, Inf. Sci..

[15]  Willy Susilo,et al.  Secure searchable public key encryption scheme against keyword guessing attacks , 2009, IEICE Electron. Express.

[16]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[17]  Yang Lu,et al.  Efficient searchable public key encryption against keyword guessing attacks for cloud-based EMR systems , 2018, Cluster Computing.

[18]  Bo Zhang,et al.  An efficient public key encryption with conjunctive-subset keywords search , 2011, J. Netw. Comput. Appl..

[19]  Kihyun Kim,et al.  Public Key Encryption with Conjunctive Field Keyword Search , 2004, WISA.

[20]  Dong Hoon Lee,et al.  Off-Line Keyword Guessing Attacks on Recent Keyword Search Schemes over Encrypted Data , 2006, Secure Data Management.

[21]  Xuemin Shen,et al.  Synergy of Big Data and 5G Wireless Networks: Opportunities, Approaches, and Challenges , 2018, IEEE Wireless Communications.

[22]  Qiang Tang,et al.  A New Trapdoor-indistinguishable Public Key Encryption with Keyword Search , 2012, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[23]  Robert H. Deng,et al.  Attribute-Based Encryption with Expressive and Authorized Keyword Search , 2017, ACISP.

[24]  Rong Hao,et al.  Towards Achieving Keyword Search over Dynamic Encrypted Cloud Data with Symmetric-Key Based Verification , 2019, IEEE Transactions on Dependable and Secure Computing.

[25]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[26]  Jian Shen,et al.  Designated-server identity-based authenticated encryption with keyword search for encrypted emails , 2019, Inf. Sci..

[27]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[28]  Lifeng Guo,et al.  Efficient Secure-Channel Free Public Key Encryption with Keyword Search for EMRs in Cloud Storage , 2015, Journal of Medical Systems.

[29]  Pascal Paillier,et al.  Decryptable Searchable Encryption , 2007, ProvSec.

[30]  Dong Hoon Lee,et al.  Generic construction of designated tester public-key encryption with keyword search , 2012, Inf. Sci..

[31]  Joonsang Baek,et al.  Public Key Encryption with Keyword Search Revisited , 2008, ICCSA.

[32]  Jin Li,et al.  Verifiable searchable encryption with aggregate keys for data sharing system , 2018, Future Gener. Comput. Syst..

[33]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[34]  Jin Li,et al.  Towards Privacy-Preserving Storage and Retrieval in Multiple Clouds , 2017, IEEE Transactions on Cloud Computing.

[35]  Dong Hoon Lee,et al.  Keyword Updatable PEKS , 2015, WISA.

[36]  Bo-Suk Yang,et al.  Attribute-Based Cloud Data Integrity Auditing for Secure Outsourced Storage , 2020, IEEE Transactions on Emerging Topics in Computing.

[37]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[38]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[39]  Kim-Kwang Raymond Choo,et al.  Enabling verifiable multiple keywords search over encrypted cloud data , 2018, Inf. Sci..

[40]  Fuchun Guo,et al.  Dual-Server Public-Key Encryption With Keyword Search for Secure Cloud Storage , 2016, IEEE Transactions on Information Forensics and Security.

[41]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[42]  Qiang Tang,et al.  Public-Key Encryption with Registered Keyword Search , 2009, EuroPKI.