Cryptanalysis and Improvement on Wang et al.’s Attribute-Based Searchable Encryption Scheme

Searchable encryption is a powerful and useful primitive when users want to store their encrypted files on cloud storages. In this paper, we demonstrate security flaws of the searchable encryption scheme proposed by Wang et al. in 2017. Furthermore, we propose a solution to fix the flaws, and the improved scheme also largely reduces the length of the ciphertext such that it is independent of the number of the attributes.

[1]  Zhibin Zhou,et al.  Efficient Privacy-Preserving Ciphertext-Policy Attribute Based-Encryption and Broadcast Encryption , 2015, IEEE Transactions on Computers.

[2]  Yanqin Zhu,et al.  Multi-user Searchable Encryption with Fine-Grained Access Control without Key Sharing , 2014, 2014 3rd International Conference on Advanced Computer Science Applications and Technologies.

[3]  Aytac Azgin,et al.  CLKS: Certificateless Keyword Search on Encrypted Data , 2015, NSS.

[4]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[5]  Yiwei Thomas Hou,et al.  Protecting your right: Attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[6]  Robert H. Deng,et al.  Attribute-Based Encryption With Efficient Verifiable Outsourced Decryption , 2015, IEEE Transactions on Information Forensics and Security.

[7]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[8]  Ming Li,et al.  Verifiable Privacy-Preserving Multi-Keyword Text Search in the Cloud Supporting Similarity-Based Ranking , 2013, IEEE Transactions on Parallel and Distributed Systems.

[9]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[10]  Javier Herranz,et al.  Attribute-based encryption schemes with constant-size ciphertexts , 2012, Theor. Comput. Sci..

[11]  Xiaolei Dong,et al.  Multi-Value-Independent Ciphertext-Policy Attribute Based Encryption with Fast Keyword Search , 2020, IEEE Transactions on Services Computing.

[12]  G. Patil Privacy-Preserving Decentralized Key Policy Attribute-Based Encryption , 2014 .

[13]  Xuemin Shen,et al.  Enabling Efficient Multi-Keyword Ranked Search Over Encrypted Mobile Cloud Data Through Blind Storage , 2015, IEEE Transactions on Emerging Topics in Computing.

[14]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[15]  Jin Li,et al.  Secure attribute-based data sharing for resource-limited users in cloud computing , 2018, Comput. Secur..

[16]  Mahmoud Salmasizadeh,et al.  A Key-Policy Attribute-Based Temporary Keyword Search scheme for Secure Cloud Storage , 2020, IEEE Transactions on Cloud Computing.

[17]  Cheng-Chi Lee,et al.  A Searchable Hierarchical Conditional Proxy Re-encryption Scheme for Cloud Storage Services , 2016, Inf. Technol. Control..

[18]  Jiguo Li,et al.  Searchable ciphertext‐policy attribute‐based encryption with revocation in cloud storage , 2017, Int. J. Commun. Syst..

[19]  Jianwei Liu,et al.  Practical Direct Chosen Ciphertext Secure Key-Policy Attribute-Based Encryption with Public Ciphertext Test , 2014, ESORICS.

[20]  Shouhuai Xu,et al.  VABKS: Verifiable attribute-based keyword search over outsourced encrypted data , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[21]  Jianfeng Ma,et al.  Lightweight Fine-Grained Search Over Encrypted Data in Fog Computing , 2019, IEEE Transactions on Services Computing.

[22]  Willy Susilo,et al.  Searchable Attribute-Based Mechanism With Efficient Data Sharing for Secure Cloud Storage , 2015, IEEE Transactions on Information Forensics and Security.

[23]  Xiaodong Lin,et al.  Achieving authorized and ranked multi-keyword search over encrypted cloud data , 2015, 2015 IEEE International Conference on Communications (ICC).

[24]  Robert H. Deng,et al.  Expressive search on encrypted data , 2013, ASIA CCS '13.

[25]  Cheng Chen,et al.  Efficient Ciphertext Policy Attribute-Based Encryption with Constant-Size Ciphertext and Constant Computation-Cost , 2011, ProvSec.

[26]  Jin Li,et al.  Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing , 2017, Inf. Sci..

[27]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[28]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[29]  Jiguo Li,et al.  KSF-OABE: Outsourced Attribute-Based Encryption with Keyword Search Function for Cloud Storage , 2017, IEEE Transactions on Services Computing.

[30]  G Shiva Krishna,et al.  Control Cloud Data Access Privilege and Anonymity with Fully Anonymous Attribute-Based Encryption , 2017 .

[31]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[32]  Xiaohua Jia,et al.  Attributed-Based Access Control for Multi-authority Systems in Cloud Storage , 2012, 2012 IEEE 32nd International Conference on Distributed Computing Systems.

[33]  Yinghui Zhang,et al.  Efficient and privacy-aware attribute-based data sharing in mobile cloud computing , 2017, Journal of Ambient Intelligence and Humanized Computing.

[34]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[35]  Xu An Wang,et al.  m2-ABKS: Attribute-Based Multi-Keyword Search over Encrypted Personal Health Records in Multi-Owner Setting , 2016, Journal of Medical Systems.

[36]  Jianfeng Ma,et al.  Attribute-Based Keyword Search over Hierarchical Data in Cloud Computing , 2020, IEEE Transactions on Services Computing.