Kai Zhang, Xiwen Wang, Jianting Ning, M. Wen, Rongxing Lu
{"title":"Multi-Client Boolean File Retrieval with Adaptable Authorization Switching for Secure Cloud Search Services","authors":"Kai Zhang, Xiwen Wang, Jianting Ning, M. Wen, Rongxing Lu","doi":"10.1109/tdsc.2022.3227650","DOIUrl":null,"url":null,"abstract":"Secure cloud search services provide a cost-effective way for resource-constrained clients to search encrypted files in the cloud, where data owners can customize search authorization. Despite providing fine-grained authorization, traditional attribute-based keyword search (ABKS) solutions generally support single keyword search. Towards expressive queries over encrypted data, multi-client searchable symmetric encryption (MC-SSE) was introduced. However, current search authorizations of existing MC-SSEs: (i) cannot support dynamic updating; (ii) are (semi-)black-box implementations of attribute-based encryption; (iii) incur significant cost during system initialization and file encryption. To address these limitations, we present AasBirch, an MC-SSE system with fast fine-grained authorization that supports adaptable authorization switching from one policy to any other one. AasBirch achieves constant-size storage and lightweight time cost for system initialization, file encryption and file searching. We conduct extensive experiments based on Enron dataset in real cloud environment. Compared to state-of-the-art MC-SSE with fine-grained authorization, AasBirch achieves 30<inline-formula><tex-math notation=\"LaTeX\">$\\sim 200\\times$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>∼</mml:mo><mml:mn>200</mml:mn><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"wen-ieq1-3227650.gif\"/></alternatives></inline-formula> smaller public parameter and secret key size, with the assumed least frequent keyword in a query (<inline-formula><tex-math notation=\"LaTeX\">$s$</tex-math><alternatives><mml:math><mml:mi>s</mml:mi></mml:math><inline-graphic xlink:href=\"wen-ieq2-3227650.gif\"/></alternatives></inline-formula>-term) as 21. Moreover, it runs 10<inline-formula><tex-math notation=\"LaTeX\">$\\sim 20\\times$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>∼</mml:mo><mml:mn>20</mml:mn><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"wen-ieq3-3227650.gif\"/></alternatives></inline-formula> faster for file encryption and <inline-formula><tex-math notation=\"LaTeX\">$>20\\times$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>></mml:mo><mml:mn>20</mml:mn><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"wen-ieq4-3227650.gif\"/></alternatives></inline-formula> faster for file searching. In addition, AasBirch outperforms 80,000× (resp. 7,850×) faster with <inline-formula><tex-math notation=\"LaTeX\">$s$</tex-math><alternatives><mml:math><mml:mi>s</mml:mi></mml:math><inline-graphic xlink:href=\"wen-ieq5-3227650.gif\"/></alternatives></inline-formula>-term=1 (resp. =21), as compared to classic dynamic ABKS system.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4621-4636"},"PeriodicalIF":7.0000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Dependable and Secure Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/tdsc.2022.3227650","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 2
Abstract
Secure cloud search services provide a cost-effective way for resource-constrained clients to search encrypted files in the cloud, where data owners can customize search authorization. Despite providing fine-grained authorization, traditional attribute-based keyword search (ABKS) solutions generally support single keyword search. Towards expressive queries over encrypted data, multi-client searchable symmetric encryption (MC-SSE) was introduced. However, current search authorizations of existing MC-SSEs: (i) cannot support dynamic updating; (ii) are (semi-)black-box implementations of attribute-based encryption; (iii) incur significant cost during system initialization and file encryption. To address these limitations, we present AasBirch, an MC-SSE system with fast fine-grained authorization that supports adaptable authorization switching from one policy to any other one. AasBirch achieves constant-size storage and lightweight time cost for system initialization, file encryption and file searching. We conduct extensive experiments based on Enron dataset in real cloud environment. Compared to state-of-the-art MC-SSE with fine-grained authorization, AasBirch achieves 30$\sim 200\times$∼200× smaller public parameter and secret key size, with the assumed least frequent keyword in a query ($s$s-term) as 21. Moreover, it runs 10$\sim 20\times$∼20× faster for file encryption and $>20\times$>20× faster for file searching. In addition, AasBirch outperforms 80,000× (resp. 7,850×) faster with $s$s-term=1 (resp. =21), as compared to classic dynamic ABKS system.
期刊介绍:
The "IEEE Transactions on Dependable and Secure Computing (TDSC)" is a prestigious journal that publishes high-quality, peer-reviewed research in the field of computer science, specifically targeting the development of dependable and secure computing systems and networks. This journal is dedicated to exploring the fundamental principles, methodologies, and mechanisms that enable the design, modeling, and evaluation of systems that meet the required levels of reliability, security, and performance.
The scope of TDSC includes research on measurement, modeling, and simulation techniques that contribute to the understanding and improvement of system performance under various constraints. It also covers the foundations necessary for the joint evaluation, verification, and design of systems that balance performance, security, and dependability.
By publishing archival research results, TDSC aims to provide a valuable resource for researchers, engineers, and practitioners working in the areas of cybersecurity, fault tolerance, and system reliability. The journal's focus on cutting-edge research ensures that it remains at the forefront of advancements in the field, promoting the development of technologies that are critical for the functioning of modern, complex systems.