Attribute-based encryption with expressive and authorized keyword search

Ke-Hui Cui, Robert H Deng, Joseph K. Liu, Yingjiu Li

    Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

    15 Citations (Scopus)


    To protect data security and privacy in cloud storage systems, a common solution is to outsource data in encrypted forms so that the data will remain secure and private even if storage systems are compromised. The encrypted data, however, must be pliable to search and access control. In this paper, we introduce a notion of attribute-based encryption with expressive and authorized keyword search (ABE-EAKS) to support both expressive keyword search and fine-grained access control over encrypted data in the cloud. In ABE-EAKS, every data user is associated with a set of attributes and is issued a private attribute-key corresponding to his/her attribute set, and each data owner encrypts the message using attribute-based encryption and attaches the encrypted message with encrypted keywords related with the message, and then uploads the encrypted message and keywords to the cloud. To access encrypted messages containing certain keywords satisfying a search policy, a data user generates a trapdoor for the search policy using his/her private attribute-key and sends it to the cloud server equipped to the cloud. The cloud server searches over encrypted data stored in the cloud for the encrypted messages containing keywords satisfying the search policy and sends back the results to the data user who then decrypts the returned ciphertexts to obtain the underlying messages. We present a generic construction for ABE-EAKS, formally prove its security, give a concrete construction, and then extend the concrete ABE-EAKS scheme to support user revocation. Also, we implement the proposed ABE-EAKS scheme and its extension and study their performance through experiments.

    Original languageEnglish
    Title of host publicationInformation Security and Privacy
    Subtitle of host publication22nd Australasian Conference, ACISP 2017, Auckland, New Zealand, July 3–5, 2017, Proceedings, Part I
    EditorsJosef Pieprzyk, Suriadi Suriadi
    Place of PublicationCham, Switzerland
    Number of pages21
    ISBN (Electronic)9783319600550
    ISBN (Print)9783319600543
    Publication statusPublished - 2017
    EventAustralasian Conference on Information Security and Privacy 2017 - Massey University, Auckland, New Zealand
    Duration: 3 Jul 20175 Jul 2017
    Conference number: 22nd (Proceedings)

    Publication series

    NameLecture Notes in Computer Science
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    ConferenceAustralasian Conference on Information Security and Privacy 2017
    Abbreviated titleACISP 2017
    CountryNew Zealand
    OtherThe 22nd Australasian Conference on Information Security and Privacy (ACISP) will be held in Auckland New Zealand on 3-5 July 2017, organised by Massey University in collaboration with other New Zealand universities. ACISP has been running annually since 1996. Now in its 22nd year, is an established key forum for international researchers and industry experts to present and discuss the latest research, trends, breakthroughs, and challenges in the domain of information security and privacy.
    Internet address


    • Access control
    • Attribute-based encryption
    • Cloud storage
    • Data security and privacy
    • Search

    Cite this