Attribute-based encryption with expressive and authorized keyword search

Ke-Hui Cui, Robert H Deng, Joseph K. Liu, Yingjiu Li

    Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

    Abstract

    To protect data security and privacy in cloud storage systems, a common solution is to outsource data in encrypted forms so that the data will remain secure and private even if storage systems are compromised. The encrypted data, however, must be pliable to search and access control. In this paper, we introduce a notion of attribute-based encryption with expressive and authorized keyword search (ABE-EAKS) to support both expressive keyword search and fine-grained access control over encrypted data in the cloud. In ABE-EAKS, every data user is associated with a set of attributes and is issued a private attribute-key corresponding to his/her attribute set, and each data owner encrypts the message using attribute-based encryption and attaches the encrypted message with encrypted keywords related with the message, and then uploads the encrypted message and keywords to the cloud. To access encrypted messages containing certain keywords satisfying a search policy, a data user generates a trapdoor for the search policy using his/her private attribute-key and sends it to the cloud server equipped to the cloud. The cloud server searches over encrypted data stored in the cloud for the encrypted messages containing keywords satisfying the search policy and sends back the results to the data user who then decrypts the returned ciphertexts to obtain the underlying messages. We present a generic construction for ABE-EAKS, formally prove its security, give a concrete construction, and then extend the concrete ABE-EAKS scheme to support user revocation. Also, we implement the proposed ABE-EAKS scheme and its extension and study their performance through experiments.

    Original languageEnglish
    Title of host publicationInformation Security and Privacy
    Subtitle of host publication22nd Australasian Conference, ACISP 2017, Auckland, New Zealand, July 3–5, 2017, Proceedings, Part I
    EditorsJosef Pieprzyk, Suriadi Suriadi
    Place of PublicationCham, Switzerland
    PublisherSpringer
    Pages106-126
    Number of pages21
    ISBN (Electronic)9783319600550
    ISBN (Print)9783319600543
    DOIs
    Publication statusPublished - 2017
    EventAustralasian Conference on Information Security and Privacy 2017 - Massey University, Auckland, New Zealand
    Duration: 3 Jul 20175 Jul 2017
    Conference number: 22
    http://acisp.massey.ac.nz/
    http://acisp.massey.ac.nz/

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer
    Volume10342
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    ConferenceAustralasian Conference on Information Security and Privacy 2017
    Abbreviated titleACISP 2017
    CountryNew Zealand
    CityAuckland
    Period3/07/175/07/17
    OtherThe 22nd Australasian Conference on Information Security and Privacy (ACISP) will be held in Auckland New Zealand on 3-5 July 2017, organised by Massey University in collaboration with other New Zealand universities. ACISP has been running annually since 1996. Now in its 22nd year, is an established key forum for international researchers and industry experts to present and discuss the latest research, trends, breakthroughs, and challenges in the domain of information security and privacy.
    Internet address

    Keywords

    • Access control
    • Attribute-based encryption
    • Cloud storage
    • Data security and privacy
    • Search

    Cite this

    Cui, K-H., Deng, R. H., Liu, J. K., & Li, Y. (2017). Attribute-based encryption with expressive and authorized keyword search. In J. Pieprzyk, & S. Suriadi (Eds.), Information Security and Privacy: 22nd Australasian Conference, ACISP 2017, Auckland, New Zealand, July 3–5, 2017, Proceedings, Part I (pp. 106-126). (Lecture Notes in Computer Science ; Vol. 10342 ). Cham, Switzerland: Springer. https://doi.org/10.1007/978-3-319-60055-0_6
    Cui, Ke-Hui ; Deng, Robert H ; Liu, Joseph K. ; Li, Yingjiu. / Attribute-based encryption with expressive and authorized keyword search. Information Security and Privacy: 22nd Australasian Conference, ACISP 2017, Auckland, New Zealand, July 3–5, 2017, Proceedings, Part I. editor / Josef Pieprzyk ; Suriadi Suriadi. Cham, Switzerland : Springer, 2017. pp. 106-126 (Lecture Notes in Computer Science ).
    @inproceedings{ba2694ce9ede4b449df742e6e98158c8,
    title = "Attribute-based encryption with expressive and authorized keyword search",
    abstract = "To protect data security and privacy in cloud storage systems, a common solution is to outsource data in encrypted forms so that the data will remain secure and private even if storage systems are compromised. The encrypted data, however, must be pliable to search and access control. In this paper, we introduce a notion of attribute-based encryption with expressive and authorized keyword search (ABE-EAKS) to support both expressive keyword search and fine-grained access control over encrypted data in the cloud. In ABE-EAKS, every data user is associated with a set of attributes and is issued a private attribute-key corresponding to his/her attribute set, and each data owner encrypts the message using attribute-based encryption and attaches the encrypted message with encrypted keywords related with the message, and then uploads the encrypted message and keywords to the cloud. To access encrypted messages containing certain keywords satisfying a search policy, a data user generates a trapdoor for the search policy using his/her private attribute-key and sends it to the cloud server equipped to the cloud. The cloud server searches over encrypted data stored in the cloud for the encrypted messages containing keywords satisfying the search policy and sends back the results to the data user who then decrypts the returned ciphertexts to obtain the underlying messages. We present a generic construction for ABE-EAKS, formally prove its security, give a concrete construction, and then extend the concrete ABE-EAKS scheme to support user revocation. Also, we implement the proposed ABE-EAKS scheme and its extension and study their performance through experiments.",
    keywords = "Access control, Attribute-based encryption, Cloud storage, Data security and privacy, Search",
    author = "Ke-Hui Cui and Deng, {Robert H} and Liu, {Joseph K.} and Yingjiu Li",
    year = "2017",
    doi = "10.1007/978-3-319-60055-0_6",
    language = "English",
    isbn = "9783319600543",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "106--126",
    editor = "Pieprzyk, {Josef } and Suriadi, {Suriadi }",
    booktitle = "Information Security and Privacy",

    }

    Cui, K-H, Deng, RH, Liu, JK & Li, Y 2017, Attribute-based encryption with expressive and authorized keyword search. in J Pieprzyk & S Suriadi (eds), Information Security and Privacy: 22nd Australasian Conference, ACISP 2017, Auckland, New Zealand, July 3–5, 2017, Proceedings, Part I. Lecture Notes in Computer Science , vol. 10342 , Springer, Cham, Switzerland, pp. 106-126, Australasian Conference on Information Security and Privacy 2017, Auckland, New Zealand, 3/07/17. https://doi.org/10.1007/978-3-319-60055-0_6

    Attribute-based encryption with expressive and authorized keyword search. / Cui, Ke-Hui; Deng, Robert H; Liu, Joseph K.; Li, Yingjiu.

    Information Security and Privacy: 22nd Australasian Conference, ACISP 2017, Auckland, New Zealand, July 3–5, 2017, Proceedings, Part I. ed. / Josef Pieprzyk; Suriadi Suriadi. Cham, Switzerland : Springer, 2017. p. 106-126 (Lecture Notes in Computer Science ; Vol. 10342 ).

    Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

    TY - GEN

    T1 - Attribute-based encryption with expressive and authorized keyword search

    AU - Cui, Ke-Hui

    AU - Deng, Robert H

    AU - Liu, Joseph K.

    AU - Li, Yingjiu

    PY - 2017

    Y1 - 2017

    N2 - To protect data security and privacy in cloud storage systems, a common solution is to outsource data in encrypted forms so that the data will remain secure and private even if storage systems are compromised. The encrypted data, however, must be pliable to search and access control. In this paper, we introduce a notion of attribute-based encryption with expressive and authorized keyword search (ABE-EAKS) to support both expressive keyword search and fine-grained access control over encrypted data in the cloud. In ABE-EAKS, every data user is associated with a set of attributes and is issued a private attribute-key corresponding to his/her attribute set, and each data owner encrypts the message using attribute-based encryption and attaches the encrypted message with encrypted keywords related with the message, and then uploads the encrypted message and keywords to the cloud. To access encrypted messages containing certain keywords satisfying a search policy, a data user generates a trapdoor for the search policy using his/her private attribute-key and sends it to the cloud server equipped to the cloud. The cloud server searches over encrypted data stored in the cloud for the encrypted messages containing keywords satisfying the search policy and sends back the results to the data user who then decrypts the returned ciphertexts to obtain the underlying messages. We present a generic construction for ABE-EAKS, formally prove its security, give a concrete construction, and then extend the concrete ABE-EAKS scheme to support user revocation. Also, we implement the proposed ABE-EAKS scheme and its extension and study their performance through experiments.

    AB - To protect data security and privacy in cloud storage systems, a common solution is to outsource data in encrypted forms so that the data will remain secure and private even if storage systems are compromised. The encrypted data, however, must be pliable to search and access control. In this paper, we introduce a notion of attribute-based encryption with expressive and authorized keyword search (ABE-EAKS) to support both expressive keyword search and fine-grained access control over encrypted data in the cloud. In ABE-EAKS, every data user is associated with a set of attributes and is issued a private attribute-key corresponding to his/her attribute set, and each data owner encrypts the message using attribute-based encryption and attaches the encrypted message with encrypted keywords related with the message, and then uploads the encrypted message and keywords to the cloud. To access encrypted messages containing certain keywords satisfying a search policy, a data user generates a trapdoor for the search policy using his/her private attribute-key and sends it to the cloud server equipped to the cloud. The cloud server searches over encrypted data stored in the cloud for the encrypted messages containing keywords satisfying the search policy and sends back the results to the data user who then decrypts the returned ciphertexts to obtain the underlying messages. We present a generic construction for ABE-EAKS, formally prove its security, give a concrete construction, and then extend the concrete ABE-EAKS scheme to support user revocation. Also, we implement the proposed ABE-EAKS scheme and its extension and study their performance through experiments.

    KW - Access control

    KW - Attribute-based encryption

    KW - Cloud storage

    KW - Data security and privacy

    KW - Search

    UR - http://www.scopus.com/inward/record.url?scp=85020669164&partnerID=8YFLogxK

    U2 - 10.1007/978-3-319-60055-0_6

    DO - 10.1007/978-3-319-60055-0_6

    M3 - Conference Paper

    SN - 9783319600543

    T3 - Lecture Notes in Computer Science

    SP - 106

    EP - 126

    BT - Information Security and Privacy

    A2 - Pieprzyk, Josef

    A2 - Suriadi, Suriadi

    PB - Springer

    CY - Cham, Switzerland

    ER -

    Cui K-H, Deng RH, Liu JK, Li Y. Attribute-based encryption with expressive and authorized keyword search. In Pieprzyk J, Suriadi S, editors, Information Security and Privacy: 22nd Australasian Conference, ACISP 2017, Auckland, New Zealand, July 3–5, 2017, Proceedings, Part I. Cham, Switzerland: Springer. 2017. p. 106-126. (Lecture Notes in Computer Science ). https://doi.org/10.1007/978-3-319-60055-0_6