An Efficient Pairing-Free Certificateless Searchable Public Key Encryption for Cloud-Based IIoT

Ma, Mimi; Luo, Min; Fan, Shuqin; Feng, Dengguo

doi:https://doi.org/10.1155/2020/8850520

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Preliminaries Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Security and Privacy Challenges for Internet-of-Things and Fog Computing 2020

View this Special Issue

Research Article | Open Access

Volume 2020 | Article ID 8850520 | https://doi.org/10.1155/2020/8850520

An Efficient Pairing-Free Certificateless Searchable Public Key Encryption for Cloud-Based IIoT

Mimi Ma,^1,2,3Min Luo ,⁴Shuqin Fan,¹and Dengguo Feng¹

Academic Editor: Ximeng Liu

Received25 Jun 2020

Revised06 Aug 2020

Accepted02 Dec 2020

Published21 Dec 2020

Abstract

The Industrial Internet of Things (IIoT), as a special form of Internet of Things (IoT), has great potential in realizing intelligent transformation and industrial resource utilization. However, there are security and privacy concerns about industrial data, which is shared on an open channel via sensor devices. To address these issues, many searchable encryption schemes have been presented to provide both data privacy-protection and data searchability. However, due to the use of expensive pairing operations, most previous schemes were inefficient. Recently, a certificateless searchable public-key encryption (CLSPE) scheme was designed by Lu et al. to remove the pairing operation. Unfortunately, we find that Lu et al.’s scheme is vulnerable to user impersonation attacks. To enhance the security, a new pairing-free dual-server CLSPE (DS-CLSPE) scheme for cloud-based IIoT deployment is designed in this paper. In addition, we provide security and efficiency analysis for DS-CLSPE. The analysis results show that DS-CLSPE can resist chosen keyword attacks (CKA) and has better efficiency than other related schemes.

1. Introduction

The gradual maturity of communication technology, especially the emergence of the 5-th generation wireless systems, has greatly promoted the popularization of IoT, which connects everything to the Internet for intelligent identification, tracking, monitoring, etc. [1–3]. Industrial IoT (IIoT) is one of the main application directions of IoT. It can collect the industrial data in real-time via various sensing devices (e.g., global positioning system and radio frequency identification), realize the optimal utilization of resources, improve the quality, and reduce the cost of the product through further analyzing those collected data [4].

IIoT provides new technological guidance for the development of industry and has great application potential. Nowadays, the IIoT market is expanding rapidly [5]. Meanwhile, the number of IIoT devices will also grow several times, inevitably leading to an explosion of the collected industrial data. In order to effectively manage and utilize these big data, users are more willing to outsource the data to the cloud server provider (CSP), which has powerful data storage and analytical capabilities [6]. In a cloud-based IIoT setting, as presented in Figure 1, massive industrial data is collected through sensor devices and transmitted to the CSP in real-time via the Internet. The CSP further analyzes and mines these data to provide better intelligent services for industrial sectors such as intelligent logistics and manufacturing.

Users enjoy various convenient services offered by CSP; however, their data security and privacy are seriously threatened [7–10]. One reason is that their data is transmitted on an open channel, so an adversary can eavesdrop on the transmitted data to obtain information about an enterprise’s production or operations [11]. The other reason is that they will not be able to physically control the outsourced data nor will they be able to fully trust the CSP. For example, the CSP may exploit users’ outsourced data to make illegal profits or carry out other malicious acts, such as tampering and deleting. Once the confidential data is eavesdropped or destroyed, it may cause unpredictable damage to an enterprise (e.g., huge economic losses). Overall, it is urgent to establish a practical mechanism with security and privacy preservation for IIoT data utilization and management.

Encryption is the most direct approach to guarantee data privacy. Users can first encrypt the confidential data and then submit the ciphertext to CSP. Although traditional encryption is effective in preserving the privacy of IIoT data, it also incurs some troubles in data utilizations, especially the problem of searching over encrypted data. Since the original data structure will be changed once it is encrypted, the search algorithms for plaintext will not be feasible for the encrypted data. To address this issue, the searchable encryption (SE) technology has emerged, which supports search over ciphertext according to keywords [12, 13]. The first symmetric SE (SSE) scheme was presented in [12]. However, SSE suffers from the troublesome key distribution. To resolve this problem, a SE scheme based on a public-key cryptosystem (SPE) was designed in [13]. Since then, various SPE schemes have been designed [14–17]. However, these SPE schemes face cumbersome certificate management or key escrow burden since the inherent designing structure based on public key infrastructure (PKI) and identity-based cryptosystem. The CLSPE schemes [18–20] can overcome these cumbersome burdens. However, most of the previous CLSPE schemes were computationally expensive since the use of many complex pairing operations. Recently, Lu and Li [21] presented a new CLSPE scheme without pairing operation. Unfortunately, we analyze their scheme suffer from user impersonation attack. To improve the security, we design a new DS-CLSPE scheme without pairing for cloud-based IIoT deployment.

1.1. Related Work

The SE technology provides the functionality of searching over ciphertext without losing the confidentiality of original data. The first concrete SE scheme was presented in [12], which was built on a symmetric cryptosystem. Later, various SSE schemes have been designed. A SSE scheme with verifiable functionality (VSSE) was presented in [22], which can both protect data privacy and provide the verifiability. Recently, Zuo et al. [23] gave two dynamic SSE schemes (i.e., Scheme-A and Scheme-B), which support range queries. The former scheme has forward security property but imposes a heavy storage cost on the client, and the latter scheme reduces the client’s storage but loses the forward security. Later, a novel VSSE scheme with forward security was presented in [24]. However, all SSE schemes face the complex key management issue.

To avoid the key management issue, the concept of SPE was introduced in [13]. A SPE system contains three participants: cloud server (CS), data sender (DS), and data receiver (DR). DS uses DR’s public key to encrypt his/her own data, including files and keywords extracted from files, and sends the encrypted data to CS. DR uses its own private key to produce a trapdoor for the keyword to be retrieved and submits the trapdoor to CS. Then, CS verifies whether the trapdoor matches the ciphertext and returns the successfully matched files to DR. Later, a SPE scheme with a designated server (dSPE) was constructed, in which only the specified server can run the test algorithm [14]. Lin et al. [25] designed a novel blockchain-based system for the secure outsourcing of bilinear pairings to remove the secure channel and the trusted server. To resist inside keyword guessing attack (IKGA), an authenticated SPE scheme was constructed in [15]. Recently, a SPE scheme with forward security was designed in [16] to resist file-injection attacks [26]. However, the above-proposed schemes are built on PKI cryptosystem; they inevitably face the complicated certificate management problem.

To reduce the overhead of managing certificate, an ID-based cryptosystem was introduced, in which the participant’s public key is set to some public information (e.g., name and office number), and the private key is created by a key generation center (KGC) based on the public information [27]. A general framework for transforming a two-level anonymous ID-based encryption (IBE) scheme to an ID-based SPE (IBSPE) scheme was presented in [17]. Recently, Lu et al. [28] constructed an IBSPE with a designated server (dIBSPE), which supports conjunctive keyword search. Li et al. [29] designed two-authenticated dIBSPE schemes based on symmetric bilinear pairing and asymmetric bilinear pairing, respectively. In their schemes, any adversary cannot run the encryption algorithm to get a valid ciphertext unless it can capture the data sender’s private key, and no adversary can perform the test algorithm correctly unless it has the ability to access the specified server’s private key. Zhang et al. [30] constructed a proxy-oriented IBSPE scheme based on lattices to resist quantum computer attacks, in which the original data sender delegates his/her own data to a proxy for encryption in order to lower the computation cost of himself. However, all ID-based SPE schemes are plagued by key escrow issues.

In certificateless cryptosystem (CLC), the private key of the participant is jointly created by KGC and the participant itself, which resolves the burden of key escrow and certificate management existing in PKI-based and ID-based cryptosystem [31]. Peng et al. [18] introduced SE technology into the CLC system and proposed a CLSPE scheme with a designated server (dCLSPE). To lower computation overhead in [18], Islam et al. [19] designed a new dCLSPE scheme based on the problems of CDH and BDH. He et al. [20] constructed a novel-authenticated CLSPE scheme against IKGA attacks. However, all previous CLSPE schemes involve bilinear pairing operations, which require high computation overhead. Recently, a CLSPE scheme without pairing operation is designed in [21]. Unfortunately, we analyze scheme [21] cannot resist user impersonation attacks, thus, we develop a new pairing-free CLSPE scheme.

1.2. Research Contributions

An efficient pairing-free DS-CLSPE scheme for cloud-based IIoT is designed in this paper. The main research contributions are listed below: (i)First, we analyze Lu et al.’s scheme is subject to user impersonation attack, and their scheme requires a secure channel for trapdoor transmission(ii)Second, we give the system model for DS-CLSPE and construct a new DS-CLSPE scheme, which not only eliminates the need for bilinear pairings but also removes the use of secure channel(iii)Finally, we present a security analysis for DS-CLSPE and show it can resist the CKA attack. Furthermore, we evaluate the efficiency of DS-CLSPE in terms of computation and communication costs

1.3. Organization of the Paper

The following sections are arranged as below. Section 2 presents some preliminary knowledge. Section 3 shows the analysis of Lu et al.’s scheme. Section 4 gives the detailed construction of our DS-CLSPE scheme. Section 5 and Section 6 show the security proof and the performance analysis of DS-CLSPE, respectively. The last section is mainly to summarize the full paper.

2. Preliminaries

We first present the complexity assumptions used in this paper and then give the system model and formal definition of DS-CLSPE.

2.1. Complexity Assumptions

Suppose denotes a -order cyclic group, and the point denotes a generator.

2.1.1. Computational Diffie-Hellman (CDH) Assumption

Given three points , , (, are unknown numbers), to figure out .

2.2. System Model

As presented in Figure 2, a DS-CLSPE system contains five participants: data sender (DS), data receiver (DR), KGC, front server (FS), and back server (BS). The responsibilities of each participant are described below. (i)KGC is responsible for generating system parameters and participants’ partial keys(ii)DS encrypts his/her own data and then outsources the encrypted data to FS and BS(iii)DR submits a trapdoor to FS for querying the encrypted data(iv)FS generates an intermediate testing-state ciphertext according to the received trapdoor and submits to BS(v)BS generates the final test results according to and returns the test results to DR

2.3. Formal Definition

A DS-CLSPE scheme contains the following algorithms. (i)Setup(λ): this algorithm is implemented by KGC. Inputs a security parameter , returns the system master key and public parameters (ii)PartialKeyGen(parm,s,ID_i): this algorithm is performed by KGC. Inputs , , and the identity , outputs the partial key pair for the corresponding participant(iii)KeyGen(parm,ID_i,T_i,d_i): each participant generates its own full public/private keys by performing this algorithm(iv)Encrypt(parm,w,ID_i,PK_i): DS executes this algorithm to generate the ciphertext for keyword (v)Trapdoor(parm,w,SK_DR,PK_FS,PK_BS): DR performs this algorithm to obtain the trapdoor for .(vi)FrontTest(parm,C_w,T_w,SK_FS): FS performs this algorithm to generate an intermediate testing-state (vii)BackTest(parm,C_ITS,SK_BS): this algorithm is performed by BS. Inputs , , , outputs “1” if the test succeeds and “0” otherwise

3. Weakness of Lu et al.’s Scheme

We first present Lu et al.’s scheme and then analyze its security weakness.

3.1. Review of Lu et al.’s Scheme

The detailed construction of Lu et al.’s scheme is as follows. (i)Setup(): suppose is a large prime number and is a group with order . denotes a generator selected from , and , , and denote three different hash functions. KGC performs this algorithm as follows (1)Selects at random(2)Calculates (3)Publishes and keeps in secret(ii)PartialKeyGen(): KGC selects , computes , , and sends the partial key pair to the receiver(iii)KeyGen(): the receiver picks , calculates , and sets , as his/her own public/private keys(iv)Encrypt(): the sender randomly chooses , calculates and here , and sets the ciphertext .(v)Trapdoor(): the receiver computes (vi)Test(): given and , the server checks

If this equation holds, returns “1”; Otherwise, returns “0”.

3.2. Attack on Lu et al.’s Scheme

Lu et al.’s scheme cannot prevent user impersonation attack launched by adversary . During the attack, can first forge the private key of the receiver and then impersonate to calculate a trapdoor for a challenge keyword using the forged private key. The detail attack is presented below. (i)Setup: the challenger generates by performing the algorithm(ii)Queries: with identity can ask the following queries (1)Extract Partial Private Key Query: if submits this query, then returns to , where and Upon receiving , can forge the partial key pair of the receiver as follows: (2)Replace Public Key Query: selects randomly and computes . Then, submits this query with , here . will set (iii)Forge Trapdoor: once has successfully forged and replaced , it can forge a trapdoor for a keyword with respect to the identity as below: (iv)Challenge: returns the keywords and the identity as challenge target. Then picks up randomly and returns to Upon receiving , performs algorithm and gets .(v)Guess: returns if ; otherwise, returns . It is easy to see that , i.e., the advantage of is always 1

4. The Proposed DS-CLSPE Scheme

To overcome the weakness of Lu et al.’s scheme and avoid the use of bilinear pairing, we develop a new dual-server CLSPE scheme. The details are described as follows. (i)Setup(): suppose is a large prime number, is a group with order . Let denote a generator of , and , , and denote three different hash functions. KGC performs the following steps (1)Chooses randomly(2)Calculates (3)Publishes and keeps secretly(ii)PartialKeyGen(): takes , , and the identity as inputs, KGC performs this algorithm as follows (1)Selects (2)Calculates , , where .(3)Sends to the corresponding participant(iii)KeyGen(): this algorithm is performed by the participant as follows (1)Chooses randomly(2)Calculates (3)Sets and (iv)Encrypt(): given , and keyword . DR performs the steps below to produce ciphertext (1)Selects randomly(2)Calculates (3)Calculates where (4)Sets The parameters can be published publicly.(v)Trapdoor(): the receiver generates the trapdoor of keyword as below (1)Selects randomly(2)Computes (3)Computes where and are computed as above.(4)Sends to the front server(vi)FrontTest(): given the ciphertext and a trapdoor , the front server performs the following steps to generate intermediate testing-state (1)Selects randomly(2)Calculates (3)Calculates (4)Sends to the back server (vii)BackTest(): the back server checks

If this equation holds, BS returns “1”; otherwise, returns “0”.

Correctness. Suppose that , then we have

5. Security Analysis

This section first presents the security model of DS-CLSPE and then gives the formal proof of DS-CLSPE.

5.1. Security Model

Two types of adversaries should be considered in a certificateless cryptosystem [31, 32].

Type 1. This adversary is denoted as , who has no master key but can replace anyone’s public key.

Type II. This adversary is denoted as , who holds the master key but cannot replace anyone’s public key.

As defined in scheme [33], assume that both BS and FS are honest-but-curious, and that they cannot collude. The security model of DS-CLSPE is defined by the following game, i.e., indistinguishability against CKA attack (IND-CKA), which is the interaction between an adversary and a challenger .

Definition 1 (IND-CKA). The DS-CLSPE scheme is said IND-CKA secure if s advantage of winning in the following game is negligible.

Game. This game is interacted between and . (i)Setup: generates by executing algorithm. If , returns to ; otherwise (), returns both and (ii)Phase: the following oracles can be queried by (a)CreateUser Queries: upon receiving this query for , checks whether has been created. If so, outputs directly. Otherwise, performs the algorithm to produce the key pair and returns (b)PrivateKey Queries: upon receiving this query for , checks whether has been created. If so, returns ; otherwise, returns (c)PatialPrivateKey Queries: upon receiving this query for , checks whether has been created. If so, returns partial private key ; otherwise, returns (d)ReplacePublicKey Queries: if , then it can perform these queries. Upon receiving s query for with a false public key , sets (e)Trapdoor Queries: if submits this query for , then returns the corresponding trapdoor if has been created; otherwise, returns (iii)Challenge: selects identity and keywords as challenge targets. picks up at random and returns to (iv)Phase: the oracles defined as in phase 1 can be continuously queried by (v)Guess: returns . We say wins the above game if and below conditions hold: (1) queries for and have never been submitted by ; (2) If , it has never made and queries for ; if , it has never made queries for (note that can calculate partial private key as it knows master key).

Let express s advantage in the above-defined game.

5.2. Provable Security

Theorem 2. The DS-CLSPE scheme can achieve IND-CKA secure if the CDH problem is difficult to solve.
Theorem 2 can be proofed by the two lemmas below.

Lemma 3. Let the advantage of winning the IND-CKA game be . Then, we can construct an algorithm to calculate the CDH problem with advantage where is Euler number and , , denote the maximum number of queries, queries, and queries, respectively.

Proof. Let be a large prime number. Given , s goal is to output . (i)Setup: generates the public parameters , here . selects , computes , , , and , and sets , . Finally, sends to (ii)Phase: the following oracles can be queried by (a)Queries: a -list with tuples is maintained by . When performs query for , first checks whether is already in -list. If so, returns ; otherwise, selects at random, adds into -, and returns (b)Queries: maintains a - with tuples . Upon receiving s query for , searches from -list. If -list already contains the searched tuple, outputs directly; otherwise, chooses at random, adds into -, and returns (c)Queries: maintains a -list with tuples . Upon receiving this query for , searches from - and returns directly if already exists in -; otherwise, selects at random, adds into -, and returns (d)Queries: maintains a - with tuples . Upon receiving s query for , searches user-list for . outputs directly if user-list already includes the searched tuple; otherwise, tosses a at random such that ( will be computed later) and executes the following steps (1)If , selects two random numbers , from , sets , where , . adds into user-list and returns (2)Otherwise (), selects three numbers from , sets and , where , . adds into user-list, adds into -, and returns (e)Queries: when submits this query for , searches from user-list. If , outputs ; otherwise, aborts the game (this event is denoted as ).(f)Queries: when submits this query for , searches from user-list. If , outputs the first part of , i.e., ; otherwise, aborts the game (this event is denoted as ).(g)Queries: when submits this query with a value , replaces with . Note that this query implies must also submit the corresponding private key (h)Queries: when submits this query for , searches from user-list and recovers and from -list and -list, respectively. If , chooses and computes , , where and are computed as in the proposed scheme. returns . Otherwise, aborts the game (this event is denoted as ).(iii)Challenge: outputs and . recovers and from - and -list, respectively. If , randomly selects , , recovers from -, sets , and returns to . Otherwise, ends the game (this event is denoted as ). Note that is implicitly defined as .(iv)Phase 2: The oracles defined in can be asked continuously by (v)Guess: outputs . If , then wins in the above gameAt this point, can compute the value as follows: .

Analysis. The advantage of winning the game is analyzed below. wins in above game if none of the events () occur.
From the above proof of Lemma 3, when , this value is at its maximum value Thus,

Lemma 4. Let denote the advantage of winning in IND-CKA game. Then, the algorithm can be constructed to solve the CDH problem with advantage where , , and are defined as Lemma 3.

Proof. Given a CDH instance, i.e., , will try to output . (i): selects , calculates and generates . Then, selects , , , and , sets , , , and , and lets and . Finally, sends to (ii) : the following oracles can be queried by (a), , Queries: when submits these oracle queries, responds as defined in Lemma 3(b)Queries: maintains a - with . Upon receiving this query for , searches from -. If this tuple is already in -, returns ; otherwise, tosses randomly such that ( will be computed later) and executes the following steps (1)If , selects , from , computes , , and sets . adds into - and returns (2)Otherwise, selects from at random, computes , , , and sets , . adds into -, adds into -, and returns (c)Queries: Upon receiving this query for , searches - to find . If , outputs ; otherwise, aborts the game (this event is denoted as )(d)Queries: when submits the query for , searches from - and recovers and from - and -, respectively. If , chooses , computes , , and returns to , where and are computed as in the proposed scheme; otherwise, aborts the game (this event is denoted as )(iii): outputs and . recovers from -. If , randomly selects , and recovers from -. sets and returns to . Otherwise, aborts the game (this event is denoted as )Note that is implicitly defined as . (iv) : the oracles defined in phase 1 can be continuously accessed by (v): returns . If , then wins in the gameAt this point, can compute as below: .

Analysis. Now let us analyze s advantage in winning the above game. will win the game if , , and do not occur.
From the above proof of Lemma 4, when , takes its maximum value Then, we have

6. Performance Analysis

This section mainly compares the computation/communication costs of DS-CLSPE with that of Lu and Li [21] and Peng et al. [18]. Let , be 512-bit and 160-bit prime numbers, respectively. is a cyclic group with order , which is generated by a point on a super-singular elliptic curve . For the convenience of comparison, Table 1 presents the definition of some symbols.

We evaluate the running time of the above basic operations using the MIRACL library [34] and performing on a personal computer (Processor: i5-8250U 1.60 GHz; Memory: 8 GB; Operating system: Win10). The evaluation result shows that ms, ms, ms, ms, ms. Furthermore, the result indicates that the operations of and consume much more time than other operations. Therefore, we should minimize or even avoid using these time-consuming operations to enhance the efficiency of the designed scheme.

To compare the computation costs, we analyze the proposed DS-CLSPE scheme and schemes [18, 21] in terms of four phases: KenGen, Encrypt, Trapdoor, and Test. Table 2 and Figure 3 present the specific comparison results. In addition, the communication costs of DS-CLSPE and schemes [18, 21] are also presented in Table 2.

From Table 2 and Figure 3, the efficiency of DS-CLSPE is slightly worse than the scheme [21], but DS-CLSPE avoids the security flaws that existed in the scheme [21]. The data security is a primary concern in practical application, so DS-CLSPE is more practical. And in comparison with scheme [18], DS-CLSPE has better performance.

7. Conclusion

As the maturity of IoT and the popularization of sensor devices, IIoT has attracted widespread attention, which can provide users with real-time and reliable intelligent services by collecting and analyzing massive industrial data via the IoT devices. However, some sensitive information may be involved in industrial data, so data security is concerned. To protect data privacy, Lu et al. designed a CLSPE scheme without bilinear pairing operation. Unfortunately, we analyze that their CLSPE scheme cannot prevent user impersonation attacks. To resolve the security flaws, we design an improved pairing-free dual-server CLSPE scheme, i.e., DS-CLSPE. The formal security proof shows that DS-CLSPE can realize IND-CKA security. Additionally, we evaluate the efficiency of DS-CLSPE, and evaluation results indicate the proposed scheme has better efficiency.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

The work was supported by the National Natural Science Foundation of China (Nos. 61902111, 61932016, and 61972294), the High-level talent Fund Project of Henan University of Technology (No. 2018BS052), the Project funded by China Postdoctoral Science Foundation (No. 2020M670223), and the National Key Research and Development Program of China (No. 2018YFC1604000).

References

J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of things (iot): a vision, architectural elements, and future directions,” Future Generation Computer Systems, vol. 29, no. 7, pp. 1645–1660, 2013.
View at: Publisher Site | Google Scholar
S. Pattar, R. Buyya, K. R. Venugopal, S. Iyengar, and L. Patnaik, “Searching for the iot resources: fundamentals, requirements, comprehensive review, and future directions,” IEEE Communications Surveys & Tutorials, vol. 20, no. 3, pp. 2101–2132, 2018.
View at: Publisher Site | Google Scholar
S. Li, L. Da Xu, and S. Zhao, “5G internet of things: a survey,” Journal of Industrial Information Integration, vol. 10, pp. 1–9, 2018.
View at: Publisher Site | Google Scholar
M. Younan, E. H. Houssein, M. Elhoseny, and A. A. Ali, “Challenges and recommended technologies for the industrial internet of things: a comprehensive review,” Measurement, vol. 151, p. 107198, 2020.
View at: Publisher Site | Google Scholar
MarketsandMarkets, “Industrial iot market by device & technology (sensor, rfid, industrial robotics, dcs, condition monitoring, smart meter, camera system, networking technology), software (plm, mes, scada), vertical, and geography-global forecast to 2023,” https://www.marketsandmarkets.com/Market-Reports/industrial-internet-of-things-market-129733727.html.
View at: Google Scholar
M. S. Hossain and G. Muhammad, “Cloud-assisted industrial internet of things (IIoT) – enabled framework for health monitoring,” Computer Networks, vol. 101, pp. 192–202, 2016.
View at: Publisher Site | Google Scholar
K. Liang and W. Susilo, “Searchable attribute-based mechanism with efficient data sharing for secure cloud storage,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1981–1992, 2015.
View at: Publisher Site | Google Scholar
C. Esposito, A. De Santis, G. Tortora, H. Chang, and K.-K. R. Choo, “Blockchain: a panacea for healthcare cloud-based data security and privacy?” IEEE Cloud Computing, vol. 5, no. 1, pp. 31–37, 2018.
View at: Publisher Site | Google Scholar
J. Srinivas, A. K. Das, N. Kumar, and J. Rodrigues, “Cloud centric authentication for wearable healthcare monitoring system,” IEEE Transactions on Dependable and Secure Computing, vol. 17, no. 5, pp. 942–956, 2018.
View at: Publisher Site | Google Scholar
D. He, N. Kumar, S. Zeadally, and H. Wang, “Certificateless provable data possession scheme for cloud-based smart grid data management systems,” IEEE Transactions on Industrial Informatics, vol. 14, no. 3, pp. 1232–1241, 2018.
View at: Publisher Site | Google Scholar
A. K. Das, M. Wazid, N. Kumar, A. V. Vasilakos, and J. J. Rodrigues, “Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment,” IEEE Internet of Things Journal, vol. 5, no. 6, pp. 4900–4913, 2018.
View at: Publisher Site | Google Scholar
X. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, pp. 44–55, Berkeley, CA, USA, May 2000.
View at: Publisher Site | Google Scholar
D. Boneh, G. Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryption with keyword search,” in Advances in Cryptology - EUROCRYPT 2004. EUROCRYPT 2004. Lecture Notes in Computer Science, vol 3027, C. Cachin and J. L. Camenisch, Eds., pp. 506–522, Springer, Berlin, Heidelberg, 2004.
View at: Publisher Site | Google Scholar
H. S. Rhee, J. H. Park, W. Susilo, and D. H. Lee, “Trapdoor security in a searchable public-key encryption scheme with a designated tester,” Journal of Systems and Software, vol. 83, no. 5, pp. 763–771, 2010.
View at: Publisher Site | Google Scholar
Q. Huang and H. Li, “An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks,” Information Sciences, vol. 403-404, pp. 1–14, 2017.
View at: Publisher Site | Google Scholar
M. Zeng, H.-F. Qian, J. Chen, and K. Zhang, “Forward secure public key encryption with keyword search for outsourced cloud storage,” IEEE Transactions on Cloud Computing, 2019.
View at: Publisher Site | Google Scholar
M. Abdalla, M. Bellare, D. Catalano et al., “Searchable encryption revisited: consistency properties, relation to anonymous ibe, and extensions,” in Advances in Cryptology – CRYPTO 2005. CRYPTO 2005. Lecture Notes in Computer Science, vol 3621, V. Shoup, Ed., pp. 205–222, Springer, Berlin, Heidelberg, 2005.
View at: Publisher Site | Google Scholar
Y. Peng, J. Cui, C. Peng, and Z. Ying, “Certificateless public key encryption with keyword search,” China Communications, vol. 11, no. 11, pp. 100–113, 2014.
View at: Publisher Site | Google Scholar
S. H. Islam, M. S. Obaidat, V. Rajeev, and R. Amin, “Design of a certificateless designated server based searchable public key encryption scheme,” in Mathematics and Computing. ICMC 2017. Communications in Computer and Information Science, vol 655, D. Giri, R. Mohapatra, H. Begehr, and M. Obaidat, Eds., pp. 3–15, Springer, Singapore, 2017.
View at: Publisher Site | Google Scholar
D. He, M. Ma, S. Zeadally, N. Kumar, and K. Liang, “Certificateless public key authenticated encryption with keyword search for industrial internet of things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, pp. 3618–3627, 2017.
View at: Publisher Site | Google Scholar
Y. Lu and J. Li, “Constructing pairing-free certificateless public key encryption with keyword search,” Frontiers of Information Technology & Electronic Engineering, vol. 20, no. 8, pp. 1049–1060, 2019.
View at: Publisher Site | Google Scholar
Q. Chai and G. Gong, “Verifiable symmetric searchable encryption for semi-honest-but-curious cloud servers,” in 2012 IEEE International Conference on Communications (ICC), pp. 917–922, Ottawa, ON, Canada, June 2012.
View at: Publisher Site | Google Scholar
C. Zuo, S.-F. Sun, J. K. Liu, J. Shao, and J. Pieprzyk, “Dynamic searchable symmetric encryption schemes supporting range queries with forward (and backward) security,” in Computer Security. ESORICS 2018. Lecture Notes in Computer Science, vol 11099, J. Lopez, J. Zhou, and M. Soriano, Eds., pp. 228–246, Springer, Cham, 2018.
View at: Publisher Site | Google Scholar
Z. Zhang, J. Wang, Y. Wang, Y. Su, and X. Chen, “Towards efficient verifiable forward secure searchable symmetric encryption,” in Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science, vol 11736, K. Sako, S. Schneider, and P. Ryan, Eds., pp. 304–321, Springer, Cham, 2019.
View at: Publisher Site | Google Scholar
C. Lin, D. He, X. Huang, X. Xie, and K.-K. R. Choo, “Blockchain-based system for secure outsourcing of bilinear pairings,” Information Sciences, vol. 527, pp. 590–601, 2020.
View at: Publisher Site | Google Scholar
Y. Zhang, J. Katz, and C. Papamanthou, “All your queries are belong to us: the power of file-injection attacks on searchable encryption,” in Proceedings of the 25th Security Symposium, USENIX, pp. 707–720, Austin, TX, USA, August 2016.
View at: Google Scholar
A. Shamir, “Identity-based cryptosystems and signature schemes,” in Advances in Cryptology. CRYPTO 1984. Lecture Notes in Computer Science, vol 196, G. R. Blakley and D. Chaum, Eds., pp. 47–53, Springer, Berlin, Heidelberg, 1984.
View at: Publisher Site | Google Scholar
Y. Lu, G. Wang, J. Li, and J. Shen, “Efficient designated server identity-based encryption with conjunctive keyword search,” Annals of Telecommunications, vol. 72, no. 5-6, pp. 359–370, 2017.
View at: Publisher Site | Google Scholar
H. Li, Q. Huang, J. Shen, G. Yang, and W. Susilo, “Designated-server identity-based authenticated encryption with keyword search for encrypted emails,” Information Sciences, vol. 481, pp. 330–343, 2019.
View at: Publisher Site | Google Scholar
X. Zhang, Y. Tang, H. Wang, C. Xu, Y. Miao, and H. Cheng, “Lattice-based proxy-oriented identity-based encryption with keyword search for cloud storage,” Information Sciences, vol. 494, pp. 193–207, 2019.
View at: Publisher Site | Google Scholar
S. S. Al-Riyami and K. G. Paterso, “Certificateless public key cryptography,” in Advances in Cryptology - ASIACRYPT 2003. ASIACRYPT 2003. Lecture Notes in Computer Science, vol 2894, C. S. Laih, Ed., pp. 452–473, Springer, Berlin, Heidelberg, 2003.
View at: Publisher Site | Google Scholar
B. C. Hu, D. S. Wong, Z. Zhang, and X. Deng, “Certificateless signature: a new security model and an improved generic construction,” Designs, Codes and Cryptography, vol. 42, no. 2, pp. 109–126, 2007.
View at: Publisher Site | Google Scholar
R. Chen, Y. Mu, G. Yang, F. Guo, and X. Wang, “Dual-server public-key encryption with keyword search for secure cloud storage,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 4, pp. 789–798, 2015.
View at: Publisher Site | Google Scholar
“Shamus software ltd., miracl library,” http://www.shamus.ie/index.php?page=home.
View at: Google Scholar

Copyright

Copyright © 2020 Mimi Ma et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

714

Downloads

949

Citations