Searchable encryption (SE) has been a promising technology which allows users to perform search queries over encrypted data. However, the most of existing SE schemes cannot deal with the shared records that have hierarchical structures. In this paper, we devise a basic cryptographic primitive called as attribute-based keyword search over hierarchical data (ABKS-HD) scheme by using the ciphertext-policy attribute-based encryption (CP-ABE) technique, but this basic scheme cannot satisfy all the desirable requirements of cloud systems. The facts that the single keyword search will yield many irrelevant search results and the revoked users can access the unauthorized data with the old or outdated secret keys make this basic scheme not scale well in practice. To this end, we also propose two improved schemes (ABKS-HD-I, ABKS-HD-II) for the sake of supporting multi-keyword search and user revocation, respectively. In contrast with the state-of-the-art attribute-based keyword search (ABKS) schemes, the computation overhead of our schemes almost linearly increases with the number of users' attributes rather than the number of attributes in systems. Formal security analysis proves that our schemes are secure against both chosen-plaintext attack (CPA) and chosen-keyword attack (CKA) in the random oracle model. Furthermore, empirical study using a real-world dataset shows that our schemes are feasible and efficient in practical applications.

• 出版日期2020-11-1
• 单位西安电子科技大学