| With the continuous improvement of network technology,cloud computing has been more and more widely applied.As a part of cloud computing,cloud storage can bring convenience to data users with advantages of low price and pay-as-you-go.If the data are uploaded directly and stored in the cloud server in the form of plaintext,then it is inevitably to disclose the confidentiality of the data,and thus it is necessary to encrypt-then-upload the data.However,encryption will hinder the data retrieval.To solve the problem of keyword search over encrypted data,Song proposed the concept of searchable encryption.Since traditional searchable encryption schemes cannot provide the flexible data sharing,some scholars have combined them with attribute-based encryption due to its advantages of fine-grained access control to propose attribute-based searchable encryption schemes.In recent years,attribute-based searchable encryption schemes have been made significant progress,but there are still some problems that need to be solved:(1)data integrity verification—the cloud server may be semi-trusted,and only store a part of data in order to save resources,or only return a part of the data during the search phase;(2)attribute revocation—the users' private keys may be lost or stolen,and thus their decryption rights needs to be revoked or updated;(3)privacy preserving of access policy—the access structure attached in the encrypted data will reveal the users' privacy;(4)malicious user trace—many users may have the same decryption rights for some ciphertext,but some users may disclose the key for financial benefit without being accountable.These problems will limit the applications of attribute-based searchable encryption schemes.In order to solve the above problems,the main efforts of this paper are as follows:(1)To propose a verifiable attribute-based keyword search encryption scheme with attribute revocation.For the problem that the cloud server is not trusted in the electronic medical record system,a trusted third-party auditor utilizes the aggregated signature technology to interact with the cloud server,which can verify the data integrity.Considering the attribute revocation problem caused by the change of the doctor's position in the system,the key encryption tree and the minimum subset coverage method are used to manage the attribute group keys,which can realize attribute revocation.Finally,the propose scheme is proved to be secure by the use of security reduction,and the experimental simulations show that the proposed scheme is practical.(2)To present a privacy-preserving attribute-based encryption scheme with keyword search and user tracing.Considering that the access structure in attribute-based searchable encryption will leak the users' privacy to a certain extent,the proposed scheme utilizes AND gate multi-value independent access structure to encrypt the data,and the access structure is not attached in the ciphertext,which can effectively prevent the sensitive privacy information from leaking.To solve the problem of malicious user tracing,the proposed scheme uses Shamir's threshold technology to trace malicious users,and the tracing storage consumption is constant.Finally,the detailed security proofs and the performance analysis show the proposed scheme is secure and efficient. |
PDF Full Text Request