Efficient Searchable Encryption Scheme Supporting Flexible Access Control

Because of the convenience and economy of cloud servers,more and more users use cloud services to store private data.But when the data is uploaded to the cloud server,the user cannot directly manage the data on the cloud server.To prevent the leakage of private data and ensure data privacy and data security,data owners often encrypt the data before uploading the data to the cloud server.However,it is difficult for users to effectively access ciphertext data on cloud server.The emergence of searchable encryption solves this problem.Searchable encryption enables users to search for relevant ciphertext data on the cloud server without decryption,and realizes the acquisition of data under the condition of ensuring data privacy and security.However,the searchable encryption mechanism still faces the following challenges in practical applicationsn Ⅰ.In most searchable encryption schemes,the cloud server compares the trapdoor with all indexes when receives the trapdoor sent by the user,which causes excessive overhead;Ⅱ.In practical application scenarios,the searchable encryption should provide fine-grained access control,so that different users can access corresponding files;Ⅲ.In the dynamic symmetric searchable encryption scheme,adding and deleting operations will reveal more privacy than searching operations.In view of the above problems,this paper conducts research on searchable encryption schemes in the cloud environment.The main research contents are as follows.(1)Aiming at the problem of excessive overhead caused by the comparison of trapdoors and all indexes during the search operation of the cloud server,this paper contributes an efficient searchable encryption scheme which supports flexible access control.Before the data is encrypted and uploaded to the cloud server,the solution uses the K-means clustering algorithm to divide the documents into several clusters,and uses the Latent Dirichlet Allocation topic model to generate a set of keywords as an index for each cluster.When performing a search operation,first compare the similarity between the keyword set in the trapdoor and the cluster index,and determine in which cluster the search operation is performed according to the similarity,because the search operation is only performed in a certain cluster,thereby reducing the number of comparisons between the trapdoor and the indexes and improving the search efficiency;Use broadcast encryption to specify accessible encrypted files for each group of users,and control users to search within the authorized keyword set and its subsets,so as to realize user access control to files,and provide users with a constant size secret keys,the communication cost and storage cost are independent of the number of users authorized to access the file.(2)Aiming at the problem of privacy leakage caused by the update operation in the dynamic symmetric searchable encryption scheme,this paper contributes a dynamic symmetric searchable encryption scheme supporting forward and backward security.The scheme combines symmetric revocable encryption primitives and puncturable pseudo-random function to realize forward and backward security,and uses the dual index structure and the subset decision-making mechanism to realize multi-keyword retrieval,while ensuring the robustness of the scheme.Robustness means that when client issues the irrational update queries,such as adding or deleting the same entry repeatedly and deleting the non-existent entry,the correctness of the scheme will not be affected;finally,by comparing with other schemes,it shows the advantages of this scheme in terms of computational overhead and communication overhead.(3)In medical cloud computing,due to the convenience and economy of cloud computing,patients are willing to upload medical data to the cloud server and share their medical data with doctors.However,patients are worried that the cloud server will disclose their medical data.To solve the above problems,this paper combines medical cloud computing with searchable encryption system to ensure the data privacy of patients and realize the search of encrypted data.