P2 KASE A2 - Privacy Preserving Key Aggregate Searchable Encryption supporting Authentication and Access Control on Multi-Delegation

Mukti Padhya, DEVESH JINWALA
2020 IET Information Security  
Delegation is a technique that allows a subject receiving a delegation (the delegatee) to act on behalf of the delegating subject (the delegator). Although the existing Key Aggregate Searchable Encryption (KASE) schemes support delegation of search rights over any set of ciphertexts using a key of constant-size, two critical issues still should be considered. Firstly, an adversary can intercept the aggregate key or query trapdoor from the insecure communication channels involving the cloud
more » ... r and impersonate as an authorized user to the server for accessing the data. Secondly, the existing KASE schemes only discuss the delegation of rights from the data owner to other users. However, if a subject receiving a delegation cannot perform the time-critical task on the shared data because of the unavailability, it becomes necessary for the delegatee to further delegate his received rights to another user. In this paper, we propose a novel KASE scheme that allows a fine-grained multidelegation, i.e., if the attributes of the delegatee satisfy the hidden access policy (defined by the data owner), the delegatee can delegate his received rights to another user, without compromising data privacy. The proposed scheme provides security against the impersonation attack by verifying the user's authentication. Introduction Cloud computing services provide massive storage as well as computational resources to the computing devices that are constrained in resources. Therefore, the data owners (DOs) outsource their data or computational operations to the cloud service providers. The cloud computing services are used for following two different purposes when offloading the data to it: (i) the cloud server is used as a storage server-when only the memory is scarcely available on the client-side or (ii) it is used for processing the data-in case the computational resources are scarcely available on the client-side. In either case, the data Hence, the probability that the simulator has no failure state is at least 1/q Tr . Therefore, the simulator simulates without failure with the probability of at least 1/e + 1/q Tr .
doi:10.1049/iet-ifs.2020.0070 fatcat:upgucuexqvaujosyymqwghlszq