ABKS-SKGA: Attribute-based keyword search secure against keyword guessing attack

In order to guarantee security and privacy of sensitive data, attribute-based keyword search (ABKS) enables data owners to upload their encrypted data to cloud servers, and authorizes intended data users to retrieve it. Meanwhile, ABKS outsources heavy search work to cloud servers, which makes ABKS adaptive to mobile computing environment. However, as cloud servers can both generate keyword ciphertexts and run search algorithm, the existing most ABKS schemes are vulnerable to keyword guessing attack. In this paper, we show the fundamental cause that the existing ABKS schemes do not resist keyword guessing attack is any entity can generate keyword ciphertext. To solve the above problem, in the phase of keyword ciphertext generation, we use private key of data owner to sign keyword prior to generating keyword ciphertext. Therefore, any other entity does not forge keyword ciphertext, which can resist keyword guessing attack. We give the formal definition and security model of attributed-based keyword search secure against keyword guessing attack (ABKS-SKGA). Furthermore, we provide an ABKS-SKGA scheme. The ABKS-SKGA scheme is proved secure against chosenplaintext attack (CPA). Performance analysis shows that the proposed scheme is practical.

Automated summary

To ensure security and privacy in cloud data storage, attribute-based keyword search (ABKS) allows data owners to upload encrypted data and authorize specific users to retrieve it. However, the vulnerability to keyword guessing attacks is a key issue, which is addressed in this paper by using data owner's private key to sign keywords and prevent unauthorized keyword generation. The proposed ABKS scheme is secure against chosen-plaintext attacks and demonstrates practical performance.