Abstract
Due to the tremendous benefits of cloud computing, an increasing number of health care providers tend to deploy the electronic medical record (EMR) storages and application services into cloud. To protect patients’ privacy, sensitive EMRs have to be encrypted before being uploaded to cloud. This makes effective utilization of EMRs, such as plaintext keyword search, a very challenging problem. Public key encryption with keyword search (PEKS) provides a promising cryptographic solution to encrypted EMR data retrieval, because it allows one to delegate to an untrusted storage server the capability of searching on publicly encrypted EMR data without compromising the security of original EMR data. Recently, two secure channel free PEKS schemes were proposed for cloud-based EMR systems. However, our cryptanalysis demonstrates that both of these two schemes suffer from the security vulnerabilities caused by the keyword guessing attack. To deal with this problem, a novel secure channel free PEKS scheme is developed in this paper. The proposed scheme not only provides the resistance to the existing known three types of keyword guessing attacks, but also has the merit of no designated server. In the standard model, it is formally proven to achieve both the keyword ciphertext indistinguishability and the trapdoor indistinguishability under the adaptive chosen-keyword attacks. The comparisons indicate that the scheme is secure and practicable.
Similar content being viewed by others
References
Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie–Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001, pp. 143–158. Springer, Heidelberg (2001)
Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., Shi, H.: Searchable encryption revisited: consistency properties, relation to anonymous IBE and extensions. In: Shoup, V. (ed.) CRYPTO 2005, pp. 205–222. Springer, Heidelberg (2005)
Ateniese, G., Fu, K.V., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1–30 (2006)
Aviv, A.J., Locasto, M.E., Potter, S., Keromytis, A.D.: SSARES: secure searchable automated remote email storage. In: ACSAC 2007, pp. 129–139. IEEE (2007)
Baek, J., Safavi-Naini, R., Susilo, W.: Public key encryption with keyword search revisited. In: Gervasi, O., et al. (eds.) ICCSA 2008, pp. 1249–1259. Springer, Heidelberg (2008)
Boneh, D., Crescenzo, G.D., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004, pp. 506–522. Springer, Heidelberg (2004)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001, pp. 213–229. Springer, Heidelberg (2001)
Byun, J.W., Rhee, H.S., Park, H.A., Lee, D.H.: Off-line keyword guessing attacks on recent keyword search schemes over encrypted data. In: Jonker, W., Petkovic, M. (eds.) SDM 2006, pp. 75–83. Springer, Heidelberg (2006)
Chen, R.M., Mu, Y., Yang, G.M., Guo, F., Huang, X., Wang, X., Wang, Y.: Server-aided public key encryption with keyword search. IEEE Trans. Inf. Forensics Secur. 11, 1833–2842 (2016)
Chen, Y.: SPEKS: secure server-designation public key encryption with keyword search against keyword guessing attacks. Comput. J. 58, 922–933 (2015)
Chen, Y., Horng, G., Lin, Y., Chen, K.: Privacy preserving index for encrypted electronic medical records. J. Med. Syst. 37(6), 9992 (2013). https://doi.org/10.1007/s10916-013-9992-x
Chen, C., Yang, T., Shih, T.: A secure medical data exchange protocol based on cloud environment. J. Med. Syst. 38(9), 112 (2014). https://doi.org/10.1007/s10916-014-0112-3
Chen, C., Yang, T., Chiang, M., Shih, T.: A privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 38(11), 143 (2014). https://doi.org/10.1007/s10916-014-0143-9
Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM CCS 2006, pp. 79–88. ACM, New York (2006)
Dong, Q.X., Guan, Z., Wu, L., Chen, Z.: Fuzzy keyword search over encrypted data in the public key setting. In: Wang, J., et al. (eds.) WAIM 2013, pp. 729–740. Springer, Heidelberg (2013)
Emura, K., Miyaji, A., Rahman, M., Omote, K.: Generic constructions of secure-channel free searchable encryption with adaptive security. Secur. Commun. Netw. 8, 1547–1560 (2015)
Fang, L.M., Susilo, W., Ge, C.P., Wang, J.D.: A secure channel free public key encryption with keyword search scheme without random oracle. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009, pp. 248–258. Springer, Heidelberg (2009)
Fu, Z., Ren, K., Shu, J., Sun, X., Huang, F.: Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Trans. Parallel Distrib. Syst. 27, 2546–2559 (2016)
Fu, Z., Wu, X., Guan, C., Sun, X., Ren, K.: Towards efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Trans. Inf. Forensics Secur. 11, 2706–2716 (2016)
Golle, P., Staddon, J., Waters, B.: Secure conjunctive keyword search over encrypted data. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004, pp. 31–45. Springer, Heidelberg (2004)
Gou, Z., Yamaguchi, S., Gupta, B.B.: Analysis of various security issues and challenges in cloud computing environment: a survey. In: Gupta, B.B., Agrawal, D.P., Yamaguchi, S. (eds.) Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security, pp. 393–419. IGI Global, Hershey (2016)
Gu, C., Zhu, Y., Pan, H.: Efficient public key encryption with keyword search schemes from pairings. In: Pei, D., et al. (eds.) Inscrypt 2007, pp. 372–383. Springer, Heidelberg (2007)
Guo, L.F., Yau, W.C.: Efficient secure-channel free public key encryption with keyword search for EMRs in cloud storage. J. Med. Syst. (2015). https://doi.org/10.1007/s10916-014-0178-y
Gupta, B.B., Gupta, S., Chaudhary, P.: Enhancing the browser-side context-aware sanitization of suspicious HTML5 code for halting the DOM-based XSS vulnerabilities in cloud. Int. J. Cloud Appl. Comput. 7(1), 1–31 (2017)
Hu, C.Y., Liu, P.T.: A secure searchable public key encryption scheme with a designated tester against keyword guessing attacks and its extension. In: Lin, S., Huang, X. (eds.) CSEE 2011, pp. 131–136. Springer, Heidelberg (2011)
Huang, Q., Li, H.: An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks. Inf. Sci. 403, 1–14 (2017)
Hwang, Y.H., Lee, P.J.: Public key encryption with conjunctive keyword search and its extension to a multi-user system. In: Takagi, T., et al. (eds.) Pairing 2007, pp. 2–22. Springer, Heidelberg (2007)
Jeong, I.R., Kwon, J.O., Hong, D., Lee, D.H.: Constructing PEKS schemes secure against keyword guessing attacks is possible? Comput. Commun. 32, 394–396 (2009)
Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Sion, R., et al. (eds.) FC 2010, pp. 136–149. Springer, Heidelberg (2010)
Li, J., Chen, X., Li, M., Li, J.W., Lee, P.P.C., Lou, W.: Secure deduplication with efficient and reliable convergent key management. IEEE Trans. Parallel Distrib. Syst. 25(6), 1615–1625 (2014)
Li, J., Li, Y.K., Chen, X., Lee, P.P.C., Lou, W.: A hybrid cloud approach for secure authorized deduplication. IEEE Trans. Parallel Distrib. Syst. 26(5), 1206–1216 (2015)
Li, J., Li, J.W., Chen, X., Jia, C., Lou, W.: Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans. Comput. 64(2), 425–437 (2015)
Li, J., Zhang, Y., Chen, X., Xiang, Y.: Secure attribute-based data sharing for resource-limited users in cloud computing. Comput. Secur. 72, 1–12 (2018)
Li, J.G., Lin, X., Zhang, Y., Han, J.: KSF-OABE: outsourced attribute-based encryption with keyword search function for cloud storage. IEEE Trans. Serv. Comput. 10(5), 715–725 (2017)
Li, J.G., Yao, W., Zhang, Y., Qian, H., Han, J.: Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans. Serv. Comput. 10(5), 785–796 (2017)
Liu, Z., Weng, J., Li, J., Yang, J., Fu, C., Jia, C.: Cloud-based electronic health record system supporting fuzzy keyword search. Soft. Comput. 20, 3243–3255 (2016)
Low, C., Hsueh, C.: Criteria for the evaluation of a cloud-based hospital information system outsourcing provider. J. Med. Syst. 36(6), 3543–3553 (2012)
Lu, Y., Li, J.G.: A pairing-free certificate-based proxy re-encryption scheme for secure data sharing in public clouds. Future Gener. Comput. Syst. 62, 140–147 (2016)
Lu, Y., Wang, G., Li, J.G., Shen, J.: Efficient designated server identity-based encryption with conjunctive keywords search. Ann. Telecommun. 72, 359–370 (2017)
Lu, Y., Wang, G., Li, J.G.: On security of a secure channel free public key encryption with conjunctive field keyword search scheme. Inf. Technol. Control 47, 56–62 (2018)
Lv, Z.Q., Hong, C., Zhang, M., Feng, D.: Expressive and secure searchable encryption in the public key setting. In: Chow, S.S.M., et al. (eds.) ISC 2014, pp. 364–376. Springer, Heidelberg (2014)
Lynn, B.: PBC library: the pairing-based cryptography library. http://crypto.stanford.edu/pbc/ (2013). Accessed 1 April 2014
Mish, F.: Merriam-Webster’s collegiate dictionary, 11th edition, Merriam-Webster, Inc. http://www.m-w.com (2003). Accessed 7 January 2016
Ni, J., Yu, Y., Xia, Q., Niu, L.: Cryptanalysis of two searchable public key encryption schemes with a designated tester. J. Inf. Comput. Sci. 9, 4819–4825 (2012)
Park, D.J., Kim, K., Lee, P.J.: Public key encryption with conjunctive field keyword search. In: Lim, C.H., Yung, M. (eds.) WISA 2004, pp. 73–86. Springer, Heidelberg (2005)
Rhee, H.S., Park, J.H., Susilo,W., Lee, D.H.: Improved searchable public key encryption with designated tester. In: ASIACCS 2009, pp. 376–379. ACM, New York (2009)
Rhee, H.S., Park, J.H., Susilo, W., Lee, D.H.: Trapdoor security in a searchable public key encryption scheme against keyword guessing attacks. J. Syst. Softw. 6, 237–243 (2010)
Rhee, H.S., Park, J.H., Lee, D.H.: Generic construction of designated tester public-key encryption with keyword search. Inf. Sci. 205, 93–109 (2012)
Shao, J., Cao, Z., Liang, X., Lin, H.: Proxy re-encryption with keyword search. Inf. Sci. 180, 2576–2587 (2010)
Shao, Z., Yang, B.: On security against the server in designated tester public key encryption with keyword search. Inf. Process. Lett. 115, 957–961 (2015)
Song, D., Wagner, D., Perrig, A.: Practical techniques for searching on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, pp 44–55. IEEE (2000)
Stergiou, C., Psannis, K., Kim, B., Gupta, B.: Secure integration of IoT and cloud computing. Future Gener. Comput. Syst. (2016). https://doi.org/10.1016/j.future.2016.11.031
Susilo, W., Win, K.T.: Security and access of health research data. J. Med. Syst. 31, 103–107 (2007)
Tang, Q., Chen, L.Q.: Public key encryption with registered keyword search. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009, pp. 163–178. Springer, Heidelberg (2010)
Waters, B., Balfanz, D., Durfee, G., Smetters, D.: Building an encrypted and searchable audit log. In: 11th Annual Network and Distributed System Security Symposium (2004)
Wu, Y., Lu, X., Su, J., Chen, P.: An efficient searchable encryption against keyword guessing attacks for sharable electronic medical records in cloud-based system. J. Med. Syst. (2016). https://doi.org/10.1007/s10916-016-0609-z
Xia, Z., Wang, X., Sun, X., Wang, Q.: A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 27, 340–352 (2015)
Yau, W.C., Heng, S., Goi, B.: Off-line keyword guessing attacks on recent public key encryption with keyword search schemes. In: Rong, C., Jaatun, M.G., Sandnes, F.E., Yang, L.T., Ma, J. (eds.) ATC 2008, pp. 100–105. Springer, Heidelberg (2008)
Yau, W.C., Phan, R.C., Heng, S.H., Goi, B.M.: Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester. Int. J. Comput. Math. 90, 2581–2587 (2013)
Zhang, B., Zhang, F.: An efficient public key encryption with conjunctive-subset keywords search. J. Netw. Comput. Appl. 34, 262–267 (2011)
Acknowledgements
This work is supported by the National Natural Science Foundation of China (Grant Nos. 61772009, 61672207 and U1736112), the Fundamental Research Funds for the Central Universities (Grant Nos. 2016B10114 and 2017B17014) and the Natural Science Foundation of Jiangsu Province (Grant Nos. BK20161511 and BK20181304).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lu, Y., Li, J. Efficient searchable public key encryption against keyword guessing attacks for cloud-based EMR systems. Cluster Comput 22, 285–299 (2019). https://doi.org/10.1007/s10586-018-2855-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-018-2855-y