Keyword Search over Shared Cloud Data without Secure Channel or Authority

摘要

Storage services play an important role in a public cloud. By outsourcing data to the remote cloud, users do not need to maintain a local storage infrastructure and can significantly lower the storage cost. To protect the privacy, documents must be encrypted before outsourcing. This raises a new challenge for the document owner: how should the encrypted documents be securely searched in a public cloud? While many mechanisms have been proposed to support secure search over the encrypted documents, most of these mechanisms require secure channels to transmit the secret information, such as the secret keys and trapdoors, and is difficult to deploy in cloud systems. Moreover, some existing mechanisms require an authority to control the access requests of users, which inevitably increases the complexity of cloud infrastructure. This paper considers a more stringent security model where an eavesdropper exists in the cloud and can eavesdrop on all transmission channels. We propose a novel mechanism that supports multi-user keyword search over the encrypted data without relying on any secure channel or authority. The eavesdropper can neither forge valid trapdoors from the intercepted information nor can it directly use the intercepted trapdoors to complete the keyword search. Security analysis shows that the proposed mechanism is secure.