An Extensive Review and Possible Attack on the Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cloud Computing

摘要

Cloud computing is the universal area where the data owners will outsource their relevant data to the untrusted public cloud, which allows the data users to retrieve the data with full integrity. To provide data privacy and integrity, most of the research works were focused under single data owner for secure searching of encrypted data over the cloud. Provided, various cloud service providers in day today life do not provide service to single data owner. Instead, the cloud service provider support multiple data owners to share the various benefits provided by the cloud computing. Data users are initially authenticated to establish a secure search over the encrypted cloud data. The data users can have a secure search without having knowledge regarding the real data and the secret keys of the data owners. Wei et al [9] proposed a privacy preserving ranked multi-keyword search. In this approach, ranking based multi-keyword searching mechanism was developed. The main advantage of this work is data privacy. So the authors claim that the proposed protocol provides data privacy by preventing the hackers from eavesdropping the secret keys and impersonating like a legitimate data user while submitting the search request to the cloud. Initially, after extensive analysis performed in this research work, we have identified several issues in the protocol proposed by Wei et al scheme. First the proposed protocol is vulnerable to impersonation attack. Therefore, when the attacker submits a request, the cloud server cannot find the difference between the request submitted by the legitimate user and the attacker. We have provided a detailed analysis of this attack in this paper and a formal proof of this attack is also given to prove that this scheme is a vulnerable one. Therefore, it is essential to develop a new efficient secure ranking based multi-keyword searching mechanism which enables the data users to perform a secure data access from the untrusted pubic cloud.