WO2022025822A1 - Cloud data sharing systems and methods for sharing data using the systems - Google Patents

Cloud data sharing systems and methods for sharing data using the systems Download PDF

Info

Publication number
WO2022025822A1
WO2022025822A1 PCT/SG2021/050436 SG2021050436W WO2022025822A1 WO 2022025822 A1 WO2022025822 A1 WO 2022025822A1 SG 2021050436 W SG2021050436 W SG 2021050436W WO 2022025822 A1 WO2022025822 A1 WO 2022025822A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
module
key
cloud
service provider
Prior art date
Application number
PCT/SG2021/050436
Other languages
French (fr)
Inventor
Huijie Robert Deng
Yinghui Zhang
Original Assignee
Singapore Management University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Singapore Management University filed Critical Singapore Management University
Publication of WO2022025822A1 publication Critical patent/WO2022025822A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Abstract

The present invention provides systems and methods for sharing data through cloud infrastructure in a secure and efficient manner. The system includes at least a key generation center module, at least a data owner module, at least a cloud service provider module and at least a data consumer module. The data is firstly encrypted by the data owner module and secondly encrypted by the cloud service provider module before being stored and searched. Any registered data consumer in the system is allowed to search on all the encrypted data stored in the cloud service provider module. Authorised data consumers will be able to receive transformed ciphertext data from the cloud service provider module. Any data consumer may be revoked by deleting the corresponding user search key and/or transformation key. The systems and methods support scalable access control, efficient keyword search on encrypted data and immediate user revocation, simultaneously.

Description

CLOUD DATA SHARING SYSTEMS AND METHODS FOR SHARING DATA USING THE
SYSTEMS
FIELD OF THE INVENTION
[001] The present invention relates to data security, and in particular to a cloud data sharing system supporting encrypted data search.
BACKGROUND OF THE INVENTION
[002] As an attractive computation paradigm, cloud computing is envisioned to provide elastic and adequate computing and storage resources to users in an economical way. With the constant advances in cloud computing technologies, more and more individuals and organizations would outsource their various data to third-party public clouds for ease of sharing or for cost saving.
[003] To promote the long-term development of cloud computing, it is important to address the security issues in the cloud-based data sharing system. For data owners who upload their data to cloud storage servers for future use and sharing, it is necessary to ensure data security so that even cloud servers cannot obtain the owners’ data. To fulfil this goal, the technique of identity-based encryption1 can be adopted, which enables each data consumer to decrypt only the encrypted data associated with his/her identity.
[004] Although data owners can encrypt their data by the identity-based encryption technique and outsource the encrypted data on the cloud, such one-to-one encryption mode of identity-based encryption cannot realize scalable access control on cloud data. Practically, data owners usually wish that all authorized data consumers have access to their data. The technique of attribute-based encryption can be adopted to realize scalable access control on cloud data. Attribute-based encryption can be classified into two categories: key-policy attribute-based encryption2 and ciphertext-policy attribute-based encryption3. Compared with key-policy attribute-based encryption, ciphertext-policy attribute-based encryption is more suitable for the cloud computing environment because it puts the access policy decision right in the data owners' hands.
[005] However, if the ciphertext-policy attribute-based encryption technique is directly used in cloud data sharing, the cloud server cannot perform keyword searches on the encrypted data, which significantly limits its practical applications. To realize keyword search on the encrypted data, a public- key encryption scheme with keyword search4 was proposed, however, the scheme only allows the user with the corresponding secret key to search on encrypted data. Although various researches have been conducted on the techniques of searchable encryption to realise keyword search over encrypted data, no solution has been proposed to efficiently realise the function that any registered data consumer in the system may perform search on the encrypted data from any data owner. [006] On the other hand, with ciphertext-policy attribute-based encryption technique, although data owners can encrypt their data and outsource the encrypted data on the cloud, the decryption is inefficient as multiple bilinear pairing operations are involved. In real life cases, data consumers may try to access cloud data through resource-limited devices, which requires the decryption to be performed efficiently.
[007] Further, user revocation is also an important mechanism in cloud data sharing system. The user revocation mechanism enables the administrator of the system to revoke some data consumers such that they cannot access or search on the encrypted data anymore. Existing approaches suitable for cloud data sharing incorporate a time interval in every attribute, and issue a new key to every non- revoked data consumers such that revoked data consumers cannot decrypt ciphertext in the new time interval; however, the storage system needs to update all past ciphertext with the new time interval, which is a time-consuming process especially when there is a large amount of ciphertext. Due to the requirements of issuing new keys and updating ciphertext, this kind of user revocation techniques are inefficient and not real-time. Efficient user revocation, preferably an immediate user revocation, would be needed.
[008] Therefore, it is one purpose of the present invention to provide a system that enables any data owner to share data with authorised data consumers through a cloud infrastructure, and in the meantime preventing the cloud service provider from accessing the data.
[009] It is another purpose of the present invention to provide a system that enables the data consumers to perform keyword search over encrypted data to obtain target ciphertext data.
[010] It is another purpose of the present invention to provide a system that supports efficient revocation of data consumers, preferably an immediate revocation of data consumers.
[011] It is another purpose of the present invention to provide a system whereby the cloud service provider module is able to partially decrypt the encrypted data to alleviate the computation burden of data consumers’ devices.
[012] It is another purpose of the present invention to provide a system which addresses the above issues including scalable access control, keyword search on encrypted data, and efficient user revocation, simultaneously.
SUMMARY OF THE INVENTION
[013] According to one aspect of the present invention, it provides a cloud data sharing system, including at least one key generation center module, at least one data owner module, at least one cloud service provider module, and at least one data consumer module, wherein the at least one key generation center module is configured to- generate a system public parameter and a master secret key, and distribute the system public parameter to the at least one data owner module, the at least one cloud service provider module, and the at least one data consumer module; generate and distribute an owner query key to each of the at least one data owner module, and an owner search key associated to the owner query key to the cloud service provider module, based on the system public parameter and the master secret key; generate and distribute a user query key to each of the at least one data consumer module, and a user search key associated to the user query key to the cloud service provider module, based on the system public parameter and the master secret key; generate and distribute a decryption key to each of the at least one data consumer module, and a transformation key associated to the decryption key to the cloud service provider module, based on the system public parameter, the master secret key and attribute set of the corresponding data consumer; and generate and distribute revocation information to the at least one cloud service provider module; the at least one data owner module is configured to- generate user-side encrypted data for a data, based on at least one access policy, at least one keyword of the data, the owner query key and the system public parameter received from the at least one key generation center module; and upload user-side encrypted data to the at least one cloud service provider module; the at least one cloud service provider module is configured to- generate cloud-side encrypted data, based on the user-side encrypted data received from a data owner module, the system public parameter and the corresponding owner search key received from the at least one key generation center module; store the cloud-side encrypted data; perform search on the cloud-side encrypted data, based on at least one search request received from a data consumer module and the corresponding user search key received from the at least one key generation module, and retrieve target cloud-side encrypted data found in the search; transform the target cloud-side encrypted data to transformed ciphertext data, based on the corresponding transformation key received from the at least one key generation center module; provide the transformed ciphertext data to the corresponding data consumer module; and revoke one or more data consumers based on the revocation information received from the key generation center module; and the at least one data consumer module is configured to- generate a search token for a specified keyword, based on the system public parameter and the user query key received from the at least one key generation center module; provide at least one search request including at least one search token to the at least one cloud service provider module; and decrypt the transformed ciphertext data received from the cloud service provider module, based on the system public parameter and the decryption key received from the key generation center module.
[014] According to another aspect of the present invention, it provides a method for sharing data using a cloud data sharing system, including at least five processes: initialization process, registration process, data outsourcing process, data access process and revocation process, wherein the initialization process includes- generating and providing a system public parameter, by at least one key generation center module, to at least one data owner module, at least one cloud service provider module and at least one data consumer module; and generating a master secret key by the at least one key generation center module, and keeping the master secret key confidential in the at least one key generation center module; the registration process includes- generating and providing at least one owner query key, by the at least one key generation center module, to each of the at least one data owner module, based on the system public parameter and the master secret key; generating and providing one owner search key associated to each owner query key, by the at least one key generation center module, to the at least one cloud service provider module, based on the system public parameter and the master secret key; generating and providing at least one user query key, by the at least one key generation center module, to each of the at least one data consumer module, based on the system public parameter and the master secret key; generating and providing one user search key associated to each user query key, by the at least one key generation center module, to the at least one cloud service provider module, based on the system public parameter and the master secret key; generating and providing at least one decryption key, by the key generation center module, to each of the at least one data consumer module, based on the system public parameter, the master secret key and corresponding data consumer’s attribute set; and generating and providing one transformation key associated to each decryption key, by the key generation center module, to the at least one cloud service provider module, based on the system public parameter, the master secret key and corresponding data consumer’s attribute set; the data outsourcing process includes- generating and providing user-side encrypted data, by the at least one data owner module, to the at least one cloud service provider module, based on at least one access policy, at least one keyword of the data to be encrypted, the system public parameter and the at least one owner query key received from the at least one key generation center module; and generating and storing cloud-side encrypted data, by the at least one cloud service provider module, based on the user-side encrypted data received from the at least one data owner module, the system public parameter, and the owner search key associated to each of the at least one owner query key received from the at least one key generation center module; the data access process includes- generating and providing at least one search request including at least one search token, by the at least one data consumer module, to the at least one cloud service provider module, based on the system public parameter and the at least one user query key received from the at least one key generation center module; performing search on the cloud-side encrypted data, by the at least one cloud service provider module, based on at least one search request received from a data consumer module and the corresponding user search key received from the at least one key generation module, and retrieving target cloud-side encrypted data found in the search; transforming the target cloud-side encrypted data to transformed ciphertext data, by the at least one cloud service provider module, based on the transformation key and providing the transformed ciphertext data to the corresponding data consumer module; and decrypting the transformed ciphertext data, by the corresponding data consumer module, based on the decryption key received from the at least one key generation center module; and the revocation process includes- providing revocation information, by the at least one key generation center module, to the at least one cloud service provider module; and revoking at least one relevant data consumer, by the cloud service provider module, based on the revocation information received from the at least one key generation center module.
[015] According to another aspect of the present invention, the at least one cloud service provider module revokes one or more data consumers by deleting the corresponding user search key/s and/or transformation key/s.
[016] According to another aspect of the present invention, the user-side encrypted data contains ciphertext data and index generation requests.
[017] According to another aspect of the present invention, the at least one cloud service provider module is further configured to generate at least one ciphertext index, based on the index generation requests received from the at least one data owner module, the system public parameter and the corresponding owner search key received from the at least one key generation center module; and wherein the cloud-side encrypted data contains ciphertext index and ciphertext data.
[018] According to another aspect of the present invention, the at least one cloud service provider module transforms the ciphertext data of the target cloud-side encrypted data to transformed ciphertext data only if attribute set associated with the transformation key matches access policy of the ciphertext data of the target cloud-side encrypted data. [019] According to another aspect of the present invention, the at least one key generation center module includes at least one initialization component, at least one registration component, and at least one revocation component.
[020] According to another aspect of the present invention, the at least one data owner module includes at least one local storage component and at least one data outsourcing component.
[021] According to another aspect of the present invention, the at least one data outsourcing component includes at least one encryption component and at least one index generation component.
[022] According to another aspect of the present invention, the at least one cloud service provider module includes at least one cloud storage component, at least one search component, and at least one transformation component.
[023] According to another aspect of the present invention, the at least one data consumer module includes at least one local storage component and at least one data access component.
[024] According to another aspect of the present invention, the at least one data access component includes at least one search token component and at least one decryption component.
BRIEF DESCRIPTION OF THE DRAWINGS
[025] FIG. 1 depicts the structure of a cloud data sharing system according to one embodiment of the present invention.
[026] FIG. 2 depicts the structure of a key generation center module in a cloud data sharing system according to one embodiment of the present invention.
[027] FIG. 3 depicts the structure of a data owner module in a cloud data sharing system according to one embodiment of the present invention.
[028] FIG. 4 depicts the structure of a cloud service provider module in a cloud data sharing system according to one embodiment of the present invention.
[029] FIG. 5 depicts the structure of a data consumer module in a cloud data sharing system according to one embodiment of the present invention.
[030] FIG. 6 depicts an initialization process of a method for sharing data using a cloud data sharing system according to one embodiment of the present invention. [031] FIG. 7 depicts a registration process of a method for sharing data using a cloud data sharing system according to one embodiment of the present invention.
[032] FIG. 8 depicts a data outsourcing process of a method for sharing data using a cloud data sharing system according to one embodiment of the present invention.
[033] FIG. 9 depicts a data access process of a method for sharing data using a cloud data sharing system according to one embodiment of the present invention.
[034] FIG. 10 depicts a revocation process of a method for sharing data using a secure cloud data sharing system according to one embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[035] While the concepts of the present disclosure are susceptible to various modifications and alternative forms, specific embodiments will herein be described in detail. It should be understood, however, that there is no intent to limit the concepts of the present disclosure to the particular forms disclosed or terms used, but on the contrary, the intention is to cover all modifications, equivalents and alternatives consistent with the present disclosure and the appended claims.
[036] In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, that the present invention may be practised without these specific details. Well-known methods, procedures, materials and conditions have not been described in detail so as not to unnecessarily obscure aspects of the implementations.
[037] It will be appreciated that the inclusion of a schematic element in a drawing is not meant to imply that such element is required in all embodiments or that the features represented by such element may not be included in or combined with other elements in some embodiments.
[038] Several features are described hereafter, each of which may be used independently of one another or with any combination of other features. However, any individual feature may not address any of the problems discussed above or might only address one of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein. Although headings are provided, information related to a particular heading, but not found in the section having that heading, may also be found elsewhere in the specification. [039] In this specification:
(1) the terms “contain” and “include” and derivatives of these terms are not to be construed as being restricted or confined to the ensuing matters enumerated but as potentially encompassing other matters not so enumerated;
(2) words in the singular shall be construed to include the plural and vice versa, unless the context requires or indicates otherwise;
(3) unless defined otherwise, all technical and scientific terms used herein have the same meanings as commonly understood by those skilled in the art to which the present invention belongs.
[040] The cloud data sharing system includes at least one key generation center module, at least one data owner module, at least one cloud service provider module and at least one data consumer module.
[041] A key generation center module is configured to be able to generate information for different purposes and different modules in the system. For example, the key generation center module is able to generate system public parameters, master secret keys, owner query keys, user query keys, owner search keys, user search keys, decryption keys, transformation keys and revocation information for use by different parties or modules.
[042] A data owner is a party who intends to store its data in cloud and share the data with one or more authorised parties through cloud. A data owner has a data owner module configured to be able to specify the access policy in terms of user attributes of data consumers, encrypt the data into user- side encrypted data, and upload the user-side encrypted data to cloud. The data owner module is also configured to be able to generate other information, such as one or more index generation requests.
[043] The data to be encrypted, stored and shared can be any kind of commercial or non-commercial information or document, such as personal medical data, emails, account information, software, etc.
[044] A cloud service provider module is configured to be able to receive user-side encrypted data from the at least one data owner module, encrypt the received user-side encrypted data into cloud-side encrypted data, store the cloud-side encrypted data, perform searches on the cloud-side encrypted data upon search request from any data consumer module, transform the cloud-side encrypted data into transformed ciphertext data and provide the transformed ciphertext data to the authorised data consumer module.
[045] A data consumer is a party or user who wishes to access the data which is encrypted and stored in cloud, under commercial or non-commercial terms subject to the data owner. A party or user may have its information registered in the system to become a registered data consumer in the system. Each data consumer has a set of user attributes. Each data consumer has a data consumer module configured be able to provide search request to the cloud service provider module to perform searches on the cloud-side encrypted data in the cloud service provider module. A registered data consumer may be authorised to access certain data in the system. An authorised data consumer will be provided transformed ciphertext data and the transformed ciphertext data will be decrypted in the data consumer module.
[046] Through the cloud data sharing system, any data owner is able to share its data to any authorised data consumer without compromising confidentiality of the data, such as leaking information to the cloud service provider or any other unauthorised consumer. Through the cloud data sharing system, any registered data consumer in the system may request for searches on the encrypted data stored in cloud to look for target encrypted data, and only the authorised consumer will be able to access the data. The system will be further discussed in detail below.
[047] FIG.1 depicts a cloud data sharing system according to one embodiment of the present invention. The cloud data sharing system includes a key generation center module 10, one or more data owner modules 20, a cloud service provider module 30 and one or more data consumer modules 40.
[048] FIG. 2 depicts a key generation center module 10 according to one embodiment of the present invention, which includes at least an initialization component 101, at least a registration component 102, and at least a revocation component 103. The key generation center module 10 is configured to generate a system public parameter and a master secret key. Based on the system public parameter and the master secret key, the key generation center module 10 is configured to generate and distribute at least one owner query key to each of the data owner modules 20 and at least one user query key to each of the data consumer modules 40, and to generate and distribute an owner search key associated to each of the owner query key and a user search key associated to each of the user query key to the cloud service provider module 30. Preferably, each data owner module has one unique owner query key and each data consumer module has one unique user query key. Based on the system public parameter, the master secret key and the attribute set of each of the data consumers, the key generation center module 10 generates a unique decryption key for each of the data consumers and provides the decryption key to the corresponding data consumer module 40, generates a transformation key associated to each of the decryption key and provides the transformation key to the cloud service provider module 30. In the condition where there is a need to revoke one or more data consumers, the key generation center module 10 provides revocation information which specifies identities of the one or more data consumers to be revoked to the cloud service provider module 30. The cloud service provider module 30 revokes the one or more data consumers by deleting the involved user search key/s and/or transformation key/s based on the received revocation information, which enables immediate user revocation. [049] FIG. 3 depicts a data owner module 20 according to one embodiment of the present invention, which includes at least a local storage component 201 and at least a data outsourcing component 202. The data outsourcing component includes at least an encryption component 2021 and an index generation component 2022. A data owner module 20 is configured to specify the access policy in terms of user attributes of data consumers, and encrypt the data into corresponding ciphertext data. Based on the system public parameter, the data owner module generates index generation requests based on keywords of the data, its owner query key and the system public parameter, and uploads user-side encrypted data containing ciphertext data and index generation requests to the cloud service provider module 30.
[050] FIG. 4 depicts a cloud service provider module 30 according to one embodiment of the present invention, which includes at least a cloud storage component 301, at least a search component 302, and at least a transformation component 303. After receiving index generation requests from a data owner module 20, based on system public parameter and corresponding owner search key received from the key generation center module 10, the cloud service provider module 30 generates ciphertext index. The cloud service provider module 30 further generates and stores cloud-side encrypted data which contains the ciphertext data received from the data owner module 20 and the ciphertext index. The cloud service provider module 30 is configured to perform search on all the cloud-side encrypted data based on search request containing search token received from a data consumer module 40 and the corresponding user search key received from the key generation center module 10. If the search performed by the cloud service provider module 30 has a positive result and hits the target cloud-side encrypted data, the cloud service provider module 30 transforms the target ciphertext data in the target cloud-side encrypted data based on the transformation key received from the key generation center 10 and provides the transformed ciphertext data to the data consumer module 40. The target ciphertext data can be successfully transformed if the attribute set associated with the transformation key matches the access policy of the target ciphertext data. Further, the cloud service provider module 30 is configured to revoke involved data consumers based on the revocation information received from the key generation center module 10.
[051] FIG. 5 depicts a data consumer module 40 according to one embodiment of the present invention, which includes at least a local storage component 401 and at least a data access component 402. A data access component 402 includes at least a search token component 4021 and at least a decryption component 4022. Each data consumer module 40 is configured to generate a corresponding search token for a keyword specified by the data consumer, based on the system public parameter and the data consumer’s user query key received from the key generation center module 10. After the search token is generated, the data consumer module 40 provides the search request containing one or more search tokens to the cloud service provider module 30 to perform search on the cloud-side encrypted data. Further, the data consumer module 40 is configured to decrypt the transformed ciphertext data received from the cloud service provider module 30 to obtain the corresponding data for use, based on the system public parameter and the decryption key received from the key generation center module 10.
[052] According to one aspect of the present invention, it is provided a data sharing method using the cloud data sharing system, which includes at least five processes: initialization process, registration process, data outsourcing process, data access process, and revocation process. For demonstrating purposes, reference is made to the cloud data sharing system depicted in FIG. 1, in the initialization process, the key generation module 10 generates and provides initiation information to each of the data owner modules 20, the cloud service provider module 30 and each of the data consumer module 40 to initiate each of the modules. In the registration process, the key generation center module 10 generates and provides information to the each of the data owner modules 20, the cloud service provider module 30 and each of the data consumer module 40, to enable each of the modules to take necessary actions respectively for the share of data. In the outsourcing process, each of the data owner modules 20 encrypts its data and upload the user-side encrypted data for the cloud service provider module 30 to further encrypt to cloud-side encrypted data, based on the initiation information and registration information. In the data access process, each of the data consumer module 40 generates one or more search requests containing one or more search tokens for the cloud service provider module 30 to perform search on the cloud-side encrypted data, and the cloud service provider module 30 transforms the target cloud-side encrypted data found in the search to transformed ciphertext data for the authorised data consumer module 40 to decrypt and use. In the revocation process, the cloud service provider module 30 receives revocation information containing identities of one or more data consumers, and delete the involved user search key/s and/or transformation key/s. The method will be further discussed in detail below.
[053] FIG. 6 depicts the initialization process being performed by initialization component 101 of the key generation center module 10 according to one embodiment of the present invention. The initialization component 101 performs the initialization process to specify a security parameter and generate a system public parameter, and provides the system public parameter to the local storage component 201 of the data owner module 20, the search component 302 and the transformation component 303 of the cloud service provider 30 and the local storage component 401 of the data consumer module 40. Based on the security parameter, the initialization component 101 of the key generation center module 10 also generates a master secret key which is kept confidential in the key generation center module 10.
[054] FIG. 7 depicts the registration process being performed by registration component 102 of the key generation center module 10 according to one embodiment of the present invention. The registration component 102 performs the registration process to generate and distribute an owner query key to the index generation component 2022 of the data outsourcing component 202 of the data owner module 20 and the associated owner search key to the search component 302 of the cloud service provider 30 through secure channels, based on the system public parameter and the master secret key from the initialization component 101. A secure channel is a way of transferring data that is resistant to overhearing and tampering.
[055] Separately, the registration component 102 performs the registration process to generate and distribute a user query key to the search token component 4021 of the data access component 402 of the data consumer module 40 and the associated user search key to the search component 302 of the cloud service provider module 30 through secure channels based on the system public parameter and the master secret key from the initialization component 101.
[056] Separately, the registration component 102 of the key generation center module 10 performs the registration process to generate a decryption key for the decryption component 4022 of the data access component 402 of the data consumer module 40 and the associated transformation key for the transformation component 303 of the cloud service provider module 30 through secure channels based on the system public parameter and the master secret key from the initialization component 101 and the attribute set from the data consumer module 40.
[057] FIG. 8 depicts the data outsourcing process which includes data uploading process and data storage process respectively performed by the data owner module 20 and the cloud service provider module 30, according to one embodiment of the present invention.
[058] In the data uploading process, the data owner module 20 generates and uploads user-side encrypted data to the cloud service provider module 30, which contains ciphertext data and corresponding index generation requests. Specifically, the encryption component 2021 of the data outsourcing component 202 of the data owner module 20 retrieves the data and the system public parameter from the local storage component 201 of the data owner module 20, specifies an access policy in terms of user attributes of data consumers, generates the corresponding ciphertext data based on the system public parameter, and provide the ciphertext data to the search component 302 of the cloud service provider module 30. Further, the index generation component 2022 of the data outsourcing component 202 of the data owner module 20 retrieves the data and the system public parameter from the local storage component 201 of the data owner module 20, specifies the corresponding keywords, generates index generation requests for the keywords and provide the index generation requests to the search component 302 of the cloud service provider module 30.
[059] In the data storage process, the search component 302 of the cloud service provider module 30 receives the ciphertext data from the encryption component 2021 of the data outsourcing component 202 of the data owner module 20 and the corresponding index generation requests from the index generation component 2022 of the data outsourcing component 202 of the data owner module 20, computes ciphertext indexes based on the system public parameter and the owner search key associated to the owner query key of the data owner module 20, and stores cloud-side encrypted data on the cloud storage component 301 which contains the received ciphertext data and the ciphertext indexes.
[060] FIG. 9 depicts the data access process which includes query process, search process, transformation process, and decryption process, performed by the data consumer module 40 and the cloud service provider module 30, according to one embodiment of the present invention.
[061] In the query process, the search token component 4021 of the data access component 402 of the data consumer module 40 specifies one or more keywords and generates corresponding search tokens based on the system public parameter and the consumer’s user query key, sends one or more search requests containing one or more search tokens to the search component 302 of the cloud service provider module 30.
[062] In the search process, the search component 302 of the cloud service provider module 30 receives one or more search requests from the search token component 4021 of the data access component 402 of the data consumer module 40, searches all the cloud-side encrypted data on the cloud storage component 301 to obtain the target cloud-side encrypted data based on one or more search tokens in the one or more search requests and the corresponding user search key, provides the target cloud-side encrypted data to the transformation component 303 of the cloud service provider module 30.
[063] In the transformation process, the transformation component 303 of the cloud service provider module 30 transforms the ciphertext data in the target cloud-side encrypted data, based on the transformation key and the system public parameter, to obtain the corresponding transformed ciphertext data, provides the transformed ciphertext data to the decryption component 4022 of the data access component 402 of the authorised data consumer module 40.
[064] In the decryption process, the decryption component 4022 of the data access component 402 of the data consumer module 40 decrypts the received transformed ciphertext data, based on the system public parameter and the consumer’s decryption key, to get the corresponding data, which is then stored on the corresponding local storage component 401.
[065] FIG. 10 depicts the revocation process which is performed by the key generation center module 10 and the cloud service provider module 30, according to one embodiment of the present invention. In the revocation process, the revocation component 103 of the key generation center module 10 provides revocation information which specifies identity information of one or more data consumers to be revoked, to the search component 302 and the transformation component 303 of the cloud service provider module 30. The search component 302 of the cloud service provider module 30 deletes the involved user search key/s based on the received revocation information. The transformation component 303 of the cloud service provider module 30 deletes the involved transformation keys based on the received revocation information. The person skilled in the art would appreciate that a data consumer will no longer be able to access the data as long as one of the user search key and transformation key is deleted.
[066] For illustrating purpose, three examples of algorithms are further discussed below.
Example I
Initialization process
[067] The initialization component of the key generation center module chooses a bilinear mapping and a secure symmetric encryption scheme SE = (K,SE.Enc,SE.Dec) where K ,
Figure imgf000016_0001
SE.Enc and SE.Dec respectively represent the secret key space, the symmetric encryption algorithm and the symmetric decryption algorithm. Then, it randomly chooses
Figure imgf000016_0003
, where g1 and g2 are respectively a generator of groups Gt and G2 of order p, and cryptographic hash functions
Figure imgf000016_0002
[068] Next, the initialization component of the key generation center sets
Figure imgf000016_0004
as the public parameter and MSK - {b,c,I i3} as the master secret key, where
Figure imgf000016_0005
Figure imgf000016_0006
[069] At last, the initialization component of the key generation center module secretly keeps MSK and provides PP to the local storage components of data owners, the local storage components of data consumer modules and the search component and the transformation component of the cloud service provider.
Registration process
[070] For the registration of a data owner, the registration component of the key generation center module takes as inputs the system public parameter PP and the master secret key MSK, randomly chooses
Figure imgf000016_0007
, sets the data owner’s owner query key as qkD0 xD0 and the corresponding owner search key as
Figure imgf000016_0008
Then, the registration component of the key generation center chooses a data owner identity
Figure imgf000016_0009
* and provides {uB0,qkB0} and { uD0,shkD0 } to the index generation component of the data outsourcing component of the data owner module and the search component of the cloud service provider module through secure channels, respectively.
[071 ] For the registration of a data consumer, the registration component of the key generation center module takes as inputs the system public parameter PP and the master secret key MSK, randomly chooses
Figure imgf000017_0001
sets the data consumer’s user query key as qkDC = xDC and the corresponding user search key as Then, the registration component of the key generation center module
Figure imgf000017_0002
chooses a data consumer identity
Figure imgf000017_0003
* and provides { uDC , qkDC } and { uDC , shkDC } to the search token component of the data access component of the data consumer module and the search component of the cloud service provider module through secure channels, respectively. In addition, the registration component of the key generation center module takes as inputs the system public parameter PP and the master secret key MSK, and the data consumer’s attribute set S, which is from the data consumer module, randomly chooses and sets the decryption key dkDC of the
Figure imgf000017_0012
data consumer and the corresponding transformation key tkDC as
Figure imgf000017_0005
where
Figure imgf000017_0004
[072] Finally, the registration component of the key generation center module provides dkDC and to the decryption component of the data access component of the data consumer module
Figure imgf000017_0011
and the transformation component of the cloud service provider module, respectively.
Data outsourcing process
[073] The data outsourcing process includes data uploading process and data storage process, which are separately discussed below.
[074] Data uploading: When a data owner with identity uD0 intends to outsource his/her data Data with a set of keywords KWS, the encryption component of the data outsourcing component of the data owner module does the following:
[075] The encryption component of the data outsourcing component of the data owner module specifies an access policy T which is a tree. Each node of the tree has a unique index i and the index of the root node is denoted as
Figure imgf000017_0009
. The parent node of node i is dentoed as parent(i ). Each leaf node has a threshold value 1 and it is associated with an attribute. Each non-leaf node i is a threshold node with a corresponding natural number pair , where nnM represents the number of child nodes
Figure imgf000017_0010
of the non-leaf node i and is the threshold value. Especially, the non-leaf node becomes an
Figure imgf000017_0008
“AND” node if and an “OR” node if . In the subsequent procedures, a polynomial of
Figure imgf000017_0007
Figure imgf000017_0014
degree will be chosen for each node.
Figure imgf000017_0015
[076] The encryption component of the data outsourcing component of the data owner module takes as inputs the system public parameter PP, the access policy T, randomly chooses and
Figure imgf000017_0013
computes
Figure imgf000017_0006
Then it chooses a polynomial qt(x) of degree for every node i of T, where
Figure imgf000018_0001
p m with the coefficients being randomly chosen. Note that 1 if node i is a non
Figure imgf000018_0002
Figure imgf000018_0003
leaf node and dt = 0 if node i is a leaf node. Suppose Y is the set of leaf node indexes of T and the function attr(y ) is to get the attribute of the node
Figure imgf000018_0008
Then, it sets CTABE =
Figure imgf000018_0004
[077] The encryption component of the data outsourcing component of the data owner module takes as inputs the system public parameter PP, the symmetric encryption key kSE and the data Data, and generates a symmetric ciphertext
Figure imgf000018_0006
[078] For each keyword
Figure imgf000018_0007
the index generation component of the data outsourcing component of the data owner module takes as inputs the system public parameter PP, the owner query key qkD0 = xD0, and kwu computes S which is used
Figure imgf000018_0005
as the index generation request.
[079] The data owner module sets the user-side encrypted data as
Figure imgf000018_0009
where and provides CTD0 to the cloud service provider module. Specifically, the
Figure imgf000018_0010
encryption component of the data outsourcing component of the data owner module provides CTData to the search component of the cloud service provider module, and the index generation component of the data outsourcing component of the data owner module provides {uD0, CT^s) to the search component of the cloud service provider module.
[080] Data storage: Upon receiving the user-side encrypted data the
Figure imgf000018_0012
search component of the cloud service provider module retrieves the owner search key shkD0 associated with uD0, takes as inputs the system public parameter PP, the owner search key shkD0, and CTRWS· and does the following:
For each CTkw. in CTKWS, it randomly chooses yt e Zp, and computes
Figure imgf000018_0011
where SE.Enc also can be replaced by a hash function to get an alternative embodiment. Then, it sets The search component of the cloud service provider module
Figure imgf000019_0001
provides [CTDatai Igws) to the cloud storage component of the cloud service provider.
[081] The cloud storage component of the cloud service provider module sets the cloud-side encrypted data as at first. Upon receiving . it sets
Figure imgf000019_0002
Figure imgf000019_0003
Figure imgf000019_0004
Figure imgf000019_0005
Data access process
[082] The data access process includes query process, search process, transformation process, and decryption process, which are separately discussed below.
[083] Query: When a data consumer with identity uDC intends to get the data with a keyword kw, the search token component of the data access component of the data consumer module takes as inputs the system public parameter PP, the user query key and kw, computes the corresponding search token and provides to the search component of the cloud
Figure imgf000019_0006
Figure imgf000019_0007
service provider module.
[084] Search: Upon receiving
Figure imgf000019_0009
the search component of the cloud service provider module takes as inputs the system public parameter PP, and the user search key shkDC associated with uDC, and sets the target ciphertext data
Figure imgf000019_0010
at first. Then, it does the following:
The search component of the cloud service provider computes
Figure imgf000019_0008
For each item from the cloud storage component of the cloud service
Figure imgf000019_0011
provider module, and for each Ikw. e IKWS, it parses Ikw. = {yt,Cy computes
Figure imgf000019_0012
and sets
Figure imgf000019_0013
[085] Finally, the search component of the cloud service provider module provides
Figure imgf000019_0014
to the transformation component of the cloud service provider module.
[086] Transformation: The transformation component of the cloud service provider module sets the transformed ciphertext data as TranCTData = 0 . If and only if TarCTData ¹ f , for each CTData e TorCTData , it takes as inputs the system public parameter PP , CTData = {CTABE, CTSE } , the transformation key associated with the data consumer uDC , and parses
Figure imgf000019_0016
If and only if S satisfies T, for each node i in the access policy T, it
Figure imgf000019_0015
does the following:
1) If node i is a leaf node, then let t = attr(i), and does the following: a) If t e S, where S is the data consumer’s attribute set and it is given in tkDC, computes
Figure imgf000020_0016
b) If
Figure imgf000020_0017
it sets
Figure imgf000020_0018
2) If i is a non-leaf node, then does the following: a) For each child node j of i, it sets
Figure imgf000020_0001
if
Figure imgf000020_0002
it sets
Figure imgf000020_0003
Otherwise, it computes
Figure imgf000020_0004
b) It sets
Figure imgf000020_0005
where j is child node of i. c) If the size of St is less than dt + 1, then it returns
Figure imgf000020_0006
. Otherwise, suppose St has dt + 1 elements and compute
Figure imgf000020_0007
where Forthe root node
Figure imgf000020_0009
Let
Figure imgf000020_0008
and if and only if it computes
Figure imgf000020_0010
Figure imgf000020_0011
Figure imgf000020_0012
and sets
Figure imgf000020_0013
[087] Finally, the transformation component of the cloud service provider module provides
TranCTData to the decryption component of the data access component of the data consumer module.
[088] Decryption: Upon receiving TranCTData , the decryption component of the data access component of the data consumer module does the following:
If TranCTData - 0 , it knows no suitable data exist in the cloud service provider. Otherwise, TranCTData ¹ 0 , it takes as inputs the system public parameter PP , its decryption key dkDC and TranCTData, and does the following:
For each tuple
Figure imgf000020_0014
it computes
Figure imgf000020_0015
[089] Then, it checks if . If no, it fails to decrypt. Otherwise, it computes the
Figure imgf000021_0001
symmetric key kSE = Kk(md) and recovers the data Data = SE. Dec(kSE, CTSE ). Finally, the decryption component of the data access component of the data consumer module puts all the recovered data into the local storage component of the data consumer module.
Revocation process
[090] To revoke a data consumer uDC from the system, the revocation component of the key generation center module provides uDC as the revocation request to the cloud service provider module. Then, the search component of the cloud service provider deletes the data consumer's user search key shkDC , and/or the transformation component of the cloud service provider module deletes the consumer’s transformation key tkDC.
Performance analysis
[091] Computation cost of the key generation center module: In the process of initialization, the key generation center module needs to perform a bilinear pairing operation and two
Figure imgf000021_0003
exponentiation operations In the process of registration, the key generation center
Figure imgf000021_0002
module needs to perform one exponentiation operation to generate a search key. For example, shkDC = is computed for a user search key associated with the data consumer uDC. In addition, to generate
Figure imgf000021_0009
a transformation key where
Figure imgf000021_0004
Figure imgf000021_0005
2n + 2 exponentiation operations are required where n is the size of the data consumer’s attribute set.
[092] Computation cost of the data owner module: In the process of data uploading, the data
Figure imgf000021_0006
[093] Accordingly,
Figure imgf000021_0007
exponentiation operations are required where
Figure imgf000021_0008
is the number of leaf nodes in the access policy tree G , and nkv/ is the number of keywords in the corresponding data. [094] Computation cost of the cloud service provider module: In the process of data outsourcing, for each , the cloud service provider module needs to compute the cloud-side encrypted
Figure imgf000022_0002
data by computing
Figure imgf000022_0001
^
Therefore, nkw bilinear pairing operations are required for the data storage where nkw represents the number of keywords in the data.
[095] In the process of data access, the cloud service provider module is involved in search and transformation. In the search process, it needs to compute a bilinear pairing operation, i.e.,
Figure imgf000022_0003
Figure imgf000022_0004
Furthermore, for each item
Figure imgf000022_0005
and each
Figure imgf000022_0006
it performs the matching based on a symmetric encryption (or hashing). Therefore, Nlndex symmetric encryption (or hashing) operations are required for each search where Nlndex represents the total number of ciphertext indexes in the cloud. In the transformation process, it needs to compute Ft = for each leaf node i in T with attr(i ) being an attribute of the data consumer. Accordingly,
Figure imgf000022_0007
2riieaf bilinear pairing operations are required for a ciphertext transformation where nleaf is the number of leaf nodes in the access policy tree T.
[096] Computation cost of the data consumer module: In the process of data access, the data consumer module first generates a search token ToKkw = W-iQiw)XDC , and hence only one exponentiation operation is required. In addition, the data consumer module needs to perform decryption by computing
Figure imgf000022_0008
and checking if
Figure imgf000022_0009
. Therefore, three exponentiation operations are required for decryption.
Security analysis
[097] Data confidentiality: In the process of data outsourcing, the data owner module first chooses a symmetric key to encrypt the data, and then encrypts the symmetric key based an access policy. As for the encryption of the symmetric key, the data owner module chooses a polynomial qt(x) of degree di for every node i of T, and the polynomial associated with the root node is qiroot(x) . The value of s = qiroot(.0) is used in the data encryption by computing
Figure imgf000022_0010
· In this case, only the data consumer whose attribute set satisfies the access policy tree of the ciphertext data can succeed in decryption. In other words, only authorized data consumers are able to decrypt the ciphertext data.
[098] Keyword privacy: In the data uploading process of the data outsourcing process, the data owner module generates index generation requests. For each kwt e KWS, the data owner module computes as the corresponding index generation request. Because xD0 is only
Figure imgf000023_0001
known by the data owner, under the hardness assumption of the discrete logarithm problem and the collision-resistance of hash functions, the privacy of the keyword fcw; is preserved. In the process of data access, the data consumer module provides the search token to the cloud
Figure imgf000023_0002
service provider module. Similarly, the privacy of kw is preserved.
[099] Correctness of keyword search: According to the system design, for a keyword kwu the corresponding index is , where
Figure imgf000023_0003
Figure imgf000023_0004
In the process of search, the cloud service provider
Figure imgf000023_0005
module can compute
Figure imgf000023_0006
Obviously, if and only if , then
Figure imgf000023_0007
which is completely determined by the keyword and the master secret
Figure imgf000023_0012
key of the key generation center. Therefore, the correctness of keyword search is ensured. Those skilled in the art would appreciate that any registered data consumer in the system is able to search over encrypted data provided by any data owner.
[100] User revocation: In the system of the present invention, the cloud service provider module performs searches over encrypted data based on the user search key corresponding to the data consumer. Furthermore, in the process of transformation, the cloud service provider module performs the ciphertext transformation based on the transformation key corresponding to the data consumer. Accordingly, either the user search key or the transformation key corresponding to the data consumer is deleted, the data consumer is revoked from the system. Therefore, the user revocation is enabled in the present invention, and can be realised in an immediate effect.
Example II
[101] In practical applications, the cloud service provider module usually provides services to a large number of users. This example II aims to further improve the efficiency of data access process, especially the efficiency of transformation at the cloud service provider module.
Initialization process
[102] The initialization component of the key generation center module chooses a bilinear mapping
Figure imgf000023_0011
and a secure symmetric encryption scheme
Figure imgf000023_0009
) where K , SE.Enc and SE.Dec respectively represent the secret key space, the symmetric encryption algorithm and the symmetric decryption algorithm. Then, it randomly chooses
Figure imgf000023_0010
where g1 and g2are respectively a generator of groups G1 and G2 of order p, and cryptographic hash functions
Figure imgf000023_0008
[103] Next, the initialization component of the key generation center module sets
Figure imgf000024_0001
as the public parameter and
Figure imgf000024_0002
as the master secret key, where
Figure imgf000024_0003
Figure imgf000024_0004
[104] At last, the initialization component of the key generation center module secretly keeps MSK and provides PP to the local storage components of data owner modules, the local storage components of data consumer modules and the search component and the transformation component of the cloud service provider module.
Registration process
[105] For the registration of a data owner, the registration component of the key generation center module takes as inputs the system public parameter PP and the master secret key MSK, randomly chooses , sets the data owner’s owner query key as qkD0 = xD0 and the corresponding owner search k
Figure imgf000024_0012
ey as . Then, the registration component of the key generation center module chooses an identity
Figure imgf000024_0013
and provides {uD0,qkD0} and { uD0,shkD0 } to the index generation component of the data outsourcing component of the data owner module and the search component of the cloud service provider module through secure channels, respectively.
[106] For the registration of a data consumer, the registration component of the key generation center module takes as inputs the system public parameter PP and the master secret key MSK, randomly chooses , sets the data consumer’s user query key as qkDC = xDC and the corresponding user search k
Figure imgf000024_0011
ey as . Then, the registration component of the key generation center module chooses an identity
Figure imgf000024_0008
* and provides
Figure imgf000024_0009
and
Figure imgf000024_0010
to the search token component of the data access component of the data consumer module and the search component of the cloud service provider module through secure channels, respectively. In addition, the registration component of the key generation center module takes as inputs the system public parameter PP and the master secret key MSK, and the data consumer’s attribute set 5, which is from the data consumer module, randomly chooses and sets the decryption key dkDC of the data consumer and the
Figure imgf000024_0014
corresponding transformation key tkDC as where
Figure imgf000024_0006
Figure imgf000024_0005
[107] Finally, the registration component of the key generation center module provides dkDC and
Figure imgf000024_0007
to the decryption component of the data access component of the data consumer module and the transformation component of the cloud service provider module, respectively. Data outsourcing process
[108] The data outsourcing process includes data uploading process and data storage process, which are separately discussed below.
[109] Data uploading: When a data owner with identity uD0 intends to outsource its data Data with a set of keywords KWS, the encryption component of the data outsourcing component of the data owner module does the following:
[110] The encryption component of the data outsourcing component of the data owner module specifies an access policy T which is a tree. Each node has a unique index i and the index of the root node is denoted as The parent node of node i is dentoed as parentQ). Each leaf node has a
Figure imgf000025_0001
threshold value 1 and it is associated with an attribute. Each non-leaf node i is a threshold node with a corresponding natural number pair where nnhi represents the number of child nodes of the
Figure imgf000025_0002
non-leaf node i and
Figure imgf000025_0003
is the threshold value. Especially, the non-leaf node becomes an “AND” node if and an “OR” node if knl i = 1. In the subsequent procedures, a polynomial of degree
Figure imgf000025_0004
knl ^ - 1 will be chosen for each node.
[111] The encryption component of the data outsourcing component of the data owner module takes as inputs the system public parameter PP, the access policy T, randomly chooses
Figure imgf000025_0006
, and computes
Figure imgf000025_0007
. Then it chooses a polynomial qt{x) of degree d; for every node i of T, where
Figure imgf000025_0005
with the coefficients ] being randomly chosen. Note that dt = knl l - 1 if node i is a non
Figure imgf000025_0008
leaf node and d; = 0 if node i is a leaf node. Suppose Y is the set of leaf node indexes of T and the function attr(y ) is to get the attribute of the node
Figure imgf000025_0011
. Then, it sets CTABE =
Figure imgf000025_0009
[112] The encryption component of the data outsourcing component of the data owner module takes as inputs the system public parameter PP, the symmetric encryption key kSE and the data Data, and generates a symmetric ciphertext
Figure imgf000025_0010
[113] For each keyword
Figure imgf000025_0012
t , the index generation component of the data outsourcing component of the data owner module takes as inputs the system public parameter PP, the owner query key qkD0 = xD0, and kwt, computes CTkw. = It sets which is used
Figure imgf000026_0001
Figure imgf000026_0002
as the index generation request.
[114] The data owner module sets the user-side encrypted data as
Figure imgf000026_0014
where , and provides CTD0 to the cloud service provider module. Specifically, the
Figure imgf000026_0015
encryption component of the data outsourcing component of the data owner module provides
Figure imgf000026_0016
to the search component of the cloud service provider module, and the index generation component of the data outsourcing component of the data owner module provides to the search component of the cloud service provider module.
Figure imgf000026_0013
[115] Data storage: Upon receiving the user-side encrypted data the
Figure imgf000026_0017
search component of the cloud service provider module retrieves the owner search key
Figure imgf000026_0018
associated with uD0, takes as inputs the system public parameter PP, the owner search key
Figure imgf000026_0019
and and does the following:
For each CTkw. in CTKWS, it randomly chooses
Figure imgf000026_0003
and computes
Figure imgf000026_0004
where SE.Enc also can be replaced by a hash function to get an alternative embodiment.
Then, it sets The search component of the cloud service provider module
Figure imgf000026_0005
provides to the cloud storage component of the cloud service provider module.
Figure imgf000026_0006
[116] The cloud storage component of the cloud service provider module sets the cloud-side encrypted data as
Figure imgf000026_0007
at first. Upon receiving
Figure imgf000026_0008
, it sets
Figure imgf000026_0009
Figure imgf000026_0010
Data access
[117] The data access process includes query process, search process, transformation process, and decryption process, which are separately discussed below.
[118] Query: When a data consumer with identity uDC intends to get the data with a keyword kw, the search token component of the data access component of the data consumer module takes as inputs the system public parameter PP, the user query key qkDC - xDC, and kw, computes the corresponding search token and provides
Figure imgf000026_0012
} to the search component of the cloud
Figure imgf000026_0011
service provider module. [119] Search: Upon receiving {uDC,ToKkw}, the search component of the cloud service provider module takes as inputs the system public parameter PP, and the user search key shkDC associated with uDC, and sets the target ciphertext data TarCTData - 0 at first. Then, it does the following:
The search component of the cloud service provider computes
Figure imgf000027_0001
For each item
Figure imgf000027_0002
from the cloud storage component of the cloud service provider module, and for each , it parses Ikw. = {yi( CyJ, computes
Figure imgf000027_0003
and sets
Figure imgf000027_0004
[120] Finally, the search component of the cloud service provider module provides {uDC, TarCTData} to the transformation component of the cloud service provider module.
[121] Transformation: The transformation component of the cloud service provider module sets the transformed ciphertext data as TranCTData = 0 . If and only if
Figure imgf000027_0013
for each
Figure imgf000027_0014
it takes as inputs the system public parameter PP ,
Figure imgf000027_0012
the
Figure imgf000027_0015
transformation key tkDC - {5, z} associated with the data consumer uDC , and parses CTABE - · If and only if s satisfies T, it sets C2 = C2 , and TranCTData = TranCTData u
Figure imgf000027_0010
Finally, the transformation component of the cloud service provider
Figure imgf000027_0011
module provides TranCTData to the decryption component of the data access component of the data consumer module.
[122] Decryption: Upon receiving TranCTData , the decryption component of the data access component of the data consumer module does the following:
If TranCTData = 0, it knows no suitable data exist in the cloud service provider module. Otherwise, TranCTData ¹ 0 , it takes as inputs the system public parameter PP , its decryption key dkDC and TranCTData, and does the following:
For each tuple it does the following:
Figure imgf000027_0009
1) If node i is a leaf node, then lets t - attr(i ), and does the following: a) If t e S, where 5 is the data consumer’s attribute set and it is given in dkDC, computes
Figure imgf000027_0005
b)
Figure imgf000027_0006
2) If i is a non-leaf node, then does the following: a) For each child node j of i, it sets t — attr(j ), if t g S, it sets Fj =±. Otherwise, it compuets
Figure imgf000027_0007
b) It sets
Figure imgf000027_0008
j where j is child node of i. c) If the size of St is less than dt + 1, then it returns Ft =±. Otherwise, it supposes St has dt + 1 elements and computes
Figure imgf000028_0001
where - For the root node Let
Figure imgf000028_0002
Figure imgf000028_0003
B = Firoot and if and only if
Figure imgf000028_0006
it computes
Figure imgf000028_0004
and sets
Figure imgf000028_0005
Then, it checks if C If no, it fails to decrypt. Otherwise, it computes the
Figure imgf000028_0007
symmetric key
Figure imgf000028_0008
and recovers the data Finally, the decryption
Figure imgf000028_0009
component of the data access component of the data consumer module puts all the recovered data into the local storage component of the data consumer module.
Revocation
[123] To revoke a data consumer uDC from the system, the revocation component of the key generation center module provides uDC as the revocation request to the cloud service provider module. Then, the search component of the cloud service provider module deletes the data consumer’s search key shkDC, and/or the transformation component of the cloud service provider module deletes the data consumer’s transformation key tkDC.
Performance analysis
[124] Transformation cost of the cloud service provider module: In the transformation process, for each where the cloud
Figure imgf000028_0010
Figure imgf000028_0011
service provider only needs to compute an exponentiation operation, i.e.,
Figure imgf000028_0012
Accordingly, the example II is more efficient than the example I in the transformation process. Example III
[125] Example III is proposed to further improve the search performance. Most of the procedures in the example III are the same as those in example I or II, only the different procedures are described below.
The process of data outsourcing
[126] Storage: Upon receiving the user-side encrypted data CTD0 = { uD0 , CTData, CTKWS], the search component of the cloud service provider module retrieves the owner search key shkD0 associated with uD0, takes as inputs the system public parameter PP, the owner search key shkD0 , and CT^s, and does the following:
For each CTkw. in CTKWS, it randomly chooses yt e Zp, and computes
Figure imgf000029_0001
Then, it sets . The search component of the cloud service provider
Figure imgf000029_0002
module provides {CTData, IKWS) to the cloud storage component of the cloud service provider module.
[127] The cloud storage component of the cloud service provider module first sets the cloud-side encrypted data as where It also
Figure imgf000029_0003
Figure imgf000029_0004
sets
Figure imgf000029_0005
[128] After receiving { CTData,IKWS }, for each Ikw e IKWS, the cloud storage component of the cloud service provider module does the following:
Figure imgf000029_0006
Data access process
[129] Search: Upon receiving {uoc.ToK^}, the search component of the cloud service provider module takes as inputs the system public parameter PP, and the user search key shkDC associated with uDC, and sets the target ciphertext data
Figure imgf000029_0008
at first. Then, it computes
Figure imgf000029_0007
It sets if and only if , where
Figure imgf000030_0001
Figure imgf000030_0002
Figure imgf000030_0003
Figure imgf000030_0006
is given by the cloud storage component of the cloud service provider module.
[130] Finally, the search component of the cloud service provider module provides
Figure imgf000030_0004
to the transformation component of the cloud service provider module.
Performance analysis
[131] Search cost of the cloud service provider: In the search process, the cloud service provider module needs to compute a bilinear pairing operation, i.e., To retrieve
Figure imgf000030_0005
all the ciphertext associated with kw, it only needs to perform comparisons to check whether two strings are the same, where is the total number of keywords in the cloud. Accordingly, the example III is more efficient than the example I and II in the search process.
[132] While the disclosure contained herein has set forth some of the preferred embodiments of the present invention, as well as exemplary examples, it is not intended to limit or confine the present invention only to such embodiments or examples. It will be appreciated by those skilled in the art that variations to the modules and steps disclosed may be made without departing from the scope and spirit of the invention. Such variations may include, but are not limited to, selection of alternate practical modules, steps, and application of the process for other purposes or occasions that are not specifically mentioned above.
REFERENCES:
1. Boneh D, Franklin M. Identity-based encryption from the Weil pairing, Proceedings of Annual International Cryptology Conference. Springer, Berlin, Heidelberg, 2001
2. Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data, Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006
3. Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption, Proceedings of IEEE Symposium on Security and Privacy, IEEE, 2007
4. Boneh D, Di Crescenzo G, Ostrovsky R, et al. Public key encryption with keyword search, Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 2004

Claims

1. A cloud data sharing system, including at least one key generation center module, at least one data owner module, at least one cloud service provider module, and at least one data consumer module, wherein the at least one key generation center module is configured to- generate a system public parameter and a master secret key, and distribute the system public parameter to the at least one data owner module, the at least one cloud service provider module, and the at least one data consumer module; generate and distribute an owner query key to each of the at least one data owner module, and an owner search key associated to the owner query key to the cloud service provider module, based on the system public parameter and the master secret key; generate and distribute a user query key to each of the at least one data consumer module, and a user search key associated to the user query key to the cloud service provider module, based on the system public parameter and the master secret key; generate and distribute a decryption key to each of the at least one data consumer module, and a transformation key associated to the decryption key to the cloud service provider module, based on the system public parameter, the master secret key and attribute set of the corresponding data consumer; and generate and distribute revocation information to the at least one cloud service provider module; the at least one data owner module is configured to- generate user-side encrypted data for a data, based on at least one access policy, at least one keyword of the data, the owner query key and the system public parameter received from the at least one key generation center module; and upload user-side encrypted data to the at least one cloud service provider module; the at least one cloud service provider module is configured to- generate cloud-side encrypted data, based on the user-side encrypted data received from a data owner module, the system public parameter and the corresponding owner search key received from the at least one key generation center module; store the cloud-side encrypted data; perform search on the cloud-side encrypted data, based on at least one search request received from a data consumer module and the corresponding user search key received from the at least one key generation module, and retrieve target cloud-side encrypted data found in the search; transform the target cloud-side encrypted data to transformed ciphertext data, based on the corresponding transformation key received from the at least one key generation center module; provide the transformed ciphertext data to the corresponding data consumer module; and revoke one or more data consumers based on the revocation information received from the key generation center module; and the at least one data consumer module is configured to- generate a search token for a specified keyword, based on the system public parameter and the user query key received from the at least one key generation center module; provide at least one search request including at least one search token to the at least one cloud service provider module; and decrypt the transformed ciphertext data received from the cloud service provider module, based on the system public parameter and the decryption key received from the key generation center module.
2. The cloud data sharing system according to claim 1 , wherein the at least one cloud service provider module revokes one or more data consumers by deleting the corresponding user search key/s and/or transformation key/s.
3. The cloud data sharing system according to claim 1 or 2, wherein the user-side encrypted data contains ciphertext data and index generation requests.
4. The cloud data sharing system according to claim 3, wherein the at least one cloud service provider module is further configured to generate at least one ciphertext index, based on the index generation requests received from the at least one data owner module, the system public parameter and the corresponding owner search key received from the at least one key generation center module; and wherein the cloud-side encrypted data contains ciphertext index and ciphertext data.
5. The cloud data sharing system according to claim 4, wherein the at least one cloud service provider module transforms the ciphertext data of the target cloud-side encrypted data to transformed ciphertext data only if attribute set associated with the transformation key matches access policy of the ciphertext data of the target cloud-side encrypted data.
6. The cloud data sharing system according to any of claims 1 - 5, wherein the at least one key generation center module includes at least one initialization component, at least one registration component, and at least one revocation component.
7. The cloud data sharing system according to any of claims 1 - 6, wherein the at least one data owner module includes at least one local storage component and at least one data outsourcing component.
8. The cloud data sharing system according to claim 7, wherein the at least one data outsourcing component includes at least one encryption component and at least one index generation component.
9. The cloud data sharing system according to any of claims 1-8, wherein the at least one cloud service provider module includes at least one cloud storage component, at least one search component, and at least one transformation component.
10. The cloud data sharing system according to any of claims 1-9, wherein the at least one data consumer module includes at least one local storage component and at least one data access component.
11. The cloud data sharing system according to claim 10, wherein the at least one data access component includes at least one search token component and at least one decryption component.
12. A method for sharing data using a cloud data sharing system according to any of claims 1-11, including at least five processes: initialization process, registration process, data outsourcing process, data access process and revocation process, wherein the initialization process includes- generating and providing a system public parameter, by at least one key generation center module, to at least one data owner module, at least one cloud service provider module and at least one data consumer module; and generating a master secret key by the at least one key generation center module, and keeping the master secret key confidential in the at least one key generation center module; the registration process includes- generating and providing at least one owner query key, by the at least one key generation center module, to each of the at least one data owner module, based on the system public parameter and the master secret key; generating and providing one owner search key associated to each owner query key, by the at least one key generation center module, to the at least one cloud service provider module, based on the system public parameter and the master secret key; generating and providing at least one user query key, by the at least one key generation center module, to each of the at least one data consumer module, based on the system public parameter and the master secret key; generating and providing one user search key associated to each user query key, by the at least one key generation center module, to the at least one cloud service provider module, based on the system public parameter and the master secret key; generating and providing at least one decryption key, by the key generation center module, to each of the at least one data consumer module, based on the system public parameter, the master secret key and corresponding data consumer’s attribute set; and generating and providing one transformation key associated to each decryption key, by the key generation center module, to the at least one cloud service provider module, based on the system public parameter, the master secret key and corresponding data consumer’s attribute set; the data outsourcing process includes- generating and providing user-side encrypted data, by the at least one data owner module, to the at least one cloud service provider module, based on at least one access policy, at least one keyword of the data to be encrypted, the system public parameter and the at least one owner query key received from the at least one key generation center module; and generating and storing cloud-side encrypted data, by the at least one cloud service provider module, based on the user-side encrypted data received from the at least one data owner module, the system public parameter and the owner search key associated to each of the at least one owner query key received from the at least one key generation center module; the data access process includes- generating and providing at least one search request including at least one search token, by the at least one data consumer module, to the at least one cloud service provider module, based on the system public parameter and the at least one user query key received from the at least one key generation center module; performing search on the cloud-side encrypted data, by the at least one cloud service provider module, based on at least one search request received from a data consumer module and the corresponding user search key received from the at least one key generation module, and retrieving target cloud-side encrypted data found in the search; transforming the target cloud-side encrypted data to transformed ciphertext data, by the at least one cloud service provider module, based on the transformation key and providing the transformed ciphertext data to the corresponding data consumer module; and decrypting the transformed ciphertext data, by the corresponding data consumer module, based on the decryption key received from the at least one key generation center module; and the revocation process includes- providing revocation information, by the at least one key generation center module, to the at least one cloud service provider module; and revoking at least one relevant data consumer, by the cloud service provider module, based on the revocation information received from the at least one key generation center module.
13. The method for sharing data according to claim 12, wherein the at least one cloud service provider module revokes the at least one data consumer by deleting the corresponding user search key/s and/or transformation key/s.
14. The method for sharing data according to claim 12 or 13, wherein the user-side encrypted data contains ciphertext data and index generation requests.
15. The method for sharing data according to claim 14, wherein at least one ciphertext index is generated by the at least one cloud service provider module, based on the index generation requests received from the at least one data owner module, the system public parameter and the corresponding owner search key received from the at least one key generation center module; and wherein the cloud-side encrypted data contains ciphertext index and ciphertext data.
16. The method for sharing data according to claim 15, wherein the at least one cloud service provider module transforms the ciphertext data of the target cloud-side encrypted data to transformed ciphertext data only if attribute set associated with the transformation key matches access policy of the ciphertext data of the target cloud-side encrypted data.
PCT/SG2021/050436 2020-07-27 2021-07-27 Cloud data sharing systems and methods for sharing data using the systems WO2022025822A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG10202007162Q 2020-07-27
SG10202007162Q 2020-07-27

Publications (1)

Publication Number Publication Date
WO2022025822A1 true WO2022025822A1 (en) 2022-02-03

Family

ID=80038132

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2021/050436 WO2022025822A1 (en) 2020-07-27 2021-07-27 Cloud data sharing systems and methods for sharing data using the systems

Country Status (1)

Country Link
WO (1) WO2022025822A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114615087A (en) * 2022-04-21 2022-06-10 中国科学技术大学 Data sharing method, device, equipment and medium
CN114826575A (en) * 2022-04-19 2022-07-29 西安电子科技大学 Single keyword searchable encryption method based on inner product predicates in cloud
CN114884747A (en) * 2022-06-16 2022-08-09 华北电力大学(保定) Energy transaction data sharing system and method based on cloud chain fusion

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850652A (en) * 2017-02-21 2017-06-13 重庆邮电大学 One kind arbitration can search for encryption method
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Encrypted electronic medical records system and encryption method can search for based on attribute

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850652A (en) * 2017-02-21 2017-06-13 重庆邮电大学 One kind arbitration can search for encryption method
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Encrypted electronic medical records system and encryption method can search for based on attribute

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HUI CUI, ZHIGUO WAN, ROBERT DENG, GUILIN WANG, YINGJIU LI: "Efficient and Expressive Keyword Search Over Encrypted Data in the Cloud", IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, IEEE SERVICE CENTER, NEW YORK, NY, US, 1 January 2016 (2016-01-01), US , pages 1 - 1, XP055412990, ISSN: 1545-5971, DOI: 10.1109/TDSC.2016.2599883 *
WANG SHANGPING, YAO LISHA, ZHANG YALING: "Attribute-based encryption scheme with multi-keyword search and supporting attribute revocation in cloud storage", PLOS ONE, vol. 13, no. 10, 12 October 2018 (2018-10-12), pages e0205675, XP055904601, DOI: 10.1371/journal.pone.0205675 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826575A (en) * 2022-04-19 2022-07-29 西安电子科技大学 Single keyword searchable encryption method based on inner product predicates in cloud
CN114615087A (en) * 2022-04-21 2022-06-10 中国科学技术大学 Data sharing method, device, equipment and medium
CN114615087B (en) * 2022-04-21 2022-12-30 中国科学技术大学 Data sharing method, device, equipment and medium
CN114884747A (en) * 2022-06-16 2022-08-09 华北电力大学(保定) Energy transaction data sharing system and method based on cloud chain fusion

Similar Documents

Publication Publication Date Title
Li et al. Achieving secure and efficient dynamic searchable symmetric encryption over medical cloud data
Li et al. Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data
Yu et al. Achieving secure, scalable, and fine-grained data access control in cloud computing
Wang et al. A ciphertext-policy attribute-based encryption scheme supporting keyword search function
WO2022025822A1 (en) Cloud data sharing systems and methods for sharing data using the systems
CN110035067B (en) Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage
Florence et al. Enhanced secure sharing of PHR’s in cloud using user usage based attribute based encryption and signature with keyword search
Rashid et al. Secure enterprise data deduplication in the cloud
Sabitha et al. Multi-level on-demand access control for flexible data sharing in cloud
Chamili et al. Searchable encryption: a review
Shekhawat et al. Privacy-preserving techniques for big data analysis in cloud
Al-Sakran Accessing secured data in cloud computing environment
Park et al. PKIS: practical keyword index search on cloud datacenter
CN107294701B (en) Multidimensional ciphertext interval query device and method with efficient key management
Yan et al. Secure and efficient big data deduplication in fog computing
CN109672525B (en) Searchable public key encryption method and system with forward index
CN114640458B (en) Fine granularity multi-user security searchable encryption method in cloud-edge cooperative environment
Wang et al. Attribute-based encryption with efficient keyword search and user revocation
Yu et al. Multi-user search on the encrypted multimedia database: lattice-based searchable encryption scheme with time-controlled proxy re-encryption
Ahuja et al. An identity preserving access control scheme with flexible system privilege revocation in cloud computing
Raj et al. A Novel Fog-based Framework for Preventing Cloud Lock-in while Enabling Searchable Encryption
Silambarasan et al. Attribute-based convergent encryption key management for secure deduplication in cloud
Fahsi et al. A framework for homomorphic, private information retrieval protocols in the cloud
More et al. An Advanced Mechanism for Secure Data Sharing in Cloud Computing using Revocable Storage Identity Based Encryption
Almobaideen et al. Searchable encryption architectures: survey of the literature and proposing a unified architecture

Legal Events

Date Code Title Description
DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21849986

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21849986

Country of ref document: EP

Kind code of ref document: A1