Edge-Cloud-Assisted Multiuser Forward Secure Searchable Encryption (EMFSSE) Scheme in the P2P Networking Environment

Tang, Yongli; Li, Jingran; Yan, Xixi; Zhao, Qiang

doi:https://doi.org/10.1155/2021/7003252

Mobile Information Systems

On this page

Abstract Introduction Related Work Preliminaries Evaluation Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Artificial Intelligence for Next-Generation Wireless Networks

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 7003252 | https://doi.org/10.1155/2021/7003252

Edge-Cloud-Assisted Multiuser Forward Secure Searchable Encryption (EMFSSE) Scheme in the P2P Networking Environment

Yongli Tang,¹Jingran Li,¹Xixi Yan,¹and Qiang Zhao¹

Academic Editor: Han Wang

Received13 Jul 2021

Accepted26 Aug 2021

Published20 Sept 2021

Abstract

P2P network enables users to share resources effectively. However, with the advent of the big data era, the sensitive data of users in P2P network are also increasing dramatically. In order to solve the contradiction between the huge amount of sensitive data and the limited local storage space, an increasing number of users choose to encrypt their sensitive data and store them in the cloud server. For the problem of the secure storage and flexible access of large amounts of user data in P2P networks, an edge-cloud-assisted multiuser forward secure searchable encryption scheme is proposed. The scheme uses the proxy reencryption technique to optimize the multiuser searchable encryption and prevent the decryption key from being directly transmitted between users. By introducing an edge-cloud architecture, the system achieves efficient communication and timely response capabilities. The security analysis proves that our scheme achieves the CPA (chosen-plaintext attack) security based on DBDH assumption and the forward privacy. Finally, the theoretical and experimental comparisons between this scheme and other schemes show that our scheme has high efficiency in the process of data update, search, and trapdoor generation. In addition, due to the use of edge-cloud architecture, our scheme reduces about 90% and 75% of the user’s consumption in the encryption and token generation process.

1. Introduction

P2P network file sharing system has been widely used and has rapidly developed because of its various advantages, such as decentralization, good extendibility, strong robustness, high cost-effectiveness, and load balancing characteristics [1–3]. With the development of communication and computer technology [4–6], the amount of data owned by users is increasing, but the local storage space of users is limited. This contradiction has become one of the main reasons for restricting the development of P2P networks. The development of cloud storage [7] has brought about a turning point for this situation. Clients can choose to transfer a large amount of local data [8] to a cloud server and use the cloud server to store, manage, and utilize the data. In addition, searchable encryption technology can ensure data security and flexible access during remote storage, which not only reduces local storage and computational cost but also achieves more flexible and convenient data access. However, in reality, there is a huge physical and logical distance between the client and the cloud server, which reduces the efficiency of data collection, transmission, and analysis, causes the delay of the communication process, and hinders the timely response ability of the whole system. This brings new challenges to the combination of file transmission and searchable encryption technology in P2P networking environment. A lot of work has shown [9–11] that edge-cloud collaboration can successfully replace the only-cloud system and strike a balance between powerful computing power and rapid response. The edge-cloud architecture is an optimized cloud computing system that transforms cloud service from the “cloud” as the center to the Internet edge and cloud cooperative operation, which overcomes the problems of only-cloud computing such as distributed data collection, transmission and response delay, and poor data analysis efficiency. With the help of edge computing, clients store some data information on the nearest edge platform, and the edge platform retrieves the data according to authorization, thereby limiting unnecessary data upload to the cloud, saving communication costs, and providing more efficient and timely data search. In addition, the edge platform can also assist clients in some expensive operations and use the efficiency of edge computing to reduce the amount of calculation on the client side. Therefore, the edge-cloud architecture and the P2P network can be combined. Clients upload part of their data information to the edge-cloud architecture and enjoy the ability to share and use data in time.

The combined use of searchable encryption and edge-cloud collaboration can largely solve the contradiction between data storage, data confidentiality, and data transmission efficiency. It ensures that neither the edge side nor the cloud side can learn any useful information without completely sacrificing searchability of the data or that search function can be improved with minimal disclosure. However, the search server is generally assumed to be an honest but curious entity in a searchable encryption scheme. In the real world, the malicious server will carry out illegal operation on its stored ciphertext. Attackers can even use a small amount of leakage to leak the user’s query. Particularly in dynamic databases, the attacker can inject new documents into the cloud server to gain more advantages, and the impact of file injection attacks can even be devastating. The searchable encryption scheme that realizes forward privacy can effectively resist such attacks [12]. Therefore, from the perspective of usage, it is very necessary to construct a forward secure searchable encryption scheme to solve the information security and privacy issues in the process of file updating. How to design a searchable encryption scheme with forward security under the edge-cloud architecture and apply it to P2P networks is the first goal of this paper.

In the P2P network, a node can not only be the data user who sends the request to obtain the required information but also provide the data as the data owner. Specifically, the P2P network aims to share various services among users. But so far, only a few schemes extend forward secure searchable encryption scheme to multiuser [13, 14]. Wang et al. [13] introduce a semihonest proxy server that does not collude with the cloud server to solve the user query problem. Lu et al. [14] improve Wang’s scheme, remove the state value transfer between the data owner and the proxy server, and add the user authentication function. However, both schemes require the data owner to send the decryption key to the data user directly. In order to prevent the disclosure of the decryption key, this paper introduces the proxy reencryption technique. The authorized proxy (obtains the reencryption key generated by the data owner) transforms the ciphertext provided by the data owner into another ciphertext that can be decrypted by the data user. Then, the data user can download the ciphertext alone and decrypt it with his own private key to get the original plaintext. How to combine forward secure searchable encryption with proxy reencryption to provide secure file sharing between users is the second goal of this paper.

1.1. Contribution

In order to achieve the two goals mentioned above, we study a series of existing schemes. First of all, users in P2P network upload a large amount of data to the cloud for storage and search. However, the distance between clients and server causes serious operation delay in this process, which affects the performance of end-to-end communication in the P2P network. Inspired by the work [15], edge-cloud architecture can effectively realize timely response between client and edge platform and greatly improve communication efficiency. Secondly, malicious attackers may carry out a variety of attacks to damage the confidentiality of user data by using the information leaked in the communication process, for example, file injection attacks. Therefore, constructing a searchable encryption scheme with forward security is particularly important, which can effectively ensure that the file update process does not disclose data information. Finally, in order to combine P2P network with forward secure searchable encryption technology, it is necessary to implement forward secure searchable encryption technology among multiple users. However, the existing multiuser schemes need to transmit the decryption key directly [13, 14]. In order to prevent the decryption key from leaking, the proxy reencryption technique is introduced to optimize the security of file transmission of each node in the P2P network. In summary, we have constructed a multiuser forward secure searchable encryption scheme EMFSSE based on the edge-cloud architecture in the P2P network. In the scheme, we store part of the index information in the edge server nearest to the user and store encrypted files and encrypted indexes in the cloud server. The communication efficiency of the whole system is also enhanced because it can realize fast update, search, and transmission between the user and the server by making full use of the storage and computing capacity of cloud edge. The main contributions are as follows:(1)This scheme combines the P2P network with the multiuser forward secure searchable encryption. It realizes the encryption storage, ciphertext search, and update function of user data in the P2P network environment. And it supports data transmission between users.(2)Proxy reencryption technique is introduced to solve the decryption key leakage problem in the scheme [13, 14]. In our scheme, the edge server reencrypts the ciphertext, and then the data requester uses its own private key to decrypt the reencrypted ciphertext.(3)We take advantage of edge-cloud collaborative computing to spread out the workload of only-cloud server and reduce the burden of users. Firstly, the edge server maintains part of the keyword information and assists the authorized data user to generate trapdoor. The data owner can authorize the data user to query the encrypted database dynamically and effectively. Secondly, because of the excellent computing power of edge server, it can be used to realize the reencryption process and convert part of the heavy encryption operations to the edge, which can ensure data confidentiality and reduce the computational cost of the client and cloud.(4)The scheme satisfies the correctness and indistinguishable forward security under the adaptive attack model. And the scheme is proved to be against the chosen-plaintext attacks (CPA) based on the DBDH assumption during the reencryption process.(5)Comparative analysis and experimental results show that the proposed scheme has a good efficiency in the process of encryption and searching. Compared with the scheme without edge computing, the proposed scheme can save about 92% of the computational costs of the client in the process of ciphertext generation. It can save about 75% of the computation cost in the token generation process.

1.2. Organization

The rest of this paper is organized as follows. In the next section, we introduce the related work. The description of symbols and related knowledge are introduced in Section 3. Section 4 analyzes the design goals and basic model. Then the specific structure and safety analysis of the EMFSSE scheme are introduced in Section 5 and Section 6, respectively. Section 7 compares the EMFSSE scheme with other related schemes and evaluates its performance. In the end, Section 8 summarizes the full text.

This paper studies the multiuser forward secure searchable encryption technology optimized by proxy reencryption technique in the edge-cloud-assisted P2P network. Therefore, this section focuses on the research progress of forward secure searchable encryption, edge-cloud architecture, and proxy reencryption technique.

2.1. Forward Secure Searchable Encryption (FSSE)

The desired goal of forward secure searchable encryption (FSSE) is that the malicious server does not disclose any information of existing data in the database during the file update phase. The scheme of Chang Mitzenmacher [16] already supports forward security. This paper points out that when a file is updated, the newly added file may be related to the previously queried keywords, thereby leaking some information. Stefanov et al. [17] proposed the concept of FSSE and the concept of backward security. Subsequently, the first scheme with good communication costs and computational complexity was proposed by Bost [12], which hides the relationship between document identifiers and keywords through trapdoors replacement in the indexing process and does not disclose the information of previously queried files when new files are injected. Subsequently, scholars have successively proposed various forward secure searchable encryption schemes [18–20] on the basis of the scheme. The application of the FSSE scheme has also become a research hotspot recently. Chen et al. [21] proposed a blockchain-based forward secure searchable encryption scheme and applied it to vehicle trading websites. The scheme uses smart contract to replace the cloud server for search. Wang et al. [22] proposed a verifiable forward security ranking search scheme in P2P network environment. The scheme realizes ranking search and achieves forward security by changing the file vector structure and using modular residual computation. However, most of these schemes cannot realize file transfer between clients. Wang et al. [13] proposed an FSSE scheme to support multiuser search, which realizes data access by using proxy server to maintain keyword state information. However, this scheme directly transmits decryption key through secure channel, which not only causes the problem of decryption key leakage but also requires the data owner to keep online during the whole search phase.

2.2. Edge-Cloud Architecture

It is an effective way to optimize cloud computing by using cloud-edge collaboration instead of only-cloud system, which has become a research trend in the near future. The edge platform is closer to the underlying data source and has the geographical advantage of being closer to the real clients, so it can effectively reduce the system delay. And edge server can replace the client side or cloud side to perform some complex operations, which can improve the efficiency of the client and cloud server, and provide on-demand services. Ren et al. [23] proposed that the cloud-edge cooperation method can effectively improve the delay performance. Zhang et al. [24] used edge-cloud cooperation to construct a multidevice management service system and applied it to the industrial Internet of things. The system improved the response speed of data collected by basic equipment to a certain extent and reduced the network bandwidth load pressure brought by data transmission. Mollah et al. [25] combined cloud-edge collaboration with public key encryption to construct a secure data sharing scheme, which supports searching on encrypted data (searchable encryption), uses cloud-edge collaboration to reduce computing and communication costs, and provides privacy and confidentiality functions for outsourced data. Wang et al. [15] constructed a lightweight scheme of edge-cloud-assisted public key searchable encryption, using lightweight cryptography and edge-cloud computing to reduce the encryption cost of infrastructure equipment by 70%. But the previous schemes are all applied to the industrial Internet of things, and few schemes combine edge computing with P2P network.

2.3. Proxy Reencryption

Proxy reencryption technique means a trusted third party that converts data encrypted by the data owner with his public key into ciphertext data that can be decrypted by the data user with his private key, so as to complete data sharing. It is important to note that, during this process, no plaintext information should be disclosed to the proxy. In 1998, proxy reencryption technique was proposed by Blaze et al. [26]. With the development of cloud storage, a large number of researchers focus on the combination of proxy reencryption technique and cloud storage to achieve the purpose of cloud data sharing [27–29]. Early proxy reencryption schemes have the problem of reencryption key abuse. In 2005, [30] introduced the concept of nontransferability, but it was not until 2015 that Guo et al. [31] completed the instantiation of this concept using indistinguishable confusion and unforgeable authentication. On this basis, a public accountability proxy reencryption scheme was proposed by Guo et al. [32] in 2021. Different from the traditional reencryption key generation, the generation process of this scheme is noninteractive, which saves the communication cost, and the scheme can determine the operator of the decryption operation, which improves the security of the scheme.

3. Preliminaries

This section mainly introduces the symbols and encryption-related knowledge used in this paper.

3.1. Notations

The notation information of this paper is given in the Table 1

3.2. Cryptography Materials

3.2.1. Trapdoor One-Way Permutation Technique

We cite the definition of trapdoor one-way permutation in literature [33].

The group based on trapdoor permutation family consists of three algorithms: Random generation algorithm (): it inputs security parameter and outputs permutation description and related trapdoor . Evaluation algorithm (): it inputs and the original image and outputs the image of , . Inverse algorithm (): it inputs , trapdoor , and and output the preimage of in the permutation. And the one-way permutation function has the following properties:(i)For all , the related should be a permutation of group (ii)For all ,

3.2.2. Bilinear Pairing

According to literature [34], we briefly introduce the definition of bilinear pairing. Let and be two cyclic groups of the same prime order , be the generator of , and be the security parameters. Let denote a map to satisfy the following properties:(i)Bilinear: For any and , the equation holds(ii)Computable: for that meets the condition, an algorithm can be found to calculate the value of in polynomial time(iii)Nondegenerate:

3.2.3. Decisional Bilinear Diffie–Hellman (DBDH) Assumption

According to literature [35], the description of DBDH assumption is given. The definitions of groups and and map are the same as above. For any adversary , its advantages are defined as , where . We say that the DBDH assumption holds if, for any probability polynomial time (PPT) adversary , its advantage is negligible with security parameter .

3.2.4. Forward Privacy Security

This paper cites the definition of forward privacy technology in literature [12].

Common Leakage. We define the leak function , which represents the amount of information leaked to the adversary in the searchable encryption scheme. The leak function treats the query list (including all queries) as status. List stores each query for keyword , and its element is or for an update query with input . The integer represents the timestamp with the initial value of 0, which increases with the number of queries.(i)Search pattern: (only matches search queries)(ii)Query pattern:

Forward Privacy. A -adaptively secure searchable encryption scheme is forward private if the update leakage function can be expressed as where represents the modified document set and represents the number of modified words.

3.2.5. Binary Index Tree

We use the binary index tree in literature [18] to store the encrypted file information, as shown in Figure 1.

Block. A block is generated for each index . The block is divided into two parts, the block address and the block data , where stores the data value (the information of one index in this paper), the previous block key denoted by , and the previous block address . To sum up, .

Blocks Chain. Connect the blocks with the same keyword into a chain . Chain represents the index list related to , and its length is equal to the number of file indexes containing . The total number of chains is equal to the number of keywords . There are three types of blocks on each chain : the first block , the last block , and the other blocks , where .

Binary Index Tree. Each node of the binary index tree stores a block . The node indexed by is denoted by , and the stored data is denoted by . The of the data block stores all indexes containing the keyword . Finally, the tree has a total of index lists (chains), including nodes, and the depth is .

4. System Design

4.1. Design Goals

According to the information transmission requirements of P2P network and users, the scheme designed in this paper must meet the following goals: Efficiency: the index structure in the searchable encryption scheme has an important impact on search efficiency. We store the index in a tree structure to improve search efficiency. In the phase of ciphertext generation and search query, we utilize the edge-cloud architecture to improve the fast response capability of the whole system. Confidentiality: this is another key attribute. This scheme needs to ensure the confidentiality of data, index, and query. That is, the server cannot get the relevant information of the plaintext by analyzing the stored ciphertext or by reencrypting the ciphertext. And it also cannot get the relevant index information and data query when attacked by an adversary. In addition, this scheme provides forward privacy performance specifically against file injection attack [12]. Dynamic update: this scheme supports the dynamic update of files including add, delete, and update functions. When the user wants to modify the data, he only needs to perform corresponding operations on the data index and the database. Correctness: correctness is the basic property of a searchable decryption scheme, which requires the system to provide services correctly. Specifically, as long as the correct trapdoor is provided and the system is executed sequentially in a legal manner, the search results must be correct. Multiusers: this attribute refers to the ability of the scheme to support data transmission between different users. And the data owner is able to authorize users and update their access rights at any time.

4.2. System Model

As shown in Figure 2, our scheme has four entities: data owner (DO), edge server (ES), cloud server (CS), and data user (DU). DO needs to outsource data while keeping the confidentiality and operation ability of data. At the same time, DO wants to have the right to control other users’ access to the data. ES is responsible for storing part of the keyword information from the DO nearby, assisting the data user to generate trapdoor, and reencrypting the ciphertext found by CS. CS stores encrypted data, encrypts index, and responds to data queries. The scheme mainly includes the following processes:(1)Step 1 (data update): DO first extracts index from the outsourced files and generates index information. He first uses a symmetric encryption algorithm to encrypt index and asymmetric encryption algorithm to encrypt documents. Then DO uploads part of the keyword information to ES and uploads the encrypted index and ciphertext to CS.(2)Step 2 (user authorization). Whenever a new authorized user DU joins the system, the DO generates the query key and the reencryption key. DO sends the query key to DU and the reencryption key to the ES near the DU.(3)Step 3 (search keyword). DU generates a query trapdoor containing the keyword. The query trapdoor is sent to the ES, and then the ES generates the trapdoor for search and sends it to the CS. CS decrypts the encrypted index from the search trapdoor to get the relevant document identifier and then obtains the required ciphertext from the searched file identifier. Finally, the CS sends the searched ciphertext to the ES near the DU.(4)Step 4 (reencryption). After obtaining the matching ciphertext, the ES finds the stored reencryption key of the target user and reencrypts the ciphertext. Finally, the reencrypted ciphertext that the DU has the ability to decrypt is generated and sent to the DU.(5)Step 5 (decryption). DU uses its private key to decrypt.

The basic framework of the FSSE scheme based on the edge-cloud architecture in P2P network EMFSSE is as follows:(1): it takes security parameters as input and outputs public parameters .(2): enter the public parameter , and the ES and the DO generate the required key, respectively. Specifically, the ES generates its public/private key. The DO generates its public/private key, secret key of encryption index , and keyword encryption key .(3): this operation is performed by the DO. It inputs public parameters , ciphertext , document identifier , key set related to the document, and keyword status map and outputs index information table , encrypted index set , and ciphertext and updates the map .(4): when a new data user joins the system, first, his/her own public/private key is generated. Then, DO authorizes the added user, inputs the public parameters, and generates the query key , query-related information , and reencryption key for the new user DU. Finally, is sent to the ES and is sent to the DU.(5): the DU takes public parameters , its query key , and query keyword as input and outputs the trapdoor of .(6): this operation is performed by ES and CS in cooperation. ES inputs public parameters , trapdoor , and index information table , outputs query token , and sends it to the CS. The CS inputs encrypted index tree , encrypts database , and finally outputs ciphertext set .(7): the ES inputs reencryption key and ciphertext set and outputs reencrypted ciphertext set .(8): the operation is performed by the DU, which inputs the key and the reencrypted ciphertext set and outputs the plaintext corresponding to each ciphertext in .

5. Scheme Construction

This section describes the structure of the scheme EMFSSE in detail.

5.1. System Initialization Phase

: taking security parameters and as input, the algorithm generates bilinear mapping , where and are two cyclic groups of order . Then, it randomly chooses , calculates , and lets ; meanwhile, it selects some secure hash functions , , , and and selects one-way permutation functions and . Finally, the DO initializes an empty map that stores its state, the ES initializes the empty index information table , and the CS initializes an empty index tree . Publish public parameters .

5.2. Key Generation Phase

: it inputs the public parameters .(1)Step 1: the ES randomly selects and generates private key and public key .(2)Step 2: the DO randomly selects , respectively, generates private key and public key , respectively, selects key of encryption index, and randomly selects key of encryption key .

5.3. Update Phase

: when a new file is added, the DO input public parameters. , file , operator (, resp., for add or delete operation), file identifier , the file related keyword set , and DO’s status , and then do operations as follows:(1)Step 1 (documents encryption): the DO randomly selects and generates ciphertext .(2)Step 2 (index encryption): the DO initializes an empty set and a table . For each keyword , DO first encrypts it to get and then uses function (as shown in Table 2) to calculate the identifier and key of the block currently indexed by keyword , . Then, DO makes , , and and generates the identifier and key of the new block . Finally, DO calculates the block key , encrypts the index block with it , stores the index information in the table indexed by , where , and stores the block in the set .(a)The algorithm finally outputs index information table , ciphertext , and encrypted index set . The table is sent to the ES which stores its contents in an index information table. The ciphertext and set are sent to the CS which stores in the encrypted database and inserts the blocks into the encrypted index tree .

5.4. Authorization Phase

: input the public parameter ; the algorithm is completed by the new user DU and DO in order.(1)Step 1: when a new user DU joins the system, it randomly selects to generate a private key and a public key . Then, publish public key, indicating that a new user has joined the system.(2)Step 2: the new user DU sends his public key to DO and then is authorized by DO to access the data. The DO randomly selects as the query key, calculates , and generates the proxy reencryption key of DU.

5.5. Trapdoor Generation Phase

: the DU inputs the public parameter , the query key , and the query keyword , then generates the query trapdoor , and sends it to ES.

5.6. Search Phase

: the algorithm is completed by the cooperation of ES and CS.(1)Step 1: input the query trapdoor and the encrypted keyword status table , and the ES generates , then queries the table to get the search trapdoor , and sends the search trapdoor to the CS.(2)Step 2: taking the search trapdoor , index tree , and encryption database as input, the CS first initializes the empty sets and and sets . Then, CS finds the latest block by trapdoor , calculates the block key , decrypts the block with , and obtains , where . And the CS stores in (merges the same in according to ), sets and , and repeats the above process until and . Finally, CS finds the corresponding encrypted data in by , stores in , and sends the search result to the ES.

5.7. Reencryption Phase

: the ES finds the reencryption key corresponding to the DU, inputs it and set , and initializes an empty set . For each , the ES reencrypts it to get reencrypted ciphertext , stores the new ciphertext in , and then sends to the DU.

5.8. Decryption Phase

: inputting reencrypted ciphertext and private key , DU decrypts each to get all the required ciphertext . The algorithm can get the final plaintext files .

6. Security Proof

In this section, some important design objectives mentioned in Section 3 will be proved. Specifically, we will prove that the scheme can provide correctness, confidentiality, and forward security.

6.1. Correctness

An example is given to prove the correctness of the scheme. Suppose that there are files with keyword , and their corresponding file identifiers are .

Firstly, plaintext and index information are encrypted, respectively. We randomly select , generate ciphertexts and , and generate encrypted keyword information . We also generate index blocks and and store the client status (initialization value is −1) at this moment and encrypted keyword information list .

Secondly, we search for the file containing the keyword . The query token of is generated , the encrypted keyword information is generated from the query token , and then the search token is obtained from the query table . Through token , we find block in the index. Then, we generate the decryption secret key of and do XOR operation to get the value of , where , which contains the information of and the information of the previous index block . Similarly, we get and decrypt it to get and previous index block information and then terminate the search. Through , we can find the corresponding ciphertext . In this scheme, the ES is required to reencrypt the ciphertext, and the DU can decrypt it. Taking as an example, we first generate the reencryption key , then use it to encrypt the ciphertext, and get the reencrypted ciphertext , where , and the final ciphertext form is .

Finally, we decrypt the final reencrypted ciphertext: .

To sum up, the scheme is correct.

6.2. Confidentiality

The EMFSSE scheme is proved to be secure according to the following theorem.

Theorem 1. In the process of reencryption, the EMFSSE scheme is CPA secure based on the DBDH assumption. Specifically, let be the adversary of attacking EMFSSE scheme with advantage in CPA game, and then there is an adversary who at least solves DBDH assumption with advantage.

Proof. randomly selects five tuples as input. The goal of is to determine whether is random value or by playing the following game with adversary , where .(1): randomly select , set , and return . Run randomly select , set and , and return .(2): first performs polynomial private times key extraction query. When receiving the query from , replies as follows:(a): return the private key of ES .(b): select randomly.(i)If guesses that it is the target user for this guess, that is, , then calculate and , hide information , and return .(ii)Otherwise, , calculate and , hide information , and return . : randomly select , let and , and return . , and generate and , respectively; runs and returns reencryption key .(3): when decides to complete , it constructs two equal-length messages and public key and sends them to . performs the following operations:(i)If , outputs random string and terminates.(ii)Otherwise, randomly selects a value and constructs a ciphertext for the challenge, where , , and , and hides information . Supposing that does queries at most times, then in , the probability that guesses the right is at least .(4). answers ’s question, just like in . outputs its guess . If , outputs 1; otherwise, it outputs 0; then the advantage of in solving the DBDH problem is at least . The proof is complete.

6.3. Forward Privacy

We refer to the form in the scheme [17] to prove the forward privacy of our scheme. The following is a simplified analysis:

Define as the history of the keyword which lists all the modifications to the over a period of time. is the pseudorandom function controlled by the key, inputs bit string and key , and outputs bit string. are secure hash functions defined on random oracle model.

Theorem 2. of EMFSSE scheme. The leakage function is defined. If and , EMFSSE is an -adaptive security scheme with forward security.

Proof. Set security parameters and . Here, we use indistinguishable games derived from the real world to prove the theorem.(1)Game : is an SSE security game in the real world. The relationship between the two can be expressed as .(2)Game : uses random selection instead of calling to generate keys and which are used for generating and in . When a new index is added, the keys and are randomly selected and added to the key table . The next time someone asks for the keyword , it checks the table first. If there is a corresponding key in the table, the stored key is called directly; if not, randomly select the keys and and store them in the table. Thus, a reduction is established to distinguish from real random functions. That is, there are effective adversaries , .(3)Game : and have consistent behavior. Except for some inconsistent results of random oracle requests in , the inconsistent time is recorded as . Because the random string of is generated in the update operation and updated in the search protocol, there is a time difference . If the adversary asks before searching, randomly selects to return to the adversary according to the properties of random oracle. After this request, is programmed to .(a)Through the consistent transition time node , we can limit the distinguishing advantage between and : . Probability of : if and only if the adversary queries in the random oracle model with , because the output is randomly selected from , the probability of the adversary selecting the corresponding is . Suppose that a probabilistic polynomial time adversary can query with the random oracle for times at most; then we can know that is negligible; that is, .(4)Game : is similar to in that it performs the same operation on in for . The difference is the probability of . If and only if the adversary can query in a random oracle model with correct input, the generated string length is , respectively. So the probability of the adversary choosing the right output value is , , and , respectively. Assuming that a probabilistic polynomial time adversary can perform queries at most with a random oracle, then , and are all negligible; that is, .(5)Game : is similar to , but it removes information unrelated to hash functions ; that is, it is a single round trip protocol. Therefore, in the random oracle model, and cannot be distinguished; that is, .(6)Simulator : The code in is divided into two parts: leak function and simulator. In , the status of the block is stored, which means that when the time is , the values in tables , , and are , , and , respectively, and their essence is random string. The simulator uses the counter instead of the keyword . Its initial value is 0, and the value is increased by 1 every time the update operation is performed. The new value is stored in tables , , and . In the view of adversary , the update protocol only outputs three random strings, while the search protocol outputs the same number of random strings (, , and , resp.). So we get the equation . Conclusion: According to the above games and simulator and hash functions , the following formula can be obtained: .

7. Comparisons and Evaluation

In this section, the proposed scheme is compared with other schemes. And then, we implement the EMFSSE scheme and evaluate its performance.

7.1. Comparisons

Table 3 shows the differences in theoretical computation cost and other functions between EMRF and other schemes (Bost [12] scheme, Chen et al. [21] scheme, and Wang et al. [15] scheme). is the number of indexes containing the keyword ; and represent the multiplication in groups and , respectively; is a bilinear pair; represents secure map-to-point operation; means the secure hash function; represents trapdoor function and its inverse operation (public key primitives, such as RSA), respectively; represents a pair of pseudorandom permutations (such as AES or DES).

As shown in Table 3, compared with other relevant schemes, the proposed scheme has better performance. For all schemes, in the update phase, the computational complexity is linearly related to the number of indexes . Among them, the Bost scheme of [12] has a major flaw that it does public key operation for times. Because of its slow encryption, the scheme is limited in large data sets. The computational complexity of Wang’s scheme is . Among them, operation takes a lot of time, but it is independent of index. This scheme calls once for each index, which leads to relatively high consumption. The computational complexity of Chen’s scheme and our scheme is and , respectively. The operation related to the index number is only the hash function, so it is more efficient than the previous two schemes. However, it is worth noting that Chen’s scheme uses map-to-point operation with high cost. To sum up, among the four schemes, our scheme has the best update efficiency.

In the trapdoor generation phase, the complexity of each trapdoor generated by Bost’s scheme, Chen’s scheme, Wang’s scheme, and EMFSSE scheme is , , , and , respectively. Obviously, Chen’s scheme has a relatively high complexity of generating a trapdoor, while Bost’s scheme has relatively optimal complexity. Wang’s scheme and our scheme have the same complexity, which is slightly higher than Bost’s scheme, but it is a must to extend functionality and improve security. In most cases, the diminished performance is acceptable.

Similar to the update phase, the computational complexity of all schemes in the search phase is also linearly related to . In order to get each search result, Wang’s scheme requires a time-consuming bilinear mapping, and Bost’s scheme requires RSA decryption , both of them are expensive. Chen’s scheme and EMFSSE scheme only need to perform the corresponding hash function operation, which is less time-consuming. Obviously, the consumption of the EMFSSE scheme is lower.

In terms of function, compared with other schemes, the EMFSSE scheme supports forward privacy and multiuser searchable encryption, which can resist file injection attacks and extend the performance of the scheme to multiuser. In conclusion, the EMFSSE scheme has relatively good performance and low computational costs.

7.2. Evaluation

We do the experiment on the personal computer with Intel Core i5-3337 CPU and 8 GB DDR3 RAM. We use C++ to realize the core function of EMFSSE.

Specifically, we set the security parameters of bits and bits, use HMAC to implement the hash function, and choose pseudorandom permutation (CBC model, 128-bit key). And we use the 128-bit security level MIRACL CryptoSDK in [36] to calculate the efficiency of pairings and exponentials operation of bilinear pairing. The time cost of the main operation is shown in Table 4. It takes 105.77 ms to compute bilinear pairs, 34.45 ms to compute exponents in , and 8.87 ms to compute exponents in . It takes 322.4 ms to perform map-to-point operations, and the hash operation takes 0.001 ms. AES algorithm takes 0.005 ms for both encryption and decryption. The execution time of the RSA encryption/decryption algorithm took 0.189 ms and 5.896 ms, respectively.

Figures 3–5 show the approximate time costs of update algorithm, search algorithm, and token generation algorithm with different index numbers (). Update evaluation: Figure 3 shows the time-consuming comparison of updating algorithms of Bost’s scheme, Chen’s scheme, and EMRF scheme. (Wang’s scheme is not shown in the figure due to its high computational complexity.) As shown in the figure, the abscissa is datasets containing indexes, respectively, with an interval of . When the number of indexes is , the cost of Bost’s scheme, Chen’s scheme, and EMFSSE scheme is 1.91 s, 0.52 s, and 0.12 s, respectively. Bost’s scheme has a higher time consumption, Chen’s scheme and EPMF have relatively lower time consumption, and EMFSSE has the lowest. The time-consuming of all three schemes increases as the number of indexes increases. Among them, the growth rate of Bost’s scheme is the fastest, while that of Chen and EPMF schemes is low and basically flat. In general, the EMFSSE scheme has a lower time-consuming and growth trend during the update phase. Search evaluation: Figure 4 shows the time-consuming comparison of the search algorithms of Chen’s scheme and EMFSSE scheme. (Due to the large time consumption of the other two schemes, no comparison is made.) The abscissa is datasets containing indexes, respectively, with an interval of . When the number of indexes is , the cost of Chen’s scheme and EMFSSE scheme is 20 ms and 10 ms, respectively. Similar to the update algorithm, the time consumption of the search algorithm also increases with the number of indexes, and the EMFSSE scheme is better than Chen’s scheme in both time-consuming and growth trends. Token generation evaluation: Figure 5 shows the time-consuming comparison of Bost’s scheme, Chen’s scheme, Wang’s scheme, and EMFSSE scheme in a single trapdoor generation algorithm. Chen’s scheme needs to do a map-to-point operation, so it is high time-consuming and inefficient. EMFSSE scheme consumes 140.222 ms to generate one trapdoor, but it is worth noting that EMFSSE transfers part of the operation of generating trapdoor to the edge platform, which saves about 75% of the computational costs of the user client. That is to say, the time consumed to generate trapdoor at the DU side is 34.451 ms, which is the same as Wang’s scheme. Moreover, compared with the EMFSSE scheme, Wang’s scheme can neither support data transmission between multiple users nor meet forward security. In addition, the time EMFSSE scheme consumes is significantly longer than that of Bost’s scheme, which only uses the hash function once to generate a trapdoor. But we think that it is necessary to construct a multiuser searchable scheme.

In order to show the advantages of the EMFSSE scheme obtained by using edge computing, EMFSSE is compared with Wang’s scheme that also uses edge computing, and the proposed scheme that does not use edge computing. Figure 6 shows the comparison of various schemes for generating a ciphertext. Firstly, the overall time of generating one ciphertext of the EMFSSE scheme is quicker than that of Wang’s scheme. Secondly, after using edge computing, the client efficiency of Wang’s scheme and the EMFSSE scheme are significantly improved compared to their corresponding schemes without using edge computing. Wang’s scheme saves about 57.6% of the client’s computing cost, and EMFSSE saves about 92% of the computing cost. As far as we know, in the real environment, edge computing will have better computing efficiency than personal computers, so in the real situation, the computing time of the ES side will be less than our experimental results.

The results show that the EMFSSE scheme has good computational efficiency and security.

8. Conclusion

In this paper, we construct a forward secure searchable encryption scheme supporting multiuser in the P2P network environment. We extend the traditional single-user scheme to multiuser to meet the application requirements of the P2P network environment. And the proxy reencryption technique is used to improve the multiuser scheme. Through reencrypting the searched ciphertext by the proxy party (edge platform), the data user can decrypt the ciphertext with his own private key to avoid direct transmission of the decryption key. In addition, this scheme also uses edge-cloud architecture to replace only-cloud computing and transfers part of the computing to the edge platform, realizing the lightweight computing of this scheme. In terms of security, this scheme satisfies CPA security based on the DBDH assumption in the ciphertext generation process and forward privacy in the index generation process. Theoretical and practical performance analyses show that, compared with the related schemes, this scheme has relatively better efficiency in update operation, search operation, and trapdoor generation operation, and our scheme rarely implements forward security that supports multiuser. In addition, this scheme saves the user’s consumption in different degrees in the encryption process or in the token generation process. In the future, we will carry out researches on how to optimize the performance of multiuser searchable encryption scheme by using an attribute-based encryption method.

Data Availability

The data used to support the findings of this study are included within this article.

Conflicts of Interest

The authors declare there are no conflicts of interest regarding the publication of this paper.

Acknowledgments

This work was supported by the Research Foundation of Young Core Instructor in Henan Province under Grant 2018GGJS058.

References

N. N. Alleema and D. S. Kumar, “Volunteer nodes of ant colony optimization routing for minimizing delay in peer to peer MANETs,” Peer-to-Peer Networking and Applications, vol. 13, no. 2, pp. 590–600, 2020.
View at: Publisher Site | Google Scholar
X. Meng and Y. Deng, “A time-aware resource search strategy with the ant colony optimization in MANETs,” Peer-to-Peer Networking and Applications, vol. 12, no. 5, pp. 1013–1027, 2019.
View at: Publisher Site | Google Scholar
S. Zhou, T. Zhang, and X. Meng, “iForest: an informed resource search strategy in mobile P2P networks,” Peer-to-Peer Networking and Applications, vol. 14, no. 5, pp. 1889–1904, 2021.
View at: Publisher Site | Google Scholar
X. Li, M. Zhao, M. Zeng et al., “Hardware impaired ambient backscatter NOMA systems: reliability and security,” IEEE Transactions on Communications, vol. 69, no. 4, pp. 2723–2736, 2021.
View at: Publisher Site | Google Scholar
X. Li, Q. Wang, M. Liu et al., “Cooperative wireless-powered NOMA relaying for B5G IoT networks with hardware impairments and channel estimation errors,” IEEE Internet of Things Journal, vol. 8, no. 7, pp. 5453–5467, 2021.
View at: Publisher Site | Google Scholar
X. Wang, L. T. Yang, D. Meng, M. Dong, K. Ota, and H. Wang, “Multi-UAV cooperative localization for marine targets based on weighted subspace fitting in SAGIN environment,” IEEE Internet of Things Journal, p. 1, 2021.
View at: Publisher Site | Google Scholar
G. D. Gonalves, I. Drago, A. B. Vieira, A. P. Couto da Silva, and J. Marques de Almeida, “A study of costs and benefits of content sharing in personal cloud storage,” Journal of Network and Systems Management, vol. 29, no. 3, 2021.
View at: Publisher Site | Google Scholar
H. Wang, L. Xu, Z. Yan, and T. A. Gulliver, “Low-complexity MIMO-FBMC sparse channel parameter estimation for industrial big data communications,” IEEE Transactions on Industrial Informatics, vol. 17, no. 5, pp. 3422–3430, 2021.
View at: Publisher Site | Google Scholar
H. Teruo, Y. Hirozumi, H. Akihito, U. Akira, and Y. Keiichi, “Edge computing and IoT based research for building safe smart cities resistant to disasters,” in Proceedings of the IEEE 37th International Conference on Distributed Computing Systems, Atlanta, GA, USA, June 2017.
View at: Publisher Site | Google Scholar
J. Zhong and X. Xiong, “Data security storage method for power distribution Internet of things in cyber-physical energy systems,” Wireless Communications and Mobile Computing, vol. 2021, no. 1, Article ID 6694729, 15 pages, 2021.
View at: Publisher Site | Google Scholar
H. Zhong, Y. Zhou, Q. Zhang, Y. Xu, and J. Cui, “An efficient and outsourcing-supported attribute-based access control scheme for edge-enabled smart healthcare,” Future Generation Computer Systems, vol. 115, pp. 486–496, 2021.
View at: Publisher Site | Google Scholar
R. Bost, “∑oφoς: forward secure searchable encryption,” in Proceedings of the ACM Sigsac Conference on Computer & Communications Security, ACM, Vienna, Austria, October 2016.
View at: Google Scholar
Q. Wang, G. Yu, H. Huang, and X. Jia, Multi-User Forward Secure Dynamic Searchable Symmetric Encryption, Springer, Cham, Switzerland, 2018.
B. Lu, J. Zhou, and Z. Cao, “A multi-user forward secure dynamic symmetric searchable encryption with enhanced security,” Journal of Computer Research and Development, vol. 57, no. 10, pp. 2104–2116, 2020.
View at: Publisher Site | Google Scholar
W. Wang, P. Xu, D. Liu et al., “Lightweighted secure searching over public-key ciphertexts for edge-cloud assisted industrial IoT devices,” IEEE Transactions on Industrial Informatics, vol. 16, no. 6, pp. 4221–4230, 2020.
View at: Google Scholar
Y.-C. Chang and M. Mitzenmacher, “Privacy preserving keyword searches on remote encrypted data,” in Proceedings of the International Conference on Applied Cryptography and Network Security, Springer, New York, NY, USA, June 2005.
View at: Publisher Site | Google Scholar
E. Stefanov, C. Papamanthou, and E. Shi, “Practical dynamic searchable encryption with small leakage,” in Proceedings of the network and distributed system security symposium, NDSS, San Diego, CA, USA, February 2014.
View at: Publisher Site | Google Scholar
Y. Wei, S. Lv, X. Guo, Z. Liu, Y. Huang, and B. Li, “FSSE: forward secure searchable encryption with keyed-block chains,” Information Sciences, vol. 500, pp. 113–126, 2019.
View at: Publisher Site | Google Scholar
J. Li, Y. Huang, Y. Wei et al., “Searchable symmetric encryption with forward search privacy,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 1, pp. 460–474, 2021.
View at: Publisher Site | Google Scholar
X. Song, C. Dong, D. Yuan, Q. Xu, and M. Zhao, “Forward private searchable symmetric encryption with optimized I/O efficiency,” IEEE Transactions on Dependable and Secure Computing, vol. 17, no. 5, pp. 912–927, 2020.
View at: Publisher Site | Google Scholar
B. Chen, L. Wu, H. Wang, L. Zhou, and D. He, “A blockchain-based searchable public-key encryption with forward and backward privacy for cloud-assisted vehicular social networks,” IEEE Transactions on Vehicular Technology, vol. 69, no. 6, pp. 5813–5825, 2020.
View at: Publisher Site | Google Scholar
H. Wang, K. Fan, H. Li, and Y. Yang, “A dynamic and verifiable multi-keyword ranked search scheme in the P2P networking environment,” Peer-to-Peer Networking and Applications, vol. 13, no. 16, pp. 2342–2355, 2020.
View at: Publisher Site | Google Scholar
J. Ren, Y. He, G. Yu, and G. Y. Li, “Joint communication and computation resource allocation for cloud-edge collaborative system,” in Proceedings of the 2019 IEEE Wireless Communications and Networking Conference (WCNC), IEEE, Marrakesh, Morocco, April 2019.
View at: Publisher Site | Google Scholar
H. Zhang, S. Chen, P. Zou, G. Xiong, H. Zhao, and Y. Zhang, “Research and application of industrial equipment management service system based on cloud-edge collaboration,” in Proceedings of the 2019 Chinese automation congress (CAC), IEEE, Hangzhou, China, November 2019.
View at: Publisher Site | Google Scholar
M. B. Mollah, M. A. K. Azad, and A. Vasilakos, “Secure data sharing and searching at the edge of cloud-assisted Internet of things,” IEEE Cloud Computing, vol. 4, no. 1, pp. 34–42, 2017.
View at: Publisher Site | Google Scholar
M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic proxy cryptography,” Advances in Cryptology — EUROCRYPT’98, vol. 1403, Springer, NY, USA, 1998, Lecture Notes in Computer Science.
View at: Publisher Site | Google Scholar
L. Xu, X. Wu, and X. Zhang, “A certificateless proxy re-encryption scheme for secure data sharing with public cloud,” in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ACM, Seoul, South Korea, May 2012.
View at: Google Scholar
O. Blazy, X. Bultel, and P. Lafourcade, “Two secure anonymous proxy based data storages,” in Proceedings of the SECRYPT, Lieusaint, France, July 2016.
View at: Publisher Site | Google Scholar
C. Zuo, J. Shao, J. K. Liu, G. Wei, and Y. Ling, “Fine-grained two-factor protection mechanism for data sharing in cloud storage,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 1, pp. 186–196, 2018.
View at: Publisher Site | Google Scholar
G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-encryption schemes with applications to secure distributed storage,” in Proceedings of the Network and Distributed System Security Symposium,NDSS, San Diego, CA, USA, February 2005.
View at: Google Scholar
H. Guo, Z. Zhang, and J. Xu, “Non-transferable proxy re-encryption,” The Computer Journal, vol. 62, no. 4, pp. 490–506, 2019.
View at: Google Scholar
H. Guo, Z. Zhang, J. Xu, N. An, and X. Lan, “Accountable proxy re-encryption for secure data sharing,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 1, pp. 145–159, 2021.
View at: Publisher Site | Google Scholar
A. Lysyanskaya, S. Micali, L. Reyzin, and H. Shacham, “Sequential aggregate signatures from trapdoor permutations,” in Proceedings of the Advances in Cryptology-EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004.
View at: Google Scholar
D. Boneh and X. Boyen, “Efficient selective-ID secure identity-based encryption without random oracles,” in Advances in Cryptology EUROCRYPT 2004, Springer, NY, USA, 2004.
View at: Publisher Site | Google Scholar
B. Waters, “Efficient identity-based encryption without random oracles,” Advances in Cryptology – EUROCRYPT 2005, Springer, Berlin, Germany, vol. 3494, pp. 114–127, Lecture Notes in Computer Science.
View at: Google Scholar
J. Zhang, Z. Zhang, and Y. Chen, “PRE: stronger security notions and efficient construction with non-interactive opening,” Theoretical Computer Science, vol. 542, pp. 1–16, 2014.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Yongli Tang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

303

Downloads

596

Citations

Mobile Information Systems

Artificial Intelligence for Next-Generation Wireless Networks

Edge-Cloud-Assisted Multiuser Forward Secure Searchable Encryption (EMFSSE) Scheme in the P2P Networking Environment

Abstract

1. Introduction

1.1. Contribution

1.2. Organization

2. Related Work

2.1. Forward Secure Searchable Encryption (FSSE)

2.2. Edge-Cloud Architecture

2.3. Proxy Reencryption

3. Preliminaries

3.1. Notations

3.2. Cryptography Materials

3.2.1. Trapdoor One-Way Permutation Technique

3.2.2. Bilinear Pairing

3.2.3. Decisional Bilinear Diffie–Hellman (DBDH) Assumption

3.2.4. Forward Privacy Security

3.2.5. Binary Index Tree

4. System Design

4.1. Design Goals

4.2. System Model

5. Scheme Construction

5.1. System Initialization Phase

5.2. Key Generation Phase

5.3. Update Phase

5.4. Authorization Phase

5.5. Trapdoor Generation Phase

5.6. Search Phase

5.7. Reencryption Phase

5.8. Decryption Phase

6. Security Proof

6.1. Correctness

6.2. Confidentiality

6.3. Forward Privacy

7. Comparisons and Evaluation

7.1. Comparisons

7.2. Evaluation

8. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright