A Multiuser Ciphertext Search Scheme Based on Blockchain and SGX

Wang, Lianhai; Liu, Fengkai; Meng, Lingyun; Shao, Wei; Xu, Shujiang; Zhang, Shuhui; Huang, Donghui

doi:https://doi.org/10.1155/2022/9062615

Security and Communication Networks

On this page

Abstract Introduction Related Works Preliminaries Analysis Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Secure Data Outsourcing in Blockchain-Based Internet of Things

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 9062615 | https://doi.org/10.1155/2022/9062615

A Multiuser Ciphertext Search Scheme Based on Blockchain and SGX

Lianhai Wang,¹Fengkai Liu,¹Lingyun Meng,¹Wei Shao,¹Shujiang Xu,¹Shuhui Zhang,¹and Donghui Huang²

Academic Editor: Yinbin Miao

Received31 Jul 2022

Accepted06 Sept 2022

Published23 Sept 2022

Abstract

To ensure the security of data, more and more users encrypt data for storage, which makes the high-efficiency ciphertext search problem in the context of cloud storage a research hotspot. Existing solutions still suffer from many vexatious problems, such as the need to maintain complex index structures and the unsatisfactory application of homomorphic schemes. To solve the above problems, this paper proposes a multiuser ciphertext search scheme based on blockchain and SGX. Our scheme uses blockchain and SGX to protect keywords and data privacy and complete decryption and keywords search of ciphertext data which does not need pregenerated indexes or preselected keywords. Second, for a multiuser scenario, a smart contract is designed to verify authorization requests and manage multiple authorized users. Finally, we give security analysis, function comparison, and performance analysis to prove the security and feasibility of our scheme. Experiments show that our scheme has effectively met practical requirements.

1. Introduction

With the rapid development of Internet of Things (IoT) technology, the amount of data generated by various applications has increased dramatically. To solve the problem of massive data storage, many enterprises and individuals choose to outsource data storage to cloud servers. Cloud storage can not only reduce local storage costs of users but also allow them to download and use the outsourced data regardless of device, access times, and geographical restrictions. However, it also brings problems such as data leakage and security risks. In 2021, data leakage incidents occurred frequently, which brought huge losses to enterprises and awakened society to the importance of data security. Therefore, privacy protection, data integrity, and sustainable services in the context of cloud storage have become major issues that cannot be ignored.

To prevent illegal data access by servers or unauthorized users, data should not be stored in plaintext. Users should encrypt data before uploading individual data to a cloud server. However, the commonly used data encryption scheme will limit the ability of the cloud server to process user access requests. In other words, the original search function of the cloud server will be invalid due to encryption, making the data retrieval a very difficult task. If a user wants to query data containing a certain keyword, he needs to download the encrypted data and then decrypt it for content search. The method is utterly inefficient since it requires extra space overhead and brings a poor experience to the user. Hence, the ciphertext search problem in the context of cloud storage has become a hot research topic in academia. In 2000, Song et al. [1] proposed a method that can perform a search on ciphertexts, namely, the symmetric searchable encryption (SSE) technology. At present, the research of SSE technology for data retrieval has been developed to a certain extent. A typical SSE model is shown in Figure 1. A user first generates the index of a file from its keywords. A specific SSE algorithm is used to encrypt the file before it is uploaded to the cloud server. To fulfill a search, a data requester sends a Trapdoor to the cloud server. The cloud server searches the ciphertext for the Trapdoor and returns the search results. However, such models cannot guarantee data security when cloud servers are dishonest or compromised (centralization problems). To solve this problem, some schemes improved the security of data cloud storage by combining blockchain technology with SSE technology.

Blockchain [2] is a distributed database that creates a fully trusted environment between unfamiliar individuals without the need for third-party trust endorsements. Moreover, blockchain combined with cryptography technology can ensure transaction traceability, irreparable modification, and nonrepudiation. It is widely used for secure data sharing and large-scale collaborative computing and has been regarded as a powerful tool to solve data security and privacy issues in the context of cloud storage. At present, some schemes [3–10] combine blockchain and SSE technology. A user first stores encrypted data in Interplanetary File System (IPFS) and then sends the generated indexes and Trapdoor to smart contracts. Smart contracts can perform keyword search operations instead of cloud servers and finally return the search results to users, avoiding the centralization problem of cloud servers. However, the existing solutions mainly focus on keyword-based search. Users need to share keyword sets and encryption keys, which leads to many restrictions on the selection of keywords for users. The risk of data leakage by direct data sharing can also not be neglected. Since the search effect depends on the correlation between keywords and files, it is difficult to meet the data retrieval requirements for ciphertext in cloud storage systems. Furthermore, in the data search phase, a large amount of on-chain overhead can be costly for smart contracts to perform search operations. We need to consider moving data search operations to the off-chain to process.

Homomorphic encryption (HE) technology is an encryption method that allows direct operation on ciphertexts [11]. Some researchers use HE technology for ciphertext retrieval research [12–17]. Users first perform homomorphic encryption on files, under the premise of effectively protecting the privacy of users' sensitive data, the cloud server is entrusted to directly perform addition and multiplication isomorphic operations on the ciphertext data, and the result is equivalent to the operation on the plaintext. However, such schemes suffer from a large computational overhead problem. Therefore, the homomorphic encryption scheme is difficult to apply in practice.

To solve the above problems, we propose a multiuser ciphertext search scheme based on blockchain and SGX. Specifically, to ensure the privacy of user data and solve the inability of smart contracts to be applied to complex computing scenarios, we combine blockchain and SGX to design a new ciphertext search model. The combination of blockchain and SGX will encounter challenges in data interaction and result traceability. But we solve the challenge of data interaction through on-chain contract storage and off-chain call acquisition. And then we record the search results on the blockchain to solve the traceability challenge of the search calculation result. In addition, for a multiuser scenario, we also design a smart contract to authorize and manage users. In summary, the main contributions of this paper are shown as follows:(1)First, we propose a multiuser ciphertext search scheme based on blockchain and SGX. In this scheme, we use blockchain and SGX to protect keywords and data privacy and complete decryption and keywords search of ciphertext data which does not need pregenerated indexes or preselected keywords.(2)Second, for a multiuser scenario, a smart contract is designed to verify user authorization requests and manage multiple authorized users.(3)Finally, we give security analysis, function comparison with other schemes, and performance analysis to prove the security and feasibility of our scheme. Experiments show that our scheme has effectively met practical requirements.

1.1. Organization

The rest of this paper is organized as follows: Section 2 introduces related works. Section 3 presents preliminaries. Section 4 describes the system model, threat model, and design goals of the scheme. Section 5 presents the specific construction and protocol of the scheme. Section 6 delivers security analysis and functional comparisons. In Section 7, we test and analyze the functionality of the scheme. Finally, Section 8 concludes the paper.

2.1. Searchable Encryption Schemes

At present, as a research hotspot in the field of cloud storage security, searchable encryption has made great progress. In 2000, Song et al. [1] proposed a symmetric searchable encryption scheme (SSE). SSE scheme [18, 19] has high encryption efficiency, but its key management is more complicated in the data sharing phase. To solve this problem, Boneh et al. [20] proposed a public key searchable encryption scheme supporting keyword search, and to narrow down the keyword search, searchable encryption schemes [21–25] supporting multiple keywords were proposed. Xia et al. [26] proposed a multikeyword sorting search scheme supporting dynamic updates. Li et al. [27] proposed a searchable encryption scheme using a fixed server to verify the user's identity in an e-mail sending and receiving environment, which improves the security requirements of the scheme. Yang et al. [28] proposed a search scheme that supports both multikey search and semantic sorting. Wang et al. [29] used each leaf node in a Merkle tree to store the MAC corresponding to the index and kept the root node as evidence locally. However, this scheme is implemented in a single-user model, which includes only two entities, the data owner and the server. Chen et al. [30] implemented forward and backward security in their scheme, but this scheme does not address the authorization problem well in a one-to-many model. The above schemes provide users with search results that satisfy the actual needs, but they fail to satisfy the needs of multiple users for data search and fail to achieve data access control. In addition, cloud encrypted data faces centralization problems such as server-side untrustworthiness and tampering of stored data.

In order to achieve multiuser access to data, in combination with attribute-based encryption (ABE), searchable encryption schemes can achieve keyword search while enabling fine-grained access control of encrypted files. Yin et al. [31] proposed a ciphertext policy attribute-based (CP-ABE) searchable encryption scheme, which has a high possibility of causing the server to return search results containing a large amount of irrelevant content and waste network bandwidth. Lin et al. [32] proposed an attribute set-based Boolean keyword search scheme, which can realize fine-grained access control and Boolean keyword search over encrypted personal health records (PHR). Zhang et al. [33] proposed a practical CP-ABE scheme, which offers users revocation and attribute update. The ciphertext size and decryption cost grow with the complexities of access policies. Mao et al. [34] gave the generic construction of Chosen-Plaintext Attack (CPA) secure CP-ABE scheme with verifiable outsourced decryption. Sun et al. [35] proposed a verifiable attribute-based ciphertext retrieval scheme, which allows multiple owners to encrypt and outsource their data to the cloud server independently. The scheme supports user attribute write-off and can verify the results returned by the server in a many-to-many scenario, but the scheme has large storage overheads. Miao et al. [36] proposed a secure multiauthority CP-ABKS (MABKS) system to avoid having performance bottleneck at a single point in cloud systems.

2.2. Searchable Encryption Schemes Based on Blockchain

With the continuous maturity of blockchain technology, some schemes have introduced blockchain technology into searchable encryption to solve the centralization problems faced by encrypted data in the cloud such as server-side untrustworthiness and tampering of stored data. Zheng et al. [37] proposed a blockchain-enabled public key encryption scheme with multikeyword search (BPKEMS), which supports file updates. Moreover, a smart contract is used to ensure the fairness of transactions between the data owner and user without introducing a third party. Chen et al. [30] proposed a public key searchable encryption scheme in Vehicle Social Network (VSN), which replaces the original cloud server with a smart contract in the blockchain. Li and Wang et al. [38, 39] studied searchable encryption in a cloud environment, and two schemes reduced the search time under a large number of keywords. Jiang et al. [3] proposed a search scheme that supported multiple keywords and reduced the computation of the scheme and improved the efficiency of the scheme. Yang et al. [4] proposed a searchable encryption scheme in a shared electronic medical record scenario. The scheme stores the ciphertext of electronic medical records in the cloud server and the keyword ciphertext in the blockchain. Zhang et al. [5] introduced a dynamic accumulator algorithm into a blockchain searchable encryption scheme to improve the cryptographic search performance of the scheme. Guo et al. [6] designed a dynamic searchable encryption scheme based on the blockchain and used smart contracts in the blockchain to implement the verifiable function. Poongodi et al. [7] used the blockchain to design a trusted architecture using encryption and hashing methods to achieve reliable keyword search. Searchable encryption schemes generally suffer from high computational and storage overhead. Xu et al. [8] proposed a postquantum public key searchable encryption scheme on blockchain (PPSEB) for E-healthcare scenarios, which utilized a lattice-based cryptographic primitive to ensure the security of the search process and introduced blockchain technology to solve the problem of third-party untrustworthiness in the search process. Fu et al. [9] and Liu et al. [10] proposed a blockchain-based searchable encryption scheme in which the blockchain is used to store secure indexes and deploy smart contracts to perform the search of ciphertext files. All the above schemes are index-based ciphertext search schemes, which can effectively protect users' data security because the search object is encrypted data. However, the semantic relationship of words is lost, and keyword search operation cannot be performed on ciphertext, so the index corresponding to encrypted data needs to be generated in advance, and a complex index structure needs to be maintained. In practical applications, users cannot search data beyond the predefined indexes and are restricted in the selection of keywords. In addition, a large amount of on-chain overhead is required in the data search phase, and a large amount of data needs to be considered to be processed off-chain.

2.3. Ciphertext Search Schemes Based on Homomorphic Encryption

In recent years, in order to improve the accuracy and security of ciphertext retrieval, HE technology has attracted the attention of many researchers. The user first performs homomorphic encryption on plaintext data. On the premise of ensuring data privacy, the cloud server is entrusted to perform homomorphic operation on ciphertext data directly, and the search result is equivalent to the operation on plaintext. In 1978, the HE scheme was first proposed by Rivest et al. [11]. In 2009, Gentry et al. [12] implemented homomorphic encryption theoretically. And then someone proposed the DGHV scheme [13] and the GSW13 scheme [14] in 2010 and 2013, where the former implemented an integer-based fully homomorphic encryption based on the approximate maximum convention number problem and the latter proposed the first identity-based homomorphic encryption scheme based on the error learning problem, to effectively guarantee the security of outsourced data and satisfy users to efficiently retrieve data stored in the cloud. In 2018, Fu et al. [15] proposed CRSHE: a new ciphertext retrieval scheme based on homomorphic encryption, which effectively solves the problems of privacy leakage of retrieved keywords and nonsupport of homomorphic encryption and improves the search efficiency and accuracy. In 2020, Han et al. [16] proposed a homomorphic encryption-based full-text retrieval scheme for cloud storage, which combines integer vector encryption technology with vector space model and is applied in full-text retrieval in third-party untrusted cloud storage. In 2021, Liu et al. [17] proposed a homomorphic encryption-based keyword search scheme in cloud servers, which has higher accuracy compared with the traditional ciphertext search scheme. Such schemes can directly perform computer on ciphertext data, but they require larger computational overhead or lower search efficiency, which is difficult to apply in practice.

3. Preliminaries

3.1. Blockchain Technology

The blockchain is a chained data structure formed by connecting multiple data blocks through a hash function, as shown in Figure 2. It realizes data verification, sharing, computing, storage, and other functions through a consensus mechanism. The blockchain provides a distributed trust ledger for each participant, and each node or user maintains and stores the same ledger to ensure that all users and nodes in the corresponding blockchain are completely consistent. A smart contract on a blockchain is an automatically running program that automatically performs some functions driven by time or events. It is a decentralized program code deployed in the blockchain to execute. Therefore, the smart contract provides programmability for the blockchain. The main high-level languages for writing smart contracts on Ethereum are Solidity, Serpent, and LLL; it is implemented by storing it compiled into bytecode.

3.2. SGX

The wide application of blockchain technology enables applications to ensure the security of data on the chain. However, in the off-chain processing of data, blockchain technology cannot guarantee its security, so off-chain data processing requires a trusted execution environment based on hardware or software.

The solution adopted in this paper is to rely on the software protection extension Software Guard Extensions (SGX) [40] launched by Intel. The SGX is an extension of the Intel instruction set architecture, which provides hardware-level security for the operation of the program, rather than based on external software. It allows the application to open up a protected and trusted executable area in the memory, called an Enclave. The Enclave provides integrity protection for the programs. If someone attempts to access the Enclave outside the safe area, he will be rejected. After the data in the Enclave is transmitted to the nonsafe area through special encryption, even if other machines get the encrypted data, encrypted data cannot be decrypted, which ensures the correctness and confidentiality of the data.

4. Problem Formulation

In this section, we describe in detail the system model, threat model, and design goals in the scheme and design a multiuser ciphertext search scheme based on blockchain and SGX.

4.1. System Model

In this scheme, the proposed system model mainly contains five entities: data owner A, data requester B, data storage DS, blockchain BC, and query node S, as illustrated in Figure 3.

4.1.1. Data Owner A

The data owner is an entity with a large amount of data but limited resources. He uses a key to encrypt personal data and upload it to the data storage. And data authorization requests and authorized users are verified and managed; different data owners allow different query nodes to perform data searches on the ciphertext.

4.1.2. Data Requester B

The data requester is the entity that requests the ciphertext data to search. When the data requester wants to search for keywords, he needs to send a data authorization request to data owner A and finally obtains the plaintext data after decryption according to the encrypted search result.

4.1.3. Data Storage DS

Data storage is a kind of platform that provides distributed storage service for data owner A. It has huge storage space and powerful computing power; however, it is not trustworthy. When uploading ciphertext data, it first verifies the integrity of the data, stores the related data after successful verification, and returns the corresponding storage hash address.

4.1.4. Blockchain BC

It is a public chain composed of data owners, data requesters, and query nodes. Anyone can join this public blockchain to view or publish transactions. It is mainly used for data storage, transaction recording, and smart contract deployment.

4.1.5. Query Node S

The query node is a registered node on the blockchain. It has its own corresponding SGX trusted execution environment and can take advantage of its own SGX trusted hardware. SGX is a trusted and independent execution environment that exists independently of an untrusted operating system, providing a safe and confidential space for private data and sensitive computing in an untrusted environment.

4.2. Threat Model

In this scheme, data request B is considered semicredited. Only after the verification of the authorization request, data request B can obtain the search permissions for encrypted data. We assume that the key storage of data owners A and data requester B is safe, not attacked by attackers, and all search tasks are performed in SGX Enclave. Secondly, external attackers steal the transmitted data transmitted through public channels and hope to read or modify the data of data owner A. In addition, if the storage data is not accessed for a long time, it may cause loss and other conditions.

4.3. Design Goals

In this scheme, our main design goals are as follows:(1)Data privacy: In this scheme, since the personal data of data owner A is very sensitive, data security protection is necessary, so in this scheme, the data is encrypted and uploaded to the data storage DS to store.(2)Storage integrity: In this scheme, the data storage DS stores the encrypted data only when the integrity of the data is verified.(3)User access control: In this solution, when data requester B wants to search the personal data of data owner A, he needs to send an authorization request to data requester A, and the search permission can only be obtained after the authorization is successful.(4)Privacy of keywords: In this scheme, due to the encrypted transmission of query keywords, other entities cannot obtain any information about keywords through the ciphertext of the keyword.

5. Our Scheme

In this subsection, we introduce the system construction and protocol of this scheme in detail. This scheme includes six phases: system initialization phase, data processing phase, data storage phase, user authorization phase, data search phase, and data decryption phase. And Table 1 gives some important notations and descriptions used in the following paper. Details are as follows.

5.1. Scheme Construction

5.1.1. System Initialization Phase

Based on the security parameters, the keys and system parameters are generated in the following ways, as follows.

We choose the secure SHA-256 hash algorithm and RSA signature algorithm , where denotes that signs . The system calls the ECC algorithm to generate the key pair and for data owner A and data requester B, respectively, and then calculates their Ethereum network addresses and . The data owner A uses the DES algorithm to generate a symmetric key , generating the Enclave key pair of the SGX corresponding to the query node. System parameters is .

5.1.2. Data Preprocessing Phase

As a registered user of the blockchain, data owner A first divides into equal-sized data (i = 1,2, …, n) and uses a symmetric key to encrypt a plaintext data collection and generate a ciphertext data collection , where the ciphertext data , and then generate a ciphertext data hash collection , where the ciphertext data hash value , and finally write search program P.

5.1.3. Data Storage Phase

Data owner A uses his own private key to sign and and to generate and send the outsourced collection to the data storage DS. After the data storage DS receives the , first, it verifies the validity of the signature r and the integrity of the ciphertext data collection . If the verification passes, store in the data storage DS, and then data storage DS returns the corresponding storage hash address . Otherwise, the verification fails, and the outsourced collection set needs to be reuploaded.

The data owner A uses the SGX remote authentication mechanism to authenticate the identity information of the SGX Enclave of the query node. After the authentication is passed, the query node obtains the search program from the data storage DS and then installs and deploys it in the Enclave. The data owner A uses the encryption key , organizes the hash value collection , and stores the hash address and other information, generates a timestamp , and finally records the txdata in the blockchain. Algorithm 1 describes the process of data owner A's data transaction txdata generation.

	Input: Session key ; A's data ; Search P;
	Output: Transaction txdata;
(1)	Encrypted Owner data and ;
(2)	Encrypted k;
(3)	Set and ;
(4)	Set ;
(5)	Set ;
(6)	Send Set to the DS and get addr;
(7)	Generate timestamp ts1;
(8)	Set txdata = {Ekey, H, addr, ts1};
(9)	Return txdata;

5.1.4. User Authorization Phase

If data requester B wants to search the ciphertext data of data owner A, he first uses private key to encrypt his public key and query keyword and then sends the data authorization request in the form of a transaction to data owner A. After the data owner A receives the data authorization request , he first uses addrb to query whether the legal user list in the smart contract contains this user. If the query is successful, it means that the data requester B can obtain the search permission; if the query fails, the data owner A then decrypts the using the data requester B's public key and then performs the Keccak-256 hash operation on the public key of the data requester B, truncates the last 20 bytes into the string , and finally calls the smart contract to matches addrb. If it returns 1, it means that the authorization request is verified, and the data owner A adds the data requester B to the list of legal users through the smart contract; if it returns 0, it means that the data requester B cannot obtain the search permission. In addition, data requester B can also be removed or revoked from the list of legal users through the smart contract.

After the verification is passed, the data owner A uses to encrypt to generate a Trapdoor and sends to the query node through the blockchain.

5.1.5. Data Search Phase

The Intel SGX extension employs two data sealing schemes: the safe zone strategy (MERNCLAVE) policy and the sealed strategy (MRSIGNER) policy. In this scheme, MRSIGNER is used to query nodes and generate public and private key pairs in the Enclave, the private key obtains key () through the MRSIGNER policy and outputs it to the nonsecure area, and the public key is explicitly output to the nonsecure area and uploaded to the chain. The query node obtains the sent by the data owner A through the blockchain and performs data decryption and keyword search operation in SGX trusted execution environment. The query node sends the final search results to the blockchain.

Specifically, the SGX trusted execution environment corresponding to the query node first performs integrity verification on the ciphertext data and executes step (1). The SGX trusted execution environment corresponding to the query node performs decryption and keyword search operations and executes steps (2)–(6). The query node sends the encrypted search result to the data requester B and executes step (7), taking the search for ciphertext data as an example. Algorithm 2 describes the process of decryption and keyword search;(1)The query node first uses the MRSIGNER policy of the corresponding SGX, decrypts to obtain , then obtains the ciphertext data and its corresponding hash value through the smart contract, regenerates the ciphertext hash value , and calculates whether and are equal to verify data integrity.(2)The SGX corresponding to the query node uses the private key to decrypt to obtain the key .(3)The SGX corresponding to the query node uses the key to decrypt the ciphertext data to obtain the plaintext data for performing the search task.(4)The SGX corresponding to the query node uses the key to decrypt to obtain the query keyword .(5)The SGX corresponding to the query node performs a search task on the plaintext data according to the query keyword . If the query is successful, the count value is incremented by 1.(6)If count is not equal to 0, use the public key of the data requester B to encrypt to generate ; else return false.(7)Finally, the query node sends the encrypted data or false to the data requester B through the blockchain.

	Input: ; ; ; count;
	Output: search result;
(1)	Set ;
(2)	if (h = ) then
(3)	Decrypt ;
(4)	Decrypt ;
(5)	Decrypt ;
(6)	Search computation with ;
(7)	if (count ! = 0) then
(8)	Encrypted ;
(9)	return ;
(10)	else
(11)	return false;

5.1.6. Data Decryption Phase

Data requester B obtains from the blockchain and decrypts using the private key to obtain the corresponding plaintext data.

5.2. Our Protocol

In this scheme, the protocol flow includes the following 11 steps, where Step 1 describes the data preprocessing phase, Steps 2–3 describe the data storage phase, Steps 4–5 describe the user authorization phase, Steps 6–8 describe the data search phase, and Step 9 describes the data decryption phase. The logical process is shown in Figure 4.

Step 1. The data owner A encrypts data with an encryption key and uploads it to the data storage DS.

Step 2. Data storage DS receives the encrypted data. If the verification passes, it returns the corresponding hash address; otherwise Step 1 needs to be performed again.

Step 3. Data owner A records hash address and encrypted key on the blockchain in the form of transactions for data sharing.

Step 4. If data requester B wants to search the encrypted data of data owner A, data requester B needs to send an authorization request to data owner A.

Step 5. Data owner A performs authorization verification and updates the legal user list after the verification is passed and uploads the Trapdoor to the blockchain.

Step 6. The query node obtains the Trapdoor, hash address, and encrypted key from the blockchain and then downloads encrypted data from the data storage DS.

Step 7. The query node performs decryption and keyword search operations of ciphertext in the SGX-based TEE.

Step 8. The query node sends the encrypted search results to the blockchain.

Step 9. Data requester B obtains the encrypted search results from the blockchain and then decrypts the search results.

6. Security and Function Analysis

6.1. Security Analysis

Since the personal data of the data owner is sensitive and private, the security of the data is of great importance in this scheme. Data security is analyzed in the following aspects.

6.1.1. Data Security

In this solution, to protect data security, the personal data of data owner A is encrypted by the key and stored in the data storage DS, and data requester B can obtain the search permission only through an authorization request. First, the data owner A uses the key to encrypt the data and store it in the data storage DS. Anyone can find the encrypted data through the storage hash address in the blockchain. To decrypt the encrypted data, the attacker must obtain the key . However, the key is only stored locally in data owner A and SGX security zone. Assuming that data owner A does not leak the private key, the attacker cannot obtain the key . Therefore, the security of the personal data of data owner A is guaranteed.

6.1.2. Signature Forgery

In this scheme, the correct storage of data is guaranteed through the basic principle of signature. The user signs the ciphertext data and uploads it to the data storage DS. When the private key of the data owner is securely stored, the attacker cannot forge the signature, so other entities cannot destroy the authenticity of the data upload by forging the signature.

6.1.3. Tamper-Proof

In the data upload storage phase, there may be malicious users tampering with the blockchain information or transaction information. In this plan, the blockchain setup is POA consensus. Each block is generated by the certification node. For the compulsory process to verify the identity, the right to generate new blocks can be obtained. Malicious nodes cannot know the private key of the credible certification nodes, and it is impossible to fake the identity of the certification node to pack the block or modify the signature of the block information. Malicious nodes are difficult to tamper with data on the blockchain and data stored on the blockchain to ensure the authenticity and accuracy of the data.

6.1.4. Data Privacy

In this solution, to ensure the privacy of the data, data owner A uses a symmetric encryption algorithm to protect personal data, and data requester B can obtain the search permission only after the authorization is successful. In addition, in the data search stage, the encrypted personal data and query keywords are read in the nonsecure area of SGX, encrypted data can only be decrypted in the secure area of SGX, and the decrypted data cannot be obtained in the nonsecure area of SGX. Finally, use the public key of data requester B to encrypt the search results in the secure area of SGX and output them in the nonsecure area of SGX. Even if other machines steal the encrypted data in the nonsecure area, the data cannot be decrypted on the personal machine. Thus, the privacy and security of the data in the data upload stage and the data search phase are guaranteed.

6.2. Function Analysis

In Table 2, we compare our scheme with existing schemes in terms of functionality and security. We can see that schemes [10, 15, 29, 30] require pregenerated indexes and do not better solve the authorized access problem. Schemes [10, 30] use smart contracts to replace cloud servers to perform search tasks, which can solve the centralization problem of cloud servers in schemes [15, 29], but schemes [10, 30] still have a high risk of data leakage and are difficult to apply to complex computing scenarios problems. Also, schemes [29, 30] are suitable for single-user scenarios. However, this scheme does not require pregenerated indexes and is suitable for multiuser scenarios. Our scheme also uses TEE to better protect user data security and perform decryption and full-text search under the SGX off-chain to solve the problem that smart contracts cannot be applied to complex computing scenarios.

7. Experiment and Analysis

In this subsection, the practicality and feasibility of this scheme will be tested and analyzed through experiments. We installed Ubuntu 20.0 on a computer with Intel(R) Core(TM) i7-9750H [email protected] GHz, 16 GB RAM, Microsoft Windows 10 operating system, and then performed simulation experiments. We use the DES symmetric encryption algorithm to encrypt the data, the blockchain part uses the Ethereum private network built by Geth, the smart contract is written in solidity language, and the search program P is written in C++. Next, we mainly tested and analyzed the implementation and gas costs of the contract and the performance of this scheme.

7.1. Implementation and Gas Costs

To discuss the feasibility of smart contract in this scheme, we implemented it on Rokeby (an Ethereum test network) where Rinkeby not only provides free funding requests but also designs a user interface for a convenient block resource manager. In addition, we employed a Google Chrome plugin (MetaMask-Chrome) to link Rinkeby in Chrome and use Remix10 to deploy and invoke smart contracts; the details of this implementation are shown below.(1)First, we used MetaMask to generate two users (data owner A and data requester B) for our test with addresses 0x5B38Da6a701c568545dCfcB03FcB875f56beddC4 and 0xAb8483F64d9C6d1EcF9b849Ae677dD3315835cb2, then switched to A's account, and requested 3 Ether from Rinkeby so that A could deploy contracts and generate data transactions, etc.(2)Then, we simulate user A. We use Rinkeby to deploy the smart contract to the blockchain and get its address (0x9D7f74d0C41E726EC95884E0e97Fa6129e3b5E99), and we also call the autuser algorithm via Remix to verify that B's authorization is passed or not.(3)Next, we simulated A updating and viewing the list of legitimate users. Update the authorized user B to Rinkeby by calling the adduser algorithm, and view the list of legal users by calling the getuser algorithm. Here getuser is designed as a view type algorithm that will not modify the state of the smart contract (therefore, there is no transaction confirmation time).(4)Finally, we also simulated that A deletes the authorized user B from the list of legitimate users. The authorized user B is removed from the legal user list by calling the deluser algorithm, where the algorithm can only be called by A.

Additionally, to test the cost in terms of transaction fees, we evaluated the gas cost of these operations (i.e., authorize, adduser, getuser, deluser). As it can be seen from Table 3, the biggest cost is to deploy a smart contract, which is about 5.0881 USD, but it only needs to be executed once. Although other operations are called repeatedly, their cost is about 1 USD (especially the cost of getuser is about 0.1709 USD), which means that A only needs to spend 0.1709 USD to view the list of legitimate users, which is an acceptable cost even if it is called repeatedly.

7.2. Performance Test and Analysis

7.2.1. Cost of Cryptographic Primitives

We use symmetric encryption algorithm to perform user encryption and SGX decryption tests on file data, respectively, and compare the average calculation time of different sizes of data. Each experiment is repeated 1000 times and the average time is calculated. The test results are shown in Figures 5 and 6. As can be seen from the figures, the average time of user encryption and SGX decryption increases gradually with the increase of data volume.

7.2.2. Search Performance

To verify the performance of this scheme in terms of search efficiency, as shown in Figure 7, we use the control variable method and the length of the keyword as 2 characters and test the average time of different numbers of keywords. The unit of time is milliseconds (ms), each experiment is repeated 1000 times, and the average time is calculated. From the curve shown in Figure 7, it can be seen that, with the increase in the number of keywords, the search time increases; this scheme only designs a simple keyword matching operation in the data search phase, which is related to the number of keywords. For encrypted data stored in the cloud environment, the search time efficiency of this scheme is reasonable.

8. Conclusion

In this paper, we propose a multiuser ciphertext search scheme which uses blockchain and SGX to protect keywords and data privacy and performs the decryption and keywords matching of ciphertext data in SGX. To fit searching in multiuser scenarios, we design a smart contract to realize user authorization and management. The security analysis, function comparison, and performance analysis prove that our scheme meets the security and privacy requirements. In the future, we will carry out further research work on multikeyword ciphertext search based on blockchain and SGX in specific scenarios.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work was supported by Shandong Provincial Key Research and Development Program (2021CXGC010107 and 2020CXGC010107) and the National Natural Science Foundation of China (62102209).

References

D. Song, D. Wagner, and A. Perrig, “Practical Techniques for Searches on Encrypted Data,” in Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 44–55, Berkeley, CA, USA, May 2000.
View at: Publisher Site | Google Scholar
R. A. Andreev, P. A. Andreeva, L. N. Krotov, and E. L. Krotova, “Review of blockchain technology: types of blockchain and their application,” Intellekt Sist Proizv, vol. 16, no. 1, pp. 11–14, 2018.
View at: Publisher Site | Google Scholar
S. Jiang, J. Cao J, J. A. McCann et al., “Privacy-preserving and efficient multi-keyword search over encrypted data on blockchain,” in Proceedings of the 2019 IEEE International Conference on Blockchain (Blockchain), pp. 405–410, IEEE, Atlanta, GA, USA, July 2019.
View at: Publisher Site | Google Scholar
X. D. Yang, T. Li, R. Liu, and M. Wang, “Blockchain-based Secure and Searchable EHR Sharing Scheme,” in Proceedings of the International Conference On Mechanical, Control And Computer Engineering (ICMCCE) 24th, pp. 822–825, Hohhot, China, October 2019.
View at: Google Scholar
Y. Zhang, J. F. Wang, and R. W. Wang, “Decentralized searchable encryption scheme based on dynamic accumulator,” Chinese Joural of Network and Information Security, vol. 5, no. 2, pp. 23–29, 2019.
View at: Google Scholar
Y. Guo, C. Zhang, and X. Jia, “Verifiable and Forward-Secure Encrypted Search Using Blockchain Techniques,” in Proceedings of the ICC 2020-2020 IEEE International Conference On Communications (ICC), pp. 1–7, IEEE, Dublin, Ireland, June 2020.
View at: Google Scholar
M. Poongodi, M. Hamdi, V. Varadarajan, B. Rawal, and M. Ma, “Building an authentic and ethical keyword search by applying decentralised (blockchain) verification,” in Proceedings of the IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 746–753, Toronto, ON, Canada, July 2020.
View at: Google Scholar
G. Xu, S. Y. Xu, Y. B. Cao et al., “PPSEB: A Postquantum Public-Key Searchable Encryption Scheme on Blockchain for E-Healthcare Scenarios,” Security and Communication Networks, vol. 2022, Article ID 3368819, 13 pages, 2022.
View at: Publisher Site | Google Scholar
S. Fu, C. Zhang, and W. Ao, “Searchable encryption scheme for multiple cloud storage using double-layer blockchain,” Concurrency and Computation: Practice and Experience, vol. 34, no. 16, 2020.
View at: Publisher Site | Google Scholar
X. R. Liu, G. J. Wang, B. W. Yan, and J. Yu, “KCB-BC-SSE: a keyword complete binary tree searchable symmetric encryption scheme using blockchain,” Procedia Computer Science, vol. 187, pp. 377–382, 2021.
View at: Publisher Site | Google Scholar
R. L. Rivest, L. Adleman, and M. L. Dertouzos, “On data banks and privacy homomorphisms,” Foundations of Secure Computation, vol. 4, no. 11, pp. 149–180, 1978.
View at: Google Scholar
C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, pp. 169–178, May 2009.
View at: Google Scholar
M. V. Dijk, C. Gentry, S. Halevi, and V. Vinod, “Fully homomorphic encryption over the integers,” in Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques 29th, French Riviera, May 2010.
View at: Google Scholar
C. Gentry, A. Sahai, and B. Waters, “Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based,” Annual International Cryptology Conference, vol. 8042, pp. 75–92, 2013.
View at: Google Scholar
W. Fu, M. Li, and H. Zhao, “CRSHE: a novel ciphertext retrieval scheme based on homomorphic encryption,” Computer Engineering and Science, vol. 40, no. 9, pp. 1540–1545, 2018.
View at: Google Scholar
B. Han, Z. Li, and Y. Tang, “Design and implementation of full text retrieval scheme based on homomorphic encryption,” Computer Engineering and Applications, vol. 56, no. 21, pp. 103–107, 2020.
View at: Google Scholar
J. S. Liu, X. Wang, and H. Wang, “Keywords retrieval based on homomorphic encryption in cloud server,” Science Technology and Engineering, vol. 21, no. 8, pp. 3180–3185, 2021.
View at: Google Scholar
D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M. C. Roşu, and M. Steiner, “Highly-scalable searchable symmetric encryption with support for boolean queries,” Advances in Cryptology, vol. 8042, pp. 353–373, 2013.
View at: Google Scholar
S. Jarecki, C. Jutla, H. Krawczyk, R. Marcel, and M. Steiner, “Outsourced symmetric private information retrieval,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, Berlin Germany, November 2013.
View at: Google Scholar
D. Boneh, G. Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryption with keyword search,” in Proceedings of the Eurocrypt 2004, pp. 506–522, Interlaken, Switzerland, May 2004.
View at: Google Scholar
P. Golle, J. Staddon, and B. Waters, “Secure conjunctive keyword search over encrypted data,” Applied Cryptography and Network Security, vol. 3089, pp. 31–45, 2004.
View at: Google Scholar
L. Ballard, S. Kamara, and F. Monrose, “Achieving efficient conjunctive keyword searches over encrypted Data,” in Proceedings of the International Conference on Information and Communications Security 7th, pp. 414–426, Beijing, China, December 2005.
View at: Google Scholar
N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, “Privacy-preserving Multi-Keyword Ranked Search over Encrypted Cloud Data,” in Proceedings of the 2011 IEEE INFOCOM, Shanghai, China, April 2011.
View at: Google Scholar
H. Hu, J. Xu, C. Ren, and B. Choi, “Processing private queries over untrusted data cloud through privacy homomorphism,” in Proceedings of the IEEE International Conference on Data Engineering 27th, pp. 601–612, Hannover, Germany, April 2011.
View at: Google Scholar
G. Salton and C. Buckley, “Term-weighting approaches in automatic text retrieval,” Information Processing & Management, vol. 24, no. 5, pp. 513–523, 1988.
View at: Publisher Site | Google Scholar
Z. Xia, X. Wang, X. Sun, and Q. Wang, “A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data,” IEEE Transactions on Parallel and Distributed Systems, vol. 27, no. 2, pp. 340–352, 2016.
View at: Publisher Site | Google Scholar
H. Li, Q. Huang, J. Shen, G. Yang, and W. Susilo, “Designated-server identity-based authenticated encryption with keyword search for encrypted emails,” Information Sciences, vol. 481, no. 8, pp. 330–343, 2019.
View at: Publisher Site | Google Scholar
Y. Yang and J. Liu, “Fast multi-keyword semantic ranked search in cloud computing,” Chinese Journal of Computers, vol. 41, no. 6, pp. 1127–1139, 2018.
View at: Google Scholar
B. Wang and X. Fan, “Lightweight verification for searchable encryption,” in Proceedings of the IEEE 17th International Conference On Trust, Security And Privacy In Computing And Communications, pp. 932–937, New York, NY, USA, August 2018.
View at: Google Scholar
B. Chen, L. Wu, H. Wang, L. Zhou, and D. He, “A blockchain-based searchable public-key encryption with forward and backward privacy for cloud-assisted vehicular social networks,” IEEE Transactions on Vehicular Technology, vol. 69, no. 6, pp. 5813–5825, 2020.
View at: Publisher Site | Google Scholar
H. Yin, J. Zhang, Y. Xiong et al., “CP-ABSE: a ciphertext-policy attribute-based searchable encryption scheme,” IEEE Access, vol. 7, pp. 5682–5694, 2019.
View at: Publisher Site | Google Scholar
Y. Li, L. L. Xu, W. H. Li et al., “Attribute Set-Based Boolean Keyword Search over Encrypted Personal Health Records,” Security and Communication Networks, vol. 2021, Article ID 9023141, 13 pages, 2021.
View at: Publisher Site | Google Scholar
P. Zhang, Z. Chen, K. Liang, S. Wang, and T. Wang, “A cloud-based access control scheme with user revocation and attribute update,” Information Security and Privacy, vol. 9722, pp. 525–540, 2016.
View at: Publisher Site | Google Scholar
X. Mao, J. Lai, Q. Mei, K. Chen, and J. Weng, “Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption,” IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 5, pp. 533–546, 2016.
View at: Publisher Site | Google Scholar
W. Sun, S. Yu, W. Lou, Y. T. Hou, and H. Li, “Protecting your right: verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud,” IEEE Transactions on Parallel and Distributed Systems, vol. 27, no. 4, pp. 1187–1198, 2016.
View at: Publisher Site | Google Scholar
Y. B. Miao, J. F. Ma, X. M. Liu, X. Li, J. Qi, and J. Zhang, “Attribute-based keyword search over hierarchical data in cloud computing,” IEEE Transactions on Parallel, vol. 19, no. 6, pp. 985–998, 2017.
View at: Google Scholar
W. C. Zheng, A. Wu, Y. F. Li, Q. Xing, and S. Geng, “Blockchain-Enabled Public Key Encryption with Multi-Keyword Search in Cloud Computing,” Security and Communication Networks, vol. 2021, Article ID 6619689, 11 pages, 2021.
View at: Publisher Site | Google Scholar
H. Li, C. Gu, Y. Chen, and W. Li, “An efficient, secure and reliable search scheme for dynamic updates with blockchain,” in Proceedings of the 2019 the 9th International Conference on Communication and Network Security, pp. 51–57, Chongqing, China, November 2019.
View at: Google Scholar
X. Q. Wang, G. X. Cheng, and Y. Xie, “Efficient verifiable key-aggregate keyword searchable encryption for data sharing in outsourcing storage,” IEEE Access, vol. 8, pp. 11732–11742, 2020.
View at: Google Scholar
W. Zheng, Y. Wu, X. X. Wu et al., “A survey of Intel SGX and its applications,” Frontiers of Computer Science, vol. 15, no. 3, Article ID 153808, 2021.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Lianhai Wang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

318

Downloads

336

Citations

Security and Communication Networks

Secure Data Outsourcing in Blockchain-Based Internet of Things

A Multiuser Ciphertext Search Scheme Based on Blockchain and SGX

Abstract

1. Introduction

1.1. Organization

2. Related Works

2.1. Searchable Encryption Schemes

2.2. Searchable Encryption Schemes Based on Blockchain

2.3. Ciphertext Search Schemes Based on Homomorphic Encryption

3. Preliminaries

3.1. Blockchain Technology

3.2. SGX

4. Problem Formulation

4.1. System Model

4.1.1. Data Owner A

4.1.2. Data Requester B

4.1.3. Data Storage DS

4.1.4. Blockchain BC

4.1.5. Query Node S

4.2. Threat Model

4.3. Design Goals

5. Our Scheme

5.1. Scheme Construction

5.1.1. System Initialization Phase

5.1.2. Data Preprocessing Phase

5.1.3. Data Storage Phase

5.1.4. User Authorization Phase

5.1.5. Data Search Phase

5.1.6. Data Decryption Phase

5.2. Our Protocol

6. Security and Function Analysis

6.1. Security Analysis

6.1.1. Data Security

6.1.2. Signature Forgery

6.1.3. Tamper-Proof

6.1.4. Data Privacy

6.2. Function Analysis

7. Experiment and Analysis

7.1. Implementation and Gas Costs

7.2. Performance Test and Analysis

7.2.1. Cost of Cryptographic Primitives

7.2.2. Search Performance

8. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright