Method and system of performing a fine-grained searchable encryption for resource-constrained devices in m-health network

Patent AU2021102049A4

Introduction

The present disclosure relates to an existing attribute-based keyword search method with constant-size secret keys and ciphertexts. The method consists of a system and the system comprises of a trusted authority (TA), a data owner, a data use, and a cloud server. The present disclosure proposes a searchable encryption scheme based on ABE in which access control is used to determine the searching capability of a user. The scheme provides constant size for the user's secret key and ciphertext of the keyword. The scheme supports fast search as the number of pairing operations are constant. The scheme used a ciphertext-policy (CP) design framework and supports an AND gate access structure. Further, the proposed CP-ABKS scheme is secure in the selective security model under augmented multi-sequence of exponents decisional Diffie Hellman assumption. 19 04C ra o .5 Sx I IL 1

FIELD OF THE INVENTION

The present disclosure relates to an attribute-based keyword search method with constant-size secret keys and ciphertexts and system thereof.

BACKGROUND OF THE INVENTION

The concept of m-Health is inspired by e-Health, which uses the Internet for healthcare practice. It is a sub-segment of e-Health and uses e-Health as its backbone. In m-Health, mobile devices are used for i) collecting health-related data, ii) storing them on the servers administered by healthcare providers and iii) delivering the information to the medical practitioners, researchers, and patients by performing the keyword-based search depending on the access rights of the particular individual. As health data is sensitive in nature and third party healthcare providers are potentially untrusted, there is a risk of data being compromised by an insider or an outsider. Therefore, the data needs to be stored in an encrypted form. However, there are several drawbacks to encrypting data. Encryption limits the user's ability to share the data and also inhibits the fundamental search operation over it.

In order to solve these problems, the concept of Attribute-Based Encryption (ABE) and Searchable Encryption (SE) comes into play. The combination of these two techniques leads to an attribute-based searchable encryption (ABSE) technique, which enables fine-grained search in the multi-user setting. The resulting technique is suitable where there is no constraint on the availability of resources because searching over encrypted data is itself a computationally intensive task, and if the fine-grained search is performed, it further increases the complexity, which makes it unsuitable for devices which have limited resources like battery life and memory.

However, in the present scenario, with the advent of mobile cloud computing, mobile devices have turned into essential computing gadgets for most of people. Therefore, the existing cryptographic solutions for searching over encrypted data using attribute-based encryption may not fit owing to their high computational complexity. So, the technique which is suitable for mobile devices should produce constant-size secret keys and ciphertexts, which is our primary contribution. The benefit of having constant-size secret keys and ciphertexts is two-fold; first, it reduces the computational cost significantly and second, it saves bandwidth of transmission channel.

In one of the existing solutions, first searchable encryption scheme in the public-key setting was proposed, which enables keyword search over encrypted data without disclosing any information about the keyword being searched. But, this technique is suitable only for searching over a small number of keywords and is not applicable in the scenario where multiple data owners share their data with multiple users.

To support the multi-user scenario, there arises a need for such a scheme which can enable fine-grained searching. So, the answer to this problem is to use the Attribute-Based Encryption scheme to construct the SE scheme where access policy is used to determine who can perform the search. In the first attribute-based keyword search (ABKS), the verifiability feature is also added to the basic fine-grained searching, through which one can verify the search result returned by the cloud server. Later, another scheme was proposed in addition to the verifiability of search result, they provided support for efficient user revocation. But, both schemes have the secret key size, the ciphertext size, and the numbers of pairing operations in search are proportional to the number of attributes, hence making them computationally expensive and thus unsuitable for resource constrained mobile devices. An idea was proposed to reduce this computational burden which increases linearly with number of attributes which outsource these heavy computational tasks to the cloud server, despite the fact that it reduces the computational burden on mobile devices but at the price of an increased communication cost. Consequently, a searchable encryption scheme was proposed where the main feature was anonymity and support for dynamic policy, respectively. But, the above-defined parameters were again proportional to the number of attributes. In the Dynamic Attribute-Based Keyword Search (DABKS) scheme, the task of updating the policy was delegated to the cloud server. Hence they had contributed towards reducing some overhead. At the same time an ABKS scheme was proposed that supported fast keyword search because of the constant number of pairing operations,but the size of the ciphertext and the secret key was proportional to the number of attributes. The main focus of a proposed paper was on improving the security of the ABKS scheme against keyword guessing attack (KGA) in addition to security against chosen keyword attack (CKA). An ABKS scheme was proposed, where the accuracy of the search result can be verified and also supported user revocation. All the above features, although enhance the functionality of searchable encryption but contribute a little towards reducing the computational complexity. An attribute based searchable encryption schemes, based on the key-policy design framework was proposed, where the focus is on reducing the computational complexity. The scheme generates constant size user secret key, trapdoor. It also has a constant number of pairing operations, which in other schemes mentioned above typically varies with the number of attributes associated with them. In addition, it efficiently supports user revocation where the computationally intensive tasks are delegated to the cloud server. An ABE scheme was proposed that supports frequent changes in the access tree, and hence it is named as dynamic policy ABE. This scheme generates secret keys of the constant size. From the proposed dynamic policy ABE scheme, the authors then presented a multi-keyword search scheme which inherits all the features of the proposed ABE scheme. Therefore, it provides constant size trapdoor and support for the fast search. Another two attribute-based searchable encryption (ABSE) schemes were proposed. The focus of one of these schemes is to incorporate secret key accountability which is a useful feature in any key-policy based ABSE scheme. In one of the existing solution efforts have been made to break the most common assumption of monotonic access structure, the proposed scheme can handle any non monotonic access structure which consists of AND, OR, NOT, and threshold gates. The features introduced in these schemes were indeed prominent. However, they have not taken optimization of computational cost into consideration.

An attribute-based keyword search scheme was proposed with its application in the e Health cloud. Later, a new attribute-based search scheme was proposed, which supports the multi-keyword search for personal health record in the multi-owner setting. At the same time, a fine-grained search using attribute-based encryption for e-Healthcare clouds was proposed. A survey of searchable encryption schemes used in healthcare clouds was given and a comparative analysis of all such schemes was performed based on their functionality, efficiency, and security. In the year 2018, an attribute-based search scheme was provided which has application in healthcare clouds. A searchable encryption scheme was proposed for big data-based mobile healthcare networks with the additional feature of verifiability of search result. A CP-ABE based searchable encryption scheme was proposed for the sharing of electronic health records (EHRs) with a feature of completely hiding the attributes in the access policy. Recently in 2019, two different searchable encryption schemes were proposed, for the sharing of electronic health records. A time-aware searchable encryption scheme was proposed, where a user cannot successfully execute a search query if it does not fall in the specified time range. A searchable encryption scheme was proposed based on an entirely new paradigm called the blockchain technology. The use of blockchain technology ensures the integrity and traceability of EHRs. The proposed scheme also ensures accurate search results without the need for any additional verification mechanism.In all the existing attribute-based searchable encryption schemes for healthcare networks, the size of the ciphertext and the secret key varies linearly with the number of attributes.

However, there are several drawbacks to encrypting data. Encryption limits the user's ability to share the data and also inhibits the fundamental search operation over it. Searching over encrypted data is itself a computationally intensive task, and if the fine-grained search is performed, it further increases the complexity, which makes it unsuitable for devices which have limited resources like battery life and memory. Therefore in order to avoid aforementioned drawbacks there is a need of an existing attribute-based keyword search method with constant size secret keys and ciphertexts.

SUMMARY OF THE INVENTION

The present disclosure relates to an existing attribute-based keyword search method with constant-size secret keys and ciphertexts. The present disclosure proposes a novel ABKS scheme with constant-size secret keys and ciphertexts, thus further reducing the computational cost. The present scheme uses a ciphertext-policy (CP) design framework and supports an AND gate access structure. Further, the proposed CP-ABKS scheme can be proved secure in the selective security model under augmented multi-sequence of exponent decisional Diffie-Hellman assumption. The objective of this disclosure is reducing computational complexity by making the size of the ciphertext constant in addition to the constant size secret key. ABE is taken into account to enable fine-grained searching. The considered scenario is where mobile devices are used for storing and retrieving the data. Therefore these parameters should be independent of the number of attributes so that overall cost can be reduced.

The present disclosure seeks to provide an existing attribute-based keyword search method with constant-size secret keys and ciphertexts, the method comprises: initializing system through a trusted authority (TA) by generating public parameters, master secret key, and a cloud secret using asetup technique; assigning secret key credentials to a user using KeyGen technique upon new joining of said user; calling Genndex technique to generate an index for keywords contained in a data file, and thereafter generating corresponding encrypted keywords while a data owner wants to share his/her data with other users; generating a trapdoor for specified keyword by using a Trapdoor technique and sending said generated trapdoor to said cloud server if said data user wants to search some data file that contains a specific keyword; and executing search technique on behalf of said user upon receiving of said trapdoor by said cloud server and returning search result 1/0.

The present disclosure also seeks to provide an existing attribute-based keyword search system with constant-size secret keys and ciphertexts. The system comprises: a trusted authority (TA) for initializing system by generating public parameters, master secret key, and a cloud secret using asetup technique;a data owner for outsourcing health data using computing devices to a third-party healthcare provider for sharing it with multiple users in a differential manner;a data user for retrieving health data stored by said data owner at said cloud server owned by said healthcare providers, wherein said data user generates a search trapdoor using Trapdoor technique to retrieve said health data; anda cloud server for storing encrypted health data and performing search operation on behalf of said data user.

An objective of the present disclosure is to provide an attribute-based keyword search method with constant-size secret keys and ciphertexts.

Another object of the present disclosure is toreduce the storage complexity by making the size of the ciphertext and the secret key invariable to the number of attributes.

Another object of the present disclosure is to use a ciphertext-policy (CP) design framework and supports an AND gate access structure.

Yet, another object of the present disclosure is to reduce the computational cost.

To further clarify advantages and features of the present disclosure, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which is illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying drawings.

AU2021102048A4 - Method and system of performing a fine-grained searchable encryption for resource-constrained devices in m-health network - Google Patents
The present disclosure relates to an existing attribute-based keyword search method with constant-size secret keys and ciphertexts. The method consists of a system and the system comprises of a trusted authority (TA), a data owner, a data use, and a cloud server. The present disclosure prop…