Cryptology ePrint Archive: Report 2018/1204

The Lord of the Shares: Combining Attribute-Based Encryption and Searchable Encryption for Flexible Data Sharing

Antonis Michalas

Abstract: Secure cloud storage is considered one of the most important issues that both businesses and end-users are considering before moving their private data to the cloud. Lately, we have seen some interesting approaches that are based either on the promising concept of Symmetric Searchable Encryption (SSE) or on the well-studied field of Attribute-Based Encryption (ABE). In the first case, researchers are trying to design protocols where users' data will be protected from both \textit{internal} and \textit{external} attacks without paying the necessary attention to the problem of user revocation. On the other hand, in the second case existing approaches address the problem of revocation. However, the overall efficiency of these systems is compromised since the proposed protocols are solely based on ABE schemes and the size of the produced ciphertexts and the time required to decrypt grows with the complexity of the access formula. In this paper, we propose a protocol that combines \textit{both} SSE and ABE in a way that the main advantages of each scheme are used. The proposed protocol allows users to directly search over encrypted data by using an SSE scheme while the corresponding symmetric key that is needed for the decryption is protected via a Ciphertext-Policy Attribute-Based Encryption scheme.

Category / Keywords: cryptographic protocols / Cloud Security, Storage Protection, Access Control, Policies, Attribute-Based Encryption, Symmetric Searchable Encryption, Hybrid Encryption

Original Publication (with minor differences): The 34th ACM/SIGAPP Symposium On Applied Computing (ACM SAC)
DOI:
10.1145/3297280.3297297

Date: received 14 Dec 2018

Contact author: antonis michalas at tut fi

Available format(s): PDF | BibTeX Citation

Version: 20181218:194236 (All versions of this report)

Short URL: ia.cr/2018/1204


[ Cryptology ePrint archive ]