You are on page 1of 9

Effective Approach for Searching the Keyword in Cloud by Public Key

ABSTRACT the powerful security against inside the keyword

Keyword searchable encryption is one of vastly guessing attack.

developing interest for ensuring the information Keywords: Keyword search, secure cloud
security in strong searchable distributed cloud storage, encryption, smooth projective hash
storage. In this paper, we audit the security of a function, Diffie-Hellman language.

well-known cryptographic primitive, to be INTRODUCTION

specific, public key encryption with Keyword
Searchable encryption can be recognized in
Search (PEKS) which is exceptionally
either symmetric on the other hand veered off
supportive in numerous applications of
encryption setting. Song et al. proposed keyword
distributed cloud storage. Searchable encryption
look on cipher text content, known as
demonstrated that the traditional PEKS structure
Searchable Symmetric Encryption (SSE) and in
experiences an inherent instability called inside
this manner a couple of SSE techniques were
keyword guessing attack (KGA) proposed by the
proposed for upgrades. In spite of the way that
third-party server. Searchable encryption is of
SSE techniques appreciate high capability, they
explaining energy for guaranteeing the data
experience the evil impacts of jumbled mystery
protection in secure accessible distributed
key appointment. Accurately, customers need to
storage. To refine this safety vulnerability, we
securely share mystery keys which are used for
need to implement another PEKS system named
data encryption. Else they are not prepared to
dual server public key encryption with Keyword
share the mixed data outsourced to the cloud. To
Search (DS-PEKS). As another fundamental
decide this issue, Boneh et al. exhibited a more
input, we characterize another distinction of the
adaptable primitive, to be particular Public Key
smooth projective hash functions (SPHFs)
Encryption with Keyword Search (PEKS) that
described to as linear and homomorphic SPHF
engages a customer to look for encoded data in
(LH-SPHF). We at that point demonstrate a non
the awry encryption setting. In a PEKS system,
specific development of secure Dual Server-
using the Collector's open key, the sender joins a
PEKS from direct linear homomorphic-SPHF.
few encoded keywords (allowded to as PEKS
To show the practicality of our new framework,
figure writings) with the encoded data. The
we give an proficient instantiation of the general
receiver by then sends the trapdoor of a to-be-
system from a Decision Diffie–Hellman-based
sought for keyword to the server for data
LH-SPHF and demonstrate that it can achieve
seeking. Given the trapdoor and the PEKS
cipher text content, the server can test whether
the keyword key the PEKS ciphertxt is identical exhibited a generic development of searchable
to the one accessed by the receiver. Given this is encryption from AIBE. They additionally
valid; the server sends the organizing mixed data demonstrated to send a hierarchical IBE (HIBE)
to the recipient. Regardless of being free from technique into a public key encryption with
mystery key flow, PEKS techniques encounter temporary keyword search (PETKS) where the
the ill impacts of an intrinsic instability with trapdoor is just valid in a particular time.
regard to the trapdoor catchphrase security, to be Waters demonstrated that the PEKS techniques
particular inside Keyword Guessing Assault in view of bilinear map could be connected to
(KGA). The reason provoking to such security manufacture encoded what’s more, searchable
vulnerability is, to the point that any person who examining logs.
knows recipient's open key can make the PEKS
Protected Channel Free PEKS. The first PEKS
cipher text content of self-confident keyword
Technique requires a protected channel to
himself. In specific, given a trapdoor, the
transmit the trapdoors. To overcome this
opposing server can pick a speculating
constraint, Baek et al. proposed another PEKS
catchphrase from the keyword space and after
Technique without requiring a safe channel,
that use the catchphrase to deliver PEKS cipher
which is referred to as a protected Channel Free
text content. The server at that point can test
PEKS (SCF-PEKS). The idea is to include the
whether the speculating catchphrase is the one
server's key pair into a PEKS framework. The
fundamental the trapdoor. In any case, the
keyword cipher text and trapdoor are generated
assault can be moved more beneficially against
utilizing the server's public key and
PEKS arranges since the keyword space is by
consequently just the server (assigned analyzer)
and large the same as a normal word reference
can play out the search.
(e.g., all the essential English words), which has
a considerably humbler size than a keyword Differences between existed Work and Its
dictionary (e.g., each one of the words Preliminary report
Containing 6 alphanumeric characters). It is
In this paper have already showed up as an
critical that in SSE techniques, just mystery key
extended abstract. We have modified and
holders can deliver the keyword cipher text
improved the work significantly in the following
content and from this time forward the hostile
angles. In the first phase, in the preparatory
server is not prepared to dispatch inside KGA.
work where our non generic DS-PEKS

RELATED WORK development was introduced, we appeared

neither a solid development of the linear and
Conventional PEKS: Boneh et al's., Abdalla et
homomorphism SPHF nor a practical
al. formalized mysterious IBE (AIBE) and
instantiation of the DS-PEKS system. To fill this
gap and show the feasibility of the system, in particular DS-PEKS, and present its formal
this paper, we initially demonstrate that a linear definition and security models. We at that point
and homomorphic language LDH can derive characterize another variation of smooth
from the Diffie-Hellman assumption and after projective hash work (SPHF). A generic
that develop a concrete linear and development of DS-PEKS from LH-SPHF is
homomorphism SPHF, referred to as SPHFDH, appeared with formal accuracy examination and
from LDH. security proofs. At long last, we display an
effective instantiation of DS-PEKS from SPHF.
Dual-Server Public Key Encryption with
In the primary module, we build up the
Keyword Search
framework with the roles required to provide our
A DS-PEKS technique consists of (KeyGen,
framework. 1) Cloud User: the client, who can DS-PEKS, DS-Trapdoor; FrontTest; BackTest).
be an individual or an association initially
To be more exact, the KeyGen Algorithm
putting away their information in cloud and
generates keypair (public key/private key) sets
getting to the information. Every user must be of the front and back servers rather than that of
Select with cloud server and login (username
the collector. Also, the trapdoor era generation
must be unique). Send request to Public key DS-Trapdoor characterized here is public while
generator (PKG) to make Key on the customer in the conventional PEKS definition, the
name. Scrutinize record and request Public key
algorithm Trapdoor takes as input the receiver's
to encode the data, Upload data to cloud expert private key. Such a difference is because of the
coop (CSP). Check the data from the cloud. 2) diverse structures utilized by the two
Cloud Service Provider (CSP): the CSP, who
frameworks. In the conventional PEKS, since
organizes cloud servers (CSs) and gives a paid
there is as it were one server, if the trapdoor
storage space on its foundation to clients as a algorithm is open, at that point the server can
feature. 3) Public key Generator: Get request dispatch a guessing attack against a keyword
from the customers to make the key, Store all cipher text to recover the encoded keyword.
entrees in perspective of the customer names.
Accordingly, it is difficult to achieve the
Check the username also, give the private key. semantic security as characterized in any case,
Repudiate the end customer (File Collector in as we will demonstrate later, under the DSPEKS
case they attempt to hack report in the cloud system; we can at present achieve semantic
server and un renounce the customer in the
security when the trapdoor generation algorithm
wake of reviving the private key for the
is open. Another contrast between the
comparing record in perspective of the conventional PEKS and our proposed DS-PEKS
customer). We propose a new structure, in is that the test calculation is separated into two
algorithms; FrontTest & BackTest keep running FrontTest (P,𝒔𝒌𝑭𝑺 ,𝑪𝑻𝒌𝒘𝟏 ,𝑻𝒌𝒘𝟐 ). obtains as
by two autonomous servers. This is fundamental input P, the front server’s secret key 𝒔𝒌𝑭𝑺 , the
for achieving security against keyword guessing PEKS ciphertext 𝑪𝑻𝒌𝒘𝟏 and the trapdoor 𝑻𝒌𝒘𝟐 ,
attack. In the DS-PEKS framework, after and generates the outputs are internal testing-
receiving a query from the recipient, the front state 𝑪𝑰𝑻𝑺 ;
server pre-process the trapdoor and all the PEKS BackTest (P, 𝒔𝒌𝑩𝑺 ,𝑪𝑰𝑻𝑺 ). Collects as input P,
cipher texts utilizing its private key, and the back server’s secret key 𝒔𝒌𝑩𝑺 and the
afterward sends some interior testing-states to internal testing-state 𝑪𝑰𝑻𝑺 , and generate the
the back server with the relating trapdoor and result of testing result 0 or 1;
PEKS cipher texts covered up. The back server Correctness. It is required that for any keyword
would then be able to choose which reports are 𝑘𝑤1 ; 𝑘𝑤2 , and 𝑪𝑻𝒌𝒘𝟏 DS-PEKS(P; 𝒑𝒌𝑭𝑺 ;
questioned by the collector utilizing its private 𝒑𝒌𝑩𝑺 ; 𝑘𝑤1 ), 𝑻𝒌𝒘𝟐 <- DS-Trapdoor(P; 𝒑𝒌𝑭𝑺 ;
key and they got inward testing-states from the 𝒑𝒌𝑩𝑺 ; 𝑘𝑤2 ), we have BackTest(P; 𝒔𝒌𝑩𝑺 ; 𝑪𝑰𝑻𝑺)
front server. A DS-PEKS scheme is defined by ={1 𝑘𝑤1 = 𝑘𝑤2 ;0 𝑘𝑤1 ≠ 𝑘𝑤2 :
the following algorithms:- Where 𝑪𝑰𝑻𝑺 FrontTest (P;𝒔𝒌𝑭𝑺 ; 𝑪𝑻𝒌𝒘𝟏 ; 𝑻𝒌𝒘𝟐 ):
We formalize the given security models for
Setup (𝟏𝛌 ). Collect as input the security
a DS-PEKS technique against the third-party
parameter λ, produces the system parameters P;
front and back servers, separately. One should
KeyGen (P). Takes as information the systems
take note of that both the front server and the
parameters P, and produces outputs the
back server here should be “honest but curious"
public/secret key pairs (𝒑𝒌𝑭𝑺 , 𝒔𝒌𝑭𝑺 ), and (𝒑𝒌𝑩𝑺 ,
and won't integrated with each other. More
𝒔𝒌𝑩𝑺 ) for the front server, and the back server
decisively, both the servers play out the testing
strictly following the technique procedures. In
DS − PEKS (P,𝒑𝒌𝑭𝑺 ,𝒑𝒌𝑩𝑺 ,𝒌𝒘𝟏 ). Takes as
any case, may be interested about the
input P, the front server’s public key𝒑𝒌𝑭𝑺 , the fundamental keyword. We should take note of
back server’s public key 𝒑𝒌𝑩𝑺 and the keyword that the given security models moreover infer
𝑘𝑤1 , and produces the outputs are 𝒑𝒌𝑭𝑺 cipher the security ensures against the outside attackers
text 𝑪𝑻𝒌𝒘𝟏 of 𝒌𝒘𝟏 ; which have less capacity compared with the

DS − Trapdoor (P, 𝒑𝒌𝑭𝑺 ,𝒑𝒌𝑩𝑺 , kw2). Takes servers.

as input P, the front server’s public key 𝒑𝒌𝑭𝑺 , Adversarial Front Server:
the back server’s public key 𝒑𝒌𝑩𝑺 and the
keyword 𝑘𝑤2 , and produces the outputs are After accepting the query from the receiver, the

trapdoor 𝑻𝒌𝒘𝟐 ; front server pre-forms the trapdoor and all the
PEKS cipher texts utilizing its private key, and A. Semantic-Security against Chosen
afterward sends some inner testing-states to the Keyword Attack

back server with the relating trapdoor and PEKS In the module, we build up the semantic-security
cipher texts covered up. In this phase, we against selected keyword attack which ensures
characterize the security against a third-party that no attacker is ready to recognize a keyword
front server. We present two games, specifically from another given the equivalent PEKS
semantic-security against chosen keyword attack ciphertext. That is, the PEKS ciphertext does not
and indistinguishability against keyword reveal any data about the fundamental keyword
guessing attack1 to catch the security of PEKS to any attacker.
cipher text what’s more, trapdoor, respectively.
stage, A can test any pair of PEKS cipher text
and keyword by questioning the oracle OT and
in the end output two testing keywords (kw0;
kw1) with the indication information "state".
With a randobit b 2 f0; 1g as information, the
analyze creates and after that sends the PEKS
ciphertext CT_ kw of keyword kwb to A. During
the guess stage, A can proceed with the query to

Fig.1. SS-CKA experiment for adversarial front OT lastly output its guess b0. The guess b0 is a
server. legitimate output of the test if and just if that A
has never queried OT with the challenge
Formally, we present an experiment in Figure
keywords. We refer to such an third-party front
for the SS-CKA security definition against the
server an in the above test as a SS-CKA attacker
third-party front server. In the Practical, the
and characterize its favorable position as
third-party A is given the key pair (public
key/private key) of the front server and people in
Ƒ𝑺,𝑨 (𝛌) = 𝑷𝒓 [b=𝒃′ ]-1/2
public key of the back server. In the finding
B. Indistinguishability against Keyword third-party front server. We characterize the
Guessing Attack: security experiment as appeared in given Figure.
This security show catches that the trapdoor
reveals no data about the basic keyword to the
The investigation is like that of SS-CKA test
aside from that in the challenging stage, the
third-party is given the trapdoor rather than the
PEKS cipher text. We refer to such a third-party
front server an in the above investigation as an
IND-KGA adversary and characterize its benefit

Fig.2. IND-KGA experiment for adversarial front 𝑨𝒅𝒗𝑰𝑵𝑫−𝑲𝑮𝑨

Ƒ𝑺,𝑨 (𝛌) = 𝑷𝒓 [b=𝒃′ ]-1/2

Adversarial Back Server: In this module, the 𝑨𝒅𝒗𝑺𝑺−𝑪𝑲𝑨

Ɓ𝑺,𝑨 (𝛌) = 𝑷𝒓 [b=𝒃′ ]-1/2
back server would then be able to choose which
B. Indistinguishability against Keyword
documents are questioned by the beneficiary
Guessing Attack-I
utilizing its private key and they got inner
The security show plans to capture that the
testing-states from the front server. The security
trapdoor does not reveal any data to the back
design models of SS-CKA and IND-KGA in
server and consequently is the same as that
terms of a third-party back server are similar to
against the front server aside from that the
those against a third-party front server.
adversary claims the private key of the back

A. Semantic-Security against Chosen server rather than that of the front server. Along
Keyword Attack these lines, we likewise preclude the subtle
Here the SS-CKA explore against an adversarial elements here. We refer to the third-party back
back server is the same as the one against an server an in the IND-KGA explore as an IND-
adversarial front server aside from that the KGA foe and characterize its benefit as
attacker is given the private key of the back 𝑨𝒅𝒗𝑰𝑵𝑫−𝑲𝑮𝑨
Ɓ𝑺,𝑨 (𝛌) = 𝑷𝒓 [b=𝒃′ ]-1/2
server rather than that of the front server. We
exclude the subtle elements here for C. Indistinguishability against Keyword
Guessing Attack-II.
straightforwardness. We intimate to the
In our characterized security idea of INDKGA-
adversarial back server A in the SS-CKA
II, as appeared in the given figure, it is required
experiment as a SS-CKA attacker and
that a third-party back server can't take in any
characterize its benefit as
data about the basic two keywords required in
the inward testing state.
A hub component of our development for dual
server public key encryption with keyword
search is smooth projective hash functions
(SPHF), an idea presented by Cramer and
Shoup. We begin with the first meaning of a
SPHF. An SPHF is defined based on a domain X
and a ɭƤ language ɭ, where ɭ contains a subset of

Fig.3. IND-KGA-II Experiment for adversarial the elements of the domain X, i.e., ɭ _ X.
back server.

As a matter of first importance, we should note

that both keywords required in the inward
testing state assumes a similar part paying little
mind to their initial source (i.e., from the PEKS
ciphertext or the trapdoor). Along these lines, Fig.4 Smooth Projective Hash Function
the task of the third-party is to submit the two
Officially, an SPHF mechanisms over a
fundamental keywords in the inner testing state
language ɭ _ X, onto a set Y, is described by the
all in all, rather than everyone in the starting
following five algorithms.
PEKS cipher text and the underlying trapdoor.
SPHFSetup(𝟏𝛌 ): generates the global
In this manner, it is insufficient for the third-
parameters param and the report of an ɭƤ
party to submit just two test keywords and thus
language instance L;
we require the third-party to submit three diverse
keywords in the test stage and guess which two HashKG(ɭ; param): generates a hashing key hk
keywords are picked given the test inner testing for ɭ;
state. Formally, in the trial, the adversary A in is
ProjKG(hk; (ɭ; param)): derives the projection
given the general public key of the front server
key hp from the hashing key hk;
and the public/private key combine of the back
server. In the challenge stage, the adversary Hash(hk; (ɭ; param);W): Results the hash
outcomes three are testing keywords (kw0; kw1; value ℎ𝑣 ′ €Y for the word W from the hashing
kw2). 𝑨𝒅𝒗𝑰𝑵𝑫−𝑲𝑮𝑨−𝑰𝑰
Ɓ𝑺,𝑨 (𝛌) =
key hk;
𝑷𝒓 [{𝒃′𝟏 , 𝒃′𝟐 }={𝒃𝟏 , 𝒃𝟐 }]-1/3
ProjHash (hp; (ɭ; param); W; w): Results the
Smooth Projective Hash Functions hash value ℎ𝑣 ′ €Y for the word W from the
projection key hp and the witness w for the fact
that W€ ɭ.

In this phase, we initially give an

examination between existing plans and our plan
regarding computation, measure and security.
We at that point evaluate its performance in

Computation Costs: All the current techniques

require the pairing calculation during the era of
PEKS cipher text and testing and consequently
are less effective than our technique, which does
not require any pairing calculation. In our
technique, the computation cost of PEKS
generation, trapdoor making and testing are
4ExpG1 +1HashG1 +2MulG1, 4ExpG1
+1HashG1 +2MulG1 , and 7ExpG1 + 3MulG1
respectively, where ExpG1 denotes the
computation of one exponentiation in G1,
MulG1 denotes the costs of one multiplication in
G1, MulG1 and HashG1 respectively denote the
cost of one multiplication and one hashing
operation in G1.

Experiment Results: To assess the Fig.5. Computation cost of PEKS generation,

effectiveness of techniques in experiments, we trapdoor generation and testing in different
additionally execute the technique using the schemes.
GNU Multiple Precision Arithmetic (GMP)
As appeared in Fig. A, our technique is the most
library and Pairing Based Cryptography (PBC)
effective in terms of PEKS computation. It is by
library. The accompanying analyses depend on
virtue of that our arrangement excludes pairing
coding dialect C on Linux framework with an
computation. Particularly, the technique requires
Intel(R) Core(TM) 2 Duo CPU of 3.33 GHZ and
the most computational cost due to 2
2.00-GB RAM. For the elliptic bend, we pick a
coordinating computation for each PEKS period.
MNT bend with a base recorded size of 159 bits
As for the trapdoor period(like generation)
and p=160 bits and |q|=80 bits.
appeared in Figure B, as all the present schemes
do exclude pairing estimation, the computation [1] R. Chen, Y. Mu, G. Yang, F. Guo, and X.
cost is much lower than that of PEKS time. It is Wang, “A new general framework for secure
significant that the trapdoor generation in our public key encryption with keyword search,” in
technique is marginally higher than those of Proc. 20th Australasian Conf. Inf. Secur. Privacy
existing techniques because of the extra (ACISP), 2015, pp. 59–76.
exponentiation calculations. At the point when
[2] D. X. Song, D. Wagner, and A. Perrig,
the seeking keyword number is 50, the add up to
“Practical techniques for searches on encrypted
computational cost of our plan is around 0.25
data,” in Proc. IEEE Symp. Secur. Privacy, May
seconds. As represented in Fig. C, the plan cost
2000, pp. 44–55.
the most time because of an extra pairing
computation in the correct testing organizes. [3] R. Agrawal, J. Kiernan, R. Srikant, and Y.
Xu, “Order preserving encryption for numeric
data,” in Proc. ACM SIGMOD Int. Conf.
In this paper, we take note of that off-line Manage. Data, 2004, pp. 563–574.
keyword guessing attack can be proposed by a
[4] D. Khader, “Public key encryption with
third-party server to discover the keyword
keyword search based on K-resilient IBE,” in
utilized for producing the trapdoor, which was
Proc. Int. Conf. Comput. Sci. Appl. (ICCSA),
not considered in the related work. SPEKS can
2006, pp. 298–308.
experience the ill effects of this type of attack. In
addition, the securities demonstrate [5] P. Xu, H. Jin, Q. Wu, and W. Wang, “Public-
characterized for TD-IND in SPEKS is key encryption with fuzzy keyword search: A
fragmented. Attributable to the demonstrated provably secure scheme under keyword guessing
weaknesses, we improved the current security attack,” IEEE Trans. Comput., vol. 62, no. 11,
models for trapdoor lack of definition by pp. 2266–2277, Nov. 2013.
characterizing two new security models. We
additionally proposed another system, named
Dual Server Open Key Encryption with
Keyword Search (DSPEKS) that can keep inside
keyword guessing attack which is a
characteristic vulnerability of the regular PEKS
structure. We also proposed another Smooth
Projective Hash Function (SPHF) and used it to
assemble a flat DSPEKS scheme.