Attribute-Based Hybrid Boolean Keyword Search over Outsourced Encrypted Data

With cloud computing becoming increasingly popular, there has been a rapid increase in the number of data owners who outsource their data to the cloud while allowing users to retrieve the data. To preserve the privacy of data, data owners usually encrypt their data before outsourcing them to the cloud, and cloud servers can search across the ciphertext domain on behalf of users without learning any information about the data. However, existing work in the literature mostly supports only a single-user or single-keyword search which is not able to satisfy more desired expressive search. Thus, we propose a searchable encryption primitive with attribute-based access control for hybrid boolean keyword search over outsourced encrypted data. There exist several desirable features: (1) Data owners can set search permissions for outsourced encrypted data according to an access control policy. (2) Multiple users, whose attributes satisfy the access control policy, are allowed to perform a retrieval operation upon the encrypted data. (3) Authorized users are able to perform more expressive search, such as any required boolean keyword expression search. Additionally, this primitive is provably secure under our security model and we have also implemented the prototype to show the practicality of the primitive.