Yang Journal of Cloud Computing: Advances, Systems and
Applications
(2015) 4:10
DOI 10.1186/s13677-015-0034-8
RESEARCH Open Access
Attribute-based data retrieval with semantic
keyword search for e-health cloud
Yang Yang
1,2
Abstract
Data retrieval on encrypted documents is a very important technology in cloud storage, where encryption on
sensitive data is a necessary operation to protect documents privacy before they are outsourced to cloud. Most of
existing searchable encryption schemes concentrate on single-user scenario. In this paper, we focus on the multiple
sender and multiple user application scenario to provide a flexible search authorization searchable encryption (SE)
scheme. The attribute based encryption (ABE) technology is used to support fine-grained access control and the
synonym keyword search is enabled in the new scheme. The new primitive is named as attribute based searchable
encryption with synonym keyword search function (SK-ABSE). The formally definition of SK-ABSE is given together
with a concrete construction. This scheme also enables convenient user revocation mechanism.
Keywords: Searchable encryption; Cloud computing; Access control; Synonym keyword; User revocation
Introduction
With the fast development of cloud computing, more
and more users turns to new computing paradigm for
convenient accessing to a shared pool of resources. It
brings about ubiquitous and flexible access, on-demand
computing resource configuration and va st computation
resources at a very low price. Despite of these conve-
nience, it also has p otential risks when data owner loses
directly control over their information. Privacy concern
becomes the main obstacle that hiders the adoption of
cloud storage by corporations.
Data encryption is a straightforward way to protect
sec urity and privacy. However, traditional encry ption
methods will prevent the commonly us ed query opera-
tion on confidential data. The key word search becomes
difficult when data are encrypted. In 2004, Boneh et al.
[1] propo sed the first public key encryption scheme with
keyword search (PEKS) to deal with the issue of searching
on confidential data. Since then, many efforts are made to
improve the efficiency [2-4], enhance the security [5-7] or
provide new flexible properties [8-12].
Correspondence: yang.yang.research@gmail.com
1
College of Mathematics and Computer Science, Fuzhou University, Fuzhou
350108, China
2
Key Lab of Information Security of Networks Systems, Fuzhou University,
Fujian Province, China 350108, China
Although these schemes provide new features to search
on encrypted data, they can not realize flexible and fine-
grained access control on outsourced data. Sahai et al. [13]
proposed the concept of attribute-based encryption (ABE)
in Eurocrypt 2005, which extends the notion of iden-
tity based encryption (IBE). ABE schemes [14-18] enable
flexible access policy on se cret data and makes data shar-
ing quite eas y. In ABE scheme, each user has a set of
attributes. An access policy is defined to determine that
the users with certain attributes are authorized to access
the shared data.
In this paper, we propose a new primitive named
as attribute-based searchable encryption scheme with
semantic keyword search function (SK-ABSE). The main
contributions are listed as following.
– No Secret Key Sharing. A certain set of attributes is
associate with user, which is also embedded in user’s
private key. It avoids the risk that brought by secret
key sharing in multiple user. When a data sender
outsources the sensitive data to cloud server, he
specifies an access policy in the data encryption phase
and generate a secure index for extracted keyword.
Only if the set of attributes of user satisfies the access
structure in encrypted data, the user is permitted to
query on those information.
– Semantic Keyword Search. A novel point is that
semantic keyword search is enabled in this scheme. It
© 2015 Yang; licensee Springer. This is an Open Access article distributed under the terms of the Creative Commons Attribution
License (http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any
medium, provided the original work is properly credited.