Designated-server identity-based authenticated encryption with keyword search for encrypted emails

In encrypted email system, how to search over encrypted cloud emails without decryption is an important and practical problem. Public key encryption with keyword search (PEKS) is an efficient solution to it. However, PEKS suffers from the complex key management problem in the public key infrastructu...

Full description

Saved in:
Bibliographic Details
Main Authors: LI, Hongbo, HUANG, Qiong, SHEN, Jian, YANG, Guomin, SUSILO, Willy
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/7291
https://ink.library.smu.edu.sg/context/sis_research/article/8294/viewcontent/1_s2.0_S0020025519300052_main.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:In encrypted email system, how to search over encrypted cloud emails without decryption is an important and practical problem. Public key encryption with keyword search (PEKS) is an efficient solution to it. However, PEKS suffers from the complex key management problem in the public key infrastructure. Its variant in the identity-based setting addresses the drawback, however, almost all the schemes does not resist against offline keyword guessing attacks (KGA) by inside adversaries. In this work we introduce the notion of designated-server identity-based authenticated encryption with keyword search (dIBAEKS), in which the email sender authenticates the message while encrypting so that no adversary including the server can launch offline KGA. Furthermore, we strengthen the security requirement so that only the designated server has the capability to search over encrypted emails for receivers. We formally define dIBAEKS and its security models, and propose two dIBAEKS constructions using Type-I and Type-III bilinear pairing, respectively. We compare our schemes with some related IBEKS schemes in the literature, and do experiments to demonstrate its efficiency. Although they are slightly less computationally efficient than but still comparable with the related schemes, our schemes provide stronger security guarantee and better protect users' privacy. (C) 2019 Elsevier Inc. All rights reserved.