fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
Abstract—With the development of cloud storage, more data Searchable symmetric encryption (SSE) [2], [3], [4], [5],
owners are inclined to outsource their data to cloud services. [6], [7], [8], [9], [10], [11], [12], [13], [14], [15] is often
For privacy concerns, sensitive data should be encrypted before considered as a way to guarantee data privacy and data
outsourcing. There are various searchable encryption schemes to
ensure data availability. However, the existing search schemes pay efficiency. However, various data owners encrypt their data
little attention to the efficiency of data users’ queries, especially with different keys leading to the following two drawbacks:
for the multi-owner scenario. In this study, we proposed a tree- (1) data users need to manage multiple keys for different data
based ranked multi-keyword search scheme for multiple data owners; (2) data users need to generate multiple trapdoors for
owners (TBMSM). Specifically, by considering a large amount data owners’ data even for the same query condition. In this
of data in the cloud, we utilize the TF×IDF model to develop a
multi-keyword search and return the top-k ranked search results. paper, we focus on multiple data owners top-k query, whereby
To enable the cloud servers to perform a secure search without the cloud server can merge multiple data indexes encrypted
knowing any sensitive data (e.g. keywords and trapdoors), we with different keys and efficiently support top-k query.
construct a novel privacy-preserving search protocol based on Motivation. Data sharing is another crucial utility function,
the bilinear mapping. To achieve an efficient search, for each i.e., sharing data files with each other. In personal health
data owner, a tree-based index encrypted with an additive order
and privacy-preserving function family is constructed. The cloud record system, data user (e.g., a patient) should have the
server can then merge these indexes effectively, using the “Depth- ability to access his/her top-k data files about a specific case
first Search” algorithm to find the corresponding files. Finally, the from different data owners (e.g., health monitors, hospitals,
rigorous security analysis proves that our scheme is secure, and doctors). Similarly, the employees in an enterprise should have
the performance analysis demonstrates its efficacy and efficiency. the ability to search data files outsourced by other employees.
Recent work [16] proposed a privacy-preserving ranked
Index Terms—Multi-keyword ranked search, Multiple data multi-keyword search in a multi-user model (PRMSM), which
owners, Security, Cloud storage. addresses the multi-keyword search problem in the multiple
data owners model. However, PRMSM is inefficient and
I. I NTRODUCTION potentially expensive for frequent queries due to matching
various ciphertexts from different data owners even for the
LOUD storage enables ubiquitous, scalable, and on-
C demand network access to a shared pool of digital
data resources [1]. More enterprises and individuals tend to
same query.
Challenge. In contrast to the single-user scenario, developing
an efficient scheme for multiple data owners becomes a new
outsource their personal data to the cloud server, and utilize challenge. To implement privacy preservation and efficient
query services to easily access data anytime, anywhere and searches, we commonly build a tree-based index structure
on any device. As one exemplary popular cloud storage for each data owner’s encrypted data. For a specific query
services, Dropbox has 500 million users and 8 million business condition, data users need to generate a trapdoor for each
customers as of December 2017. The Cisco survey predicts data owner, and the cloud should also search each index.
that the global storage capacity would reach 1.1ZB, which This is obviously inefficient, due to the linear relationship of
is almost twice the space available in 2017. Besides, the the number of trapdoors and data owners. A simple way to
“Cloud Storage Market by Solution (Primary Storage, Disaster overcome this limitation is to let each data owner utilize the
Recovery & Backup Storage, Cloud Storage Gateway & same key to encrypt their data files. Nevertheless, any one of
Data Archiving), Service, Deployment Model (Public, Private the owners being compromised may lead to a system crash.
& Hybrid), Organization Size, Vertical & Region - Global Approach. In this paper, we consider a multi-source cloud sys-
Forecast to 2021” reports that the cloud storage market is tem, in which each data owner (viewed as a source) generates a
expected to grow from $23.76 billion in 2016 to $74.94 billion tree-based index for his/her data files and encrypts these data
by 2021, and reach $97.41 billion by 2022. with his/her corresponding key. To implement both privacy
preservation and efficiency searches, we propose an efficient
T. Peng, Y. Lin, X. Yao and W. Zhang are with the College of Computer tree-based ranked multi-keyword search scheme (TBMSM). In
Science and Electronic Engineering, Hunan University, and Hunan Provincial this scheme, the cloud server is allowed to effectively merge
Key Laboratory of Dependable Systems and Networks, Hunan, 410012, China. multiple encrypted indexes, and securely perform the multi-
(E-mail: {tianyuepeng, yplin, xinyao, weizhangdoc}@hnu.edu.cn)
keyword search without revealing the data owners’ sensitive
Corresponding author: Yaping Lin (e-mail: yplin@hnu.edu.cn). information, neither data files nor the queries. We construct a
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
novel search protocol based on bilinear pairing, which enables Zhang et al. [16] proposed a secure ranked multi-keyword
different data owners to use different keys to encrypt their search scheme in a multi-owner model (PRMSM) that not only
keywords and trapdoors. In order to rank the search results, we allows the cloud server to perform a multi-keyword search
utilize the TF×IDF scheme to model relevance scores of data without knowing any sensitive information, but also enable
files and propose a “Depth-First Search”(DFS) algorithm to the data owner to flexibly change the encryption key. However,
obtain the ranked results. Finally, we confirm the security and these schemes rarely focus on query efficiency.
efficiency of our scheme through comprehensive theoretical Practically, query efficiency is one of the most important
analysis and extensive experiments with a real dataset. indicators of the user experience. Kamara et al. [17] proposed
Contributions. In summary, this paper makes the following a secure search scheme based on the tree-based index, which
contributions: can efficiently perform searches. However, it is designed only
1) We construct a novel privacy-preserving search protocol, for a single keyword search. Later, Xu et al. [18], [20] present-
which allows the cloud server to perform an efficient ed an efficient multi-keyword ranked search scheme (MKQE)
secure multi-keyword ranked search without knowing that enabled a dynamic keyword dictionary and improved the
data owners’ sensitive information. precision of the search. Sun et al. [19] created a privacy-
2) To achieve query efficiency, we introduce a consolida- preserving multi-keyword text search scheme. They divided
tion strategy to implement multiple index trees. With this the vector index into multiple layers and proposed a tree-
strategy, each data owner can encrypt their own tree- based index structure by applying the MD-algorithm [21] that
based index, and the cloud can be permitted to effec- realized more efficient search functionality, yet resulting in a
tively merge indexes without knowing index contents. loss of precision. Xia et al. [22] constructed a tree-based index
3) We perform extensive experiments to evaluate the effi- structure and proposed a greedy depth-first search (GDFS)
ciency of the TBMSM scheme on a real-world dataset algorithm that achieved higher search efficiency. Unfortunate-
and achieve a logarithmic search time. ly, these works don’t consider multiple data owners scenario.
Roadmap. The rest of the paper is organized as follows. First, Dong et al. [23] considered a practical scenario where multiple
we review the related work in section II. Then, we formulate users share data via an untrusted third party. To implement
the problem in section III and introduce the proposed scheme it, the authors proposed a novel multi-user searchable data
in section IV. Section V presents security and performance encryption scheme based on proxy cryptography. Different
analysis. Section VI presents the performance evaluation. from the existing searchable encryption schemes, their scheme
Finally, we conclude the paper in section VII. allowed the users to update the shared data set and each
user can be reader and writer simultaneouly. Furthermore, the
II. R ELATED W ORK rigious proof had been represented to prove the security of
their scheme. Popa et al. [24] focused on web applications
In this section, we review two categories of related work:
and proposed a new platform Mylar which is a combination of
searchable encryption and order-preserving encryption.
system techniques and novel cryptographic primitives, includ-
ing data sharing, computing over encrypted data and verifying
A. Searchable Encryption application code. The results with 6 applications showed that
Searchable encryption provides a secure search service over Mylar is a good multi-user web application with data sharing.
encrypted data. Song D et al. [2] proposed the searchable In [25], the authors proposed a secure and effective Near-
symmetric encryption(SSE) scheme that achieved ciphertext duplicate detection (NDD) system over encrypted in-network
search. Goh et al. [3] proposed a more secure SSE scheme storage which supported multi-user and multi-key searchable
using Bloom filter. However, a false positive may cause mis- encryption. However, those schemes cannot solve the multi-
judgment [4]. Later, Curtmola et al. proposed other schemes: keyword ranked search problem in the multi-user setting.
SSE-1 and SSE-2 [5]. In term of efficiency, SSE-1 was better Therefore, their schemes cannot directly be deployed for
than SSE-2. In term of security, SSE-2 was safer. However, addressing our problem. In [26], Yao et al. proposed a multi-
these works mostly focus on the single keyword or boolean source encrypted indexes merge (MEIM) mechanism, where
search and don’t support ranked search. Wang et al. [7] raised the cloud can merge the encrypted indexes from data owners
a secure ranked keyword search scheme which returned the without knowing the index content. They focused on personal
top-k relevant files and was only designed only for single- health records, and only considered a numerical “attribute
keyword search. value” for each attribute while ignoring queries on data files
The multi-keyword ranked search allows users to input mul- that must be built on vectors.
tiple query keywords for personalized queries. In [9], Cao et al.
proposed the first secure multi-keyword ranked search scheme
over encrypted cloud data (MRSE), and the documents are B. Order-Preserving Encryption
ranked by the “inner product” between file vectors and query The order-preserving encryption (OPE) is used to preserve
vectors. However, they do not consider the weight of different numerical order for plaintexts [27]. Boneh et al. [28], [29]
keywords. The work of [10], [11], [12] enriched the multi- proposed the order-revealing encryption (ORE) schemes to
keyword search. Wang et al. [13], Chuah et al. [14] proposed achieve the best-possible security. In [30], Chenette et al. built
multi-keyword fuzzy search scheme aimed at the tolerance of the first efficiently implementable order-revealing encryption.
both slight typos and format inconsistencies for users’ input. Yao et al. [31] proposed a novel multiple order-preserving
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
• W - the collection of keywords, denoted as a set of η 4) Additive Order and Privacy Preserving Function
keywords W = (w1 , w2 , ..., wη ). (AOPPF): In [33], Yi et al. proposed an additive order and
• W
ci - the keyword collection encrypted by Oi , denoted as privacy preserving function, which helps data owners encrypt
W
ci = (w bi,1 , wbi,2 , ..., w
bi,η ). the relevance score using a different function. It allows the
• Fi - the plaintext file collection of Oi , denoted as a set cloud server to accurately rank the search result files.
of d files Fi = (Fi,1 , Fi,2 , ..., Fi,d ). y
X
Faoppf (x) = Aj,k .m(x, j).m(y, k) + raof (2)
• Ci - the encrypted file collection of Oi , denoted as a set
0≤j,k≤τ
of d files Ci = (Ci,1 , Ci,2 , ..., Ci,d ).
• Qi - a subset of W , indicating the keywords in a where Aj,k and τ denote the coefficient of m(x, j).m(y, k)
y
search request that are submitted by Ui , denoted as and the degree of Faoppf (x), respectively. The function
Qi = (qi,1 , qi,2 , ..., qi,t ). m(x, ·) is used as preserving the order of relevance score
• TQi - the trapdoor for Qi , denoted as TQi = x, the function m(y, ·) is deployed for processing the data
(Tqi,1 , Tqi,2 , ..., Tqi,t ). owner’s ID y, and raof is the disturbing part. The function
m(x, j) is defined as follows: m(x, 1) = x, m(x, 0) = 1 and
m(x, j) = (m(x, j − 1) + α · x) · (1 +Pλ) if j > 1, where α and
E. Preliminaries
λ are two constant numbers. Since 0≤j,k≤τ Aj,k · (m(x +
In this subsection, we introduce some necessary techniques 1, j) − m(x, j)) · m(y, k) ≥ 0≤j,k≤τ Aj,k · ((1 + λ)j−1 + α ·
P
used in the study. P
(1 + λ)), we let l to be an integer such that 2l−1 ≤
1) Bilinear Paring: Let G1 and G2 denote two cyclic groups P1≤i≤j−2 j−1
+ α · 1≤i≤j−2 (1 + λ)) ≤ 2l ,
P
of prime order p. We view G1 as an additive group and G2 0≤j,k≤τ Aj,k · ((1 + λ)
and the parameter r is an integer smaller than l −1. Therefore,
as a multiplicative group. A bilinear map e : G1 × G1 → G2
the disturbing part raof belong to {0, 1, · · · , 2l−1 }.
satisfies the following properties:
x y xy
5) Keyword Balanced Binary Tree (KBB-Tree): To improve
• Bilinear: ∀g, h ∈ G1 , ∀x, y ∈ Zp , e(g , h ) = e(g, h) .
the efficiency of the search, Xia et al. [22] first proposed the
• Computable: There is a polynomial time algorithm to
keyword balanced binary tree. However, it does not support the
compute e(g, h) ∈ G2 , for any g, h ∈ G1 . multiple data owners’ model. In our scheme, each data owner
• Non-degenrate: If g is a generator of G1 ,the e(g, g) is
builds a secure keyword balanced binary tree and outsource
a generator of G2 . them to the cloud server. The cloud server merges those index
2) Decisional Bilinear Diffie-Hellman (DBDH) trees and performs the efficiently multi-keyword search. Each
Assumption: The DBDH problem is as follows: given node in the index tree stores a vector D whose elements are
a, b, c, z ∈ Zq as input, whether we can distinguish the relevance scores. We define the node in the index tree as
the tuple (g, g a , g b , g c , e(g, g)abc ) from the tuple
(g, g a , g b , g c , e(g, g)z ). The DBDH assumption states unode =< ID, FID , D, Pl , Pr > (3)
that there is no polynomial-time algorithm that has a where ID, FID , and OID denote the id of node, file and data
non-negligible advantage in solving the DBDH problem. owner, respectively. Pr denotes the pointers to the right child
3) Vector Space Model: The vector space model along of the unode , and Pl denotes the pointers to the left child. The
with TF×IDF rule is a popular information retrieval model detailed construction of the KBB-tree and the merging method
[34], where TF denotes the frequency of a given keyword will be discussed in section IV.
appearing in the file and IDF is the logarithm of the total
number of files divided by the number of files containing the IV. T REE - BASED M ULTI -K EYWORD R ANKED S EARCH
keyword and get value obtained the logarithm. There are many S CHEME
variations of the TF×IDF weighting scheme. Without loss of
In this section, we detail our TBMSM scheme in the
generality, we choose a commonly used formula to calculate
following aspects: Overview, System Setup, Keyword Encryp-
the relevance score of the document [35]. Given a data file set
tion, Index Construction, Secure Indexes Merge, Trapdoor
F = {F1 , · · · , Fd } and a keyword set W = {w1 , · · · , wη },
Generation, Efficient Search.
we compute the relevance score between Fb (b ∈ [1, d]) and an
arbitrary keyword wj (j ∈ [1, η]) with the following method.
A. Overview
1 N
Score(Fb , wj ) = (1 + ln fFb ,wj ) ln (1 + ) (1) To meet the requirements of efficient multi-keyword ranked
|Fb | fwj
search in multiple data owners model, we propose a novel
, where |Fb | denotes the length of the file Fb , fFb ,wj denotes TBMSM mechanism. Fig. 2 shows the working processes of
the frequency of the keyword wj in the file Fb , fwj denotes TBMSM.
the number of files containing keyword wj , and N denotes Data Owners: (1) KeywordsEnc encrypts the keyword
the total number of files, i.e., |F |. Here, we denote the vector with data owners’ secret key koi,w ; (2) FilesEnc utilizes the
of the relevance score of the keywords in the file Fb by Db = traditional symmetric encryption algorithm to encrypt data
{Score(Fb , w1 ), Score(Fb , w2 ), · · · , Score(Fb , wη )} = owners’ files; (3) IndexesEnc builds the tree-based index for
{sb,1 , · · · , sb,η }. Note that the length of the vector of all files each data owner and encrypts the KBB-tree with AOPPF. (4)
is the same (i.e., η); if the file Fb does not have the keyword data owners upload encrypted keywords, files and KBB-trees
wj , the corresponding jth element in Db should be set as 0. to the cloud server.
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
r1,1 r1,2
KeywordsEnc Encrypted Keywords
3
4 2 1
3.2 4.3 2.7 0.6 2.6 1.2 4.2 0.4
3.2 4.3 0.7 0.6 2.5 2.4 2.7 0.5 1.6 1.2 1.5 0.4 2.6 0.2 4.2 0.0
IndexesEnc Encrypted KBB-trees
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
9
300 500
TBMSM TBMSM 8 TBMSM
450
PRMSM PRMSM
1) Keywords and Trapdoors: We give the security analysis generate corresponding keyword ciphertext w. b If w ∈ W , C
of keywords and trapdoors according to the following two just sends w b to A; Otherwise, C adds w to W and sends w b to
theorems. A.
Theorem 1. Based on the DBDH assumption, TBMSM is Challenge: After A has submitted t search requests, C
semantically secure against the chosen keyword attack under randomly chooses keyword w0 and returns encrypted key-
word w c0 = (g k1 ·H(w0 )·r1 , g k1 ·r1 ) and trapdoor Tw0 =
the selective security model. 0
(g k2 ·H(w )·r2 , g k2 ·r2 ) to A.
Proof. We first consider a game played between adversary Guess: A outputs the guess w00 for w0 and sends it to C. C
A and challenger C. We assume adversary A has a non- returns the encrypted keyword w c00 to A. If Tw0 matches wc00 ,
negligible advantage as the attacker in this game. In the then A wins the game.
initialization phase, challenger C sets µ randomly. If µ = 0, C
Before outputting the guess w0 , A already has t keywords
sends (A, B, C, Z) = (g a , g b , g c , g abc ) to A; If µ = 1, C sends
and their encrypted keywords. Therefore, the remaining key-
(A, B, C, Z) = (g a , g b , g c , g z ) to A, where a, b, c, z ∈ Zp are
word set is η − t, where η is the size of keywords. In addition,
randomly generated.
because the discrete logarithm problem is hard in polynomial
Setup: Challenger C sends public keys (g, g a , g b , g c , Z) to
time, the probability that A guess the correct w0 from w c0 or
the adversary A.
Tw0 is a negligible probability . Therefore, A can win the
Phase 1: C initializes a set of keywords W and sets it to 1
game with probability η−t + .
an empty value. A can choose any keyword w and ask C to
generate corresponding keyword ciphertext w. b If w ∈ W , C
just sends w b to A; Otherwise, C adds w to W and sends w b to 2) Relevance scores: We encode relevance scores with the
A. AOP P F proposed in [33]. We assume the data owner inputs
Challenge: A sends two keywords w1 and w2 with equal H(ID )
score s and IDi , and sends the encoded score Faoppf i (s) to
length to C, where w1 , w2 ∈ / W , C randomly sets ν ∈ {1, 2} the cloud server. When the cloud server collects m encoded
and sends the ciphertext w cν = (Z H(wν ) , Z) to A. scores for the same score s, it can construct m equations.
Phase 2: A repeats phase 1 and the only limit is w ∈ / However, there are m + 1 unknown variables, so the AOP P F
{w1 , w2 }. cannot be broken based on those information. Therefore, the
Guess: A outputs the guess ν 0 ∈ {1, 2}. If ν 0 = ν, then w cν privacy of the relevance scores has also been protected.
is the ciphertext of wν , and A outputs µ = 0; Otherwise it
outputs µ = 1.
Evidently, A will output ν 0 = ν with probability 1/2 +
and output ν 0 6= ν with probability 1/2. Therefore, A can win 600
TBMSM
500
TBMSM
the game with probability 1/2 + /2. In other words, TBMSM PRMSM PRMSM
Size of index (×10 3 KB)
500
400
Setup: The challenger C sends public keys (g, g k1 , g k2 ) to (a) keyword dictionary u=4000. (b) data set d=1000.
the adversary A.
Fig. 5: Index size.
Phase 1: C initializes a set of keywords W and sets it to
an empty value. A can choose any keyword w and ask C to
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
B. Performance Analysis of users. When the number of data owners belongs to {500,
Index Encryption: Assume that the keyword dictionary and 3000}, the time cost values within {1.403s, 8.399s}, which is
file numbers for each index are defined as u and d. O(d) nodes acceptable. On the other hand, as shown in Fig. 5 (due to the
are generated during the index tree construction, and for each use of balanced binary tree), the TBMSM needs more storage
node it takes O(u) time to encrypt it. The time complexity of space for the index. However, this is not a problem for the
building an index is O(ud). cloud platform.
2) Trapdoor Generation: Fig. 6a shows that both the
TBMSM and PRMSM are unaffected by the keyword dic-
5
tionary size for the same number of queried keywords. The
40
TBMSM requires approximately 2.769s to generate trapdoors,
Time of generating trapdoor (s)
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
50 100
28
45 TBMSM 90 TBMSM
PRMSM PRMSM
40 24 80
35 70
20
30 60
16 TBMSM
25 PRMSM
50
20 12 40
15 30
8
10 20
4
5 10
0 0 0
1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 1 2 3 4 5 6 7 8 9 10
3
Number of queried keywords Number of files in the dataset(×10 ) Number of keywords in dictionary(×102 )
(a) data set d=2000 and keyword dictionary u=100.(b) queried keywords t=5 and keyword dictionary (c) queried keywords t=5 and date set d=2000.
u=100.
[6] Q. Liu, G. Wang, J. Wu, “Secure and privacy preserving keyword H. Balakrishnan, “Building web applications on top of encrypted data
searching for cloud storage services,” J NETW COMPUT APPL., vol. 35, using Mylar,” in: NSDI’14, Seattle, WA, 2014.
no. 3, pp. 927 – 933, 2012. [25] H. Cui, X. Yuan, Y. Zheng, C. Wang, “Enabling secure and effective
[7] C. Wang, N. Cao, J. Li, K. Ren, W. Lou, “Secure ranked keyword search near-duplicate detection over encrypted in-network storage,” in: INFO-
over encrypted cloud data,” in: ICDCS’10, Genoa, Italy, 2010. COM’16, San Francisco, CA, 2016.
[8] C. Liu, L. Zhu, J. Chen, “Efficient searchable symmetric encryption [26] X. Yao, Y. Lin, Q. Liu, S. Long, “Efficient and privacy-preserving search
for storing multiple source dynamic social data on cloud,” J NETW in multi-source personal health record clouds,” in: ISCC’15, Larnaca,
COMPUT APPL., vol. 86, pp. 3 – 14, 2017. Cyprus, 2015.
[9] N. Cao, C. Wang, M. Li, K. Ren, W. Lou, “Privacy-preserving multi- [27] R. Agrawal, J. Kiernan, R. Srikant, Y. Xu, “Order preserving encryption
keyword ranked search over encrypted cloud data,” in: INFOCOM’11, for numeric data,” in: SIGMOD’04, Paris, France, 2004.
Shanghai, China, 2011. [28] D. Boneh, K. Lewi, M. Raykova, H. Hollert, A. Sahai, M. Zhandry,
[10] A. Ibrahim, H. Jin, A. Yassin, D. Zou, “Secure rank-ordered search J. Zimmerman, “Semantically Secure Order-Revealing Encryption: Multi-
of multi-keyword trapdoor over encrypted cloud data,” in: APSCC’12, input Functional Encryption Without Obfuscation,” in:EUROCRYPT’15,
Guilin, China, 2012. Sofia, Bulgaria, 2015.
[29] K. Lewi, D. Wu, “Order-Revealing Encryption: New Constructions,
[11] C. Orencik, M. Kantarcioglu, E. Savas, “A practical and secure multi-
Applications, and Lower Bounds,” in: CCS’16, Hofburg Palace, Austria,
keyword search method over encrypted cloud data,” in: CLOUD’13, Santa
2016.
Clara Marriott, CA, 2013.
[30] N. Chenette, K. Lewi, S. Weis, D. Wu, “Practical Order-Revealing
[12] Z. Shen, J. Shu, W. Xue, “Preferred keyword search over encrypted data Encryption with Limited Leakage,” in: FSE’16, Seattle, WA, 2016.
in cloud computing,” in: IWQoS’13, Montreal, Canada, 2013. [31] X. Yao, Y. Lin, Q. Liu, J. Zhang, “Privacy-preserving Search over
[13] B. Wang, S. Yu, W. Lou, Y. Hou, “Privacy-preserving multi-keyword Encrypted Personal Health Record in Multi-Source Cloud,” IEEE Access,
fuzzy search over encrypted data in the cloud,” in: INFOCOM’14, vol. 6, pp. 3809 – 3823, 2018.
Toronto, Canada, 2014. [32] Y. Yi, R. Li, F. Chen, A. Liu, Y. Lin, “A digital watermarking approach
[14] M. Chuah, W. Hu, “Privacy-aware bedtree based solution for fuzzy to secure and precise range query processing in sensor networks,” in:
multi-keyword search over encrypted data,” in: ICDCS’11, Minneapolis, INFOCOM’13, Turin, Italy, 2013.
MN, 2011. [33] B. Chor, E. Kushilevitz, O. Goldreich, M. Sudan, “Private information
[15] S. Pasupuleti, S. Ramalingam, R. Buyya, “An efficient and secure retrieval,” Eurocrypt., pp. 41 – 50, 1995.
privacy-preserving approach for outsourced data of resource constrained [34] C. Manning, P. Raghavan, H. Schütze, “Introduction to information
mobile devices in cloud computing,” J NETW COMPUT APPL., vol. 64, retrieval,” J AM SOC INF SCI TEC., vol. 43, no. 3, pp. 824 – 825,
pp. 12 – 22, 2016. 2009.
[16] W. Zhang, Y. Lin, S. Xiao, J. Wu, S. Zhou, “Privacy preserving ranked [35] I. Witten, A. Moffat, T. Bell, “Managing Gigabytes: Compressing and
multi-keyword search for multiple data owners in cloud computing,” IEEE indexing documents and images,” Computer Bulletin, vol. 41, no. 6,
Trans Comput., vol. 65, no. 5, pp. 1566 – 1577, 2016. pp. 2101 – 2101, 1995.
[17] S. Kamara, C. Papamanthou, “Parallel and dynamic searchable symmet- [36] Request for comments database.https://www.ietf.org/rfc.html.
ric encryption,” in: FC’13, Okinawa, Japan, 2013.
[18] Z. Xu, W. Kang, R. Li, K. Yow, C. Xu, “Efficient multi-keyword ranked
query on encrypted data in the cloud,” in: ICPADS’12, Nanyang Executive
Center, Singapore, 2012.
[19] W. Sun, B. Wang, N. Cao, H. Li, W. Lou, Y. Hou, H. Li, “Privacy-
preserving multi-keyword text search in the cloud supporting similarity-
based ranking,” IEEE T Parall Distr., vol. 25, no. 11, pp. 3025 – 3035,
2014. Tianyue Peng received the B.S. degree in software
[20] R. Li, Z. Xu, W. Kang, K. Yow, C. Xu, “Efficient multi-keyword ranked engineering from Hunan University, China, in 2015.
query over encrypted data in cloud computing,” FUTURE GENER COMP Since 2015, he has been a M.S. candidate in Soft-
SY., vol. 30, pp. 179 – 190, 2014. ware Engineering at Hunan University, China. His
[21] M. Ondreička, J. Pokornỳ, “Extending fagins algorithm for more users research interests include security and privacy issues
based on multidimensional b-tree,” in: ADBIS’08, Pori, Finland, 2008. in cloud and big data.
[22] Z. Xia, X. Wang, X. Sun, Q. Wang, “A secure and dynamic multi-
keyword ranked search scheme over encrypted cloud data,” IEEE T Parall
Distr., vol. 27, no. 2, pp. 340 – 352, 2016.
[23] C. Dong, G. Russello, N. Dulay, “Shared and searchable encrypted
data for untrusted servers,” Journal of Computer Security, vol. 19, no. 3,
pp. 367 – 397, 2011.
[24] R. Popa, E. Stark, J. Helfer, S. Valdez, N. Zeldovich, M. Kaashoek,
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2018.2828404, IEEE Access
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.