Securing Organization's Data: A Role-Based Authorized Keyword Search Scheme with Efficient Decryption
Nazatul Haque Sultan, Maryline Laurent, Vijay Varadharajan
TL;DR
This work addresses secure keyword search over outsourced encrypted data in multi-organization cloud settings by integrating Role-Based Encryption (RBE) with RBAC policies. It introduces a nine-phase framework that enables only authorized users with appropriate roles to perform keyword search and decrypt data, while outsourcing costly cryptographic operations to the cloud and supporting conjunctive keywords and revocation. The scheme provides formal semantic security against chosen-plaintext and chosen-keyword attacks (IND-CPA and IND-CKA) via reductions to the Decisional Bilinear Diffie-Hellman assumption, and it demonstrates practical efficiency through a detailed performance analysis that accounts for data encryption, trapdoor generation, search, decryption, and revocation. This approach offers strong data confidentiality, keyword secrecy, forward/backward secrecy, replay protection, and scalable multi-organization data sharing, making it applicable to real-world enterprise environments with complex policy hierarchies.
Abstract
For better data availability and accessibility while ensuring data secrecy, organizations often tend to outsource their encrypted data to the cloud storage servers, thus bringing the challenge of keyword search over encrypted data. In this paper, we propose a novel authorized keyword search scheme using Role-Based Encryption (RBE) technique in a cloud environment. The contributions of this paper are multi-fold. First, it presents a keyword search scheme which enables only the authorized users, having proper assigned roles, to delegate keyword-based data search capabilities over encrypted data to the cloud providers without disclosing any sensitive information. Second, it supports a multi-organization cloud environment, where the users can be associated with more than one organization. Third, the proposed scheme provides efficient decryption, conjunctive keyword search and revocation mechanisms. Fourth, the proposed scheme outsources expensive cryptographic operations in decryption to the cloud in a secure manner. Fifth, we have provided a formal security analysis to prove that the proposed scheme is semantically secure against Chosen Plaintext and Chosen Keyword Attacks. Finally, our performance analysis shows that the proposed scheme is suitable for practical applications.