Publication Type

Journal Article

Version

publishedVersion

Publication Date

5-2019

Abstract

In encrypted email system, how to search over encrypted cloud emails without decryption is an important and practical problem. Public key encryption with keyword search (PEKS) is an efficient solution to it. However, PEKS suffers from the complex key management problem in the public key infrastructure. Its variant in the identity-based setting addresses the drawback, however, almost all the schemes does not resist against offline keyword guessing attacks (KGA) by inside adversaries. In this work we introduce the notion of designated-server identity-based authenticated encryption with keyword search (dIBAEKS), in which the email sender authenticates the message while encrypting so that no adversary including the server can launch offline KGA. Furthermore, we strengthen the security requirement so that only the designated server has the capability to search over encrypted emails for receivers. We formally define dIBAEKS and its security models, and propose two dIBAEKS constructions using Type-I and Type-III bilinear pairing, respectively. We compare our schemes with some related IBEKS schemes in the literature, and do experiments to demonstrate its efficiency. Although they are slightly less computationally efficient than but still comparable with the related schemes, our schemes provide stronger security guarantee and better protect users' privacy. (C) 2019 Elsevier Inc. All rights reserved.

Keywords

Encrypted email system, Public key encryption, Identity based encryption, Inside keyword guessing attacks

Discipline

Data Storage Systems | Information Security

Research Areas

Information Systems and Management

Publication

Information Sciences

Volume

481

First Page

330

Last Page

343

ISSN

0020-0255

Identifier

10.1016/j.ins.2019.01.004

Publisher

Elsevier

Additional URL

http://doi.org/10.1016/j.ins.2019.01.004

Download

Share

COinS