Effective Approach for Searching the Keyword in Cloud by Public Key

Encryption
ABSTRACT the powerful security against inside the keyword

Keyword searchable encryption is one of vastly guessing attack.

developing interest for ensuring the information Keywords: Keyword search, secure cloud
security in strong searchable distributed cloud storage, encryption, smooth projective hash
storage. In this paper, we audit the security of a function, Diffie-Hellman language.

well-known cryptographic primitive, to be INTRODUCTION

specific, public key encryption with Keyword
Searchable encryption can be recognized in
Search (PEKS) which is exceptionally
either symmetric on the other hand veered off
supportive in numerous applications of
encryption setting. Song et al. proposed keyword
distributed cloud storage. Searchable encryption
look on cipher text content, known as
demonstrated that the traditional PEKS structure
Searchable Symmetric Encryption (SSE) and in
experiences an inherent instability called inside
this manner a couple of SSE techniques were
keyword guessing attack (KGA) proposed by the
proposed for upgrades. In spite of the way that
third-party server. Searchable encryption is of
SSE techniques appreciate high capability, they
explaining energy for guaranteeing the data
experience the evil impacts of jumbled mystery
protection in secure accessible distributed
key appointment. Accurately, customers need to
storage. To refine this safety vulnerability, we
securely share mystery keys which are used for
need to implement another PEKS system named
data encryption. Else they are not prepared to
dual server public key encryption with Keyword
share the mixed data outsourced to the cloud. To
Search (DS-PEKS). As another fundamental
decide this issue, Boneh et al. exhibited a more
input, we characterize another distinction of the
adaptable primitive, to be particular Public Key
smooth projective hash functions (SPHFs)
Encryption with Keyword Search (PEKS) that
described to as linear and homomorphic SPHF
engages a customer to look for encoded data in
(LH-SPHF). We at that point demonstrate a non
the awry encryption setting. In a PEKS system,
specific development of secure Dual Server-
using the Collector's open key, the sender joins a
PEKS from direct linear homomorphic-SPHF.
few encoded keywords (allowded to as PEKS
To show the practicality of our new framework,
figure writings) with the encoded data. The
we give an proficient instantiation of the general
receiver by then sends the trapdoor of a to-be-
system from a Decision Diffie–Hellman-based
sought for keyword to the server for data
LH-SPHF and demonstrate that it can achieve
seeking. Given the trapdoor and the PEKS
cipher text content, the server can test whether
the keyword key the PEKS ciphertxt is identical
to the one accessed by the receiver. Given this is
valid; the server sends the organizing mixed data
to the recipient. Regardless of being free from
mystery key flow, PEKS techniques encounter
the ill impacts of an intrinsic instability with
regard to the trapdoor catchphrase security, to be
particular inside Keyword Guessing Assault
(KGA). The reason provoking to such security
vulnerability is, to the point that any person who
knows recipient's open key can make the PEKS
cipher text content of self-confident keyword
himself. In specific, given a trapdoor, the
opposing server can pick a speculating
catchphrase from the keyword space and after
that use the catchphrase to deliver PEKS cipher
text content. The server at that point can test
whether the speculating catchphrase is the one
fundamental the trapdoor. In any case, the
assault can be moved more beneficially against
PEKS arranges since the keyword space is by
and large the same as a normal word reference
(e.g., all the essential English words), which has
a considerably humbler size than a keyword
dictionary (e.g., each one of the words
Containing 6 alphanumeric characters). It is
critical that in SSE techniques, just mystery key
holders can deliver the keyword cipher text
content and from this time forward the hostile
server is not prepared to dispatch inside KGA.
RELATED WORK
Conventional PEKS: Boneh et al's., Abdalla et
al. formalized mysterious IBE (AIBE) and
exhibited a generic development of searchable
encryption from AIBE. They additionally
demonstrated to send a hierarchical IBE (HIBE)
technique into a public key encryption with
temporary keyword search (PETKS) where the
trapdoor is just valid in a particular time.
Waters demonstrated that the PEKS techniques
in view of bilinear map could be connected to
manufacture encoded what’s more, searchable
examining logs.
Protected Channel Free PEKS. The first PEKS
Technique requires a protected channel to
transmit the trapdoors. To overcome this
constraint, Baek et al. proposed another PEKS
Technique without requiring a safe channel,
which is referred to as a protected Channel Free
PEKS (SCF-PEKS). The idea is to include the
server's key pair into a PEKS framework. The
keyword cipher text and trapdoor are generated
utilizing the server's public key and
consequently just the server (assigned analyzer)
can play out the search.
Differences between existed Work and Its
Preliminary report
In this paper have already showed up as an
extended abstract. We have modified and
improved the work significantly in the following
angles. In the first phase, in the preparatory
work where our non generic DS-PEKS
development was introduced, we appeared
neither a solid development of the linear and
homomorphism SPHF nor a practical
instantiation of the DS-PEKS system. To fill this
gap and show the feasibility of the system, in
this paper, we initially demonstrate that a linear
and homomorphic language LDH can derive
from the Diffie-Hellman assumption and after
that develop a concrete linear and
homomorphism SPHF, referred to as SPHFDH,
from LDH.
IMPLEMENTATION
In the primary module, we build up the
framework with the roles required to provide our
framework. 1) Cloud User: the client, who can
be an individual or an association initially
putting away their information in cloud and
getting to the information. Every user must be
Select with cloud server and login (username
must be unique). Send request to Public key
generator (PKG) to make Key on the customer
name. Scrutinize record and request Public key
to encode the data, Upload data to cloud expert
coop (CSP). Check the data from the cloud. 2)
Cloud Service Provider (CSP): the CSP, who
organizes cloud servers (CSs) and gives a paid
storage space on its foundation to clients as a
feature. 3) Public key Generator: Get request
from the customers to make the key, Store all
entrees in perspective of the customer names.
Check the username also, give the private key.
Repudiate the end customer (File Collector in
case they attempt to hack report in the cloud
server and un renounce the customer in the
wake of reviving the private key for the
comparing record in perspective of the
customer). We propose a new structure, in
particular DS-PEKS, and present its formal
definition and security models. We at that point
characterize another variation of smooth
projective hash work (SPHF). A generic
development of DS-PEKS from LH-SPHF is
appeared with formal accuracy examination and
security proofs. At long last, we display an
effective instantiation of DS-PEKS from SPHF.
Dual-Server Public Key Encryption with
Keyword Search
A DS-PEKS technique consists of (KeyGen,
DS-PEKS, DS-Trapdoor; FrontTest; BackTest).
To be more exact, the KeyGen Algorithm
generates keypair (public key/private key) sets
of the front and back servers rather than that of
the collector. Also, the trapdoor era generation
DS-Trapdoor characterized here is public while
in the conventional PEKS definition, the
algorithm Trapdoor takes as input the receiver's
private key. Such a difference is because of the
diverse structures utilized by the two
frameworks. In the conventional PEKS, since
there is as it were one server, if the trapdoor
algorithm is open, at that point the server can
dispatch a guessing attack against a keyword
cipher text to recover the encoded keyword.
Accordingly, it is difficult to achieve the
semantic security as characterized in any case,
as we will demonstrate later, under the DSPEKS
system; we can at present achieve semantic
security when the trapdoor generation algorithm
is open. Another contrast between the
conventional PEKS and our proposed DS-PEKS
is that the test calculation is separated into two
algorithms; FrontTest & BackTest keep running
by two autonomous servers. This is fundamental
for achieving security against keyword guessing
attack. In the DS-PEKS framework, after
receiving a query from the recipient, the front
server pre-process the trapdoor and all the PEKS
cipher texts utilizing its private key, and
afterward sends some interior testing-states to
the back server with the relating trapdoor and
PEKS cipher texts covered up. The back server
would then be able to choose which reports are
questioned by the collector utilizing its private
key and they got inward testing-states from the
front server. A DS-PEKS scheme is defined by
the following algorithms:-
Setup (𝟏𝛌 ). Collect as input the security
parameter λ, produces the system parameters P;
KeyGen (P). Takes as information the systems
parameters P, and produces outputs the
public/secret key pairs (𝒑𝒌𝑭𝑺 , 𝒔𝒌𝑭𝑺 ), and (𝒑𝒌𝑩𝑺 ,
𝒔𝒌𝑩𝑺 ) for the front server, and the back server
respectively;
DS − PEKS (P,𝒑𝒌𝑭𝑺 ,𝒑𝒌𝑩𝑺 ,𝒌𝒘𝟏 ). Takes as
input P, the front server’s public key𝒑𝒌𝑭𝑺 , the
back server’s public key 𝒑𝒌𝑩𝑺 and the keyword
𝑘𝑤1 , and produces the outputs are 𝒑𝒌𝑭𝑺 cipher
text 𝑪𝑻𝒌𝒘𝟏 of 𝒌𝒘𝟏 ;
DS − Trapdoor (P, 𝒑𝒌𝑭𝑺 ,𝒑𝒌𝑩𝑺 , kw2). Takes
as input P, the front server’s public key 𝒑𝒌𝑭𝑺 ,
the back server’s public key 𝒑𝒌𝑩𝑺 and the
keyword 𝑘𝑤2 , and produces the outputs are
trapdoor 𝑻𝒌𝒘𝟐 ;
FrontTest (P,𝒔𝒌𝑭𝑺 ,𝑪𝑻𝒌𝒘𝟏 ,𝑻𝒌𝒘𝟐 ). obtains as
input P, the front server’s secret key 𝒔𝒌𝑭𝑺 , the
PEKS ciphertext 𝑪𝑻𝒌𝒘𝟏 and the trapdoor 𝑻𝒌𝒘𝟐 ,
and generates the outputs are internal testing-
state 𝑪𝑰𝑻𝑺 ;
BackTest (P, 𝒔𝒌𝑩𝑺 ,𝑪𝑰𝑻𝑺 ). Collects as input P,
the back server’s secret key 𝒔𝒌𝑩𝑺 and the
internal testing-state 𝑪𝑰𝑻𝑺 , and generate the
result of testing result 0 or 1;
Correctness. It is required that for any keyword
𝑘𝑤1 ; 𝑘𝑤2 , and 𝑪𝑻𝒌𝒘𝟏 DS-PEKS(P; 𝒑𝒌𝑭𝑺 ;
𝒑𝒌𝑩𝑺 ; 𝑘𝑤1 ), 𝑻𝒌𝒘𝟐 <- DS-Trapdoor(P; 𝒑𝒌𝑭𝑺 ;
𝒑𝒌𝑩𝑺 ; 𝑘𝑤2 ), we have BackTest(P; 𝒔𝒌𝑩𝑺 ; 𝑪𝑰𝑻𝑺)
={1 𝑘𝑤1 = 𝑘𝑤2 ;0 𝑘𝑤1 ≠ 𝑘𝑤2 :
Where 𝑪𝑰𝑻𝑺 FrontTest (P;𝒔𝒌𝑭𝑺 ; 𝑪𝑻𝒌𝒘𝟏 ; 𝑻𝒌𝒘𝟐 ):
We formalize the given security models for
a DS-PEKS technique against the third-party
front and back servers, separately. One should
take note of that both the front server and the
back server here should be “honest but curious"
and won't integrated with each other. More
decisively, both the servers play out the testing
strictly following the technique procedures. In
any case, may be interested about the
fundamental keyword. We should take note of
that the given security models moreover infer
the security ensures against the outside attackers
which have less capacity compared with the
servers.
Adversarial Front Server:
After accepting the query from the receiver, the
front server pre-forms the trapdoor and all the
PEKS cipher texts utilizing its private key, and
afterward sends some inner testing-states to the
back server with the relating trapdoor and PEKS
cipher texts covered up. In this phase, we
characterize the security against a third-party
front server. We present two games, specifically
semantic-security against chosen keyword attack
and indistinguishability against keyword
guessing attack1 to catch the security of PEKS
cipher text what’s more, trapdoor, respectively.
Fig.1. SS-CKA experiment for adversarial front
server.
Formally, we present an experiment in Figure
for the SS-CKA security definition against the
third-party front server. In the Practical, the
third-party A is given the key pair (public
key/private key) of the front server and people in
public key of the back server. In the finding
B. Indistinguishability against Keyword
Guessing Attack:
This security show catches that the trapdoor
reveals no data about the basic keyword to the
A. Semantic-Security against Chosen
Keyword Attack
In the module, we build up the semantic-security
against selected keyword attack which ensures
that no attacker is ready to recognize a keyword
from another given the equivalent PEKS
ciphertext. That is, the PEKS ciphertext does not
reveal any data about the fundamental keyword
to any attacker.
stage, A can test any pair of PEKS cipher text
and keyword by questioning the oracle OT and
in the end output two testing keywords (kw0;
kw1) with the indication information "state".
With a randobit b 2 f0; 1g as information, the
analyze creates and after that sends the PEKS
ciphertext CT_ kw of keyword kwb to A. During
the guess stage, A can proceed with the query to
OT lastly output its guess b0. The guess b0 is a
legitimate output of the test if and just if that A
has never queried OT with the challenge
keywords. We refer to such an third-party front
server an in the above test as a SS-CKA attacker
and characterize its favorable position as
𝑨𝒅𝒗𝑺𝑺−𝑪𝑲𝑨
Ƒ𝑺,𝑨 (𝛌) = 𝑷𝒓 [b=𝒃′ ]-1/2
third-party front server. We characterize the
security experiment as appeared in given Figure.
 The investigation is like that of SS-CKA test
aside from that in the challenging stage, the
third-party is given the trapdoor rather than the
PEKS cipher text. We refer to such a third-party
front server an in the above investigation as an
IND-KGA adversary and characterize its benefit
as

Fig.2. IND-KGA experiment for adversarial front 𝑨𝒅𝒗𝑰𝑵𝑫−𝑲𝑮𝑨

Ƒ𝑺,𝑨 (𝛌) = 𝑷𝒓 [b=𝒃′ ]-1/2
server.

Adversarial Back Server: In this module, the 𝑨𝒅𝒗𝑺𝑺−𝑪𝑲𝑨

Ɓ𝑺,𝑨 (𝛌) = 𝑷𝒓 [b=𝒃′ ]-1/2
back server would then be able to choose which
B. Indistinguishability against Keyword
documents are questioned by the beneficiary
Guessing Attack-I
utilizing its private key and they got inner
The security show plans to capture that the
testing-states from the front server. The security
trapdoor does not reveal any data to the back
design models of SS-CKA and IND-KGA in
server and consequently is the same as that
terms of a third-party back server are similar to
against the front server aside from that the
those against a third-party front server.
adversary claims the private key of the back

A. Semantic-Security against Chosen server rather than that of the front server. Along
Keyword Attack these lines, we likewise preclude the subtle
Here the SS-CKA explore against an adversarial elements here. We refer to the third-party back
back server is the same as the one against an server an in the IND-KGA explore as an IND-
adversarial front server aside from that the KGA foe and characterize its benefit as
attacker is given the private key of the back 𝑨𝒅𝒗𝑰𝑵𝑫−𝑲𝑮𝑨
Ɓ𝑺,𝑨 (𝛌) = 𝑷𝒓 [b=𝒃′ ]-1/2
server rather than that of the front server. We
exclude the subtle elements here for C. Indistinguishability against Keyword
Guessing Attack-II.
straightforwardness. We intimate to the
In our characterized security idea of INDKGA-
adversarial back server A in the SS-CKA
II, as appeared in the given figure, it is required
experiment as a SS-CKA attacker and
that a third-party back server can't take in any
characterize its benefit as
data about the basic two keywords required in
the inward testing state.
 A hub component of our development for dual
server public key encryption with keyword
search is smooth projective hash functions
(SPHF), an idea presented by Cramer and
Shoup. We begin with the first meaning of a
SPHF. An SPHF is defined based on a domain X
and a ɭƤ language ɭ, where ɭ contains a subset of

Fig.3. IND-KGA-II Experiment for adversarial the elements of the domain X, i.e., ɭ _ X.
back server.

As a matter of first importance, we should note

that both keywords required in the inward
testing state assumes a similar part paying little
mind to their initial source (i.e., from the PEKS
ciphertext or the trapdoor). Along these lines, Fig.4 Smooth Projective Hash Function
the task of the third-party is to submit the two
Officially, an SPHF mechanisms over a
fundamental keywords in the inner testing state
language ɭ _ X, onto a set Y, is described by the
all in all, rather than everyone in the starting
following five algorithms.
PEKS cipher text and the underlying trapdoor.
SPHFSetup(𝟏𝛌 ): generates the global
In this manner, it is insufficient for the third-
parameters param and the report of an ɭƤ
party to submit just two test keywords and thus
language instance L;
we require the third-party to submit three diverse
keywords in the test stage and guess which two HashKG(ɭ; param): generates a hashing key hk
keywords are picked given the test inner testing for ɭ;
state. Formally, in the trial, the adversary A in is
ProjKG(hk; (ɭ; param)): derives the projection
given the general public key of the front server
key hp from the hashing key hk;
and the public/private key combine of the back
server. In the challenge stage, the adversary Hash(hk; (ɭ; param);W): Results the hash
outcomes three are testing keywords (kw0; kw1; value ℎ𝑣 ′ €Y for the word W from the hashing
kw2). 𝑨𝒅𝒗𝑰𝑵𝑫−𝑲𝑮𝑨−𝑰𝑰
Ɓ𝑺,𝑨 (𝛌) =
key hk;
𝑷𝒓 [{𝒃′𝟏 , 𝒃′𝟐 }={𝒃𝟏 , 𝒃𝟐 }]-1/3
ProjHash (hp; (ɭ; param); W; w): Results the
Smooth Projective Hash Functions hash value ℎ𝑣 ′ €Y for the word W from the
projection key hp and the witness w for the fact
that W€ ɭ.
PERFORMANCE EVALUATION

In this phase, we initially give an

examination between existing plans and our plan
regarding computation, measure and security.
We at that point evaluate its performance in
tests.

Computation Costs: All the current techniques

require the pairing calculation during the era of
PEKS cipher text and testing and consequently
are less effective than our technique, which does
not require any pairing calculation. In our
technique, the computation cost of PEKS
generation, trapdoor making and testing are
4ExpG1 +1HashG1 +2MulG1, 4ExpG1
+1HashG1 +2MulG1 , and 7ExpG1 + 3MulG1
respectively, where ExpG1 denotes the
computation of one exponentiation in G1,
MulG1 denotes the costs of one multiplication in
G1, MulG1 and HashG1 respectively denote the
cost of one multiplication and one hashing
operation in G1.

Experiment Results: To assess the Fig.5. Computation cost of PEKS generation,

effectiveness of techniques in experiments, we trapdoor generation and testing in different
additionally execute the technique using the schemes.
GNU Multiple Precision Arithmetic (GMP)
As appeared in Fig. A, our technique is the most
library and Pairing Based Cryptography (PBC)
effective in terms of PEKS computation. It is by
library. The accompanying analyses depend on
virtue of that our arrangement excludes pairing
coding dialect C on Linux framework with an
computation. Particularly, the technique requires
Intel(R) Core(TM) 2 Duo CPU of 3.33 GHZ and
the most computational cost due to 2
2.00-GB RAM. For the elliptic bend, we pick a
coordinating computation for each PEKS period.
MNT bend with a base recorded size of 159 bits
As for the trapdoor period(like generation)
and p=160 bits and |q|=80 bits.
appeared in Figure B, as all the present schemes
do exclude pairing estimation, the computation [1] R. Chen, Y. Mu, G. Yang, F. Guo, and X.
cost is much lower than that of PEKS time. It is Wang, “A new general framework for secure
significant that the trapdoor generation in our public key encryption with keyword search,” in
technique is marginally higher than those of Proc. 20th Australasian Conf. Inf. Secur. Privacy
existing techniques because of the extra (ACISP), 2015, pp. 59–76.
exponentiation calculations. At the point when
[2] D. X. Song, D. Wagner, and A. Perrig,
the seeking keyword number is 50, the add up to
“Practical techniques for searches on encrypted
computational cost of our plan is around 0.25
data,” in Proc. IEEE Symp. Secur. Privacy, May
seconds. As represented in Fig. C, the plan cost
2000, pp. 44–55.
the most time because of an extra pairing
computation in the correct testing organizes. [3] R. Agrawal, J. Kiernan, R. Srikant, and Y.
Xu, “Order preserving encryption for numeric
CONCLUSION
data,” in Proc. ACM SIGMOD Int. Conf.
In this paper, we take note of that off-line Manage. Data, 2004, pp. 563–574.
keyword guessing attack can be proposed by a
[4] D. Khader, “Public key encryption with
third-party server to discover the keyword
keyword search based on K-resilient IBE,” in
utilized for producing the trapdoor, which was
Proc. Int. Conf. Comput. Sci. Appl. (ICCSA),
not considered in the related work. SPEKS can
2006, pp. 298–308.
experience the ill effects of this type of attack. In
addition, the securities demonstrate [5] P. Xu, H. Jin, Q. Wu, and W. Wang, “Public-
characterized for TD-IND in SPEKS is key encryption with fuzzy keyword search: A
fragmented. Attributable to the demonstrated provably secure scheme under keyword guessing
weaknesses, we improved the current security attack,” IEEE Trans. Comput., vol. 62, no. 11,
models for trapdoor lack of definition by pp. 2266–2277, Nov. 2013.
characterizing two new security models. We
additionally proposed another system, named
Dual Server Open Key Encryption with
Keyword Search (DSPEKS) that can keep inside
keyword guessing attack which is a
characteristic vulnerability of the regular PEKS
structure. We also proposed another Smooth
Projective Hash Function (SPHF) and used it to
assemble a flat DSPEKS scheme.

REFERENCES