Key-policy attribute-based encryption with keyword search in virtualized environments

Cloud computing is a model for convenient, on-demand network access to virtualized environments of configurable computing resources. It is challenging to search data encrypted and stored in cloud storage servers. Searchable encryption enables data users to search on ciphertext without leaking any information about keywords and the plaintext of the data. Currently, a number of searchable encryption schemes have been proposed, but most of them provide unlimited search privileges to data users, which is not desirable in certain scenarios. In this paper, we propose a new construction of searchable encryption with fine-grained access control by using key-policy attribute-based cryptography to generate trapdoors to support AND, OR and threshold gates. The main idea is that the data owner encrypts the index keywords according to the specified access policy. The data user can generate a trapdoor to search on data, if and only if the attributes of the data user satisfy the access policy. We provide formal security proofs for the scheme, including the indistinguishability of ciphertexts and the indistinguishability of trapdoors, which are used to resist the chosen keyword attack and the keyword guessing attack of external adversaries. Comprehensive security analysis and implementation results show that the proposed scheme is provably secure and feasible in real-world applications.