Efficient identity-based broadcast encryption with keyword search against insider attacks for database systems

Public key encryption with keyword search (PEKS) is a promising technique for data confidentiality and utilization. In cloud database systems, the user (sender) could want to share his data with multiple users (receivers), while the ciphertext complexity increases linearly with the number of receivers if directly employing PEKS. Also, the security of PEKS is weakly defined in presence of outsider attacks, where the untrusted server infers the keyword in trapdoor by insider attacks. Therefore, how to reduce the size of the ciphertext and resist insider attacks remain unresolved. In this paper, we propose the first efficient identity-based broadcast encryption with keyword search against insider attacks (IBEKS-IA) for cloud database systems. We build the IBEKS-IA framework to provide data retrieval for multiple receivers and resist insider attacks. Based on this framework, we construct an IBEKS-IA scheme featuring with constant size ciphertext, which is proved to be semantically secure against the chosen keyword attack and the server keyword guessing attack. We further give an extended version featuring with both the constant size ciphertext and constant size online trapdoor. Performance evaluation presents the practicality of the proposal in the cloud database systems.