Secure-channel free keyword search with authorization in manager-centric databases

Public key encryption with keyword search (PEKS) provides the functionality of encrypted data retrieval with keyword privacy in database systems. PEKS allows a user to specify a keyword and search the encrypted data associated with this keyword that is uploaded by others. In this paper, we investigate the retrieval privilege management in the manager-centric model, where each user has a different search right over the unique keyword set. Unfortunately, employing the prior PEKS and other related cryptographic techniques might suffer from the problems of key abuse and bandwidth consumption. To address these issues, we introduce a new cryptographic primitive called public key encryption with authorized keyword search (PEAKS). In PEAKS, the search right is assigned by the authority over a distinct keyword set and the user with an authorized search right can only search data associated with these keywords. We propose two constructions with formal security proof, namely the basic PEAKS scheme and the secure channel-free PEAKS (SCF-PEAKS) scheme. Both schemes feature with the constant-size authorized token, while the SCF-PEAKS scheme is also resistant against the outsider keyword guessing attacks. The performance evaluation shows that the proposed schemes consume less bandwidth for frequent token update.