Attribute-Based Searchable Encryption With Forward Security for Cloud-Assisted IoT

Ciphertext-Policy Attribute-Based Searchable Encryption (CP-ABSE) is one of the most suitable encryption mechanisms in cloud environments for its fine-grained access structure and keyword retrieval capability over the ciphertext. However, in the CP-ABSE schemes, guaranteeing the forward security of the outsourced cloud data and securely deleting those no longer needed data without relying on the cloud are challenging problems. To handle such challenges, we propose a Puncturable CP-ABSE (Pun-CP-ABSE) scheme that achieves self-controlled data deletion with a fine-grained access structure under the searchable mechanism. The data owner punctures the trapdoor to accomplish the data deletion. Then, the deletion process does not need to communicate with a trusted third party and can guarantee forward security. After the puncturation, the cloud server can no longer search for the corresponding ciphertext. Furthermore, we prove the Pun-CP-ABSE scheme is secure against the Chosen-Plaintext Attack (CPA) and Chosen-Keyword Attack (CKA). We have also implemented the Pun-CP-ABSE scheme to show its efficiency and feasibility.