Authorized Keyword Search on Mobile Devices in Secure Data Outsourcing

With the increasing awareness of secure data outsourcing, dynamic searchable symmetric encryption (DSSE) that enables searches and updates over encrypted data has begun to receive growing attention. Despite promising, existing DSSE schemes with forward and backward privacy are still hard to achieve authorized keyword searches on mobile devices while supporting secure and flexible updates. In this article, we propose a DSSE scheme, named FLY++ based on a flexible index structure Hybrid that incorporates the merits of inverted indexes and forward indexes while compacting the index size. Specifically, FLY++ encrypts the newly added data with a fresh key and disperses previous keys into Hybrid for forward privacy, while applying symmetric puncturable encryption (SPE) and a dual-key mechanism to realize backward privacy further. Compared with the state-of-the-art work, FLY++ has the following advantages: (1) Authorized search. It dispenses with caching or re-encrypting search results, enabling a mobile device to search only designated keywords over the data outsourced before authorization. (2) Flexibility. It not only allows for sublinear search time, but also simultaneously supports fine-grained and coarse-grained updates of outsourced data. The detailed security analysis and extensive experiments conducted on a real dataset demonstrate the security and practicality of FLY++, respectively.