An Efficient and Verifiable Encrypted Data Filtering Framework Over Large-Scale Storage in Cloud Edge

The rapid growth of edge computing is accelerating data subscriptions between cloud platforms and mobile subscribers, but sensitive information in these data faces security and privacy concerns. Fortunately, matchmaking attribute-based encryption (MABE) as a new type of encrypted data filtering mechanism has been introduced in cloud edge, which not only enforces fine-grained access control over the encrypted data, but also allows subscribers to dynamically filter data of interest from authentic publishers through edge nodes. However, filtering entire ciphertext collection in linear time is not feasible for large-scale data storage, and edge nodes may return mismatched or incomplete results due to corruption or compromise. To this end, we propose VDFilter, an efficient and verifiable encrypted data filtering framework over large-scale storage in cloud edge. VDFilter first introduces a verifiable MABE as the underlying primitive, which achieves efficient data filtering in edge nodes with an inverted collection from the ciphertext collection, and verifies the soundness and completeness of filtered results with an accumulation tree. To accommodate the ciphertext collection from multiple publishers, VDFilter deploys the construction of the accumulation tree on the Intel SGX enclave within the cloud server, and utilizes authenticated data structures to guarantee secure and efficient filtered result verification. Finally, we provide formal security proofs for VDFilter and demonstrate its efficiency with extensive experiments. Compared with existing schemes, VDFilter is much more efficient in data storing and filtering even with verification operations, and its computational and communication overhead on the subscriber is also low.