Subversion-resistant public-key searchable encryption for data sharing in IIoT

The rapid growth of the Industrial Internet of Things (IIoT) has driven companies to leverage its potential for enhancing manufacturing efficiency, relying heavily on data analysis. This has led to the collection of vast IIoT data volumes, often stored securely on encrypted cloud servers. To facilitate streamlined data retrieval, keyword search technology is widely employed. Traditional keyword searchable schemes focus on ensuring keyword privacy within the trapdoor and index structures. However, advanced backdoor attacks have emerged as a significant threat. These attacks exploit hidden backdoors in software or hardware, allowing random number manipulation that undermines the security of existing keyword-searchable encryption scheme. To mitigate these attacks, we propose a novel subversion-resistant public-key searchable encryption scheme that incorporates cryptographic reverse firewalls (CRFs). In our scheme, we designed a trust zone to deploy these CRFs. Moreover, the CRFs in the trust zone is randomly chosen to re-randomize the trapdoor and index values, thereby enhancing security against backdoor attacks. Additionally, our scheme facilitates data sharing in the model of one-to-one sending and receiving between different users. Performance testing demonstrates that our scheme requires only lightweight operations for the ReTrapdoor and RePEKS algorithms, making it well-suited for deployment on resource-constrained IIoT devices.