Certificate-based authenticated encryption with keyword search: Enhanced security model and a concrete construction for Internet of Things

The Internet of Things (IoT) devices produce a humongous amount of data frequently stored on cloud servers, and as a result, cryptographic techniques to guarantee the privacy of outsourced data while preserving search ability on servers are becoming indispensable research topics. A prominent example of such topics is the concept of public key authenticated encryption with keyword search (PAEKS). In spite of the large number of PAEKS schemes in the literature, most existing schemes exhibit issues in certificate management, key escrow, or even key distribution. To address these issues, recently, PAEKS schemes in the certificate-based setting have gained attention. To the best of our knowledge, there exist only two Certificate-Based Authenticated Encryption with Keyword Search (CBAEKS) schemes, both presented with rather weak security models based on single keyword challenges. In this paper, we propose an enhanced security model for CBAEKS which captures notions of multi-ciphertext and multi-trapdoor indistinguishability, then proceed to devise a concrete instantiation for a CBAEKS scheme and formally prove its security under our enhanced model. Furthermore, we prove that the existing CBAEKS schemes are insecure under the enhanced security model. Comparisons with related schemes in the literature are also provided to demonstrate that the enhanced security is achieved at some affordable costs.