Enabling efficient and secure data sharing in cloud computing

With the rapid development of cloud computing, more and more data are being centralized into remote cloud server for sharing, which raises a challenge on how to keep them both private and accessible. Although searchable encryption provides an efficient solution to support keyword-based search directly on encrypted data, considering its application in file sharing, existing work depends on key sharing among authorized users, which inevitably causes the risks of key exposure and abuse. In this paper, aiming at enabling efficient and secure data sharing in cloud computing, we provide a generic construction for this purpose. The proposed construction is full-featured: (i) It enables authorized users to perform keyword-based search directly on encrypted data without sharing the unique secret key; and (ii) it provides two-layered access control to limit unauthorized user's access to the shared data. On the basis of the proposed generic construction, we utilize the existing techniques on identity-based broadcast encryption and public key searchable encryption to instantiate a concrete construction. Copyright (c) 2013 John Wiley & Sons, Ltd.