Enabling Multi-Client Authorization in Dynamic SSE

TL;DR

This paper introduces MASSE, a dynamic multi-client searchable encryption scheme with attribute-based access control, enabling scalable, privacy-preserving searches with efficient updates and revocation in cloud environments.

Contribution

MASSE extends the OXT framework to support multi-client, attribute-based access control with dynamic updates, revocation, and formal security proofs, improving scalability and privacy over existing solutions.

Findings

MASSE achieves fast query generation and retrieval times.

It outperforms existing solutions like OXT in scalability and efficiency.

The scheme maintains forward and backward privacy under defined leakage profiles.

Abstract

Outsourcing encrypted data to the cloud creates a fundamental tension between data privacy and functional searchability. Current Searchable Symmetric Encryption (SSE) solutions frequently have significant limitations, such as excessive metadata leakage, or a lack of fine-grained access control. These issues restrict the scalability of secure searches in real-world applications where multiple clients require different levels of authorization. Our paper proposes MASSE, a dynamic multi-client SSE scheme incorporating attribute-based access control, which expands the OXT framework. With MASSE, clients are restricted sto searching for keywords authorized by their specific attribute sets, and the server remains unaware of the keywords and attributes. MASSE supports practical dynamic updates to documents, and client authorizations, including revocation, without requiring reencryption of the database or indices, or a large number of interactions. We formally prove the security of MASSE, that is, forward and backward privacy under a well-defined leakage profile, and token unforgeability. An experimental evaluation in a database containing 100 keywords, each associated with 150 documents, demonstrates the practical efficiency of MASSE. It takes less than two seconds to generate 10 to 100 keyword queries and 14 seconds to retrieve 50 matching documents. Theoretical results show that MASSE outperforms competing solutions, including OXT, and can be scaled to large encrypted databases. MASSE is also suitable for dynamic cloud deployments. Keywords: Searchable Encryption, SSE, Multi-Client, Attribute Based SSE, Access Control, Revocation, OXT