REKS: Role-Based Encrypted Keyword Search With Enhanced Access Control for Outsourced Cloud Data

Keyword-based search over encrypted data is an important technique to achieve both data confidentiality and utilization in cloud outsourcing services. While commonly used access control mechanisms, such as identity-based encryption and attribute-based encryption, do not generally scale well for hierarchical access permissions. To solve this problem, we propose a Role-based Encrypted Keyword Search (REKS) scheme by using the role-based access control and broadcast encryption. Specifically, REKS allows owners to deploy hierarchical access control by allowing users with parent roles to have access permissions from child roles. Using REKS, we further facilitate token generation preprocessing and efficient user management, thereby significantly reducing the users' final token generation and index update overheads, respectively. Formal security analysis proves that REKS is secure against chosen keyword and internal keyword guessing attacks, and findings from the empirical evaluations demonstrate that REKS is efficient and practical.