Conjunctive Keyword Search With Designated Tester and Timing Enabled Proxy Re-Encryption Function for E-Health Clouds

No Comments

Conjunctive Keyword Search With Designated Tester and Timing Enabled Proxy Re-Encryption Function for E-Health Clouds


An electronic health (e-health) record system is a novel application that will bring great convenience in healthcare. The privacy and security of the sensitive personal information are the major concerns of the users, which could hinder further development and widely adoption of the systems. The searchable encryption (SE) scheme is a technology to incorporate security protection and favorable operability functions together, which can play an important role in the e-health record system. In this paper, we introduce a novel cryptographic primitive named as conjunctive keyword search with designated tester and timing enabled proxy reencryption function (Re-dtPECK), which is a kind of a time-dependent SE scheme. It could enable patients to delegate partial access rights to others to operate search functions over their records in a limited time period. The length of the time period for the delegatee to search and decrypt the delegator’s encrypted documents can be controlled. Moreover, the delegatee could be automatically deprived of the access and search authority after a specified period of effective time. It can also support the conjunctive keywords search and resist the keyword guessing attacks. By the solution, only the designated tester is able to test the existence of certain keywords. We formulate a system model and a security model for the proposed Re-dtPECK scheme to show that it is an efficient scheme proved secure in the standard model. The comparison and extensive simulations demonstrate that it has a low computation and storage overhead.



  • Proxy re-encryption (PRE) enables a proxy with a re-encryption key to convert a ciphertext encrypted by a delegator’s public key into those that can be decrypted by delegatee’s private key.
  • Proxy re-encryption with public keyword search (Re-PEKS) has introduced the notion of keyword search into PRE. The users with a keyword trapdoor can search the ciphertext while the hidden keywords are unknown to the proxy.
  • Later, Wang et al. has suggested an improved scheme to support the conjunctive keyword search function. All these Re-PEKS schemes are proved secure in random oracle model. Nevertheless, that a proof in random oracle model may probably bring about insecure schemes.


  • Existing systems have high communication or computation cost.
  • On the other hand, existing schemes require an index list of the queried keywords when a trapdoor is generated, which will leak information and impair the query privacy.
  • If an adversary finds that the trapdoors or encrypted indexes have lower entropies, the KG attacks could be launched if the adversary endeavors to guess the possible candidate keywords.


  • In this paper, we endeavor to solve the problem with a novel mechanism proposed to automatically revoke the delegation right after a period of time designated by the data owner previously.
  • It implies that all users including data owner are constrained by the time period. The beauty of the proposed system is that there is no time limitation for the data owner because the time information is embedded in the re-encryption phase. The data owner is capable to preset diverse effective access time periods for different users when he appoints his delegation right.
  • An effective time period set by the data owner can be expressed with a beginning and closing time (for instance, 01/01/2014-12/01/ 2014). A time server is used in the system, which is responsible to generate a time token for the users. After receiving an effective time period T from the data owner, the time server generates a time seal ST by using his own private key and the public key of the delegatee. In that way, the time period T is encapsulated in the time seal ST .
  • By the re-encryption algorithm executed by the proxy server, the time period T will be embedded in the re-encrypted ciphertext. It is the timing enabled proxy re-encryption function. When the delegatee issues a query request, he should generate a trapdoor for the queried keywords using his private key and time seal ST . Only if the time period encapsulated in the trapdoor matches with the effective time period embedded in the proxy re-encrypted ciphertext, the cloud service provider will respond to the search query. Otherwise, the search request will be rejected. In that way, the access right of the delegatee will expire automatically. The data owner needs not to do any other operation for the delegation revocation.


  • To the best of our knowledge, this is the first work that enables automatic delegation revoking based on timing in a searchable encryption system. A conjunctive keyword search scheme with designated tester and timing enabled proxy reencryption function (Re-dtPECK) is proposed, which has the following merits.
  • We design a novel searchable encryption scheme supporting secure conjunctive keyword search and authorized delegation function. Compared with existing schemes, this work can achieve timing enabled proxy re-encryption with effective delegation revocation.
  • Owner-enforced delegation timing preset is enabled. Distinct access time period can be predefined for different delegatee.
  • The proposed scheme is formally proved secure against chosen-keyword chosen-time attack. Furthermore, offline keyword guessing attacks can be resisted too. The test algorithm could not function without data server’s private key. Eavesdroppers could not succeed in guessing keywords by the test algorithm.
  • The security of the scheme works based on the standard model rather than random oracle model. This is the first primitive that supports above functions and is built in the standard mode





  • System                           :         Pentium Dual Core.
  • Hard Disk                      :         120 GB.
  • Monitor                         :         15’’ LED
  • Input Devices                 :         Keyboard, Mouse
  • Ram                               :         1GB


  • Operating system           :         Windows 7.
  • Coding Language           :         JAVA/J2EE
  • Tool                                   :         Netbeans 7.2.1
  • Database                           :         MYSQL


Yang Yang and Maode Ma, Senior Member, IEEE, “Conjunctive Keyword Search With Designated Tester and Timing Enabled Proxy Re-Encryption Function for E-Health Clouds”, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 4, APRIL 2016.


Fields marked with an * are required



Please, let us know the best time to contact you by phone (if provided).

I would like to get new blog posts by email