View in EDS

SE-COLLAB: Achieving Fine-Grained and Efficiently Verifiable Searchable Encryption With Boolean Multi-Keyword Search for Collaborative IIoT Data Sharing

Saved in:
Bibliographic Details
Title: SE-COLLAB: Achieving Fine-Grained and Efficiently Verifiable Searchable Encryption With Boolean Multi-Keyword Search for Collaborative IIoT Data Sharing
Authors: Somchart Fugkeaw, Jirakit Deevijit
Source: IEEE Access, Vol 13, Pp 126012-126029 (2025)
Publisher Information: Institute of Electrical and Electronics Engineers (IEEE), 2025.
Publication Year: 2025
Subject Terms: blockchain, Attribute–based searchable encryption, bitwise posting list, cloud proxy, Electrical engineering. Electronics. Nuclear engineering, edge proxy, Merkle tree, TK1-9971
Description: In Industrial Internet of Things (IIoT) environments, the secure and efficient retrieval of sensitive data from outsourced storage remains a critical challenge, especially under collaborative and multi-authority settings. Existing searchable encryption (SE) techniques either suffer from limited access control flexibility or impose high computation and verification costs, making them unsuitable for large-scale, real-time IIoT applications. To address these challenges, we propose a novel hybrid searchable encryption framework that combines Attribute-Based Searchable Encryption (ABSE) for fine-grained access control for efficient keyword indexing and Boolean query processing. Our system supports multi-authority users by allowing each Data User (DU) to receive attribute-based keys from different trusted domains, enabling decentralized search authorization. A Proxy Re-Encryption (PRE) mechanism further ensures secure and privacy-preserving query delegation across organizations. To optimize search performance, we design a Bitwise Posting List (BPL) structure for scalable multi-keyword Boolean search. Moreover, we introduce a tamper-resistant search result validation mechanism based on Merkle Tree aggregation and Zero-Knowledge Proofs (ZKP), enabling users to verify the integrity and completeness of retrieved results with minimal overhead. Our revocation mechanism leverages smart contracts and Bloom filters to minimize ciphertext re-encryption while ensuring that revoked users cannot perform valid searches. Comprehensive evaluations demonstrate that the proposed scheme outperforms existing approaches in terms of access control granularity, search efficiency, and verifiable result assurance in multi-entity IIoT data-sharing environments.
Document Type: Article
ISSN: 2169-3536
DOI: 10.1109/access.2025.3590026
Access URL: https://doaj.org/article/86ed99877977411ea5eb7fb6818e7b00
Rights: CC BY
Accession Number: edsair.doi.dedup.....54877e7ced3ae3412e5b3bc39b3d306e
Database: OpenAIRE
Description
Abstract:In Industrial Internet of Things (IIoT) environments, the secure and efficient retrieval of sensitive data from outsourced storage remains a critical challenge, especially under collaborative and multi-authority settings. Existing searchable encryption (SE) techniques either suffer from limited access control flexibility or impose high computation and verification costs, making them unsuitable for large-scale, real-time IIoT applications. To address these challenges, we propose a novel hybrid searchable encryption framework that combines Attribute-Based Searchable Encryption (ABSE) for fine-grained access control for efficient keyword indexing and Boolean query processing. Our system supports multi-authority users by allowing each Data User (DU) to receive attribute-based keys from different trusted domains, enabling decentralized search authorization. A Proxy Re-Encryption (PRE) mechanism further ensures secure and privacy-preserving query delegation across organizations. To optimize search performance, we design a Bitwise Posting List (BPL) structure for scalable multi-keyword Boolean search. Moreover, we introduce a tamper-resistant search result validation mechanism based on Merkle Tree aggregation and Zero-Knowledge Proofs (ZKP), enabling users to verify the integrity and completeness of retrieved results with minimal overhead. Our revocation mechanism leverages smart contracts and Bloom filters to minimize ciphertext re-encryption while ensuring that revoked users cannot perform valid searches. Comprehensive evaluations demonstrate that the proposed scheme outperforms existing approaches in terms of access control granularity, search efficiency, and verifiable result assurance in multi-entity IIoT data-sharing environments.
ISSN:21693536
DOI:10.1109/access.2025.3590026