Securely sharing outsourced IoT data: A secure access and privacy preserving keyword search scheme

The rapid progress in the field of IoT and its wide-ranging applications emphasize the criticality of robust security measures for effectively sharing, storing, and managing sensitive data generated by IoT devices. Regulations such as the Consumer Data Rights (CDR) highlight the need for the seamless sharing of sensitive data with authorized third parties while ensuring confidentiality and privacy. To enable such secure sharing, a data storage and sharing scheme should fulfill the following core requirements: (a) support multi-client data sharing settings, allowing IoT data owners to authorize multiple clients; (b) a dynamic storage environment permitting IoT owners to add or remove files with minimal privacy leak; (c) decentralized storage for distributing data across servers or Cloud Service Providers (CSPs) for greater security; and (d) efficient privilege revocation mechanism which incurs less computation and communication overhead. To address these requirements, we have proposed a novel keyword search scheme using computationally lightweight cryptographic primitives. Our scheme empowers IoT data owners to securely share, store and manage encrypted data in the CSPs, providing better security and privacy. We have provided formal security proof for our scheme as well as validated its efficiency via extensive experiments on the Docker platform. On a database of 12 million keyword/document pairs (with 105 documents and 103 keywords), our scheme took about 18 ms to return all matched documents.