Article Preview
TopIntroduction
Cloud computing is becoming increasingly appealing and relevant to financial organizations. Financial institutions can leverage cloud technology services with greater flexibility and efficiency as and when needed. However, in a cloud-based banking system, security and privacy are the two primary concerns causing hindrance to the adoption of this technology. The financial and personal data of the customers may get compromised if stored in plaintext over the third-party cloud server. The big financial institutions can own their private cloud and can manage security and privacy issues. However, for small organizations, the public cloud emerges as the only viable solution (Bhushan, and Gupta, 2017; Gou et al., 2017; Kaushik & Gandhi, 2019). The financial and personal data of customers in any banking system is sensitive by origin, thus it must be kept in an encrypted format over the public cloud (Fatima, Shahin and Ahmad, 2021). Encryption prevents exposure of sensitive information, but at the same time, it makes the basic search operation difficult. Hence, the concept of searchable encryption was introduced, which enables the cloud server to perform searches over encrypted data on behalf of data users without revealing any knowledge about the data being searched.
To construct a searchable encryption scheme for a shared storage environment, a public-key encryption setting is preferable as compared to a symmetric key setting. Because the symmetric key setup has a complex key sharing mechanism. Because attribute-based encryption (ABE), especially its ciphertext-policy (Bethencourt et al., 2007), allows a data owner to impose their access policy over encrypted data, it favors the current scenario and is thus utilized in this paper. Moreover, ABE suits well in the multi-user scenario because it allows for fine-grained access management (Kaushik, and Gandhi, 2020). Therefore, attribute-based keyword search also inherits this unique feature where fine-grained access control is utilized to define the users' searching capabilities. Furthermore, the data owner has total control over the data he has provided for sharing on to the cloud server. To further improve the flexibility, a multi-authority approach is used where any party can act as attribute authority and act independently without any coordination with other authorities (Miao et al., 2019; Xu et al., 2019). Figure 1 clearly depicts the need for the multi-authority approach. In the single authority approach, the whole burden of managing and distributing secret credentials to the users from different domains is entirely on that single authority. It can result in performance bottleneck, when the number of user increases.
Figure 1. Need for the Multi-Authority Approach
The multiple attribute authorities can cover users from diverse organizations belonging to entirely disjoint domains, and each attribute authority is responsible for managing the attributes of just a single domain. Moreover, the computational burden also gets distributed. Now with multi-authority approach, maintaining and verifying all attributes and assigning associated secret key components to all cloud users is no longer the duty of a single central authority.