Toward Data Security in 6G Networks: A Public-Key Searchable Encryption Approach

166 0890-8044/22/$25.00 © 2022 IEEE IEEE Network • July/August 2022 Abstract With the advances of the fifth generation (5G) mobile communication technology, smart applications enhance the quality of daily life, the urban management by the government and the effective allocation of resources. Smart applications collect data through the Internet of Things, store massive data in the cloud server, and use cloud computing and deep learning to analyze the data, according to the data analysis results to guide human production and life. However, with the breakthrough of 6G technology, the amount of data applied is increasing, and the demand for privacy protection is becoming more prominent. Encrypting data using traditional cryptographic algorithms can solve the problem of privacy leakage, but it hampers the availability of the data. Searchable encryption is a special encryption structure with keyword search, which balances the availability and privacy of massive data. In this article, we analyze some typical security and privacy issues in 6G-based applications, discuss the solutions to these problems, and present a framework of 6G-based smart cities with searchable encryption, which provides a guarantee for the privacy and availability of smart city data (including ciphertext search, access control, etc.). We also propose a searchable encryption solution based on ciphertext-policy attribute-based encryption to solve the conflict between security and data availability of the smart cities as a specific scenario in order to demonstrate the contribution of cryptographic technologies such as public-key searchable encryption to the 6th generation mobile communication technology. Introduction The fifth generation mobile communication technology has been widely deployed in many countries since 2020. With the popularity of 5G, the concept of the interconnection of everything has been implemented, including smart city, smart campus, smart medical, industrial automation and other applications with cloud computing. These applications need to meet the characteristics of low delay and high dependability. The 6th Generation mobile communication technology (6G) [1] will focus on people and data, meet the needs of cloud computing, fog computing, edge computing and other computing technologies for reducing delay and time synchronization, and support the rapid development of the above applications. However, the widespread of intelligent applications may cause problems of data disclosure and personal privacy abuse. These applications facilitate the daily life of every resident, simplify the management process and save resources. However, smart applications with thousands of equipment and complex structure are likely lead to many security problems. Hackers can penetrate into massive Internet of Things (IoT) devices and gateways, hijack users’ private data, and commit crimes by using these data. For example, from December 2015 to November 2016, a total of 43 burglaries were reported in Jingxian County, Anhui Province. Thieves use data from smart meters to determine residents’ habits and steal their homes when they are away from home. Therefore, to protect people’s privacy is an urgent issue. Moreover, these problems do not meet the original intention of 6G, so data encryption and privacy protection technologies are especially required in smart applications. To ensure the private data is not abused, encrypting the data and then uploading the ciphertext to the cloud server is a solution. However, in the big data environment supported by 6G with cloud storage and massive IoT nodes, massive ciphertext data is hard to use. To solve the contradiction between data availability and data privacy, searchable encryption (SE) came into being. SE was first used for distribution of encrypted e-mail and then extended to data search on cloud storage. It supports users to retrieve the information of ciphertext without decryption. According to the type of key, SE can be divided into two types according to symmetric key and asymmetric key. Symmetric-key SE usually has better computational efficiency, but its function is generally simple. Asymmetric key searchable encryption is usually called public-key searchable encryption (PKSE). It has more powerful performance and supports more application scenarios, but its computational efficiency is not as efficient as symmetric-key SE. SE usually generates a keyword index that is used for search. When the user makes a search request, he/she submits a trapdoor containing the keywords to be searched to the server. While the keywords in trapdoor are included in the index, the ciphertext corresponding to the index will returned to the data user as the search result. Search service providers usually adopt the SE algorithm with the same key structure as the ciphertext generation algorithm, and Toward Data Security in 6G Networks: A Public-Key Searchable Encryption Approach Junbin Shi, Yong Yu, Qiming Yu, Huilin Li, and Lianhai Wang TRUST, SECURITY, AND PRIVACY OF 6G Digital Object Identifier: 10.1109/MNET.006.2100714 Junbin Shi, Yong Yu (corresponding author), and Qiming Yu are with Shaanxi Normal University, and Science and Technology on Communication Security Laboratory, China; Huilin Li is with Beihang University, China; Lianhai Wang (corresponding author) is with Shandong Provincial Key Laboratory of Computer Networks, Qilu University of Technology (Shandong Academy of Sciences), China. Authorized licensed use limited to: Chengdu University of Technology. Downloaded on April 01,2023 at 15:58:40 UTC from IEEE Xplore. Restrictions apply. IEEE Network • July/August 2022 167 SE usually only focuses on the index part. In this article, we will take smart cities supported by the IoT and 6G as an example to protect people’s privacy and data security with the following contributions about SE. We analyze the security and privacy issues in 6G based applications. We demonstrate how PKSE can be integrated with 6G based applications by describing a framework with PKSE and 6G based applications. We show some possible solutions based on PKSE to solve the security and privacy issues in 6G-based applications. In addition, we also consider more SE for smart applications, to show the strong functionalities of PKSE in smart applications. Organization: The remainder is presented as follows. We provide preliminaries in the following section. The privacy and security issues caused by 6G applications are analyzed following that. Several possible solutions based on PKSE to smart city security and privacy are presented. Finally, the article is concluded. Preliminary In this section, we introduce fundamental knowledge in a PKSE and its functional and security expansion. Public-Key Searchable Encryption Searchable encryption enables the server to search ciphertext over encrypted data. The concept was first proposed by Song et al. [2] in 2000. Subsequently, Boneh et al. [3] first proposed the concept of PKSE in 2004, which introduced searchable encryption in more scenarios. The structure of the PKSE protocol is shown in Fig. 1. The participants of the protocol include data owners, data users and a cloud server. The data owner uses the public key of the data user to encrypt data, generate index ciphertext, and upload data to the cloud server. The cloud server stores data for data owners and provides search services for data users. A data user uses its private key to generate search trapdoors containing keywords and submit them to the cloud server as search requests. According to the trapdoor, the cloud server can search on the index ciphertext, and return the search results to data user. From any operation of the protocol, the cloud server can not get any information about the search content. PKSE with Fine-Grained Access Control In most PKSE protocols, data users are often given excessive search rights. However, in real use, data users should not have too much authority, some hackers will disguise themselves as users to obtain data they cannot access. PKSE with finegrained access control can solve this problem [4]. The idea of this kind of scheme comes from attribute-based encryption [5]. The structure of the protocol is similar to public-key searchable encryption. The difference is that the data user’s key pair is distributed by Certificate Authority (CA), these keys contain the user’s attributes, and the search trapdoor can only search on the ciphertext of the corresponding attributes. Searchable Proxy Re-encryption The concept of a searchable proxy re-encryption was proposed by Shao et al. [6] in 2010. They found that the existing PKSE could not meet the needs of data sharing among different groups. It contains a special mathematical structure that uses the private key of the current data owner and the public key of the next data owner to generate a re-encryption key. The cloud server can use the re-encryption key to update the index ciphertext. The updated index ciphertext is equivalent to the one encrypted with the next data owner’s public key. Moreover, the ciphertext before and after the update can be searched by the search trapdoor generated by the corresponding private key. In the whole process of the protocol running, the cloud server can not get any information of the ciphertext. Security of Public-Key Searchable Encryption In traditional PKSE protocols, the security requirement is ciphertext indistinguishability under chosen keyword attack. This security definition ensures the security of index ciphertext. However, in the public-key searchable encryption, the search trapdoor also contains keyword information. Baek et al. [7] pointed out that there is an attack that can easily obtain the keyword information in the search trapdoor. Generating index ciphertext needs the user’s public key and corresponding keywords, anyone can perform this operation. The total number of keywords is very limited. Hackers can generate index ciphertext of different keywords through traversal, and test with search trapdoor, so as to obtain the keyword information in search trapdoor. This attack is called offline keyword guessing attack. Rhee et al. [8] proposed in 2010 that as long as the search trapdoor is indistinguishable, the scheme can resist the offline keyword guessing attack of external adversaries. Therefore, we need to pay attention not only to the security of index ciphertext, but also to the security of the search trapdoor. Data Privacy and Security Issues in the Applications Based on 6G We introduce several typical data privacy and security issues in this section. The smart city supported by 6G and IoT will be shown as an example. Smart city [9] is a new urban form supported by modern communication, computing and other technologies. It is people-oriented and data-centered. It facilitates residents’ daily production and life through data collection and analFIGURE 1. The structure of public-key searchable encryption. Authorized licensed use limited to: Chengdu University of Technology. Downloaded on April 01,2023 at 15:58:40 UTC from IEEE Xplore. Restrictions apply. 168 IEEE Network • July/August 2022 ysis. Moreover, smart cities can optimize resource scheduling, improve the operation efficiency of administrative functions and provide technical support for sustainable development. It is supported by IoT, 6G, cloud computing, artificial intelligence and other technologies [10]. The general situation of the smart city structure is described in Fig. 2. These devices play their respective roles in a smart city, including lightweight nodes, personal computers and cloud servers with strong computing power, as well as some infrastructure for communication and authentication. Lightweight sensor nodes and users’ personal devices are used to collect data, which will be used to improve the quality of service and optimize the operation efficiency of the city. The communication and authentication infrastructure is used to connect users to servers so that they can “talk” to each other. The server helps users analyze the data, and helps service providers to provide customized services for users and to assist the effective management of the city. Based on these intelligent devices, many applications emerge as the times require, such as COVID-19 prevention [11], smart grid [12], smart transportation, smart government, and so on. These applications depend on 6G, and they are also typical scenarios of 6G applications. Here are examples of two scenarios. COVID-19 Prevention: This year, covid-19 has become a worldwide epidemic. By December 2020, more than 261 million people have been infected and more than 5.2 million people have died. Under the premise of effective treatment, the mortality of this disease is not high. But the rapid rise in the number of infections will lead to the collapse of the medical system, and largescale death is inevitable. Moreover, as time goes by, the virus continues to mutate, and vaccination can not completely prevent infection. Therefore, blocking the spread of disease is the top priority in the fight against the epidemic. If the personal travel information is connected to the smart city system, the system can easily judge everyone’s contact range according to the user’s access to the 6G base station, estimate the infection risk, and remind high-risk people to be isolated at home. In this way, the transmission can be blocked in the early stage of the epidemic, and medical resources will be targeted to the infected and high-risk groups, and the epidemic situation will be nipped in the bud stage to ensure the life safety of citizens. This can effectively block the spread of the virus, but it will also reveal citizens’ privacy. The possible epidemic exposure belongs to the user’s sensitive data, and its use authority shall be limited. It can only be used by institutions analyzing the epidemic situation and should not be obtained by other institutions in the smart city. Smart Transportation: Smart transportation is a service system for transportation that makes full use of modern electronic information technologies. The system will intelligently control the waiting time of traffic lights according to the traffic flow information. It can indicate the congestion situation of the road ahead and remind drivers whether to detour. It can deal with the penalty online without having to queue up offline. It can inform the driver in advance whether there is a parking place at the destination. It can also intelligently adjust the brightness of street lamps according to the traffic flow to realize energy saving and emission reduction. All the above functions depend on the location information of citizens participating in traffic. This information is only used for traffic scheduling and should not be obtained by other users. Thus, it is necessary to encrypt information in order to control the access priorities. These applications based on IoT, 5G, 6G and other emerging technologies have brought great convenience to human production and life, but also brought security risks. On Christmas Day 2019, many people found new Wyze cameras under their trees or in their socks. But while happy to receive gifts, the company brought users a big problem (Wyze Data Leak: https://www. geekwire.com/2019/wyze-data-leak-key-takeaways-server-mistake-exposed-information-2-4mcustomers/). It was confirmed that the company exposed the personal data of about 2.4 million users in a few weeks. The exposed data includes user email address, camera nickname, WiFi network information, Wyze device information, some tokens related to Alexa integration, and “physical indicators of a few product beta testers.” These information exposures not only threaten the privacy of users, but also may help criminals. In order to prevent similar incidents, several typical data privacy and security issues are introduced. FIGURE 2. Structure of smart city supported by 6G and IoT. Authorized licensed use limited to: Chengdu University of Technology. Downloaded on April 01,2023 at 15:58:40 UTC from IEEE Xplore. Restrictions apply. IEEE Network • July/August 2022 169 Data Search and Privacy Smart city is a typical 6G based application. It contains many kinds of data, in which the citizens’ private data is an important part, such as the citizens’ trip data, health data [13], the smart meters’ electricity data, and so on. Uploading the plaintext of these citizens’ private data to the cloud server is like making it public. The citizens’ trip data and the smart meters’ electricity data will reveal the citizens’ schedules. The leakage of these data will provide an opportunity for burglars. The citizens’ health data leakage may lead to unnecessary discrimination for citizens and affect their normal life. To protect the privacy of citizens’ data, it can be encrypted and uploaded. Ordinary encryption algorithms will destroy the statistical characteristics of data itself, making it indistinguishable from random numbers. If the private data of citizens is directly encrypted and uploaded to the cloud server, it will become difficult to search under the data level of the smart city. Thus, it is of importance to reconcile the contradiction between availability and privacy of data in the context of smart cities. Privacy in Data Sharing Data is one of the essential parts of 6G. The citizens’ trip data can reflect the road traffic flow and congestion. Through the analysis, it can guide the length of signal lights and remind other citizens of road congestion, so as to alleviate the traffic pressure. The health data of citizens should be visible to doctors when they seek medical treatment, which helps doctors make correct diagnosis. If the power consumption data of smart meters are shared with power plants, peak power supply prediction can be realized, and energy conservation and emission reduction can be realized on the premise of ensuring power supply. In addition, the privacy of these data should be guaranteed, and other people should not abuse them. Thus, it is of great importance to reconcile the contradiction between data sharing and data privacy. Access Control of PrivateData Sharing data with people who need to use data is a common and important application scenario in applications based on 6g, in which fine-grained access control is particularly important. For example, a citizen’s health information should only be used by his medical team, not the whole medical community. The citizens’ travel information should only be shared anonymously with other people on the same road and the traffic management system of the city. Other people should not be allowed to obtain relevant information. This not only respects the privacy of citizens, but also prevents hackers from pretending to be a member of the data user group to obtain data that should not be used by them. Solutions Based on Public-Key Searchable Encryption To solve above challenges, 6G based applications with privacy protection based on PKSE needs ingenious solutions. PKSE should play an important role in privacy protection and data access control. In this section, we first introduce the framework of privacy protection in 6G based on PKSE with smart city system as an example. Then, aiming at a specific scenario, we introduce a solution based on public-key searchable encryption, which is used to solve the data privacy and access control problems of citizens. The Framework of 6G-Based Smart City with Searchable Encryption The framework of privacy protection in 6G based on PKSE is shown in Fig. 3. The construction of data packets and the communication model is the same as the plaintext model of the original system, so no additional discussion will be made. IoT Sensors: IoT sensors include but are not limited to wearable devices, vehicle sensors, smart homes, and so on. These devices are used to collect data and are the source of original data. The original data will be sent to the local gateway in the form of plaintext, and the gateway will further process the data. These sensors usually do not have much computing power, so it is difficult to encrypt the data. But it is easy to establish secure communication between sensor and gateway, so it will not bring obvious security risks. Gateways: The role of a gateway is usually played by personal mobile phones, computers, home gateways, gateway server, and other devices with certain computing power. It receives data from the IoT devices, encrypts the data and uploads it to the cloud server by using a 6G network. The gateway should be trusted and can be controlled by the data owner. Gateway insecurity is equivalent to key loss. This kind of security problem can not be solved by cryptography. So we assume that the gateway is secure. Cloud Servers: Cloud server provides online data computing and data storage services for users. It may be a server cluster or a distributed server connected by a virtualized network. Usually, the cloud server is considered to be semi-honest, it will normally provide services for users, but it is curious about the privacy of users. Cloud servers FIGURE 3. The framework of privacy protection in 6G based on public-key searchable encryption. Authorized licensed use limited to: Chengdu University of Technology. Downloaded on April 01,2023 at 15:58:40 UTC from IEEE Xplore. Restrictions apply. 170 IEEE Network • July/August 2022 store ciphertext data and index ciphertext uploaded by data owners and provide search services for data users. Data users submit a search request to the cloud server, and the search trapdoor contains the relevant information of the keywords to be searched. The cloud server runs the test algorithm with index ciphertext and search trapdoor as input and returns the ciphertext which output result is “yes” to the data user as a search result. Data Users: Data users include traffic management systems, hospitals, power stations and other institutions. They rely on users’ data to improve their service quality and efficiency. They use their own private key and keywords to generate search trapdoors and submit them to the cloud server. The cloud server will return the search results according to the search trapdoor, and the decrypted results will be the data plaintext they need. CrossDomain Data Sharing Data sharing across domains usually adopts the encryption scheme of re-proxy. In a 6G based application, the use scenario of re-proxy searchable encryption is usually data sharing across units, such as the transfer of medical records when patients change hospitals. [14] has designed a complete solution for this scenario. Their Re-dtPECK(conjunctive keyword search with designated tester and timing enabled proxy re-encryption function) protocol can be applied not only to medical data, but also to other scenarios based on 6G. Fine Grained Access Control Figure 4 shows the models of two different types of access control structures. In the access control based on key policy, the file is bound with accessible attributes, and the access control structure is bound in the user key. Only if the attributes in the file comply with the access control policy in the user key, the user can access the file. This access control structure is more suitable for data distribution environments, such as video website membership systems, online novel paid reading and so on. Each file has a fixed attribute, according to update the user key to control the scope of data users can access. In the access control based on ciphertext policy, the user key is bound with accessible attributes, and the access control structure is bound in the file. Users can access the file only if the attributes in the user key comply with the access control policy in the file. This access control structure is more suitable for personal data sharing, such as the access control of citizens’ data in smart cities. When file is uploaded, the data owner determines the access control structure, which implies the people who can use the data. The data consumer’s key contains its own attributes. Only if the attributes in the key satisfy the access control structure in the file, the data consumer can access the corresponding file. Yu et al. [4] proposed key-policy attribute-based encryption with keyword search (KP-ABEKS) that can resist the offline keyword guessing attack of external adversaries, but the access control of key policy is not suitable for the access control of citizens’ privacy information. On the premise that data owners’ identity keys should not be easily changed, CP-ABEKS (ciphertext-policy attribute-based encryption with keyword search) is more applicable. But many schemes with ciphertext policy cannot resist the offline keyword guessing attack of external adversaries. Therefore, we propose a specific solution, a construction of CP-ABEKS used in 6G based applications, which can resist the offline keyword guessing attack of external adversaries and is suitable for data owners’ key remains unchanged. A Specific Solution To meet the security sharing and access control requirements of personal data in smart cities, we choose the access control structure of ciphertext policy. In public-key searchable encryption, search depends on index ciphertext. Ciphertext data is encrypted by symmetric encryption, and each file has index ciphertext associated with it. Therefore, only the computation and security of index ciphertext are discussed here. Our solution contains four types of entities: the data owner, the data user, the cloud storage server and the FIGURE 4. Access control structures. Authorized licensed use limited to: Chengdu University of Technology. Downloaded on April 01,2023 at 15:58:40 UTC from IEEE Xplore. Restrictions apply. IEEE Network • July/August 2022 171 PKI(public key infrastructure). The data owner, the data user and the cloud storage server are the three parties involved in the protocol. The PKI, as a trusted third party, initializes the protocol, generates public parameters, and produce keys for participants. The details of the protocol can be divided into the following six parts. Setup: The PKI generates common parameters for the protocol, including prime order group, group generator and bilinear mapping. Access control matrix and random exponential distribution are also generated. These parameters will be used in the subsequent operation of the protocol. Public parameters are exposed to all members of the protocol. Keygen-S: The data owner defines the universal attribute set and sends it to the PKI. PKI generates a public key and a master key based on the universal attribute set. The public key will be used to generate the index ciphertext. The master key will be used to generate the private key for the data user. At the same time, the cloud storage server generates a pair of keys to mask the secrets in the search trapdoor and expose the server’s public key to all protocol participants. CP-ABEKS: The data owner sets the access structure, which contains attributes and ANDOR gates. These settings imply the identity of the people who can access the data. Then, the data owner generates the index ciphertext according to the public key and access control structure. The data ciphertext and index ciphertext will be sent to the cloud storage server. Keygen-R: The data user send his own attributes to the PKI, and the PKI generates the private key according to the master key as a response. TrapdoorGen: The data user generates search trapdoors according to the keywords he want to search with his private key and the server’s public key. Equality Test: The data user submits the search trapdoor to the cloud storage server. The cloud storage server matches the attributes in the search trapdoor and the access control structure in the index ciphertext, and matches the keywords in the search trapdoor and the keywords in the index ciphertext. If two matches pass at the same time, the data ciphertext corresponding to the index ciphertext is returned as a response. If one of the matches fails, the search request is rejected. When one of the matches passes and the other fails, the information obtained by the cloud storage server cannot be distinguished from the information obtained when both matches fail. The cloud storage server will not get additional information. Security of Our Solution: IND-CKA (indistinguishability under chosen-keyword attack) describes the security that hackers cannot obtain information from index ciphertext. Even if the hacker knows that the index ciphertext C is encrypted by plaintext 0 or M1, he can’t distinguish it in probabilistic polynomial time. IND-OKGA (indistinguishability under offline keyword-guessing attack) describes the security that hackers cannot obtain information from search trapdoor. Even if the hacker knows that the search trapdoor T is generated by plaintext M0 or M1, he can’t distinguish it in probabilistic polynomial time. Our solution can achieve IND-CKA and IND-OKGA. IND-CKA can reduce the difficulty of the decisional q-parallel BDHE assumption. IND-OKGA can reduce the difficulty of DDH assumption. Evaluation of Performance: The implementation of our scheme is shown in this part. The programs are designed based on VS 2022 (VS2022:https://visualstudio.microsoft.com/ zh-hans/vs/) with C++ and MIRACL (MIRACL:https://github.com/miracl). The test platform is AMD(R) Ryzen(TM) R5-5600X CPU 4600 MHz, 16GB 3600MHz DDR4 RAM and Windows 10 (Version 19042.1348). Every test were performed 2000 times and the test data were averaged. We will test the performance of the protocol in two parts according to the access control structure and the number of keywords. The difference of the communication cost between the scheme and the plaintext search is only the ciphertext expansion brought by symmetric encryption. If symmetric encryption causes data expansion, the communication cost of search result retrieval will be greater than that of plaintext search. There is no obvious difference between the communication overhead of searchable encryption part and plaintext search, so there is no additional discussion of communication cost. Part 1: In this part, we set a sum of 500 keywords in the index as control variables to analyze the influence of access control structure on scheme efficiency. The total number of attributes, the number of effective attributes and the number of access control nodes will be taken as independent variables, and the algorithm running time will be taken as dependent variables to show the influence of access control structure on scheme efficiency. This part of the test will be divided into three modules as follows: • To test the influence of the sum number of attributes on the efficiency of the scheme, we set the valid attribute to 6 and the access control nodes to 11. • The access control structure can be constructed with depth-first or breadth-first according to the requirements. To analyze the influence of different structures on the efficiency of the scheme, we will discuss the above two extreme structures respectively. Suppose that the attribute tree is a complete binary tree, the sum number of attributes is 21, and the valid attributes are 15. Then the tree has 29 nodes in depth-first construction and 31 nodes in breadth-first construction. We tested these two cases respectively. • We analyze the effect of the number of active attributes on the efficiency of the scheme. We set the sum number of attributes to 12. The number of active attributes will be the dependent variable. The binary tree of the access control structure will be selected according to the attributes set. The number of active attributes is taken as the independent variable and the implementation efficiency of the scheme is taken as the dependent variable. The difference of the communication cost between the scheme and the plaintext search is only the ciphertext expansion brought by symmetric encryption. If symmetric encryption causes data expansion, the communication cost of search result retrieval will be greater than that of plaintext search. Authorized licensed use limited to: Chengdu University of Technology. Downloaded on April 01,2023 at 15:58:40 UTC from IEEE Xplore. Restrictions apply. 172 IEEE Network • July/August 2022 Figure 5 shows the results of the test. Used attributes affect KeygenR, TrapdoorGen and EqualityTest. As shown in the figure, with the increase of user attributes, their time cost also increases linearly, in which the slope of TrapdoorGen and EqualityTest are larger and the correlation with used attributes is stronger. This is due to the structure of the scheme. The more used attributes contained in the key, the more modular exponentiation TrapdoorGen and EqualityTest must run. The sum number of attributes merely influences the running speed of KeygenS. In the process of generating the master key, KeygenS needs to preset parameters for all the attributes that may be used, so its running efficiency is linearly related to the sum number of attributes. The more the sum number of attributes, the more time-consuming KeygenS runs. The number of nodes in the access control structure has little effect on the efficiency of CP-ABEKS because CP-ABEKS needs to generate a complete binary tree when it runs. The number of nodes in the access control structure influences the number of active attributes, and the influence of active attributes on the number of nodes in the attribute tree is far greater than the construction form of the tree itself. Therefore, the effect of active attributes on CP-ABEKS efficiency can be approximately regarded as linear correlation. Part 2: In this part, we set the remaining parameters to test the influence of the number of keywords on the efficiency of the scheme. We set the total number of attributes as 12 and the number of active attributes as 6. The binary tree is constructed with breadth-first, and the leaf node with depth of 5 is used to generate the index ciphertext by default. The test results of this part is shown in Fig. 6. The number of keywords in the ciphertext will only affect CP-ABEKS and EqualityTest, because other parts of the scheme do not involve the number of keywords in the ciphertext. The operation efficiency of EqualityTest is little affected by the number of keywords in the ciphertext because its main operation is to recover the secret in secret sharing. To increase the number of keywords, we only need to increase the number of matching, and there is no need to recover the same secret repeatedly. For CP-ABEKS, the running speed shows a strong correlation with the number of keywords in the index. Because when CP-ABEKS is running, different access control structures may need to be set for different keywords. When the access control structure is different, a lot of content needs to be recalculated. Of course, for multiple keyword encryption under the same access control structure, CP-ABEKS will show similar efficiency as EqualityTest. Conclusions and Future Work 6G based smart applications make comprehensive decisions through the exchange and analysis of massive data, which provides great convenience for people’s daily life. But it also led to the disclosure of privacy. Searchable encryption has the potential to address security and privacy issues in 6G based smart application. In this article, we analyze the typical security issues in smart cities as an example. Then some solutions based on searchable encryption are proposed. Specifically, we propose a framework for integrating searchable encryption into smart city, and a practical solution for specific scenarios. In addition, we introduced more solutions with other capabilities and scenarios. FIGURE 5. Experimental results of Part 1. FIGURE 6. Experimental Results of Part 2. Authorized licensed use limited to: Chengdu University of Technology. Downloaded on April 01,2023 at 15:58:40 UTC from IEEE Xplore. Restrictions apply. IEEE Network • July/August 2022 173 Future Work In the public-key searchable encryption, there is still no perfect solution to the internal adversary’s keyword guessing attack. The idea of secure multi-party computing may solve this problem. Inverted index can further improve the efficiency of search, but it needs to meet the additional forward security and backward security. In 6G based smart applications, how to delete data at the end of the life cycle is also a problem to be discussed. Xue et al [15] conducted research on data deletion, however, more discussions are still needed to determine whether it is suitable for 6G based smart applications. Acknowledgments This work is supported by the National Natural Science Foundation of China(61872229, U19B2021), Shaanxi Distinguished Youth Project(2022JC-47), the Key Research and Development Program o f Shaanxi(2021ZDLGY06-04, 2020ZDLGY09-06),and Fundamental Research Funds for the Central Universities (Grant No. 2020TS086). References [1] X. You et al., “Towards 6G Wireless Communication Networks: Vision, Enabling Technologies, and New Paradigm Shifts,” Sci. China Inf. Sci., vol. 64, no. 1, 2021. [2] D. X. Song, D. A. Wagner, and A. Perrig, “Practical Techniques for Searches on Encrypted Data,” S&P, 2000, pp. 44–55. [3] D. Boneh et al., “Public Key Encryption With Keyword Search,” Proc. EUROCRYPT 2004, 2004, pp. 506–22. [4] Y. Yu et al., “Key-Policy Attributebased Encryption With Keyword Search in Virtualized Environments,” IEEE JSAC, vol. 38, no. 6, 2020, pp. 1242–51. [5] A. Sahai and B. Waters, “Fuzzy Identity-Based Encryption,” Proc. EUROCRYPT 2005, 2005, pp. 457–73. [6] J. Shao et al., “Proxy Re-Encryption with Keyword Search,” Inf. Sci., vol. 180, no. 13, 2010, pp. 2576–87. [7] J. Baek, R. Safavi-Naini, and W. Susilo, “Public Key Encryption with Keyword Search Revisited,” Proc. ICCSA 2008, LNCS 5072, Springer, 2008, pp. 1249–59. [8] H. S. Rhee et al., “Trapdoor Security in a Searchable Public-Key Encryption Scheme With a Designated Tester,” J. Systems and Software, vol. 83, no. 5, 2010, pp. 763–71. [9] G. Kirti and A. Singla, “A Systematic Literature Survey: Development of Smart City Based on Various Internet of Things Architectures,” Integration of WSN and IoT for Smart Cities, Springer, 2020, pp. 65–78. [10] X. Du, “QoS Routing Based on Multi-Class Nodes for Mobile Ad Hoc Networks,” Ad Hoc Networks, vol. 2, no. 3, 2004, pp. 241–54. [11] V. Chamola et al., “A Comprehensive Review of the COVID-19 Pandemic and the Role of Iot, Drones, AI, Blockchain, and 5G in Managing its Impact,” IEEE Access, vol. 8, 2020, pp. 90,225–65. [12] N. Wang et al., “When Energy Trading Meets Blockchain in Electrical Power System: The State of the Art,” IEEE Access, vol. 9, no. 8, 2019, pp. 1–31. [13] J. Liu et al., “BPDS: A Blockchain Based Privacy-Preserving Data Sharing for Electronic Medical Records,” Proc. IEEE GLOBECOM 2018, 2018, pp. 1–6. [14] Y. Yang and M. Ma, “Conjunctive Keyword Search with Designated Tester and Timing Enabled Proxy Re-Encryption Function for E-Health Clouds,” IEEE Trans. Info. Forensics Secur., vol. 11, no. 4, 2016, pp. 746–59. [15] L. Xue et al., “Efficient Attribute-Based Encryption with Attribute Revocation for Assured Data Deletion,” Info. Sci., vol. 479, 2019, pp. 640–50. Biographies Junbin Shi is currently a Ph.D. candidate at Shaanxi Normal University, China. His research interest is searchable encryption. Yong Yu is currently a professor at Shaanxi Normal University, China. His research interests are data security and blockchain. He has published over 100 papers in reputed journals and conferences. He is an Associate Editor of IEEE Transactions on Computers. Qiming Yu is currently pursuing her Master’s degree at Shaanxi Normal University, China. Her research interest is digital signature. Huilin Li is currently pursuing her Ph.D. degree at Beihang University, China. Her research interests include blockchain security and AI security. Lianhai Wang is currently a research professor with the Shandong Provincial Key Laboratory of Computer Networks, Qilu University of Technology (Shandong Academy of Sciences). His research interest is data security. He has published over 50 papers in international journals and conferences. Authorized licensed use limited to: Chengdu University of Technology. Downloaded on April 01,2023 at 15:58:40 UTC from IEEE Xplore. Restrictions apply.