LAUSR

Nowadays the data of the industrial Internet of Things (IIOT) have been stored in cloud servers. The security and privacy of stored data have been hot research topics. The technique of public key searchable encryption (PKSE) may contribute to protect the privacy of industrial data. It is extremely significant how to use PKSE to encrypted data and retrieve the encrypted data without revealing users’ private information. Meanwhile, most of the existing PKSE schemes do not consider the identity verification of the data owner who may upload bad ciphertext if he is malicious. In this paper, we firstly analyze the security of a certificateless searchable encryption scheme in the IIOT environment (Ma et al. scheme), and propose a feasible attack to demonstrate that their scheme is not secure. Through this attack, Type I adversary $A_{\mathrm {I}}$ can forge the trapdoor value for all keywords. Then we proposed a verifiable certificateless public key searchable encryption (VCLPKSE) scheme. The scheme not only overcomes the security issue of Ma et al. scheme, but also offers the authentications of data owners and data users. Via the authentication mechanism, data owners could not repudiate the fact they uploaded the ciphertext. Finally, we proved that the VCLPKSE scheme satisfies the ciphertext indistinguishability, trapdoor indistinguishability and unforgeability in the random oracle model. Meanwhile, we also do the simulation experiment to demonstrate the scheme’s efficiency.