The proliferation of connected devices through Internet connectivity presents both opportunities for smart applications and risks to security and privacy. It is vital to proactively address these concerns to fully leverage the potential of the Internet of Things. IoT services where one data owner serves multiple clients, like smart city transportation, smart building management and healthcare can offer benefits but also bring cybersecurity and data privacy risks. For example, in healthcare, a hospital may collect data from medical devices and make it available to multiple clients such as researchers and pharmaceutical companies. This data can be used to improve medical treatments and research but if not protected, it can also put patients' personal information at risk. To ensure the benefits of these services, it is important to implement proper security and privacy measures. In this paper, we propose a symmetric searchable encryption scheme with dynamic updates on a database that has a single owner and multiple clients for IoT environments. Our proposed scheme supports both forward and backward privacy. Additionally, our scheme supports a decentralized storage environment in which data owners can outsource data across multiple servers or even across multiple service providers to improve security and privacy. Further, it takes a minimum amount of effort and costs to revoke a client's access to our system at any time. The performance and formal security analyses of the proposed scheme show that our scheme provides better functionality, and security and is more efficient in terms of computation and storage than the closely related works.

翻译：物联网设备的广泛互联带来了智能应用机遇，同时也引发了安全隐私风险。为充分释放物联网潜力，亟需主动应对这些挑战。在智慧城市交通、智能楼宇管理和医疗健康等物联网服务场景中，单个数据拥有者为多个客户端提供数据服务，虽能创造显著效益，但也带来了网络安全与数据隐私隐患。例如在医疗领域，医院可能收集医疗设备数据并开放给研究机构和制药公司等多方客户端。这些数据能推动诊疗技术改善和科研进展，但若未加保护，可能危及患者个人信息安全。为确保此类服务的积极效用，实施合理的安全隐私保护措施至关重要。本文针对物联网环境中单拥有者多客户端的数据库场景，提出一种支持动态更新的对称可搜索加密方案。该方案同时具备前向隐私和后向隐私特性，并支持去中心化存储环境——数据拥有者可跨多服务器甚至跨服务提供商外包数据，以增强安全与隐私保护。此外，本方案能以最低成本在任意时刻撤销客户端的系统访问权限。性能分析与形式化安全评估表明，与现有相关研究相比，本方案在功能、安全性及计算/存储效率方面均具有更优表现。