{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T16:38:34Z","timestamp":1776443914341,"version":"3.51.2"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,6,3]],"date-time":"2023-06-03T00:00:00Z","timestamp":1685750400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,6,3]],"date-time":"2023-06-03T00:00:00Z","timestamp":1685750400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172411"],"award-info":[{"award-number":["62172411"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172404"],"award-info":[{"award-number":["62172404"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61972094"],"award-info":[{"award-number":["61972094"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Personally identifiable information (PII) refers to any information that links to an individual. Sharing PII is extremely useful in public affairs yet hard to implement due to the worries about privacy violations. Building a PII retrieval service over multi-cloud, which is a modern strategy to make services stable where multiple servers are deployed, seems to be a promising solution. However, three major technical challenges remain to be solved. The first is the privacy and access control of PII. In fact, each entry in PII can be shared to different users with different access rights. Hence, flexible and fine-grained access control is needed. Second, a reliable user revocation mechanism is required to ensure that users can be revoked efficiently, even if few cloud servers are compromised or collapse, to avoid data leakage. Third, verifying the correctness of received PII and locating a misbehaved server when wrong data are returned is crucial to guarantee user\u2019s privacy, but challenging to realize. In this paper, we propose Rainbow, a secure and practical PII retrieval scheme to solve the above issues. In particular, we design an important cryptographic tool, called Reliable Outsourced Attribute Based Encryption (ROABE) which provides data privacy, flexible and fine-grained access control, reliable immediate user revocation and verification for multiple servers simultaneously, to support Rainbow. Moreover, we present how to build Rainbow with ROABE and several necessary cloud techniques in real world. To evaluate the performance, we deploy Rainbow on multiple mainstream clouds, namely, AWS, GCP and Microsoft Azure, and experiment in browsers on mobile phones and computers. Both theoretical analysis and experimental results indicate that Rainbow is secure and practical.<\/jats:p>","DOI":"10.1186\/s42400-023-00146-z","type":"journal-article","created":{"date-parts":[[2023,6,3]],"date-time":"2023-06-03T02:02:13Z","timestamp":1685757733000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Rainbow: reliable personally identifiable information retrieval across multi-cloud"],"prefix":"10.1186","volume":"6","author":[{"given":"Zishuai","family":"Song","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8359-5158","authenticated-orcid":false,"given":"Hui","family":"Ma","sequence":"additional","affiliation":[]},{"given":"Shuzhou","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Yansen","family":"Xin","sequence":"additional","affiliation":[]},{"given":"Rui","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,6,3]]},"reference":[{"key":"146_CR1","unstructured":"Amazon: AWS Documentation: What is ABAC for AWS? https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/introduction_attribute-based-access-control.html"},{"key":"146_CR2","unstructured":"Apache: Kafka (2011). https:\/\/kafka.apache.org"},{"key":"146_CR3","doi-asserted-by":"crossref","unstructured":"Attrapadung N, Imai H (2009) Attribute-based encryption supporting direct\/indirect revocation modes. In: Cryptography and coding \u201909 proceedings of the 12th IMA international conference on cryptography and coding, pp 278\u2013300","DOI":"10.1007\/978-3-642-10868-6_17"},{"key":"146_CR4","doi-asserted-by":"crossref","unstructured":"Attrapadung N, Imai H (2009) Conjunctive broadcast and attribute-based encryption. In: Pairing \u201909 proceedings of the 3rd international conference palo alto on pairing-based cryptography, pp 248\u2013265","DOI":"10.1007\/978-3-642-03298-1_16"},{"key":"146_CR5","doi-asserted-by":"crossref","unstructured":"Barreto P.S.L.M, Naehrig M (2005) Pairing-friendly elliptic curves of prime order. In: SAC\u201905 Proceedings of the 12th international conference on selected areas in cryptography, vol. 3897, pp 319\u2013331","DOI":"10.1007\/11693383_22"},{"key":"146_CR6","doi-asserted-by":"crossref","unstructured":"Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: 2007 IEEE symposium on security and privacy (SP \u201907), pp 321\u2013334","DOI":"10.1109\/SP.2007.11"},{"key":"146_CR7","doi-asserted-by":"crossref","unstructured":"Boneh D, Boyen X, Goh E.-J (2005) Hierarchical identity based encryption with constant size ciphertext. In: Annual international conference on the theory and applications of cryptographic techniques. Springer, pp 440\u2013456","DOI":"10.1007\/11426639_26"},{"key":"146_CR8","doi-asserted-by":"crossref","unstructured":"Boneh D, Lynn B, Shacham H (2001) Short signatures from the Weil pairing. In: International conference on the theory and application of cryptology and information security, Springer, pp 514\u2013532","DOI":"10.1007\/3-540-45682-1_30"},{"key":"146_CR9","unstructured":"CloudFlare: CFSSL (2014). https:\/\/github.com\/cloudflare\/cfssl"},{"key":"146_CR10","unstructured":"Copernica: the PHP-CPP Website. http:\/\/www.php-cpp.com\/"},{"key":"146_CR11","doi-asserted-by":"crossref","unstructured":"Cui H, Deng R.H, Li Y, Qin B (2016) Server-aided revocable attribute-based encryption. In: European symposium on research in computer security 2016, vol. 9879, pp 570\u2013587","DOI":"10.1007\/978-3-319-45741-3_29"},{"key":"146_CR12","doi-asserted-by":"crossref","unstructured":"Datta P, Dutta R, Mukhopadhyay S (2016) Adaptively secure unrestricted attribute-based encryption with subset difference revocation in bilinear groups of prime order. In: Proceedings of the 8th international conference on progress in cryptology: AFRICACRYPT 2016, Vol. 9646, pp 325\u2013345","DOI":"10.1007\/978-3-319-31517-1_17"},{"key":"146_CR13","unstructured":"DHS: Personally Identifiable Information (2021). https:\/\/www.dhs.gov\/privacy-training\/what-personally-identifiable-information"},{"key":"146_CR14","unstructured":"Ellen Sheng: Facebook, Google discuss sharing smartphone data with government to fight coronavirus, but there are risks. https:\/\/www.cnbc.com"},{"issue":"5","key":"146_CR15","doi-asserted-by":"publisher","first-page":"2907","DOI":"10.1109\/TDSC.2021.3076580","volume":"19","author":"C Ge","year":"2021","unstructured":"Ge C, Susilo W, Baek J, Liu Z, Xia J, Fang L (2021) A verifiable and fair attribute-based proxy re-encryption scheme for data sharing in clouds. IEEE Trans Dependable Secur Comput 19(5):2907\u20132919","journal-title":"IEEE Trans Dependable Secur Comput"},{"key":"146_CR16","unstructured":"Google: Google Cloud Documentation: IAM Overview. https:\/\/cloud.google.com\/iam\/docs\/overview"},{"key":"146_CR17","doi-asserted-by":"crossref","unstructured":"Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security, pp 89\u201398","DOI":"10.1145\/1180405.1180418"},{"key":"146_CR18","unstructured":"Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of abe ciphertexts. In: SEC\u201911 Proceedings of the 20th USENIX conference on security, pp 34\u201334"},{"key":"146_CR19","doi-asserted-by":"crossref","unstructured":"Krawczyk H (2010) Cryptographic extraction and key derivation: the hkdf scheme. In: CRYPTO\u201910 proceedings of the 30th annual conference on advances in cryptology, pp 631\u2013648","DOI":"10.1007\/978-3-642-14623-7_34"},{"issue":"8","key":"146_CR20","doi-asserted-by":"publisher","first-page":"1343","DOI":"10.1109\/TIFS.2013.2271848","volume":"8","author":"J Lai","year":"2013","unstructured":"Lai J, Deng RH, Guan C, Weng J (2013) Attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inf Foren Secur 8(8):1343\u20131354","journal-title":"IEEE Trans Inf Foren Secur"},{"key":"146_CR21","doi-asserted-by":"crossref","unstructured":"Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: EUROCRYPT\u201910 proceedings of the 29th annual international conference on theory and applications of cryptographic techniques, pp 62\u201391","DOI":"10.1007\/978-3-642-13190-5_4"},{"issue":"10","key":"146_CR22","doi-asserted-by":"publisher","first-page":"2119","DOI":"10.1109\/TIFS.2015.2449264","volume":"10","author":"S Lin","year":"2015","unstructured":"Lin S, Zhang R, Ma H, Wang M (2015) Revisiting attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inf Foren Secur 10(10):2119\u20132130","journal-title":"IEEE Trans Inf Foren Secur"},{"issue":"12","key":"146_CR23","doi-asserted-by":"publisher","first-page":"1748","DOI":"10.1002\/sec.1446","volume":"9","author":"S Lin","year":"2016","unstructured":"Lin S, Zhang R, Wang M (2016) Verifiable attribute-based proxy re-encryption for secure public cloud data sharing. Secur Commun Netw 9(12):1748\u20131758","journal-title":"Secur Commun Netw"},{"issue":"6","key":"146_CR24","doi-asserted-by":"publisher","first-page":"679","DOI":"10.1109\/TDSC.2015.2499755","volume":"14","author":"H Ma","year":"2015","unstructured":"Ma H, Zhang R, Wan Z, Lu Y, Lin S (2015) Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing. IEEE Trans Dependable Secur Comput 14(6):679\u2013692","journal-title":"IEEE Trans Dependable Secur Comput"},{"issue":"1","key":"146_CR25","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1109\/TSC.2019.2925028","volume":"15","author":"H Ma","year":"2019","unstructured":"Ma H, Zhang R, Sun S, Song Z, Tan G (2019) Server-aided fine-grained access control mechanism with robust revocation in cloud computing. IEEE Trans Serv Comput 15(1):164\u2013173","journal-title":"IEEE Trans Serv Comput"},{"issue":"5","key":"146_CR26","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1109\/TDSC.2015.2423669","volume":"13","author":"X Mao","year":"2015","unstructured":"Mao X, Lai J, Mei Q, Chen K, Weng J (2015) Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption. IEEE Trans Dependable Secur Comput 13(5):533\u2013546","journal-title":"IEEE Trans Dependable Secur Comput"},{"key":"146_CR27","unstructured":"Microsoft: Azure documentation: What is Azure RBAC? https:\/\/docs.microsoft.com\/en-us\/azure\/role-based-access-control\/overview"},{"key":"146_CR28","unstructured":"Mitsunari S (2019) MCL Library. https:\/\/github.com\/herumi\/mcl"},{"key":"146_CR29","doi-asserted-by":"crossref","unstructured":"Okamoto T, Takashima K (2010) Fully secure functional encryption with general relations from the decisional linear assumption. In: CRYPTO\u201910 proceedings of the 30th annual conference on advances in cryptology, pp 191\u2013208","DOI":"10.1007\/978-3-642-14623-7_11"},{"key":"146_CR30","unstructured":"Oracle: Java Native Interface Docs. https:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/jni\/"},{"key":"146_CR31","doi-asserted-by":"crossref","unstructured":"Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM conference on computer and communications security, pp 195\u2013203","DOI":"10.1145\/1315245.1315270"},{"key":"146_CR32","unstructured":"ownCloud Gmbh and Community: The ownCloud Website. https:\/\/owncloud.org\/"},{"key":"146_CR33","doi-asserted-by":"crossref","unstructured":"Pedersen T.P (1991) Non-interactive and information-theoretic secure verifiable secret sharing. In: Annual international cryptology conference, Springer, pp 129\u2013140","DOI":"10.1007\/3-540-46766-1_9"},{"key":"146_CR34","doi-asserted-by":"crossref","unstructured":"Qin B, Zhao Q, Zheng D, Cui H (2017) Server-aided revocable attribute-based encryption resilient to decryption key exposure. In: Cryptology and network security, pp 504\u2013514","DOI":"10.1007\/978-3-030-02641-7_25"},{"issue":"6","key":"146_CR35","doi-asserted-by":"publisher","first-page":"1089","DOI":"10.1145\/195613.195621","volume":"41","author":"T Rabin","year":"1994","unstructured":"Rabin T (1994) Robust sharing of secrets when the dealer is honest or cheating. J ACM 41(6):1089\u20131109","journal-title":"J ACM"},{"key":"146_CR36","doi-asserted-by":"crossref","unstructured":"Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: EUROCRYPT\u201905 proceedings of the 24th annual international conference on theory and applications of cryptographic techniques, pp 457\u2013473","DOI":"10.1007\/11426639_27"},{"issue":"3","key":"146_CR37","doi-asserted-by":"publisher","first-page":"1871","DOI":"10.1109\/TDSC.2020.3040784","volume":"19","author":"S Sun","year":"2020","unstructured":"Sun S, Ma H, Song Z, Zhang R (2020) Webcloud: web-based cloud storage for secure data sharing across platforms. IEEE Trans Dependable Secur Comput 19(3):1871\u20131884","journal-title":"IEEE Trans Dependable Secur Comput"},{"key":"146_CR38","unstructured":"The open mobile terminal platform: advanced trusted environment:OMTP TR1. http:\/\/www.omtp.org\/OMTP_Advanced_Trusted_Environment_OMTP_TR1_v1_1.pdf"},{"key":"146_CR39","unstructured":"W3C Community Group: WebAssembly (2017). http:\/\/webassembly.org\/"},{"key":"146_CR40","doi-asserted-by":"crossref","unstructured":"Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: PKC\u201911 Proceedings of the 14th international conference on practice and theory in public key cryptography conference on public key cryptography, pp 53\u201370","DOI":"10.1007\/978-3-642-19379-8_4"},{"key":"146_CR41","doi-asserted-by":"crossref","unstructured":"Yang Y, Liu J.K, Liang K, Choo K.-K.R, Zhou J (2015) Extended proxy-assisted approach: Achieving revocable fine-grained encryption of cloud data. In: European symposium on research in computer security 2015, pp 146\u2013166","DOI":"10.1007\/978-3-319-24177-7_8"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-023-00146-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-023-00146-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-023-00146-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,3]],"date-time":"2023-06-03T02:03:41Z","timestamp":1685757821000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-023-00146-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,3]]},"references-count":41,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2023,12]]}},"alternative-id":["146"],"URL":"https:\/\/doi.org\/10.1186\/s42400-023-00146-z","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,6,3]]},"assertion":[{"value":"9 November 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 February 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 June 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"19"}}