As cloud computing and Internet of Things (IoT) are becoming more and more deeply integrated, the new secure challenge for IoT data has attracted great attention. Privacy preserving keyword search, as one important secure technique, achieves search over encrypted cloud-based IoT data. Forward security and verifiability are two important security properties for privacy preserving keyword search for cloud-based IoT data. Forward security makes privacy preserving keyword search schemes for cloud-based IoT data able to resist file injection attack, which is one new attack on privacy preserving keyword search when IoT data is updated. Verifiability makes privacy preserving keyword search schemes for cloud-based IoT data able to ensure the validity of the search results returned by cloud. However, to the best of our knowledge, all of existing privacy preserving keyword search schemes at most achieve forward security and partial verifiability. In order to solve this problem, we explore how to simultaneously achieve the forward security and the full verification for intelligent encrypted data processing in cloud-based IoT and propose the first fully verifiable forward secure privacy preserving keyword search scheme for IoT outsourced data. In order to achieve forward security, we construct the secure index based on the hash chain. In each update, the IoT data owner randomly chooses a string as a new state to generate the new trapdoor. The new trapdoor cannot match previous trapdoors. In order to achieve the full verifiability while still maintaining forward security for intelligent encrypted data processing in cloud-based IoT, we design novel authentication construction called Forward Secure Accumulative Authentication Tag (FSAAT). This kind of tag has the incremental property and supports the verification on the basis of efficient data update. We prove that our scheme is secure and efficient through detailed security analysis and experiments.

随着云计算与物联网（IoT）越来越深度融合，物联网数据的新安全挑战备受关注。隐私保护关键字搜索作为一种重要的安全技术，实现了对加密的基于云的物联网数据的搜索。前向安全性和可验证性是基于云的物联网数据的隐私保护关键字搜索的两个重要安全属性。前向安全使得基于云的物联网数据的隐私关键词搜索方案能够抵抗文件注入攻击，这是物联网数据更新时隐私关键词搜索的一种新攻击。可验证性使得基于云的物联网数据的隐私保护关键字搜索方案能够确保云返回的搜索结果的有效性。然而，据我们所知，所有现有的隐私保护关键字搜索方案最多实现前向安全性和部分可验证性。为了解决这个问题，我们探索了如何在基于云的物联网中同时实现智能加密数据处理的前向安全和完全验证，并提出了第一个完全可验证的物联网外包数据前向安全隐私保护关键字搜索方案。为了实现前向安全，我们基于哈希链构造安全索引。在每次更新中，物联网数据所有者随机选择一个字符串作为新状态来生成新的陷门。新的活板门不能匹配以前的活板门。为了在基于云的物联网中实现智能加密数据处理的完全可验证性，同时仍保持前向安全性，我们设计了一种新颖的身份验证结构，称为前向安全累积身份验证标签 (FSAAT)。这种标签具有增量特性，支持在高效数据更新的基础上进行校验。我们通过详细的安全分析和实验证明我们的方案是安全有效的。