Dynamic Searchable Symmetric Encryption (original) (raw)
Supporting complex queries and access policies for multi-user encrypted databases
Proceedings of the 2013 ACM workshop on Cloud computing security workshop - CCSW '13, 2013
Cloud computing is an emerging paradigm offering companies (virtually) unlimited data storage and computation at attractive costs. It is a cost-effective model because it does not require deployment and maintenance of any dedicated IT infrastructure. Despite its benefits, it introduces new challenges for protecting the confidentiality of the data. Sensitive data like medical records, business or governmental data cannot be stored unencrypted on the cloud. Companies need new mechanisms to control access to the outsourced data and allow users to query the encrypted data without revealing sensitive information to the cloud provider. State-of-the-art schemes do not allow complex encrypted queries over encrypted data in a multi-user setting. Instead, those are limited to keyword searches or conjunctions of keywords. This paper extends work on multi-user encrypted search schemes by supporting SQL-like encrypted queries on encrypted databases. Furthermore, we introduce access control on the data stored in the cloud, where any administrative actions (such as updating access rights or adding/deleting users) do not require re-distributing keys or re-encryption of data. Finally, we implemented our scheme and presented its performance, thus showing feasibility of our approach.
A Practical Framework for Executing Complex Queries over Encrypted Multimedia Data
Lecture Notes in Computer Science, 2016
Over the last few years, data storage in cloud based services has been very popular due to easy management and monetary advantages of cloud computing. Recent developments showed that such data could be leaked due to various attacks. To address some of these attacks, encrypting sensitive data before sending to cloud emerged as an important protection mechanism. If the data is encrypted with traditional techniques, selective retrieval of encrypted data becomes challenging. To address this challenge, efficient searchable encryption schemes have been developed over the years. Almost all of the existing searchable encryption schemes are developed for keyword searches and require running some code on the cloud servers. However, many of the existing cloud storage services (e.g., Dropbox 1 , Box 2 , Google Drive 3 , etc.) only allow simple data object retrieval and do not provide computational support needed to realize most of the searchable encryption schemes. In this paper, we address the problem of efficient execution of complex search queries over wide range of encrypted data types (e.g., image files) without requiring customized computational support from the cloud servers. To this end, we provide an extensible framework for supporting complex search queries over encrypted multimedia data. Before any data is uploaded to the cloud, important features are extracted to support different query types (e.g., extracting facial features to support face recognition queries) and complex queries are converted to series of object retrieval tasks for cloud service. Our results show that this framework may support wide range of image retrieval queries on encrypted data with little overhead and without any change to underlying data storage services.
Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries
Lecture Notes in Computer Science, 2013
This work presents the design and analysis of the first searchable symmetric encryption (SSE) protocol that supports conjunctive search and general Boolean queries on outsourced symmetricallyencrypted data and that scales to very large databases and arbitrarilystructured data including free text search. To date, work in this area has focused mainly on single-keyword search. For the case of conjunctive search, prior SSE constructions required work linear in the total number of documents in the database and provided good privacy only for structured attribute-value data, rendering these solutions too slow and inflexible for large practical databases. In contrast, our solution provides a realistic and practical trade-off between performance and privacy by efficiently supporting very large databases at the cost of moderate and well-defined leakage to the outsourced server (leakage is in the form of data access patterns, never as direct exposure of plaintext data or searched values). We present a detailed formal cryptographic analysis of the privacy and security of our protocols and establish precise upper bounds on the allowed leakage. To demonstrate the real-world practicality of our approach, we provide performance results of a prototype applied to several large representative data sets, including encrypted search over the whole English Wikipedia (and beyond).
Towards Multi-user Searchable Encryption Supporting Boolean Query and Fast Decryption
Lecture Notes in Computer Science, 2017
Searchable encryption enables the data owner to outsource their data to the cloud server while retaining the search ability. Recently, some researchers proposed a variant of searchable encryption, named single-writer/multi-reader searchable encryption (SMSE), in which any authorized data user can perform a search query. That is, each document identifier is encrypted using attribute-based encryption (ABE), such that an arbitrary authorized user whose attributes match the corresponding access policy can access the document. However, the cloud server cannot determine whether the user has the ability to decrypt the matched data. Thus, it has to response all the search results to the data user, which causes a heavy communication and computation cost. To cope with this problem, we present a novel SMSE scheme based on server-side match technique, where the cloud can filter the documents that cannot be decrypted by the user and only return the matched ones. In addition, the decryption is also efficient, independent with the access policy structure. Security and efficiency evaluation show that our proposed scheme can achieve the desired security goals, while dramatically reducing the communication and computation overhead.
Pindex: Private multi-linked index for encrypted document retrieval
PLOS ONE
Cryptographic cloud storage is used to make optimal use of the cloud storage infrastructure to outsource sensitive and mission-critical data. The continuous growth of encrypted data outsourced to cloud storage requires continuous updating. Attacks like file-injection are reported to compromise confidentiality of the user as a consequence of information leakage during update. It is required that dynamic schemes provide forward privacy guarantees. Updates should not leak information to the untrusted server regarding the previously issued queries. Therefore, the challenge is to design an efficient searchable encryption scheme with dynamic updates and forward privacy guarantees. In this paper, a novel private multi-linked dynamic index for encrypted document retrieval namely Pindex is proposed. The multi-linked dynamic index is constructed using probabilistic homomorphic encryption mechanism and secret orthogonal vectors. Full security proofs for correctness and forward privacy in the r...
2019
Secure cloud storage is considered as one of the most important issues that both businesses and end-users take into account before moving their private data to the cloud. Lately, we have seen some interesting approaches that are based either on the promising concept of Symmetric Searchable Encryption (SSE) or on the well-studied field of Attribute-Based Encryption (ABE). In this paper, we propose a hybrid encryption scheme that combines both SSE and ABE by utilizing the advantages of both these techniques. In contrast to many approaches, we design a revocation mechanism that is completely separated from the ABE scheme and solely based on the functionality offered by SGX.
Leakage-Abuse Attacks Against Searchable Encryption
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015
Schemes for secure outsourcing of client data with search capability are being increasingly marketed and deployed. In the literature, schemes for accomplishing this efficiently are called Searchable Encryption (SE). They achieve high efficiency with provable security by means of a quantifiable leakage profile. However, the degree to which SE leakage can be exploited by an adversary is not well understood. To address this, we present a characterization of the leakage profiles of in-the-wild searchable encryption products and SE schemes in the literature, and present attack models based on an adversarial server's prior knowledge. Then we empirically investigate the security of searchable encryption by providing query recovery and plaintext recovery attacks that exploit these leakage profiles. We term these leakage-abuse attacks and demonstrate their effectiveness for varying leakage profiles and levels of server knowledge, for realistic scenarios. Amongst our contributions are realistic active attacks which have not been previously explored.
Breaking Web Applications Built On Top of Encrypted Data
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
We develop a systematic approach for analyzing client-server applications that aim to hide sensitive user data from untrusted servers. We then apply it to Mylar, a framework that uses multi-key searchable encryption (MKSE) to build Web applications on top of encrypted data. We demonstrate that (1) the Popa-Zeldovich model for MKSE does not imply security against either passive or active attacks; (2) Mylar-based Web applications reveal users' data and queries to passive and active adversarial servers; and (3) Mylar is generically insecure against active attacks due to system design flaws. Our results show that the problem of securing client-server applications against actively malicious servers is challenging and still unsolved. We conclude with general lessons for the designers of systems that rely on property-preserving or searchable encryption to protect data from untrusted servers.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015
We propose graph encryption schemes that efficiently support approximate shortest distance queries on large-scale encrypted graphs. Shortest distance queries are one of the most fundamental graph operations and have a wide range of applications. Using such graph encryption schemes, a client can outsource large-scale privacy-sensitive graphs to an untrusted server without losing the ability to query it. Other applications include encrypted graph databases and controlled disclosure systems. We propose GRECS (stands for GRaph EnCryption for approximate Shortest distance queries) which includes three schemes that are provably secure against any semi-honest server. Our first construction makes use of only symmetric-key operations, resulting in a computationally-efficient construction. Our second scheme, makes use of somewhat-homomorphic encryption and is less computationally-efficient but achieves optimal communication complexity (i.e., uses a minimal amount of bandwidth). Finally, our third scheme is both computationally-efficient and achieves optimal communication complexity at the cost of a small amount of additional leakage. We implemented and evaluated the efficiency of our constructions experimentally. The experiments demonstrate that our schemes are efficient and can be applied to graphs that scale up to 1.6 million nodes and 11 million edges.
Encapsulated Search Index: Public-Key, Sub-linear, Distributed, and Delegatable
Public-Key Cryptography – PKC 2022, 2022
We build the first sub-linear (in fact, potentially constant-time) public-key searchable encryption system: − server can publish a public key P K. − anybody can build an encrypted index for document D under P K. − client holding the index can obtain a token z w from the server to check if a keyword w belongs to D. − search using z w is almost as fast (e.g., sub-linear) as the non-private search. − server granting the token does not learn anything about the document D, beyond the keyword w. − yet, the token z w is specific to the pair (D, w): the client does not learn if other keywords w = w belong to D, or if w belongs to other, freshly indexed documents D. − server cannot fool the client by giving a wrong token z w. We call such a primitive Encapsulated Search Index (ESI). Our ESI scheme can be made (t, n)distributed among n servers in the best possible way: non-interactive, verifiable, and resilient to any coalition of up to (t − 1) malicious servers. We also introduce the notion of delegatable ESI and show how to extend our construction to this setting. Our solution-including public indexing, sub-linear search, delegation, and distributed token generation-is deployed as a commercial application by Atakama.
A Novel Homomorphic Approach for Preserving Privacy of Patient Data in Telemedicine
Sensors
Globally, the surge in disease and urgency in maintaining social distancing has reawakened the use of telemedicine/telehealth. Amid the global health crisis, the world adopted the culture of online consultancy. Thus, there is a need to revamp the conventional model of the telemedicine system as per the current challenges and requirements. Security and privacy of data are main aspects to be considered in this era. Data-driven organizations also require compliance with regulatory bodies, such as HIPAA, PHI, and GDPR. These regulatory compliance bodies must ensure user data privacy by implementing necessary security measures. Patients and doctors are now connected to the cloud to access medical records, e.g., voice recordings of clinical sessions. Voice data reside in the cloud and can be compromised. While searching voice data, a patient’s critical data can be leaked, exposed to cloud service providers, and spoofed by hackers. Secure, searchable encryption is a requirement for telemed...
Secrecy and performance models for query processing on outsourced graph data
Distributed and Parallel Databases, 2020
Database outsourcing is a challenge concerning data secrecy. Even if an adversary, including the service provider, accesses the data, she should not be able to learn any information from the accessed data. In this paper, we address this problem for graph-structured data. First, we define a secrecy notion for graph-structured data based on the concepts of indistinguishability and searchable encryption. To address this problem, we propose an approach based on bucketization. Next to bucketization, it makes use of obfuscated indexes and encryption. We show that finding an optimal bucketization tailored to graph-structured data is NP-hard; therefore, we come up with a heuristic. We prove that the proposed bucketization approach fulfills our secrecy notion. In addition, we present a performance model for scale-free networks which consists of (1) a number-of-buckets model that estimates the number of buckets obtained after applying our bucketization approach and (2) a query-cost model. Fin...
Multi-keyword ranked searchable encryption scheme with access control for cloud storage
Peer-to-Peer Networking and Applications, 2019
With the advent of cloud computing, data owners are motivated to outsource their data to public clouds for decreasing the cost of management systems. For protecting data privacy, sensitive data must be encrypted before outsourcing. So, equipping cloud server with search service over encrypted data is an important issue. Considering the large number of data users and documents in the cloud, users may be interested to perform multi-keyword search and receive the most related data. In this paper, we investigate the Pasupuleti et al.'s scheme which is a multi-keyword ranked search over encrypted cloud data. Their scheme has problems in index construction, trapdoor generation and search procedures. We address these problems and suggest a multi-keyword ranked search over encrypted data on cloud storage. The proposed ranked searchable encryption scheme enhances system usability by ranking results instead of just sending undifferentiated results and ensures file retrieval accuracy. We also use the relevance score from information retrieval to build a secure searchable index, and apply an additive order-preserving encryption to protect the sensitive scores of files. Our scheme also guarantees access control of users during the data retrieval by attribute-based encryption. Analysis shows that our scheme is secure and efficient for cloud storage.
A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
Journal of Ambient Intelligence and Humanized Computing, 2016
The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are cloud security, privacy and reliability. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings new security and privacy concerns. This work focuses on the security and privacy of various cloud service and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study who needs to implement strong security and privacy mechanisms in today's real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical as
Practical Private Range Search Revisited
Proceedings of the 2016 International Conference on Management of Data, 2016
We consider a data owner that outsources its dataset to an untrusted server. The owner wishes to enable the server to answer range queries on a single attribute, without compromising the privacy of the data and the queries. There are several schemes on "practical" private range search (mainly in Databases venues) that attempt to strike a trade-off between efficiency and security. Nevertheless, these methods either lack provable security guarantees, or permit unacceptable privacy leakages. In this paper, we take an interdisciplinary approach, which combines the rigor of Security formulations and proofs with efficient Data Management techniques. We construct a wide set of novel schemes with realistic security/performance trade-offs, adopting the notion of Searchable Symmetric Encryption (SSE) primarily proposed for keyword search. We reduce range search to multikeyword search using range covering techniques with treelike indexes. We demonstrate that, given any secure SSE scheme, the challenge boils down to (i) formulating leakages that arise from the index structure, and (ii) minimizing false positives incurred by some schemes under heavy data skew. We analytically detail the superiority of our proposals over prior work and experimentally confirm their practicality.
Accelerating Forward and Backward Private Searchable Encryption Using Trusted Execution
Applied Cryptography and Network Security, 2020
Searchable encryption (SE) is one of the key enablers for building encrypted databases. It allows a cloud server to search over encrypted data without decryption. Dynamic SE additionally includes data addition and deletion operations to enrich the functions of encrypted databases. Recent attacks exploiting the leakage in dynamic operations drive the rapid development of SE schemes revealing less information while performing updates; they are also known as forward and backward private SE. Newly added data is no longer linkable to queries issued before, and deleted data is no longer searchable in queries issued later. However, those advanced SE schemes reduce the efficiency of SE, especially in the communication cost between the client and server. In this paper, we resort to the hardwareassisted solution, aka Intel SGX, to ease the above bottleneck. Our key idea is to leverage SGX to take over most tasks of the client, i.e., tracking keyword states along with data addition and caching deleted data. However, handling large datasets is nontrivial due to the I/O and memory constraints of SGX. We further develop batch data processing and state compression techniques to reduce the communication overhead between the SGX and untrusted server and minimise the memory footprint within the enclave. We conduct a comprehensive set of evaluations on both synthetic and real-world datasets, which confirm that our designs outperform the prior art.
Practical Private Range Search in Depth
ACM Transactions on Database Systems, 2018
We consider a data owner that outsources its dataset to an untrusted server . The owner wishes to enable the server to answer range queries on a single attribute, without compromising the privacy of the data and the queries. There are several schemes on “practical” private range search (mainly in database venues) that attempt to strike a trade-off between efficiency and security. Nevertheless, these methods either lack provable security guarantees or permit unacceptable privacy leakages. In this article, we take an interdisciplinary approach, which combines the rigor of security formulations and proofs with efficient data management techniques. We construct a wide set of novel schemes with realistic security/performance trade-offs, adopting the notion of Searchable Symmetric Encryption (SSE), primarily proposed for keyword search. We reduce range search to multi-keyword search using range-covering techniques with tree-like indexes, and formalize the problem as Range Searchable Symme...
Boolean Searchable Symmetric Encryption with Worst-Case Sub-linear Complexity
Lecture Notes in Computer Science, 2017
Recent work on searchable symmetric encryption (SSE) has focused on increasing its expressiveness. A notable example is the OXT construction (Cash et al., CRYPTO '13) which is the first SSE scheme to support conjunctive keyword queries with sub-linear search complexity. While OXT efficiently supports disjunctive and boolean queries that can be expressed in searchable normal form, it can only handle arbitrary disjunctive and boolean queries in linear time. This motivates the problem of designing expressive SSE schemes with worst-case sub-linear search; that is, schemes that remain highly efficient for any keyword query. In this work, we address this problem and propose non-interactive highly efficient SSE schemes that handle arbitrary disjunctive and boolean queries with worst-case sub-linear search and optimal communication complexity. Our main construction, called IEX, makes black-box use of an underlying single keyword SSE scheme which we can instantiate in various ways. Our first instantiation, IEX-2Lev, makes use of the recent 2Lev construction (Cash et al., NDSS '14) and is optimized for search at the expense of storage overhead. Our second instantiation, IEX-ZMF, relies on a new single keyword SSE scheme we introduce called ZMF and is optimized for storage overhead at the expense of efficiency (while still achieving asymptotically sub-linear search). Our ZMF construction is the first adaptively-secure highly compact SSE scheme and may be of independent interest. At a very high level, it can be viewed as an encrypted version of a new Bloom filter variant we refer to as a Matryoshka filter. In addition, we show how to extend IEX to be dynamic and forward-secure. To evaluate the practicality of our schemes, we designed and implemented a new encrypted search framework called Clusion. Our experimental results demonstrate the practicality of IEX and of its instantiations with respect to either search (for IEX-2Lev) and storage overhead (for IEX-ZMF).