OSM-DSSE: A Searchable Encryption Scheme with Hidden Search Patterns and Access Patterns

Abstract Dynamic searchable encryption methods allow a client to perform searches and updates over encrypted data stored in the cloud. However, existing researches show that the general dynamic searchable symmetric encryption (DSSE) scheme is vulnerable to statistical attacks due to the leakage of search patterns and access patterns, which is detrimental to protecting the users’ privacy. Although the traditional Oblivious Random Access Machine (ORAM) can hide the access pattern, it also incurs significant communication overhead and cannot hide the search pattern. These limitations make it difficult to deploy the ORAM method in real cloud environments. To overcome this limitation, a DSSE scheme called obliviously shuffled incidence matrix DSSE (OSM-DSSE) is proposed in this paper to access the encrypted data obliviously. The OSM-DSSE scheme realizes efficient search and update operations based on an incidence matrix. In particular, a shuffling algorithm using Paillier encryption is combined with 1-out-of-n obliviously transfer (OT) protocol and local differential privacy to obfuscate the search targets. Besides, a formalized security analysis and performance analysis on the proposed scheme is provided, which indicates that the OSM-DSSE scheme achieves high security, efficient searches, and low storage overhead. Also, this scheme not only completely hides the search and access patterns but also provides adaptive security against malicious attacks by adversaries. Furthermore, experimental results show that the OSM-DSSE scheme obtains 3-4x better execution efficiency than the state-of-art solutions.

Download Full-text

SAP-SSE: Protecting Search Patterns and Access Patterns in Searchable Symmetric Encryption

IEEE Transactions on Information Forensics and Security ◽

10.1109/tifs.2020.3042058 ◽

2021 ◽

Vol 16 ◽

pp. 1795-1809

Author(s):

Qiyang Song ◽

Zhuotao Liu ◽

Jiahao Cao ◽

Kun Sun ◽

Qi Li ◽

...

Keyword(s):

Symmetric Encryption ◽

Searchable Symmetric Encryption ◽

Search Patterns ◽

Access Patterns

Download Full-text

Multiuser Searchable Encryption with Token Freshness Verification

Security and Communication Networks ◽

10.1155/2017/6435138 ◽

2017 ◽

Vol 2017 ◽

pp. 1-16 ◽

Cited By ~ 3

Author(s):

Dhruti Sharma ◽

Devesh C. Jinwala

Keyword(s):

Empirical Analysis ◽

Security Analysis ◽

Searchable Encryption ◽

Functional Encryption ◽

Search Query ◽

Search Activity ◽

Replay Attack ◽

Encrypted Data ◽

Practical Applications

A Multiuser Searchable Encryption (MUSE) can be defined with the notion of Functional Encryption (FE) where a user constructs a search token from a search key issued by an Enterprise Trusted Authority (ETA). In such scheme, a user possessing search key constructs search token at any time and consequently requests the server to search over encrypted data. Thus, an FE based MUSE scheme is not suitable for the applications where a log of search activities is maintained at the enterprise site to identify dishonest search query from any user. In addition, none of the existing searchable schemes provides security against token replay attack to avoid reuse of the same token. In this paper, therefore we propose an FE based scheme, Multiuser Searchable Encryption with Token Freshness Verification (MUSE-TFV). In MUSE-TFV, a user prepares one-time usable search token in cooperation with ETA and thus every search activity is logged at the enterprise site. Additionally, by verifying the freshness of a token, the server prevents reuse of the token. With formal security analysis, we prove the security of MUSE-TFV against chosen keyword attack and token replay attack. With theoretical and empirical analysis, we justify the effectiveness of MUSE-TFV in practical applications.

Download Full-text

Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2019-0010 ◽

2019 ◽

Vol 2019 (1) ◽

pp. 172-191 ◽

Cited By ~ 4

Author(s):

Thang Hoang ◽

Muslum Ozgur Ozmen ◽

Yeongjin Jang ◽

Attila A. Yavuz

Keyword(s):

High Efficiency ◽

Keyword Search ◽

Essential Feature ◽

Random Access ◽

Communication Overhead ◽

Large Dataset ◽

Encrypted Data ◽

Network Bandwidth ◽

Secure Hardware ◽

Access Patterns

Abstract The ability to query and update over encrypted data is an essential feature to enable breach-resilient cyber-infrastructures. Statistical attacks on searchable encryption (SE) have demonstrated the importance of sealing information leaks in access patterns. In response to such attacks, the community has proposed the Oblivious Random Access Machine (ORAM). However, due to the logarithmic communication overhead of ORAM, the composition of ORAM and SE is known to be costly in the conventional client-server model, which poses a critical barrier toward its practical adaptations. In this paper, we propose a novel hardware-supported privacy-enhancing platform called Practical Oblivious Search and Update Platform (POSUP), which enables oblivious keyword search and update operations on large datasets with high efficiency. We harness Intel SGX to realize efficient oblivious data structures for oblivious search/update purposes. We implemented POSUP and evaluated its performance on a Wikipedia dataset containing ≥229 keyword-file pairs. Our implementation is highly efficient, taking only 1 ms to access a 3 KB block with Circuit-ORAM. Our experiments have shown that POSUP offers up to 70× less end-to-end delay with 100× reduced network bandwidth consumption compared with the traditional ORAM-SE composition without secure hardware. POSUP is also at least 4.5× faster for up to 99.5% of keywords that can be searched compared with state-of-the-art Intel SGX-assisted search platforms.

Download Full-text

Improved File-injection Attacks on Searchable Encryption Using Finite Set Theory

The Computer Journal ◽

10.1093/comjnl/bxaa161 ◽

2020 ◽

Author(s):

Gaoli Wang ◽

Zhenfu Cao ◽

Xiaolei Dong

Keyword(s):

Searchable Encryption ◽

Search Pattern ◽

Access Pattern ◽

Encrypted Data ◽

Injection Attacks ◽

Cloud Server ◽

Finite Set ◽

To Come ◽

Real Scenario ◽

Finite Set Theory

Abstract Searchable encryption (SE) allows the cloud server to search over the encrypted data and leak information as little as possible. Most existing efficient SE schemes assume that the leakage of search pattern and access pattern is acceptable. A series of work was proposed, instructing malicious users to use this leakage to come up with attacks. Especially, with a devastating attack proposed by Zhang et al., the cloud server can reveal the keywords queried by normal users by using some injected files. From the method of constructing uniform $(k,n)$-set of a finite set $A$ proposed by Cao, we put forward a new file-injection attack. In our attack, the server needs fewer injected files than the previous attack when the size of $T$ is larger than 9 and the size of keyword set is larger than $2T$, where $T$ is the threshold of the number of keywords in each injected file. Our attack is more practical and easier to implement in the real scenario.

Download Full-text

A secure index resisting keyword privacy leakage from access and search patterns in searchable encryption

Journal of Systems Architecture ◽

10.1016/j.sysarc.2021.102006 ◽

2021 ◽

Vol 115 ◽

pp. 102006

Author(s):

Yanping Li ◽

Qiang Cao ◽

Kai Zhang ◽

Fang Ren

Keyword(s):

Searchable Encryption ◽

Privacy Leakage ◽

Search Patterns

Download Full-text

What If Keys Are Leaked? towards Practical and Secure Re-Encryption in Deduplication-Based Cloud Storage

Information ◽

10.3390/info12040142 ◽

2021 ◽

Vol 12 (4) ◽

pp. 142

Author(s):

Weijing You ◽

Lei Lei ◽

Bo Chen ◽

Limin Liu

Keyword(s):

Experimental Evaluation ◽

Cloud Storage ◽

Security Analysis ◽

Encrypted Data ◽

Cloud Data ◽

Storage Cost ◽

Outsourced Data ◽

Proof Of Ownership ◽

Client Side ◽

Over Time

By only storing a unique copy of duplicate data possessed by different data owners, deduplication can significantly reduce storage cost, and hence is used broadly in public clouds. When combining with confidentiality, deduplication will become problematic as encryption performed by different data owners may differentiate identical data which may then become not deduplicable. The Message-Locked Encryption (MLE) is thus utilized to derive the same encryption key for the identical data, by which the encrypted data are still deduplicable after being encrypted by different data owners. As keys may be leaked over time, re-encrypting outsourced data is of paramount importance to ensure continuous confidentiality, which, however, has not been well addressed in the literature. In this paper, we design SEDER, a SEcure client-side Deduplication system enabling Efficient Re-encryption for cloud storage by (1) leveraging all-or-nothing transform (AONT), (2) designing a new delegated re-encryption (DRE), and (3) proposing a new proof of ownership scheme for encrypted cloud data (PoWC). Security analysis and experimental evaluation validate security and efficiency of SEDER, respectively.

Download Full-text

Privacy-Preserving Sorting Algorithms Based on Logistic Map for Clouds

Security and Communication Networks ◽

10.1155/2018/2373545 ◽

2018 ◽

Vol 2018 ◽

pp. 1-10

Author(s):

Hua Dai ◽

Hui Ren ◽

Zhiye Chen ◽

Geng Yang ◽

Xun Yi

Keyword(s):

Data Privacy ◽

Logistic Map ◽

Security Analysis ◽

Privacy Preserving ◽

Service Recommendation ◽

Sensitive Data ◽

Encrypted Data ◽

Sorting Algorithms ◽

Common Operation ◽

Cloud Servers

Outsourcing data in clouds is adopted by more and more companies and individuals due to the profits from data sharing and parallel, elastic, and on-demand computing. However, it forces data owners to lose control of their own data, which causes privacy-preserving problems on sensitive data. Sorting is a common operation in many areas, such as machine learning, service recommendation, and data query. It is a challenge to implement privacy-preserving sorting over encrypted data without leaking privacy of sensitive data. In this paper, we propose privacy-preserving sorting algorithms which are on the basis of the logistic map. Secure comparable codes are constructed by logistic map functions, which can be utilized to compare the corresponding encrypted data items even without knowing their plaintext values. Data owners firstly encrypt their data and generate the corresponding comparable codes and then outsource them to clouds. Cloud servers are capable of sorting the outsourced encrypted data in accordance with their corresponding comparable codes by the proposed privacy-preserving sorting algorithms. Security analysis and experimental results show that the proposed algorithms can protect data privacy, while providing efficient sorting on encrypted data.

Download Full-text

A Secure Ciphertext Retrieval Scheme against Insider KGAs for Mobile Devices in Cloud Storage

Security and Communication Networks ◽

10.1155/2018/7254305 ◽

2018 ◽

Vol 2018 ◽

pp. 1-7 ◽

Cited By ~ 11

Author(s):

Run Xie ◽

Chanlian He ◽

Dongqing Xie ◽

Chongzhi Gao ◽

Xiaojun Zhang

Keyword(s):

Cloud Computing ◽

Mobile Devices ◽

Data Privacy ◽

Security Analysis ◽

Data Retrieval ◽

Sensitive Data ◽

Encrypted Data ◽

Security Issues ◽

Efficiency Comparison ◽

Cloud Servers

With the advent of cloud computing, data privacy has become one of critical security issues and attracted much attention as more and more mobile devices are relying on the services in cloud. To protect data privacy, users usually encrypt their sensitive data before uploading to cloud servers, which renders the data utilization to be difficult. The ciphertext retrieval is able to realize utilization over encrypted data and searchable public key encryption is an effective way in the construction of encrypted data retrieval. However, the previous related works have not paid much attention to the design of ciphertext retrieval schemes that are secure against inside keyword-guessing attacks (KGAs). In this paper, we first construct a new architecture to resist inside KGAs. Moreover we present an efficient ciphertext retrieval instance with a designated tester (dCRKS) based on the architecture. This instance is secure under the inside KGAs. Finally, security analysis and efficiency comparison show that the proposal is effective for the retrieval of encrypted data in cloud computing.

Download Full-text

R-OO-KASE: Revocable Online/Offline Key Aggregate Searchable Encryption

Data Science and Engineering ◽

10.1007/s41019-020-00136-y ◽

2020 ◽

Vol 5 (4) ◽

pp. 391-418

Author(s):

Mukti Padhya ◽

Devesh C. Jinwala

Keyword(s):

Radio Frequency Identification ◽

Keyword Search ◽

Electrical Power ◽

Computational Cost ◽

Security Analysis ◽

Searchable Encryption ◽

Resource Constrained ◽

Encryption Decryption ◽

Resource Constrained Devices ◽

Constrained Devices

Abstract The existing Key Aggregate Searchable Encryption (KASE) schemes allow searches on the encrypted dataset using a single query trapdoor, with a feature to delegate the search rights of multiple files using a constant size key. However, the operations required to generate the ciphertext and decrypt it in these schemes incur higher computational costs, due to the computationally expensive pairing operations in encryption/decryption. This makes the use of such schemes in resource-constrained devices, such as Radio Frequency Identification Devices, Wireless Sensor Network nodes, Internet of Things nodes, infeasible. Motivated with the goal to reduce the computational cost, in this paper, we propose a Revocable Online/Offline KASE (R-OO-KASE) scheme, based on the idea of splitting the encryption/decryption operations into two distinct phases: online and offline. The offline phase computes the majority of costly operations when the device is on an electrical power source. The online phase generates final output with the minimal computational cost when the message (or ciphertext) and keywords become known. In addition, the proposed scheme R-OO-KASE also offers multi-keyword search capability and allows the data owners to revoke the delegated rights at any point in time, the two features are not supported in the existing schemes. The security analysis and empirical evaluations show that the proposed scheme is efficient to use in resource-constrained devices and provably secure as compared to the existing KASE schemes.

Download Full-text

Blockchain as a CA: A Provably Secure Signcryption Scheme Leveraging Blockchains

Security and Communication Networks ◽

10.1155/2021/6637402 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Tzung-Her Chen ◽

Ting-Le Zhu ◽

Fuh-Gwo Jeng ◽

Chien-Lung Wang

Keyword(s):

Security Analysis ◽

Third Party ◽

Maintenance Cost ◽

Communication Overhead ◽

Operational Cost ◽

Computational Costs ◽

The Past ◽

Certificate Chain ◽

Signcryption Scheme ◽

Provably Secure

Although encryption and signatures have been two fundamental technologies for cryptosystems, they still receive considerable attention in academia due to the focus on reducing computational costs and communication overhead. In the past decade, applying certificateless signcryption schemes to solve the higher cost of maintaining the certificate chain issued by a certificate authority (CA) has been studied. With the recent increase in the interest in blockchains, signcryption is being revisited as a new possibility. The concepts of a blockchain as a CA and a transaction as a certificate proposed in this paper aim to use a blockchain without CAs or a trusted third party (TTP). The proposed provably secure signcryption scheme implements a designated recipient beforehand such that a sender can cryptographically facilitate the interoperation on the blockchain information with the designated recipient. Thus, the proposed scheme benefits from the following advantages: (1) it removes the high maintenance cost from involving CAs or a TTP, (2) it seamlessly integrates with blockchains, and (3) it provides confidential transactions. This paper also presents the theoretical security analysis and assesses the performance via the simulation results. Upon evaluating the operational cost in real currency based on Ethereum, the experimental results demonstrate that the proposed scheme only requires a small cost as a fee.

Download Full-text