摘要 :
Searchable symmetric encryption (SSE) has recently been under the spotlight in a cloud data storage system due to its high efficiency. SSE allows a client to outsource his private data while maintaining data searchability. To ensu...
展开
Searchable symmetric encryption (SSE) has recently been under the spotlight in a cloud data storage system due to its high efficiency. SSE allows a client to outsource his private data while maintaining data searchability. To ensure the correctness of query results, verifiable SSE has attracted a lot of attention from both academia and industry to enable reliable encrypted search over the untrusted cloud server. However, most traditional verifiable SSE schemes focus on point queries instead of range queries. Moreover, no effective countermeasures are available to prevent clients from maliciously rejecting the correct result for denying the payment. In this paper, we take the first step to study verifiable range queries with fairness and forward security. First, to support efficient range query over numerical values, we propose Prefix Tree-like Keyword Set (PTKS), a novel data structure to largely reduce the number of search tokens. Specifically, the number of search tokens is up to a logarithmic value (e.g., 7) of the query range width (e.g., [0, 1000]) with PTKS. Then, we propose a double-layer verification mechanism including client-side verification and on-chain verification via the smart contract on the blockchain to achieve cost-effective fair verification. In addition, our range query scheme supports forward-secure update operations. Based on these, we propose a blockchain-based verifiable, fair and forward-secure range query scheme. Finally, extensive experiments demonstrate the efficiency of our scheme.
收起
摘要 :
This paper introduces a multi-server searchable symmetric encryption (SSE) scheme called the Multi-Server Searchable Data Crypt "MS-SDC" that works on achieving a trade-off between efficiency/functionality and security. The propos...
展开
This paper introduces a multi-server searchable symmetric encryption (SSE) scheme called the Multi-Server Searchable Data Crypt "MS-SDC" that works on achieving a trade-off between efficiency/functionality and security. The proposed scheme has the merits of dividing the uploaded file in an encrypted form into blocks and distributing them across several storage providers, which is more acceptable than uploading the whole file directly to a single server where each server only holds a subset of file/block, to ensure more security for the file. Besides that, it extracts keywords for each uploaded file to be used later by the search engine giving the user the ability to browse across his own files. This means that the user has the ability to query/search for his encrypted files on the server-side without decrypting them. Furthermore, there are various features proposed different from those presented by previous works as the scheme is developed as a multithreaded-application to speed up the uploading time, and a unique master key is generated randomly for each uploaded file unlike the previous techniques where a single master key is created randomly for all the uploaded documents leading to easily hacking the system with master key leakage. Finally, the MS-SDC system is distinctive in its smooth usage and its robustness where it can run on any browser and can be applied to any file type. The experimental results demonstrate the effectiveness of our proposed system in comparison to previous works in terms of uploading and searching time, in addition to providing many new features, applying many layers of security, and keeping high-speed performance in an efficient manner. The proposed system has reduced the file upload time up to 64% of the current research upload time via multithreading implementation of the block distribution function.
收起
摘要 :
There is an increasing trend for data owners to outsource their data to an untrusted cloud provider. Besides providing the storage for the data, the service provider could allow the data owner or authorized clients to search over ...
展开
There is an increasing trend for data owners to outsource their data to an untrusted cloud provider. Besides providing the storage for the data, the service provider could allow the data owner or authorized clients to search over the data. To guarantee the data secure, the owner must encrypt his or her data before sending to the cloud. However, traditional encryption does not allow searching without decrypting the data. Searchable symmetric encryption is one approach that allows users to search over the encrypted data. For data applications, various different functional search have been proposed, such as wildcard search, similarity keyword search and fuzzy keyword search. Moreover, dynamic addition and removal of files should be supported in practice. However, to our knowledge, there does not exist a searchable symmetric encryption scheme that can support many properties such as more than three functions in all the aforementioned operations. In this paper, we propose an efficient multi-functional searchable symmetric encryption scheme that can support wildcard search, similarity search (including hamming distance and edit distance), fuzzy keyword search and disjunctive keyword search simultaneously. In the new scheme, the trapdoor changes with various search requests and it enumerates all possibilities of the keyword of the trapdoor. Moreover, we use an array instead of a matrix to reduce the storage, and the scheme can be constructed efficiently in terms of both computational and space complexity. Our scheme is based on the Bloom filter, and it is secure against non-adaptive chosen keyword attack. With the dynamic technique for the inverted index, our scheme can support dynamic operation such as addition and removal of data files, which can also be secure against adaptive chosen keyword attack. Copyright (C) 2015 John Wiley & Sons, Ltd.
收起
Searchable encryption enables the data owner to store their own data after encrypting them in the cloud. Searchable encryption also allows the client to search over the data without leaking any information about it. In this paper,
Searchable encryption enables the data owner to store their own data after encrypting them in the cloud. Searchable encryption also allows the client to search over the data without leaking any information about it. In this paper, we first introduce a searchable symmetric encryption scheme based on the inner product: it is more efficient to compute the inner product of two vectors. In our construction, the parties can be data owners, clients or the cloud server. Three parties communicate with each other through the inner product to achieve the goal that client can search the data in cloud without leaking any information on the data the owner stored in the cloud. We then perform a security analysis and performance evaluation, which show that our algorithm and construction are secure and efficient.
摘要 :
Searchable symmetric encryption (SSE) enables clients to
search encrypted data. Curtmola et al. (ACMCCS2006) formalized a model
and security notions of SSE and proposed two concrete constructions called
SSE-1 and SSE-2. After t...
展开
Searchable symmetric encryption (SSE) enables clients to
search encrypted data. Curtmola et al. (ACMCCS2006) formalized a model
and security notions of SSE and proposed two concrete constructions called
SSE-1 and SSE-2. After the seminal work by Curtmola et al., SSE becomes
an active area of encrypted search.
In this paper, we focus on two unnoticed problems in the seminal
paper by Curtmola et al. First, we show that SSE-2 does not appropriately
implement Curtmola et al.’s construction idea for dummy addition. We
refine SSE-2’s (and its variants’) dummy-adding procedure to keep the
number of dummies sufficiently many but as small as possible. We then
show how to extend it to the dynamic setting while keeping the dummyadding
procedure work well and implement our scheme to show its practical
efficiency. Second, we point out that the SSE-1 can cause a search error
when a searched keyword is not contained in any document file stored at a
server and show how to fix it.
收起
摘要 :
Searchable symmetric encryption (SSE) enables clients to
search encrypted data. Curtmola et al. (ACMCCS2006) formalized a model
and security notions of SSE and proposed two concrete constructions called
SSE-1 and SSE-2. After t...
展开
Searchable symmetric encryption (SSE) enables clients to
search encrypted data. Curtmola et al. (ACMCCS2006) formalized a model
and security notions of SSE and proposed two concrete constructions called
SSE-1 and SSE-2. After the seminal work by Curtmola et al., SSE becomes
an active area of encrypted search.
In this paper, we focus on two unnoticed problems in the seminal
paper by Curtmola et al. First, we show that SSE-2 does not appropriately
implement Curtmola et al.’s construction idea for dummy addition. We
refine SSE-2’s (and its variants’) dummy-adding procedure to keep the
number of dummies sufficiently many but as small as possible. We then
show how to extend it to the dynamic setting while keeping the dummyadding
procedure work well and implement our scheme to show its practical
efficiency. Second, we point out that the SSE-1 can cause a search error
when a searched keyword is not contained in any document file stored at a
server and show how to fix it.
收起
摘要 :
Searchable symmetric encryption (SSE) enables clients
to search encrypted data. Curtmola et al. (ACM CCS 2006) formalized a
model and security notions of SSE and proposed two concrete constructions
called SSE-1 and SSE-2. After...
展开
Searchable symmetric encryption (SSE) enables clients
to search encrypted data. Curtmola et al. (ACM CCS 2006) formalized a
model and security notions of SSE and proposed two concrete constructions
called SSE-1 and SSE-2. After the seminal work by Curtmola et al., SSE
becomes an active area of encrypted search. In this paper, we focus on two
unnoticed problems in the seminal paper by Curtmola et al. First, we show
that SSE-2 does not appropriately implement Curtmola et al.’s construction
idea for dummy addition. We refine SSE-2’s (and its variants’) dummyadding
procedure to keep the number of dummies sufficiently many but as
small as possible. We then show how to extend it to the dynamic setting
while keeping the dummy-adding procedure work well and implement our
scheme to show its practical efficiency. Second, we point out that the SSE-1
can cause a search error when a searched keyword is not contained in any
document file stored at a server and show how to fix it.
收起
摘要 :
This study examines the ordered bucketization (OB) as a cryptographic object. In OB, plaintextspace is divided into $p$ disjoint buckets, numbered from $1$ to $p$, based on the order of the ranges that they cover. OB is quite usef...
展开
This study examines the ordered bucketization (OB) as a cryptographic object. In OB, plaintextspace is divided into $p$ disjoint buckets, numbered from $1$ to $p$, based on the order of the ranges that they cover. OB is quite useful in that a range query can be performed over encrypted data without the need to decrypt by attaching a bucket number to each ciphertext. Unfortunately, no research has been carried out on the security of OB in a cryptographic sense. This paper defines an encryption scheme with OB (EOB) and suggests a new security model for EOB, IND-OCPA-P, which assumes an adversary has reasonable power. Previous constructions proposed for efficient range queries were not secure in this model. Finally, an OB construction, in which the EOB implementation is secure on the IND-OCPA-P model, is proposed. In the proposed OB, $p$-$1$ points are selected on the uniform distribution in the plaintext-space and the plaintext-space is divided based on the selected points. A bucket number is assigned to each divided range in ascending range order. With regard to the efficiency of a range query, the proposed OB guarantees reasonably good efficiency on range queries by showing that the distribution of a bucket size is not skewed.
收起
摘要 :
Searchable symmetric encryption (SSE) allows the data owner to outsource an encrypted database to a remote server in a private manner while maintaining the ability for selectively search. So far, most existing solutions focus on a...
展开
Searchable symmetric encryption (SSE) allows the data owner to outsource an encrypted database to a remote server in a private manner while maintaining the ability for selectively search. So far, most existing solutions focus on an honest-but-curious server, while security designs against a malicious server have not drawn enough attention. A few recent works have attempted to construct verifiable SSE that enables the data owner to verify the integrity of search results. Nevertheless, these verification mechanisms are highly dependent on specific SSE schemes, and fail to support complex queries. A general verification mechanism is desired that can be applied to all SSE schemes. In this work, instead of concentrating on a central server, we explore the potential of the smart contract, an emerging blockchain-based decentralized technology, and construct decentralized SSE schemes where the data owner can receive correct search results with assurance without worrying about potential wrongdoings of a malicious server. We study both public and private blockchain environments and propose two designs with a trade-off between security and efficiency. To better support practical applications, the multi-user setting of SSE is further investigated where the data owner allows authenticated users to search keywords in shared documents. We implement prototypes of our two designs and present experiments and evaluations to demonstrate the practicability of our decentralized SSE schemes.
收起
摘要 :
Searchable symmetric encryption (SSE) enables a client to store a database on an untrusted server while supporting keyword search in a secure manner. Despite the rapidly increasing interest in SSE technology, experiments indicate ...
展开
Searchable symmetric encryption (SSE) enables a client to store a database on an untrusted server while supporting keyword search in a secure manner. Despite the rapidly increasing interest in SSE technology, experiments indicate that the performance of the known schemes scales badly to large databases. Somewhat surprisingly, this is not due to their usage of cryptographic tools, but rather due to their poor locality (where locality is defined as the number of noncontiguous memory locations the server accesses with each query). The only known schemes that do not suffer from poor locality suffer either from an impractical space overhead or from an impractical read efficiency (where read efficiency is defined as the ratio between the number of bits the server reads with each query and the actual size of the answer). We construct the first SSE schemes that simultaneously enjoy optimal locality, optimal space overhead, and nearly optimal read efficiency. Specifically, for a database of size N, under the modest assumption that no keyword appears in more than N1-1/ log logN documents, we construct a scheme with read efficiency (O) over tilde (log logN). This essentially matches the lower bound of Cash and Tessaro (EUROCRYPT '14) showing that any SSE scheme must be suboptimal in either its locality, its space overhead, or its read efficiency. In addition, even without making any assumptions on the structure of the database, we construct a scheme with read efficiency (O) over tilde (logN). Our schemes are obtained via a two-dimensional generalization of the classic balanced allocations ("balls and bins") problem that we put forward. We construct nearly optimal two-dimensional balanced allocation schemes, and then combine their algorithmic structure with subtle cryptographic techniques.
收起