Lixue Sun,Chunxiang Xu,Chuang Li,Yuhui Li

DOI: https://doi.org/10.1016/j.comcom.2020.09.018

IF: 5.047

2020-12-01

Computer Communications

Abstract:<p>Searchable encryption schemes allow users to search encrypted data containing some keyword without decrypting the data. It protects the data privacy of data owners, meanwhile facilitates efficient data access in secure cloud storage service. Most of the existing schemes only considered the single-user setting, in which a user uploads his encrypted data and later performs searches on it. However, the majority of databases in practice do not only serve one user; instead, they support write operations by multiple data owners and search operations by some authorized users. There exists the following issues in existing multi-user searchable encryption schemes. First, some schemes allow only one data owner to write to the encrypted database; second, a number of schemes may require the data owner to interact with the authorized users to distribute secret keys; third, some other schemes cannot efficiently support the search authorization revocation on users, and do not achieve the trapdoor unlinkability. In this paper, we address these issues by proposing a server-aided searchable encryption scheme in multi-user setting. In our scheme, the data owners only need to know the public key of an administration server to generate the searchable ciphertext, regardless of the number of authorized users. Furthermore, our scheme is shown to be semantically secure against outside keyword guessing attacks. Finally, the performance analyses and comparisons with some existing schemes demonstrate that our scheme achieves better performance.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Ling Huaze,Xue Kaiping,Wei David S.L.,Li Ruidong

DOI: https://doi.org/10.52396/JUST-2021-0071

2021-01-01

Journal of University of Science and Technology of China

Abstract:As more and more enterprises and individuals choose to outsource their encrypted private data to the cloud, Searchable Encryption ( SE) , which solves the issue of keyword-searching over encrypted data, is becoming much more important. To overcome typos and semantic diversity existing in query requests, fuzzy search is introduced to achieve a misspelling-tolerate search-supported encryption scheme. However, current schemes of fuzzy search over encrypted data not only bring in high computing and communication overhead in multi-user scenarios but also are unable to cover all kinds of error types under the premise of an effective accuracy. In this paper, we thus propose a multi-user multi-keyword fuzzy searchable encryption scheme. Specifically, we introduce the permuterm index to support multi-keyword wildcard search which can solve more kinds of misspelling with a higher degree of correctness. Moreover, by letting the cloud server re-encrypt indexes user encrypt, our scheme supports unshared-key multi-user fuzzy search, reducing users ' computing overhead effectively and improving the level of privacy-preserving. The results of experiments demonstrate that, compared with existing schemes, our scheme not only has a better accuracy rate, but also supports more varieties of misspelling keyword search with acceptable computational overhead.

Wenjie Liu,Yinsong Xu,Wen Liu,Haibin Wang,Zhibin Lei

DOI: https://doi.org/10.1109/access.2019.2960592

2023-09-25

Abstract:Searchable encryption (SE) is a positive way to protect users sensitive data in cloud computing setting, while preserving search ability on the server side, i.e., it allows the server to search encrypted data without leaking information about the plaintext data. In this paper, a multi-client universal circuit-based full-blind quantum computation (FBQC) model is proposed. In order to meet the requirements of multi-client accessing or computing encrypted cloud data, all clients with limited quantum ability outsource the key generation to a trusted key center and upload their encrypted data to the data center. Considering the feasibility of physical implementation, all quantum gates in the circuit are replaced with the combination of {\pi}/8 rotation operator set {Rz({\pi}/4), Ry({\pi}/4), CRz({\pi}/4), CRy({\pi}/4), CCRz({\pi}/4), CCRy({\pi}/4)}. In addition, the data center is only allowed to perform one {\pi}/8 rotation operator each time, but does not know the structure of the circuit (i.e., quantum computation), so it can guarantee the blindness of computation. Then, through combining this multi-client FBQC model and Grover searching algorithm, we continue to propose a quantum searchable encryption scheme for cloud data. It solves the problem of multi-client access mode under searchable encryption in the cloud environment, and has the ability to resist against some quantum attacks. To better demonstrate our scheme, an example of our scheme to search on encrypted 2-qubit state is given in detail. Furthermore, the security of our scheme is analysed from two aspects: external attacks and internal attacks, and the result indicates that it can resist against such kinds of attacks and also guarantee the blindness of data and computation.

Emerging Technologies,Cryptography and Security,Quantum Physics

Zhenkui Shi,Xuemei Fu,Xianxian Li,Kai Zhu

DOI: https://doi.org/10.1109/tkde.2020.3025348

IF: 9.235

2020-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Symmetric Searchable Encryption(SSE) is deemed to tackle the privacy issue as well as the operability and confidentiality in data outsourcing. However, most SSE schemes assume that the cloud is honest but curious. This assumption is not always applicable. And even if some schemes supported verification, integrity or freshness checking in a malicious cloud, but the performance and security functionalities are not fully exploited. In this paper, we propose an efficient SSE scheme based on B+-Tree and Counting Bloom Filter (CBF) which supports secure verification, dynamic updating, and multi-user queries. Comparing with the previous state of the arts, we design the new data structure CBF to support dynamic updating and boost verification. We also leverage the timestamp mechanism in the scheme to prevent the malicious cloud from launching a replay attack. The new designed CBF is like a front-engine to save user's cost for query and verification. And it can achieve more efficient query and verification with negligible false positive when there is no value matching the queried keyword. The CBF supports efficient dynamic updating by combining Bloom Filter with a one-dimensional array that provides the counting capability. Furthermore, we design the authenticator for CBF. We adopt B+-Tree for it is widely used in many database engines and file systems. We also give a brief security proof of our scheme. Then we provide a detailed performance analysis. Finally, we evaluate our scheme through comprehensive experiments. The results are consistent with our analysis and show that our scheme is secure, and more efficient compared with the previous schemes with the same functionalities. The average performance can be improved by about 20 percent for both the cloud servers and users when the missing rate of the searching keywords is 20 percent. And the higher the missing rate is, the more the performance can be improved.

Mande Xie,Xuekang Yang,Haibo Hong,Guiyi Wei,Zhen Zhang

DOI: https://doi.org/10.1016/j.future.2023.11.017

IF: 7.307

2023-12-14

Future Generation Computer Systems

Abstract:As an important cryptographic primitive , searchable encryption (SE) plays a crucial role in performing keyword searching on encrypted texts. However, in order to realize fuzzy keyword search, most fuzzy search encryption schemes utilize wildcards and gram technology to construct fuzzy sets, which consumes a lot of storage and computational resources. Therefore, in this paper, we propose a new verifiable Chinese multi-keyword fuzzy rank searchable encryption (VCMKFRSE) scheme. Firstly, we take advantage of the Yongzi Ba method to convert Chinese keywords into stroke strings, and employ chinese keywords vector generation algorithm to convert the stroke string into a keyword vector. Secondly, we utilize inverted index tables to establish the relationship between keywords and documents. In particular, the relevance score between keywords and documents is calculated by using the three-factor algorithm. Also, we adopt the MinHash function to construct a fuzzy index table for each keyword vector. Thirdly, in order to realize the authentication of search results and avoid receiving useless search results, we build an authentication tag table by using an authentication tag generation function. Afterwards, we apply probabilistic trapdoors to resist distinguishability attacks. At last, our scheme achieves IND-CCA secure and is more efficient comparing with the state of the art. Overall, our proposal achieves fuzzy multi-keyword search and more accurate search result ranking, while ensuring data security and higher efficiency.

computer science, theory & methods

Minghao Zhao,Han Jiang,Zhen Li,Qiuliang Xu,Hao Wang,Shaojing Li

DOI: https://doi.org/10.1504/ijhpcn.2018.10015546

2018-01-01

International Journal of High Performance Computing and Networking

Abstract:Searchable encryption is a significant cryptographic primitive to ensure storage security and data privacy in cloud computing environment. It allows a client to store a collection of encrypted documents on server, and latterly, according to specific search criteria, perform keyword-based searches and retrieve the documents, meanwhile ensuring that it reveals minimal information to the server. Early research on searchable encryption schemes mainly focused on the efficiency, the security and the query expressiveness, and nowadays, the studies have been paying attention to searchable encryption that supports dataset update dynamically. In this paper, we propose a new dynamic symmetric searchable encryption scheme. In the aspect of efficiency, the complexity of search algorithm is O(1), while file addition and deletion are O(m"n) and O(N) respectively (here m" means the number of keywords in a document; N means the number of document-keyword pairs and n means the size of keywords dictionary), which indicates the overall efficiency is superior to the existing schemes; in terms of security, this scheme can resist selective keyword attack, and compared with former ones, it achieves less information leakage.

Kai Zhang,Xiwen Wang,Jianting Ning,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2022.3224669

IF: 7.231

2022-12-10

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption (SE) is a promising strategy for cloud-based file retrieval services, via structuring correspondences between files and keywords. Public key encryption with keyword search (PEKS) has been generally employed in file-sharing services, as compared to searchable symmetric encryption (SSE). However, PEKS is inherently vulnerable to keyword guessing attacks (KGA) launched by a malicious server. To resist such attacks, classic solutions are dual-server PEKS (DS-PEKS) [TIFS'2015] and server-aided PEKS (SA-PEKS) [TIFS'2016]. However, the query model in these two solutions only support single keyword search pattern, which inevitably limits their wide deployments in practice due to efficiency concern. In this work, we present DSB-SE, a new cloud-based file sharing & retrieval system that supports boolean queries while retaining KGA-resistance. Compared to DS-PEKS and SA-PEKS, the cost of documents searching in DSB-SE is 25, 000 times (resp. 6, 600 times) faster when and , where -term is the least frequent keyword in the query pattern. Technically, the performance gain derives from revisiting traditional boolean SSE by: (i) introducing a pairing-free DDH-based transformation key modular that allows a data reader's query pattern to be treated as a data writer's; (ii) employing the dual-server methodology to support boolean query with efficient validity checks. In particular, the client-to-cloud communication cost for retrieving index of a single document is bounded to , and the cost of sending a token ranges fro- . Nevertheless, DSB-SE is slightly slower than DS-PEKS (but faster than SA-PEKS) for key generation cost. Overall, the experiments show that the DSB-SE is practical and sufficient for real cloud applications, which is conducted over Enron dataset under a real-world cloud platform.

computer science, theory & methods,engineering, electrical & electronic

Marius Iulian Mihailescu,Stefania Loredana Nita,Marius Iulian Mihailescu,Stefania Loredana Nita

DOI: https://doi.org/10.3390/cryptography6010008

2022-02-14

Cryptography

Abstract:Cloud computing offers the possibility of providing suitable access within a network for a set of resources. Many users use different services for outsourcing their data within the cloud, saving and mitigating the local storage and other resources involved. One of the biggest concerns is represented by storing sensitive data on remote servers, which can be found to be extremely challenging within different situations related to privacy. Searchable Encryption (SE) represents a particular case of Fully Homomorphic Encryption (FHE) and at the same time represents a method composed from a set of algorithms meant to offer protection for users’ sensitive data, while it preserves the searching functionality on the server-side. There are two main types of SE: Searchable Symmetric Encryption (SSE), where the ciphertexts and trapdoors for searching are performed using private key holders, and Public Key Searchable Encryption (PKSE), in which a specific number of users have the public key based on which are capable of outputting ciphertexts and giving the possibility of producing the trapdoors by using the private key from the holder. In this article, we propose a searchable encryption system that uses biometric authentication. Additionally, biometric data are used in the trapdoor generation process, such that an unauthorized user cannot submit search queries. The proposed system contains three components: classic user authentication (based on username, password, and a message with a code using short message service (SMS), biometric authentication, and the searchable encryption scheme. The first two components can be seen as two-factor authentication (2FA), and the second component represents the initialization step of the searchable encryption scheme. In the end, we show and demonstrate that the proposed scheme can be implemented with success for medium to complex network infrastructures. We have granted special attention to the trapdoor function, which generates a value that can be used to perform the search process and search function that is based on the trapdoor pair for searching within the index structure. We provide the correctness and security proof of the operations, which gives us the guarantee that the cloud servers return the correct documents. Additionally, we discuss measuring the performance of the authentication scheme in terms of performance indicators, introducing two indicators for measuring purposes—namely, cloud average number of non-legitim the user actions for cloud purposes (CANNL) and cloud average number of legitim user actionsCANLU.

Chang Xu,Ruijuan Wang,Liehuang Zhu,Chuan Zhang,Rongxing Lu,Kashif Sharif

DOI: https://doi.org/10.48550/arXiv.2203.13662

2022-03-25

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) supports keyword search over outsourced symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a variant of SSE, further enables data updating. Most DSSE works with conjunctive keyword search primarily consider forward and backward privacy. Ideally, the server should only learn the result sets involving all keywords in the conjunction. However, existing schemes suffer from keyword pair result pattern (KPRP) leakage, revealing the partial result sets containing two of query keywords. We propose the first DSSE scheme to address aforementioned concerns that achieves strong privacy-preserving conjunctive keyword search. Specifically, our scheme can maintain forward and backward privacy and eliminate KPRP leakage, offering a higher level of security. The search complexity scales with the number of documents stored in the database in several existing schemes. However, the complexity of our scheme scales with the update frequency of the least frequent keyword in the conjunction, which is much smaller than the size of the entire database. Besides, we devise a least frequent keyword acquisition protocol to reduce frequent interactions between clients. Finally, we analyze the security of our scheme and evaluate its performance theoretically and experimentally. The results show that our scheme has strong privacy preservation and efficiency.

Fenghe Wang,Han Xiao,Junquan Wang,Ye Wang,Chengliang Cao

DOI: https://doi.org/10.1016/j.sysarc.2024.103089

IF: 5.836

2024-02-17

Journal of Systems Architecture

Abstract:Cloud storage is a basic service model of the cloud computing. Since the cloud data is stored in the ciphertext for the data confidentiality, how to search the cloud data again in ciphertext state for users is a natural requirement. The searchable encryption (SE) gives an efficient solution to achieve both the data confidentiality and the searchable requirement simultaneously. In SE schemes, the user can transfer a search trapdoor to the cloud server from a secure channel and the cloud server can use the received trapdoor to search the corresponding keyword ciphertext. Since the keywords are with low entropy, the traditional SE is vulnerable to keyword guessing attack. In order to remove the need of the secure channel and also to achieve the security against the keyword guessing attack, we build a single-user identity-based secure channel free SE scheme in the random oracle model by using lattice-based tools. Only the designated cloud server can finish the ciphertext search which means the secure channel between the user and the cloud server is not needed in the proposed scheme. Under the hardness of the learning with errors problem, we prove that the proposed scheme is ciphertext indistinguishable under the selective identity and chosen keyword attacks. Moreover, the proposed scheme also satisfies the trapdoor indistinguishability which directly leads to the security against the outside offline keyword guessing attack. Furthermore, we extend the proposed single-user scheme into the multi-user scenario. The proposed multi-user scheme inherits all functions achieved in the single-user scheme, such as secure channel free. Meanwhile, ciphertext length is fixed with the number of users increasing, which is more suitable for the large group users. In addition, we analyze the theoretical evaluation and experimental evaluation between the proposed schemes and some known literatures respectively. The results demonstrate that our proposed algorithms have several advantages in the both single-user and multi-user schemes, for example, the ciphertext lengths in the single/multi-user schemes are only 5.632KB and 6.016KB respectively and the running time of Test algorithm for any user groups is fixed to be 0.65ms in our simulated experiments.

computer science, software engineering, hardware & architecture

Jianting Ning,Jia Xu,Kaitai Liang,Fan Zhang,Ee-Chien Chang

DOI: https://doi.org/10.1109/tifs.2018.2866321

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption (SE) provides a privacy-preserving mechanism for data users to search over encrypted data stored on a remote server. Researchers have designed a number of SE schemes with high efficiency yet allowing some degree of leakage profile to the remote server. The leakage, however, should be further measured to allow us to understand what types of attacks an SE scheme would encounter. This paper considers passive attacks that make inferences based on prior knowledge and observations on queries issued by users. This is in contrast to previously studied active attacks that adaptively inject files and queries. We consider several assumptions on the types or prior knowledge the attacker possessed and propose a few passive attacks. In particular, under the "full-fledged" assumption, the keyword recovery rate of our attack is optimal in the sense that it is equal to the theoretical upper bound. We further present several enhanced attacks under other weaker assumptions on various levels of the prior knowledge that the attacker can obtain, in which the keyword recovery rates are optimal or nearly optimal (i.e., approaching the theoretical upper bound). In addition, we provide extensive experiments to show the "power" of our passive attacks. This paper highlights the importance of minimizing the prior knowledge of a server and the leakage of search queries. It also shows that simply distorting the frequency of the keyword to hold against our passive attacks may not scale well.

Hua Zhang,Shaohua Zhao,Ziqing Guo,Qiaoyan Wen,Wenmin Li,Fei Gao

DOI: https://doi.org/10.1109/tcc.2021.3092358

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:Searchable encryption (SE) is a powerful technology that enables keyword-based search over encrypted data becomes possible. However, most SE schemes focus on exact keyword search which can not tolerate misspellings and typos. Existing fuzzy keyword search schemes only support fuzzy search within a limited similarity threshold $d$d, the storage cost will grow exponentially or the precision of search results will greatly decrease as $d$d increases. Moreover, the current fuzzy keyword ranked search schemes consider only the keyword weight, and disregard the influence of keyword morphology similarity on the ranking. In this article, we propose a scalable fuzzy keyword ranked search scheme over encrypted data under hybrid clouds architecture. We use the edit distance to measure the similarity of keywords and design an edit distance algorithm over encrypted data, in which our scheme achieves fuzzy keyword search for any similarity threshold $d$d with a constant storage size and accurate search results. Furthermore, we design a two-factor ranking function combining keyword weight with keyword morphology similarity, which is utilized to rank the search results and enhance system usability. Extensive experiments are performed to demonstrate the trade-off of efficiency and security of the proposed scheme.

computer science, information systems, theory & methods

Miaomiao Wang,Lanlan Rui,Siya Xu,Zhipeng Gao,Huiyong Liu,Shaoyong Guo

DOI: https://doi.org/10.1016/j.comnet.2023.110045

IF: 5.493

2023-09-29

Computer Networks

Abstract:Searchable encryption technology provides a solution for the trusted sharing of sensitive data. A large amount of encrypted data stored in data sharing servers can support keyword search without exposing data privacy, which has attracted more and more scholars' attentions and researches. However, some multi-keyword searchable encryption schemes that deal with multi-semantic data still have security problems or low efficiency. To improve the security and efficiency of trusted sharing of sensitive data, we propose a multi-keyword searchable encryption scheme. The scheme designs a sensitive data sharing architecture based on blockchain technology, and the tamper-proof of distributed ledgers ensures the authenticity of encrypted data and indexes, as well as the supervision of sharing behaviors. On this basis, we improved the inverted index structure to achieve efficient multi-keyword searchable encryption while avoiding keyword-pair result pattern leakage. Our proposed scheme has passed formal security analysis, and simulation results show that the multi-keyword searchable encryption scheme is efficient.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Peter van Liesdonk,Saeed Sedghi,Jeroen Doumen,Pieter Hartel,Willem Jonker

DOI: https://doi.org/10.1007/978-3-642-15546-8_7

2010-01-01

Abstract:Searchable encryption is a technique that allows a client to store documents on a server in encrypted form. Stored documents can be retrieved selectively while revealing as little information as possible to the server. In the symmetric searchable encryption domain, the storage and the retrieval are performed by the same client. Most conventional searchable encryption schemes suffer from two disadvantages. First, searching the stored documents takes time linear in the size of the database, and/or uses heavy arithmetic operations. Secondly, the existing schemes do not consider adaptive attackers; a search-query will reveal information even about documents stored in the future. If they do consider this, it is at a significant cost to the performance of updates. In this paper we propose a novel symmetric searchable encryption scheme that offers searching at constant time in the number of unique keywords stored on the server. We present two variants of the basic scheme which differ in the efficiency of search and storage. We show how each scheme could be used in a personal health record system.

Zhongjun Zhang,Jianfeng Wang,Yunling Wang,Yaping Su,Xiaofeng Chen

DOI: https://doi.org/10.1007/978-3-030-29962-0_15

2019-01-01

Abstract:Searchable Symmetric Encryption (SSE) allows a server to perform search directly over encrypted data outsourced by user. Recently, the primitive of forward secure SSE has attracted significant attention due to its favorable property for dynamic data searching. That is, it can prevent the linkability from newly update data to previously searched keyword. However, the server is assumed to be honest-but-curious in the existing work. How to achieve verifiable forward secure SSE in malicious server model remains a challenging problem. In this paper, we propose an efficient verifiable forward secure SSE scheme, which can simultaneously achieve verifiability of search result and forward security property. In particular, we propose a new verifiable data structure based on the primitive of multiset hash functions, which enables efficient verifiable data update by incrementally hash operation. Compared with the state-of-the-art solution, our proposed scheme is superior in search and update efficiency while providing verifiability of search result. Finally, we present a formal security analysis and implement our scheme, which demonstrates that our proposed scheme is equipped with the desired security properties with practical efficiency.

Jinjiang Yang,Feng Liu,Xinyi Luo,Jianan Hong,Jian Li,Kaiping Xue

DOI: https://doi.org/10.1109/globecom48099.2022.10001146

2022-01-01

Abstract:Through Searchable Symmetric Encryption (SSE), a user can make search over encrypted documents that are stored on an untrusted cloud server. Multi-client SSE schemes require that one client can search documents contributed by other clients and upload documents. Nevertheless, existing multi- client SSE schemes implement the fine-grained access control with high complexity. Although fine-grained access control adapts to complex scenarios, it is not necessary anytime and may cause heavy costs over computation in SSE schemes. Moreover, it is crucial to support documents updating and forward privacy. To combat that, we design a multi-client SSE scheme with efficient access control over dynamic encrypted documents. Specifically, we first modify Symmetric Hidden Vector Encryption (SHVE) and utilize Bloom filter to implement the access control, which reduces much of computation overhead. We then employ Oblivious Dynamic Cross-Tag (ODXT) protocol to preserve the forward privacy of our scheme. Finally, the corresponding security and experimental evaluation demonstrate both security and practicality of our scheme, respectively.

Guoxiu Liu,Geng Yang,Shuangjie Bai,Qiang Zhou,Hua Dai

DOI: https://doi.org/10.1109/ACCESS.2020.2966367

IF: 3.9

2020-01-01

IEEE Access

Abstract:Currently, searchable encryption has attracted considerable attention in the field of cloud computing. The existing research mainly focuses on keyword-based search schemes, most of which support the exact matching of keywords. However, keyword-based search schemes ignore spelling errors and semantic expansions of keywords. The significant drawback makes the existing techniques unsuitable in cloud computing as it greatly affects system usability and can not completely satisfy the users' search intentions. In this paper, we propose an effective fuzzy semantic searchable encryption scheme (FSSE) that supports multi-keyword search over encrypted data in cloud computing. In our scheme, we exploit a keyword fingerprint generation algorithm to generate a fingerprint set of the keyword dictionary and a fingerprint of the query keywords, and employ Hamming distance to quantify keywords similarity. Based on the proposed fingerprint generation algorithm and Hamming distance, we realize fuzzy search. Furthermore, we utilize the semantic expansion technique to expand query keywords and calculate the semantic similarity between the query keywords and the expanded word of the query keywords to achieve the semantic search. To improve the search efficiency, we construct an inverted index structure and use the vector intersection matching as well as short-circuit matching operations to effectively filter irrelevant documents. The theoretical analysis and experimental results demonstrate that our proposed scheme satisfies the security guarantee of searchable encryption, enhances system usability, and is more efficient in comparison with the state of the art schemes.

Lidong Han,Junling Guo,Guang Yang,Qi Xie,Chengliang Tian

DOI: https://doi.org/10.1109/access.2021.3126867

IF: 3.9

2021-01-01

IEEE Access

Abstract:Searchable encryption is an important cryptographic technique that achieves data security and keyword retrieval over encrypted data in cloud. In 2004, Boneh et.al proposed the first searchable encryption scheme based on asymmetric cryptography. Since then, many variants of public key searchable encryption schemes were proposed. However, most previous works are vulnerable to multi-ciphertext attack, and they cannot provide trapdoor indistinguishability. Another problem is how to improve the searching efficiency. To deal with two issues, we construct a fast and secure public key authenticated searchable encryption scheme with designed server. Our scheme can resist keyword guessing attacks, chosen multi-keyword attacks and multi-trapdoor attacks. The search function in our scheme achieves the logarithmic search time in number of keywords while most existing schemes required the linear time. By comparison with previous schemes in computational complexity, our scheme is very fast in keyword search.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhen Li,Minghao Zhao,Han Jiang,Qiuliang Xu

DOI: https://doi.org/10.1007/s12243-017-0571-x

2017-01-01

Abstract:Multi-user searchable encryption (MSE) enables authorized users to search over encrypted documents in the cloud. Generally, security problems in existing MSE schemes are solved as follows: (1) transmitting authority values and search tokens through secure channels to resist keyword guessing attack; (2) involving a trusted third party (TTP) to manage users and (3) relying on online users to distribute the decryption keys. However, these methods result in extra overhead and heavily restrict the scalability of the systems. In this paper, we propose a secure channel-free and TTP-free MSE scheme. It is secure against keyword guessing attack by introducing a designated server. And it achieves fine-grained access control to grant and revoke the privileges of users without TTP. More specifically, each document is encrypted with a unique and independent key, where the key distribution is integrated with user authorization and search procedures. We provide a concrete construction of the scheme and give formal proofs of its security in the random oracle model.

Haochen Dou,Zhenwu Dan,Peng Xu,Wei Wang,Shuning Xu,Tianyang Chen,Hai Jin

DOI: https://doi.org/10.1109/tifs.2024.3350330

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) is a prospective technique in the field of cloud storage for secure search over encrypted data. A DSSE client can issue update queries to an honest-but-curious server for adding or deleting his ciphertexts to or from the server and delegate keyword search over those ciphertexts to the server. Numerous investigations focus on achieving strong security, like forward-and-Type-I−-backward security, to reduce the information leakage of DSSE to the server as much as possible. However, the existing DSSE with such strong security cannot keep search correctness and stable security (or robustness, in short) if irrational queries are issued by the client, like duplicate add or delete queries and the delete queries for removing non-existed entries, to the server unintentionally. Hence, this work proposes two new DSSE schemes, named and , respectively. Both two schemes achieve forward-and-Type-I−-backward security while keeping robustness when irrational queries are issued. In terms of performance, has more efficient communication costs and roundtrips than . In contrast, has a more efficient search performance than . Its search performance is close to the existing DSSE scheme with the same security but fails to achieve robustness.

computer science, theory & methods,engineering, electrical & electronic