Zhilong Luo,Shi-Feng Sun,Zhedong Wang,Dawu Gu

DOI: https://doi.org/10.1007/978-981-97-5025-2_15

2024-01-01

Abstract:Publicly Verifiable Symmetric Searchable Encryption (PV-SSE) enables a client to delegate verification process of search results to an auditor without revealing private information. However, most of existing PV-SSE schemes are only designed for static databases, and how to design dynamic PV-SSE (PV-DSSE) schemes with strong security and good efficiency remains an open problem. In this paper, we propose a new dynamic PV-SSE scheme, which is, to the best of our knowledge, the first non-interactive PV-DSSE with forward privacy and Type-II backward privacy. In particular, we achieve both strong backward privacy and public verifiability within one roundtrip, by leveraging a special cryptographic primitive called compressed symmetric revocable encryption (CSRE) and developing a novel verification method based on set hash functions. Moreover, we provide concrete implementation of our scheme, and conduct a comprehensive performance evaluation compared with the state-of-art. In a typical network environment, our result shows that the search process in our scheme is 5x to 7x faster than the state-of-art with 8x to 9x lower communication cost.

Haitang Lu,Jie Chen,Jianting Ning,Kai Zhang

DOI: https://doi.org/10.1093/comjnl/bxac084

2023-01-01

Abstract:Dynamic searchable symmetric encryption (DSSE) with forward and backward privacy makes it possible to perform search on the outsourced encrypted database efficiently while still allowing updates under acceptable leakage. Current forward and backward private DSSE (FB-DSSE) scheme proposed by Zuo et al. cannot support conjunctive keyword query and the cloud server needs to be honest-but-curious. Recent FB-DSSE scheme supporting conjunctive keyword query proposed by Patranabis et al. cannot verify search results. On the other hand, searchable symmetric encryption scheme proposed by Wang et al. that supports conjunctive keyword query and the verification of search results cannot achieve forward and backward privacy. The problem of constructing a verifiable conjunctive FB-DSSE scheme is still open. In this paper, we propose a verifiable conjunctive dynamic searchable symmetric encryption scheme (VCDSSE). VCDSSE is a FB-DSSE scheme that additionally supports the verification of search results and conjunctive keyword query. We revisit homomorphic MAC to enable efficient verification of search results, adopt the technique of oblivious cross-tags to achieve conjunctive keyword query and utilize state chain to ensure forward and backward privacy. The formal security analysis and performance evaluation demonstrate that VCDSSE is secure and practical as compared with Mitra scheme in terms of search time.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk

DOI: https://doi.org/10.48550/arXiv.1905.08561

2019-05-21

Cryptography and Security

Abstract:Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward privacy and backward privacy have been proposed. Nevertheless, the existing forward/backward-private DSSE schemes can only support single keyword queries. To address this problem, in this paper, we propose two DSSE schemes supporting range queries. One is forward-private and supports a large number of documents. The other can achieve backward privacy, while it can only support a limited number of documents. Finally, we also give the security proofs of the proposed DSSE schemes in the random oracle model.

Tianqi Peng,Bei Gong,Shanshan Tu,Abdallah Namoun,Sami Alshmrany,Muhammad Waqas,Hisham Alasmary,Sheng Chen

DOI: https://doi.org/10.3390/s24237597

IF: 3.9

2024-11-29

Sensors

Abstract:In the cloud-assisted industrial Internet of Things (IIoT), since the cloud server is not always trusted, the leakage of data privacy becomes a critical problem. Dynamic symmetric searchable encryption (DSSE) allows for the secure retrieval of outsourced data stored on cloud servers while ensuring data privacy. Forward privacy and backward privacy are necessary security requirements for DSSE. However, most existing schemes either trade the server's large storage overhead for forward privacy or trade efficiency/overhead for weak backward privacy. These schemes cannot fully meet the security requirements of cloud-assisted IIoT systems. We propose a fast and firmly secure SSE scheme called Veruna to address these limitations. To this end, we design a new state chain structure, which can not only ensure forward privacy with less storage overhead of the server but also achieve strong backward privacy with only a few cryptographic operations in the server. Security analysis proves that our scheme possesses forward privacy and Type-II backward privacy. Compared with many state-of-the-art schemes, our scheme has an advantage in search and update performance. The high efficiency and robust security make Veruna an ideal scheme for deployment in cloud-assisted IIoT systems.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mohammad Etemad,Alptekin Küpçü,Charalampos Papamanthou,David Evans

DOI: https://doi.org/10.48550/arXiv.1710.00208

2017-09-30

Abstract:Searchable symmetric encryption (SSE) enables a client to perform searches over its outsourced encrypted files while preserving privacy of the files and queries. Dynamic schemes, where files can be added or removed, leak more information than static schemes. For dynamic schemes, forward privacy requires that a newly added file cannot be linked to previous searches. We present a new dynamic SSE scheme that achieves forward privacy by replacing the keys revealed to the server on each search. Our scheme is efficient and parallelizable and outperforms the best previous schemes providing forward privacy, and achieves competitive performance with dynamic schemes without forward privacy. We provide a full security proof in the random oracle model. In our experiments on the Wikipedia archive of about four million pages, the server takes one second to perform a search with 100,000 results.

Cryptography and Security

Ying Gao,Yue Ge,Jianting Ning,Jie Ma,Xiaofeng Chen

DOI: https://doi.org/10.1109/jiot.2024.3457270

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) boom has enabled massive data collection in cloud servers. Therefore, access efficiency and data privacy in cloud storage services have become a significant concern. Data and users are hierarchical in IoT applications, which require fine-grained multi-level access control. Additionally, achieving public verification to resist the malicious server and clients is indispensable. Aiming at the challenge above, we propose a new forward private multi-level dynamic searchable symmetric encryption (DSSE) scheme called Peony, employing multi-level linked lists and constrained pseudorandom function, which is more efficient and secure. Then, we introduce a cryptographic primitive named multi-level symmetric revocable encryption (MSRE), and we give a general method for constructing a novel forward and type-II backward-private multi-level DSSE scheme Peony++ based on MSRE. Further, we design the multi-level digests and utilize the smart contract as a trusted platform to support public verification for Peony++. Theoretical analysis and experimental evaluations show that Peony achieves higher security and reduces search time by an average of 35.81% compared to the state-of-the-art multi-level DSSE scheme. To the best of our knowledge, Peony++ is the only multi-level searchable encryption currently available that can achieve forward and type-II backward privacy, all while balancing efficiency and functionality.

Chang Xu,Ruijuan Wang,Liehuang Zhu,Chuan Zhang,Rongxing Lu,Kashif Sharif

DOI: https://doi.org/10.48550/arXiv.2203.13662

2022-03-25

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) supports keyword search over outsourced symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a variant of SSE, further enables data updating. Most DSSE works with conjunctive keyword search primarily consider forward and backward privacy. Ideally, the server should only learn the result sets involving all keywords in the conjunction. However, existing schemes suffer from keyword pair result pattern (KPRP) leakage, revealing the partial result sets containing two of query keywords. We propose the first DSSE scheme to address aforementioned concerns that achieves strong privacy-preserving conjunctive keyword search. Specifically, our scheme can maintain forward and backward privacy and eliminate KPRP leakage, offering a higher level of security. The search complexity scales with the number of documents stored in the database in several existing schemes. However, the complexity of our scheme scales with the update frequency of the least frequent keyword in the conjunction, which is much smaller than the size of the entire database. Besides, we devise a least frequent keyword acquisition protocol to reduce frequent interactions between clients. Finally, we analyze the security of our scheme and evaluate its performance theoretically and experimentally. The results show that our scheme has strong privacy preservation and efficiency.

Chuang Li,Chunxiang Xu,Shanshan Li,Kefei Chen,Yinbin Miao

DOI: https://doi.org/10.1109/tcc.2021.3071779

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:With cloud services, data users can retrieve encrypted data while preserving data confidentiality. However, this new paradigm suffers from many security concerns. A major concern is how to avoid insider Keyword-Guessing Attacks (KGA), which implies that the internal attackers can guess the candidate keywords successfully in an off-line manner. To address this issue, recently, two verifiable searchable encryption schemes (published in IEEE Transactions on Cloud Computing, doi: 10.1109/TCC.2020.2989296) in cloud storage were proposed which enjoys many desirable features. In this letter, we demonstrate that the schemes are insecure against insider keyword-guessing attack. Specifically, we show that the adversary can derive the keywords in an off-line manner.

computer science, information systems, theory & methods

Xinrui Ge,Jia Yu,Hanlin Zhang,Chengyu Hu,Zengpeng Li,Zhan Qin,Rong Hao

DOI: https://doi.org/10.1109/tdsc.2019.2896258

2021-01-01

Abstract:Verifiable Searchable Symmetric Encryption, as an important cloud security technique, allows users to retrieve the encrypted data from the cloud through keywords and verify the validity of the returned results. Dynamic update for cloud data is one of the most common and fundamental requirements for data owners in such schemes. To the best of our knowledge, the existing verifiable SSE schemes supporting data dynamic update are all based on asymmetric-key cryptography verification, which involves time-consuming operations. The overhead of verification may become a significant burden due to the sheer amount of cloud data. Therefore, how to achieve keyword search over dynamic encrypted cloud data with efficient verification is a critical unsolved problem. To address this problem, we explore achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification and propose a practical scheme in this paper. In order to support the efficient verification of dynamic data, we design a novel Accumulative Authentication Tag (AAT) based on the symmetric-key cryptography to generate an authentication tag for each keyword. Benefiting from the accumulation property of our designed AAT, the authentication tag can be conveniently updated when dynamic operations on cloud data occur. In order to achieve efficient data update, we design a new secure index composed by a search table ST based on the orthogonal list and a verification list VL containing AATs. Owing to the connectivity and the flexibility of ST, the update efficiency can be significantly improved. The security analysis and the performance evaluation results show that the proposed scheme is secure and efficient.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk,Lei Xu

DOI: https://doi.org/10.1109/tdsc.2020.2994377

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Due to its capabilities of searches and updates over the encrypted database, the dynamic searchable symmetric encryption (DSSE) has received considerable attention recently. To resist leakage abuse attacks, a secure DSSE scheme usually requires forward and backward privacy. However, the existing forward and backward private DSSE schemes either only support single keyword queries or require more interactions between the client and the server. In this article, we first give a new leakage function for range queries, which is more complicated than the one for single keyword queries. Furthermore, we propose a concrete forward and backward private DSSE scheme by using a refined binary tree data structure. Finally, the detailed security analysis and extensive experiments demonstrate that our proposal is secure and efficient, respectively.

Yinbin Miao,Wei Zheng,Xiaohua Jia,Ximeng Liu,Kim-Kwang Raymond Choo,Robert H. Deng,Robert Deng

DOI: https://doi.org/10.1109/tsc.2021.3140098

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Ranked keyword search over encrypted data has been extensively studied in cloud computing as it enables data users to find the most relevant results quickly. However, existing ranked multi-keyword search solutions cannot achieve efficient ciphertext search and dynamic updates with forward security simultaneously. To solve the above problems, we first present a basic Machine Learning-based Ranked Keyword Search (ML-RKS) scheme in the static setting by using the k-means clustering algorithm and a balanced binary tree. ML-RKS reduces the search complexity without sacrificing the search accuracy, but is still vulnerable to forward security threats when applied in the dynamic setting. Then, we propose an Enhanced ML-RKS (called ML-RKS$^{+}$+) scheme by introducing a permutation matrix. ML-RKS$^{+}$+ prevents cloud servers from making search queries over newly added files via previous tokens, thereby achieving forward security. The security analysis proves that our schemes protect the privacy of indexes, query tokens and keywords. Empirical experiments using the real-world dataset demonstrate that our schemes are efficient and feasible in practical applications.

Qingqing Gan,Cong Zuo,Jianfeng Wang,Shi-Feng Sun,Xiaoming Wang

DOI: https://doi.org/10.1007/978-3-030-36938-5_3

2019-01-01

Abstract:Searchable symmetric encryption (SSE) has been proposed that enables the clients to outsource their private encrypted data onto the cloud server and later the data can be searched with limited information leakage. However, existing surveys have not covered most recent advances on SSE technique. To fill the gap, we make a survey on state-of-the-art representative SSE schemes in cloud environment. We mainly focus on dynamic SSE schemes with forward and backward privacy, two vital security elements to maintain query privacy during data update operations. Specifically, we discuss about SSE protocols based on query expressiveness, including single keyword search, conjunctive keyword search, range search, disjunctive keyword search and verifiable search. Finally, through comparison on query expressiveness, security and efficiency, we demonstrate the strengths and weaknesses of the existing SSE protocols.

Peiyi Tu,Xingjun Wang

DOI: https://doi.org/10.1007/978-981-97-0945-8_22

2024-01-01

Abstract:In recent years, the Database-as-a-Service (DAS) model has become increasingly popular for cost-effective data outsourcing to cloud service providers. To ensure data security and functionality, Searchable Encryption (SE) has been introduced. However, many existing SE schemes unintentionally leak access patterns, posing significant privacy risks. While solutions like Oblivious RAM (ORAM) and Fully Homomorphic Encryption (FHE) can mitigate this, they are computationally intensive, limiting their practicality for large-scale databases. In this paper, we design a dynamic and efficient SE scheme called DPDSE that exploits differential privacy obfuscation of access patterns. Specifically, we obfuscate the ciphertext by deploying Laplace and Randomized Response mechanism. DPDSE strikes a balance between privacy and storage costs, while maintaining compatibility with any SE scheme. We give a formal mathematical proof of the security of DPDSE and conduct experiments on real datasets. The results show that DPDSE is significantly more secure than traditional SE schemes at a storage cost of up to 2.5%.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk

DOI: https://doi.org/10.1007/978-3-030-29962-0_14

2019-01-01

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) enables a client to perform updates and searches on encrypted data which makes it very useful in practice. To protect DSSE from the leakage of updates (leading to break query or data privacy), two new security notions, forward and backward privacy, have been proposed recently. Although extensive attention has been paid to forward privacy, this is not the case for backward privacy. Backward privacy, first formally introduced by Bost et al., is classified into three types from weak to strong, exactly Type-III to Type-I. To the best of our knowledge, however, no practical DSSE schemes without trusted hardware (e.g. SGX) have been proposed so far, in terms of the strong backward privacy and constant roundtrips between the client and the server.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk

DOI: https://doi.org/10.1007/978-3-319-98989-1_12

2018-01-01

Abstract:Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward security and backward security have been proposed. Nevertheless, the existing forward/backward-secure DSSE schemes can only support single keyword queries. To address this problem, in this paper, we propose two DSSE schemes supporting range queries. One is forward-secure and supports a large number of documents. The other can achieve both forward security and backward security, while it can only support a limited number of documents. Finally, we also give the security proofs of the proposed DSSE schemes in the random oracle model.

Yinbin Miao,Jianfeng Ma,Ximeng Liu,Zhiquan Liu,Limin Shen,Fushan Wei

DOI: https://doi.org/10.1007/s12083-016-0487-7

2016-08-15

Abstract:The advantages of cloud computing encourage individuals and enterprises to outsource their local data storage and computation to cloud server, however, data security and privacy concerns seriously hinder the practicability of cloud storage. Although searchable encryption (SE) technique enables cloud server to provide fundamental encrypted data retrieval services for data-owners, equipping with a result verification mechanism is still of prime importance in practice as semi-trusted cloud server may return incorrect search results. Besides, single keyword search inevitably incurs many irrelevant results which result in waste of bandwidth and computation resources. In this paper, we are among the first to tackle the problems of data-owner updating and result verification simultaneously. To this end, we devise an efficient cryptographic primitive called as verifiable multi-keyword search over encrypted cloud data for dynamic data-owner scheme to protect both data confidentiality and integrity. Rigorous security analysis proves that our scheme is secure against keyword guessing attack (KGA) in standard model. As a further contribution, the empirical experiments over real-world dataset show that our scheme is efficient and feasible in practical applications.

computer science, information systems,telecommunications

Shi-Feng Sun,Ron Steinfeld,Shangqi Lai,Xingliang Yuan,Amin Sakzad,Joseph K. Liu,Surya Nepal,Dawu Gu

DOI: https://doi.org/10.14722/ndss.2021.24162

2021-01-01

Abstract:In Dynamic Symmetric Searchable Encryption (DSSE), forward privacy ensures that previous search queries cannot be associated with future updates, while backward privacy guarantees that subsequent search queries cannot be associated with deleted documents in the past. In this work, we propose a generic forward and backward-private DSSE scheme, which is, to the best of our knowledge, the first practical and non-interactive Type-II backward-private DSSE scheme not relying on trusted execution environments. To this end, we first introduce a new cryptographic primitive, named Symmetric Revocable Encryption (SRE), and propose a modular construction from some succinct cryptographic primitives. Then we present our DSSE scheme based on the proposed SRE, and instantiate it with lightweight symmetric primitives. At last, we implement our scheme and compare it with the most efficient Type-II backward-private scheme to date (Demertzis et al., NDSS 2020). In a typical network environment, our result shows that the search in our scheme outperforms it by 2 - 11 x under the same security notion.

Cong Wang,Ning Cao,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2011.282

IF: 5.3

2012-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud computing economically enables the paradigm of data service outsourcing. However, to protect data privacy, sensitive cloud data have to be encrypted before outsourced to the commercial public cloud, which makes effective data utilization service a very challenging task. Although traditional searchable encryption techniques allow users to securely search over encrypted data through keywords, they support only Boolean search and are not yet sufficient to meet the effective data utilization need that is inherently demanded by large number of users and huge amount of data files in cloud. In this paper, we define and solve the problem of secure ranked keyword search over encrypted cloud data. Ranked search greatly enhances system usability by enabling search result relevance ranking instead of sending undifferentiated results, and further ensures the file retrieval accuracy. Specifically, we explore the statistical measure approach, i.e., relevance score, from information retrieval to build a secure searchable index, and develop a one-to-many order-preserving mapping technique to properly protect those sensitive score information. The resulting design is able to facilitate efficient server-side ranking without losing keyword privacy. Thorough analysis shows that our proposed solution enjoys “as-strong-as-possible” security guarantee compared to previous searchable encryption schemes, while correctly realizing the goal of ranked keyword search. Extensive experimental results demonstrate the efficiency of the proposed solution.

Zhentao Long,Kai Zhang,Jinguo Li,Pengfei Wu,Jianting Ning

DOI: https://doi.org/10.1109/jiot.2024.3495042

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Mobile cloud storage enables IoT devices to use on-demand resources and share data with different mobile devices, where these outsourced data on the cloud are encrypted due to data confidentiality concern. Although dynamic searchable symmetric encryption (DSSE) allows data owners to directly search and update its encrypted data, it rarely considers implementing authorized search towards different mobile devices. Existing authorized keyword search systems for mobile cloud storage suffer from the following limitations: (i) only achieves Type-III backward privacy; (ii) no support for verification of search result; (iii) incurs high time overhead for data update and search. Therefore, we propose VE-FLY++, an efficient, verifiable and authorized DSSE system with forward and enhanced backward privacy for mobile cloud storage. Technically, VE-FLY++ presents a verifiable inverted bitmap index (VIBI) to achieve forward privacy and enhanced Type-I (a.k.a., Type-I-) backward privacy, with supporting verification of search results. In addition, we combine symmetric encryption with homomorphic addition with introduced VIBI for fast authorized search function. To further enable efficiently handling hundreds of millions of files, we adopt chunking technology to present a highly-scalable VE-FLY++. Finally, we use Raspberry Pi, Rock Pi, and Huawei Cloud on real datasets to conduct extensive experiments to clarify practical efficiency of VE-FLY++.

Zhongjun Zhang,Jianfeng Wang,Yunling Wang,Yaping Su,Xiaofeng Chen

DOI: https://doi.org/10.1007/978-3-030-29962-0_15

2019-01-01

Abstract:Searchable Symmetric Encryption (SSE) allows a server to perform search directly over encrypted data outsourced by user. Recently, the primitive of forward secure SSE has attracted significant attention due to its favorable property for dynamic data searching. That is, it can prevent the linkability from newly update data to previously searched keyword. However, the server is assumed to be honest-but-curious in the existing work. How to achieve verifiable forward secure SSE in malicious server model remains a challenging problem. In this paper, we propose an efficient verifiable forward secure SSE scheme, which can simultaneously achieve verifiability of search result and forward security property. In particular, we propose a new verifiable data structure based on the primitive of multiset hash functions, which enables efficient verifiable data update by incrementally hash operation. Compared with the state-of-the-art solution, our proposed scheme is superior in search and update efficiency while providing verifiability of search result. Finally, we present a formal security analysis and implement our scheme, which demonstrates that our proposed scheme is equipped with the desired security properties with practical efficiency.