Lei Xu,Chungen Xu,Joseph K. Liu,Cong Zuo,Peng Zhang

DOI: https://doi.org/10.1007/978-3-319-89500-0_45

2018-01-01

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) provides a simple and fast storage as well as retrieval method for encrypted profiles which stored in cloud. However, due to the nature of the symmetric encryption algorithm, it allows only one client to access the data. To make the scheme more practical, this paper propose a multi client dynamic symmetric searchable encryption scheme that could allow multi-client to search the privacy data with the delegation search token and dynamic delete expected files with delete token. Compared with similar works, our construction achieves a balance in network security and practical performance. We also demonstrate that the proposed scheme has same IND-CKA2 security property against adaptive adversary.

Haochen Dou,Zhenwu Dan,Peng Xu,Wei Wang,Shuning Xu,Tianyang Chen,Hai Jin

DOI: https://doi.org/10.1109/tifs.2024.3350330

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) is a prospective technique in the field of cloud storage for secure search over encrypted data. A DSSE client can issue update queries to an honest-but-curious server for adding or deleting his ciphertexts to or from the server and delegate keyword search over those ciphertexts to the server. Numerous investigations focus on achieving strong security, like forward-and-Type-I−-backward security, to reduce the information leakage of DSSE to the server as much as possible. However, the existing DSSE with such strong security cannot keep search correctness and stable security (or robustness, in short) if irrational queries are issued by the client, like duplicate add or delete queries and the delete queries for removing non-existed entries, to the server unintentionally. Hence, this work proposes two new DSSE schemes, named and , respectively. Both two schemes achieve forward-and-Type-I−-backward security while keeping robustness when irrational queries are issued. In terms of performance, has more efficient communication costs and roundtrips than . In contrast, has a more efficient search performance than . Its search performance is close to the existing DSSE scheme with the same security but fails to achieve robustness.

computer science, theory & methods,engineering, electrical & electronic

Ke Huang,Xiaolei Dong,Zhenfu Cao,Jiachen Shen

DOI: https://doi.org/10.1088/1757-899x/715/1/012062

2020-01-01

IOP Conference Series Materials Science and Engineering

Abstract:Dynamic searchable symmetric encryption (DSSE) is helpful to users with limited storage. In DSSE, the users are able to perform search and update queries on the ciphertext which stored on the cloud server. However, DSSE may suffer from file-injection attacks and leak information after deletion. In order to solve these problems, DSSE schemes with forward security and/or backward security have been proposed. In this paper, we propose two efficient DSSE schemes. The first one supports forward security using binary tree as the basic data structure. The second one uses puncturable encryption to achieve both forward and backward privacy.

Jing Chen,Zhenfu Cao,Jiachen Shen,Xiaolei Dong,Xingkai Wang

DOI: https://doi.org/10.1145/3377644.3377666

2020-01-01

Abstract:Users with limited computing and storage capabilities can access large amounts of data easily by uploading the database to cloud server. But this leads to security issues. Dynamic searchable encryption scheme is a solution, providing not only data privacy for users, but also the ability of searching for keywords on the ciphertext and inserting or deleting documents. However, most of the existing efficient dynamic searchable encryption schemes do not satisfy forward security, considering file-injection attack. In this paper, we design and implement a new forward secure dynamic symmetric searchable encryption (DSSE) scheme. We also use a new index structure inspired by linked list to achieve forward security instead of using ORAM. Our storage overhead is greatly reduced compared to previous works, without losing efficiency. Finally, we implement, evaluate and analyze our scheme.

Cheng Zhang,Ying Chu,Li Ling

DOI: https://doi.org/10.3969/j.issn.1007-757X.2017.11.012

2017-01-01

Abstract:Searchable encryption has been widely applied in cloud storage service now,it can help the user to search over specified cipher-text rapidly without leaking users' data privacy.Searchable symmetric encryption (searchable encryption based on symmetric key cryptography) has a low calculating overhead and is very suitable for large data block encryption by private user.Because the "Build Index" algorithm of traditional SSE is insufficient,a new index is proposed with an improved algorithm.Experiment results indicate that the overhead of building index becomes smaller and searching time is still satisfactory,and the dynamic performance has been improved.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk

DOI: https://doi.org/10.1007/978-3-030-29962-0_14

2019-01-01

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) enables a client to perform updates and searches on encrypted data which makes it very useful in practice. To protect DSSE from the leakage of updates (leading to break query or data privacy), two new security notions, forward and backward privacy, have been proposed recently. Although extensive attention has been paid to forward privacy, this is not the case for backward privacy. Backward privacy, first formally introduced by Bost et al., is classified into three types from weak to strong, exactly Type-III to Type-I. To the best of our knowledge, however, no practical DSSE schemes without trusted hardware (e.g. SGX) have been proposed so far, in terms of the strong backward privacy and constant roundtrips between the client and the server.

Dexin Li,Xingwen Zhao,Hui Li,Kai Fan

DOI: https://doi.org/10.1109/jiot.2024.3408812

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Considerable attention has been directed towards dynamic searchable symmetric encryption (DSSE) since it has the capability to both search and update the encrypted database. Nevertheless, the majority of DSSE schemes operate in single dimensions, and the server is assumed to be honest but curious. Consequently, there are two significant issues that must be addressed. One concerns how searchable operations can be implemented in a multi-dimensional space. Another is the construction of a search-result-verifiable DSSE scheme within a malicious server model. In response to the above-mentioned problems, we proposed a multi-dimensional verifiable DSSE scheme with volume-hiding. Our design leverages the combination of various query methods across different dimensions to enable a wide array of search modes. The state chain is used in the scheme to guarantee forward privacy, while backward privacy is ensured through the encryption of the index. Our scheme employs a bitmap index of the same length to represent multiple file addresses that match a keyword, ensuring size consistency in search results, also known as volume-hiding. Multiset hash function is used to construct the verifiable search result. The security of the scheme is analyzed using a simulation-based proof method based on leakage functions.

Bao Li,Fucai Zhou,Qiang Wang,Jian Xu,Da Feng

DOI: https://doi.org/10.1016/j.sysarc.2024.103221

IF: 5.836

2024-01-01

Journal of Systems Architecture

Abstract:Dynamic Searchable Symmetric Encryption (DSSE), which enables users to search and update encrypted data on an untrusted server without decryption, is a proven method when dealing with availability issues for outsourced data. However, the existing DSSE schemes suffer from forward and backward privacy problems. Although forward and backward privacy DSSE schemes can prevent these attacks, they still suffer from other challenges, such as count attacks, high communication overhead, and low computing efficiency. To solve the above problems simultaneously, we propose a secure and efficient dynamic searchable encryption scheme, which integrates a clustering algorithm, padding strategy, and trusted execution environments (TEE). The purpose of the scheme is to prevent count attacks while ensuring forward and backward privacy security. Our scheme also reduces the computing overhead and storage cost of the client by using TEE (e.g. Intel Software Guard Extension, Intel SGX) while maximizing the protection of client privacy. Furthermore, the scheme provides a secure hardware isolation environment for the cluster padding and search/update process to prevent malicious attacks from external software or super administrators. Finally, we provide corresponding security proofs and experimental evaluation which demonstrate both the security and efficiency of our scheme, respectively.

Peiyi Tu,Xingjun Wang

DOI: https://doi.org/10.1007/978-981-97-0945-8_22

2024-01-01

Abstract:In recent years, the Database-as-a-Service (DAS) model has become increasingly popular for cost-effective data outsourcing to cloud service providers. To ensure data security and functionality, Searchable Encryption (SE) has been introduced. However, many existing SE schemes unintentionally leak access patterns, posing significant privacy risks. While solutions like Oblivious RAM (ORAM) and Fully Homomorphic Encryption (FHE) can mitigate this, they are computationally intensive, limiting their practicality for large-scale databases. In this paper, we design a dynamic and efficient SE scheme called DPDSE that exploits differential privacy obfuscation of access patterns. Specifically, we obfuscate the ciphertext by deploying Laplace and Randomized Response mechanism. DPDSE strikes a balance between privacy and storage costs, while maintaining compatibility with any SE scheme. We give a formal mathematical proof of the security of DPDSE and conduct experiments on real datasets. The results show that DPDSE is significantly more secure than traditional SE schemes at a storage cost of up to 2.5%.

Minghao Zhao,Han Jiang,Zhen Li,Qiuliang Xu,Hao Wang,Shaojing Li

DOI: https://doi.org/10.1504/ijhpcn.2018.10015546

2018-01-01

International Journal of High Performance Computing and Networking

Abstract:Searchable encryption is a significant cryptographic primitive to ensure storage security and data privacy in cloud computing environment. It allows a client to store a collection of encrypted documents on server, and latterly, according to specific search criteria, perform keyword-based searches and retrieve the documents, meanwhile ensuring that it reveals minimal information to the server. Early research on searchable encryption schemes mainly focused on the efficiency, the security and the query expressiveness, and nowadays, the studies have been paying attention to searchable encryption that supports dataset update dynamically. In this paper, we propose a new dynamic symmetric searchable encryption scheme. In the aspect of efficiency, the complexity of search algorithm is O(1), while file addition and deletion are O(m"n) and O(N) respectively (here m" means the number of keywords in a document; N means the number of document-keyword pairs and n means the size of keywords dictionary), which indicates the overall efficiency is superior to the existing schemes; in terms of security, this scheme can resist selective keyword attack, and compared with former ones, it achieves less information leakage.

Kun He,Jing Chen,Qinxi Zhou,Ruiying Du,Yang Xiang

DOI: https://doi.org/10.1109/tifs.2020.3033412

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) enables users to search on the encrypted database stored on a semi-trusted server while keeping the search and update information under acceptable leakage. However, most existing DSSE schemes are not efficient enough in practice due to the complex structures and cryptographic primitives. Moreover, the storage cost on the client side grows linearly with the number of keywords in the database, which induces unaffordable storage cost when the size of keyword set is large. In this article, we focus on secure dynamic searchable symmetric encryption with constant client storage cost. Our framework is boosted by fish-bone chain, a novel two-level structure which consists of Logical Keyword Index Chain (LoKIC) and Document Index Chain (DIC). To instantiate the proposed framework, we propose a forward secure DSSE scheme, called CLOSE-F, and a forward and backward secure DSSE scheme, called CLOSE-FB. Experiments showed that the computation cost of CLOSE-F and CLOSE-FB are as efficient as the state-of-the-art solutions, while the storage costs on the client side are constant in both CLOSE-F and CLOSE-FB, which are much smaller than existing schemes.

computer science, theory & methods,engineering, electrical & electronic

Jinyang Li,Zhenfu Cao,Jiachen Shen,Xiaolei Dong

DOI: https://doi.org/10.1007/978-3-031-45933-7_5

2023-01-01

Abstract:Existing multi-user dynamic symmetric searchable encryptions (DSSE) schemes unreasonably require private key sharing or require data owners to stay online. And existing verifiable DSSE is mostly based on public key primitives and confronts a large efficiency bottleneck. To address these issues, this paper proposes MCVDSSE: Secure Multi-Client Verifiable Dynamic Symmetric Searchable Encryption. In MCVDSSE, the data owner neither needs to stay online nor leak the critical private key to ensure secure data search and dynamic update. In addition, it further achieves forward and backward security, and is secure against replay attacks and collusion attacks. Finally, the security proof shows that the user has the ability to verify the integrity and timeliness.

Xu Wanshan,Zhang Jianbiao,Yilin Yuan

DOI: https://doi.org/10.1109/ACCESS.2020.3012975

IF: 3.9

2020-01-01

IEEE Access

Abstract:Under the cloud computing environment, Searchable Symmetric Encryption (SSE) is an effective method to solve the problem of encrypted data retrieval, and helps to protect the users' privacy. Recent researches show that some attacks may bring great security threats to SSE, and forward privacy can effectively prevent these attacks, so forward privacy is very necessary for SSE scheme. Most of the existing forward privacy SSE schemes fall into two types: ORAM-based and Bost-based. The former is simple, but it has large communication overhead and low dynamic update efficiency. The latter is better than the former, but it is based on asymmetric encryption primitives. Based on symmetric encryption primitives, we propose a dynamic efficient forward privacy scheme DESSE in this paper. DESSE uses pseudo-random permutation to realize forward privacy, and uses delete list to identify the final state of the same file added and deleted repeatedly, so as to realize the dynamic update of data. The method proposed in this paper is simple and flexible in structure, takes up less additional space, and can significantly improve the efficiency of updating. At the same time, it can achieve real-time updating of data. The correctness of our proposed scheme is tested using the Enron email data set in the end.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk

DOI: https://doi.org/10.48550/arXiv.1905.08561

2019-05-21

Cryptography and Security

Abstract:Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward privacy and backward privacy have been proposed. Nevertheless, the existing forward/backward-private DSSE schemes can only support single keyword queries. To address this problem, in this paper, we propose two DSSE schemes supporting range queries. One is forward-private and supports a large number of documents. The other can achieve backward privacy, while it can only support a limited number of documents. Finally, we also give the security proofs of the proposed DSSE schemes in the random oracle model.

Salim Sabah Bulbul,Zaid Ameen Abduljabbar,Rana Jassim Mohammed,Mustafa A. Al Sibahee,Junchao Ma,Vincent Omollo Nyangaresi,Iman Qays Abduljaleel

DOI: https://doi.org/10.1371/journal.pone.0301277

IF: 3.7

2024-04-25

PLoS ONE

Abstract:Outsourcing data to remote cloud providers is becoming increasingly popular amongst organizations and individuals. A semi-trusted server uses Searchable Symmetric Encryption (SSE) to keep the search information under acceptable leakage levels whilst searching an encrypted database. A dynamic SSE (DSSE) scheme enables the adding and removing of documents by performing update queries, where some information is leaked to the server each time a record is added or removed. The complexity of structures and cryptographic primitives in most existing DSSE schemes makes them inefficient, in terms of storage, and query requests generate overhead costs on the Smart Device Client (SDC) side. Achieving constant storage cost for SDCs enhances the viability, efficiency, and easy user experience of smart devices, promoting their widespread adoption in various applications while upholding robust privacy and security standards. DSSE schemes must address two important privacy requirements: forward and backward privacy. Due to the increasing number of keywords, the cost of storage on the client side is also increasing at a linear rate. This article introduces an innovative, secure, and lightweight Dynamic Searchable Symmetric Encryption (DSSE) scheme, ensuring Type-II backward and forward privacy without incurring ongoing storage costs and high-cost query generation for the SDC. The proposed scheme, based on an inverted index structure, merges the hash table with linked nodes, linking encrypted keywords in all hash tables. Achieving a one-time O(1) storage cost without keyword counters on the SDC side, the scheme enhances security by generating a fresh key for each update. Experimental results show low-cost query generation on the SDC side (6,460 nanoseconds), making it compatible with resource-limited devices. The scheme outperforms existing ones, reducing server-side search costs significantly.

multidisciplinary sciences

Yubo Zheng,Peng Xu,Miao Wang,Wanying Xu,Wei Wang,Tianyang Chen,Hai Jin

DOI: https://doi.org/10.1109/tifs.2024.3463971

IF: 7.231

2024-10-02

IEEE Transactions on Information Forensics and Security

Abstract:Dynamic searchable symmetric encryption (DSSE), as one of the promising cryptographic tools in cloud-based services, faces two crying needs at the age of multi-device. One is a lightweight client, and the other is robustness. A lightweight client facilitates seamless synchronization among multiple devices allowing users to feel as if they are operating on a single device, even on resource-constrained devices. Robustness ensures a reliable system that can tolerate misoperations. DSSE requires both of them to achieve a leap in practicability. However, to our best knowledge, lightweight client and robustness have not been effectively combined thus far. Most existing DSSE schemes maintain a substantial amount of state information on the client for sub-linear search efficiency, but they fail to guarantee security even correctness, after executing the client's misoperations (e.g., duplicate addition or deletion operation and deleting non-existent targets). The seminal work on robustness, ROSE (TIFS'22), leverages a heavy primitive to preserve security and correctness during post-processing and requires a heavy client storage burden. To guarantee robustness and constant client storage simultaneously, we devise a novel method to preserve robustness timely in the process of misoperations. Specifically, we introduce an alarm mechanism to promptly eliminate the effects of misoperations. Based on the misoperation alarm mechanism and the vORAM+HIRB oblivious map (S&P'16), we propose a new DSSE scheme Themis. In addition to satisfying robustness and constant client storage, it has competitive search and update performance compared to prior representative DSSE schemes. Moreover, it is superior to existing robust schemes in search.

computer science, theory & methods,engineering, electrical & electronic

Dongli Liu,Wei Wang,Peng Xu,Laurence T. Yang,Bo Luo,Kaitai Liang

2024-03-02

Abstract:Dynamic Searchable Encryption (DSE) has emerged as a solution to efficiently handle and protect large-scale data storage in encrypted databases (EDBs). Volume leakage poses a significant threat, as it enables adversaries to reconstruct search queries and potentially compromise the security and privacy of data. Padding strategies are common countermeasures for the leakage, but they significantly increase storage and communication costs. In this work, we develop a new perspective to handle volume leakage. We start with distinct search and further explore a new concept called \textit{distinct} DSE (\textit{d}-DSE).

Cryptography and Security

Cheng Guo,Wenfeng Li,Xinyu Tang,Kim-Kwang Raymond Choo,Yining Liu

DOI: https://doi.org/10.1109/tdsc.2023.3262060

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Dynamic searchable symmetric encryption (DSSE) allows efficient searches over encrypted databases and also supports clients in their updating of the data, such as those stored in a remote cloud server. However, recent attacks suggest the risk of leakage during such updates, which consequently impacts on the privacy of the queries. In addition, existing DSSE schemes that support forward privacy generally rely on the honest-but-curious server and support only single-keyword retrieval, which limits the application scenarios. In this paper, we present the design of a verifiable DSSE protocol, which supports efficient conjunctive query with forward privacy. In our scheme, the forward index is constructed by a novel form, i.e., $ t$t-puncturable PRFs, and the authentication tag is designed by symmetric cryptography. During conjunctive queries, we narrow the scope by an inverted index, and then we determine the results of the final query through the forward index. Meanwhile, we can use verification tag to check the correctness and completeness of the result. In addition, we present an extension to support backward privacy, and our experimental evaluations show that our proposed approach achieves better performance on both conjunctive queries and updates than other competing solutions and ensures efficient verification.

Guiyun Qin,Pengtao Liu,Chengyu Hu,Zengpeng Li,Shanqing Guo

DOI: https://doi.org/10.1109/jsyst.2023.3288052

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:Extending the single-user searchable symmetric encryption (SSE) immediately to the multiuser scenario is not straightforward. In the multiuser scenario, recipients cannot safely achieve multisearchable computing without using a third party or specified users, which diminishes the application's utility. Moreover, there are two issues related to pattern privacy and file updating: One is that the majority of extant SSEs only emphasize the privacy of a partial pattern (one of the search/access/size patterns), resulting in information leakage. The second issue is that, with the exponential expansion of the number of files, it is unclear how to achieve unrestricted index capacity management while efficiently updating the encrypted index. To overcome the aforementioned issues, we offer a general dynamic named G-DSSE, that is blended with the pseudorandom function and the integer vector homomorphic encryption. Combining k-anonymity and delayed write-back techniques, G- DSSE can realize multisearchable computing without relying on a third party while simultaneously guaranteeing multiple patterns and greater forward/backward privacies. The combination of k-anonymity and delayed write-back solves the unnecessary waste of communication overhead and the problem of pattern leakage in extreme cases. G-DSSE achieves noninteractive update, even batch update, and nonrestrictive index capacity management in the encrypted index. Meanwhile, it can be expanded flexibly to ensure the precision and integrity of search results.

Jiming Liu,Zhenfu Cao,Xiaolei Dong,Jiachen Shen

DOI: https://doi.org/10.1007/978-981-15-0758-8_2

2019-01-01

Abstract:Searchable encryption (SE) is a new cryptographic technique that allows data users searching for the files of their interests over huge amounts of encrypted files on the cloud. When it comes to multi-user setting, more issues should be addressed comparing to single-user setting, including key distribution, search privilege control and access control. In this paper, we propose DMU-ABSE, a dynamic multi-user ciphertext-policy attribute-based searchable encryption scheme with file deletion and user revocation. We manipulate an attribute-based encryption to achieve fine-grained search privilege control and hidden policy in multi-user setting while searching time of the proposed scheme is constant (O(1)). With the help of proxy re-encryption, we build one searchable index matrix by different owners in order to improve the searching efficiency. Furthermore, our scheme implements access control by embedding decryption keys into the index matrix. The proposed scheme is proved IND-CKA and IND-CPA semantically secure and experimental results shows that our scheme is efficient.