Chang Liu,Liehuang Zhu,Jinjun Chen

DOI: https://doi.org/10.1109/trustcom.2015.406

2015-01-01

Abstract:Cloud computing has greatly facilitated large-scale data outsourcing due to its cost efficiency, scalability and many other advantages. Subsequent privacy risks force data owners to encrypt sensitive data, hence making the outsourced data no longer searchable. Searchable Symmetric Encryption (SSE) is an advanced cryptographic primitive addressing the above issue, which maintains efficient keyword search over encrypted data without disclosing much information to the storage provider. Existing SSE schemes implicitly assume that original user data is centralized, so that a searchable index can be built at once. Nevertheless, especially in cloud computing applications, user-side data centralization is not reasonable, e.g. an enterprise distributes its data in several data centers. In this paper, we propose the notion of Multi-Data-Source SSE (MDS-SSE), which allows each data source to build a local index individually and enables the storage provider to merge all local indexes into a global index afterwards. We propose a novel MDS-SSE scheme, in which an adversary only learns the number of data sources, the number of entire data files, the access pattern and the search pattern, but not any other distribution information such as how data files or search results are distributed over data sources. We offer rigorous security proof of our scheme, and report experimental results to demonstrate the efficiency of our scheme.

Panyu Wu,Zhenfu Cao,Jiachen Shen,Xiaolei Dong,Yihao Yang,Jun Zhou,Liming Fang,Zhe Liu,Chunpeng Ge,Chunhua Su

DOI: https://doi.org/10.1109/pst58708.2023.10320157

2023-01-01

Abstract:Since data outsourcing poses privacy concerns with data leakage, searchable symmetric encryption (SSE) has emerged as a powerful solution that enables clients to perform query operations on encrypted data while preserving their privacy. Dynamic SSE schemes have been proposed to handle update operations. However, it is shown that updates might increase the risk of information leakage. Meanwhile, to meet the requirement of real-world applications, it is desirable to have the searchable encryption scheme which supports both multiple clients and multi-keyword queries. To address these issues, this paper proposes MMDSSE, a multi-client forward secure dynamic SSE scheme that supports multi-keyword queries. MMDSSE allows the clients narrow down the results by providing an arbitrary subset of the entire archive, and thus suitable for cloud storage environment. Security analysis and experimental evaluations show that MMDSSE is secure and efficient.

Guofeng Wang,Chuanyi Liu,Yingfei Dong,Peiyi Han,Hezhong Pan,Binxing Fang

DOI: https://doi.org/10.1109/access.2017.2786026

IF: 3.9

2018-01-01

IEEE Access

Abstract:Searchable Encryption (SE) has been extensively examined by both academic and industry researchers. While many academic SE schemes show provable security, they usually expose some query information (e.g., search and access patterns) to achieve high efficiency. However, several inference attacks have exploited such leakage, e.g., a query recovery attack can convert opaque query trapdoors to their corresponding keywords based on some prior knowledge. On the other hand, many proposed SE schemes require significant modification of existing applications, which makes them less practical, weak in usability, and difficult to deploy. In this paper, we introduce a secure and practical searchable symmetric encryption scheme with provable security strength for cloud applications, called IDCrypt, which improves the search efficiency, and enhances the security strength of SE using symmetric cryptography. We further point out the main challenges in securely searching on multiple indexes and sharing encrypted data between multiple users. To address the above issues, we propose a token-adjustment search scheme to preserve the search functionality among multi-indexes, and a key sharing scheme which combines identity-based encryption and public-key encryption. Our experimental results show that the overhead of the key sharing scheme is fairly low.

Jianwei Li,Xiaoming Wang,Qingqing Gan,Fengling Wang

DOI: https://doi.org/10.1016/j.comcom.2022.04.026

IF: 5.047

2022-04-01

Computer Communications

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) allows users to outsource data with ciphertext format to untrusted servers and supports the operations of data adding and deleting, which is adopted in common usage by government and business. Recently, the primitive of Forward Privacy in DSSE has drawn great public interest owing to its beneficial feature, which is that it can guard against the newly uploaded files from linking to previous search tokens. However, most of existing Forward Private Searchable Encryption (FPSE) schemes focus on single-user environment, which means that only the users themselves can utilize the data, greatly limits the wide application in cloud computing. To our knowledge, it is difficult to migrate the FPSE schemes to multi-user network. First, to realize forward privacy, the data owner should share the entire key group to the legitimate users, which means the users have the privilege of tampering or deleting data rather than query only; secondly, some FPSE schemes use the special structures and can not be directly developed to multi-user network. Inspired by this, we present a scheme of multi-user forward private searchable encryption with dynamic authorization. The proposed scheme is based on a new structure of Multi-user State Chain and involves dynamic keyword-oriented authorization management. We prove our scheme can meet the secure characteristics, then conduct the performance evaluation and experiments. The results demonstrate that compared with the existing solutions, our scheme is superior in efficiency and practicability.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jinjiang Yang,Feng Liu,Xinyi Luo,Jianan Hong,Jian Li,Kaiping Xue

DOI: https://doi.org/10.1109/globecom48099.2022.10001146

2022-01-01

Abstract:Through Searchable Symmetric Encryption (SSE), a user can make search over encrypted documents that are stored on an untrusted cloud server. Multi-client SSE schemes require that one client can search documents contributed by other clients and upload documents. Nevertheless, existing multi- client SSE schemes implement the fine-grained access control with high complexity. Although fine-grained access control adapts to complex scenarios, it is not necessary anytime and may cause heavy costs over computation in SSE schemes. Moreover, it is crucial to support documents updating and forward privacy. To combat that, we design a multi-client SSE scheme with efficient access control over dynamic encrypted documents. Specifically, we first modify Symmetric Hidden Vector Encryption (SHVE) and utilize Bloom filter to implement the access control, which reduces much of computation overhead. We then employ Oblivious Dynamic Cross-Tag (ODXT) protocol to preserve the forward privacy of our scheme. Finally, the corresponding security and experimental evaluation demonstrate both security and practicality of our scheme, respectively.

Xueqiao Liu,Guomin Yang,Yi Mu,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2018.2876831

2020-11-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In a cloud data storage system, symmetric key encryption is usually used to encrypt files due to its high efficiency. In order allow the untrusted/semi-trusted cloud storage server to perform searching over encrypted data while maintaining data confidentiality, searchable symmetric encryption (SSE) has been proposed. In a typical SSE scheme, a users stores encrypted files on a cloud storage server and later can retrieve the encrypted files containing specific keywords. The basic security requirement of SSE is that the cloud server learns no information about the files or the keywords during the searching process. Some SSE schemes also offer additional functionalities such as detecting cheating behavior of a malicious server (i.e., verifiability) and allowing update (e.g., modifying, deleting and adding) of documents on the server. However, the previous (verifiable) SSE schemes were designed for single users, which means the searching can only be done by the data owner, whereas in reality people often use cloud storage to share files with other users. In this paper we present a multi-user verifiable searchable symmetric encryption (MVSSE) scheme that achieves all the desirable features of a verifiable SSE and allows multiple users to perform searching. We then define an ideal functionality for MVSSE under the Universally Composable (UC-) security framework and prove that our ideal functionality implies the security requirements of a secure MVSSE, and our multi-user verifiable SSE scheme is UC-secure. We also implement our scheme to verify its high performance based on some real dataset.

computer science, information systems, software engineering, hardware & architecture

Minghao Zhao,Han Jiang,Zhen Li,Qiuliang Xu,Hao Wang,Shaojing Li

DOI: https://doi.org/10.1504/ijhpcn.2018.10015546

2018-01-01

International Journal of High Performance Computing and Networking

Abstract:Searchable encryption is a significant cryptographic primitive to ensure storage security and data privacy in cloud computing environment. It allows a client to store a collection of encrypted documents on server, and latterly, according to specific search criteria, perform keyword-based searches and retrieve the documents, meanwhile ensuring that it reveals minimal information to the server. Early research on searchable encryption schemes mainly focused on the efficiency, the security and the query expressiveness, and nowadays, the studies have been paying attention to searchable encryption that supports dataset update dynamically. In this paper, we propose a new dynamic symmetric searchable encryption scheme. In the aspect of efficiency, the complexity of search algorithm is O(1), while file addition and deletion are O(m"n) and O(N) respectively (here m" means the number of keywords in a document; N means the number of document-keyword pairs and n means the size of keywords dictionary), which indicates the overall efficiency is superior to the existing schemes; in terms of security, this scheme can resist selective keyword attack, and compared with former ones, it achieves less information leakage.

Yinbin Miao,Jiajia Liu,Jianfeng Ma

DOI: https://doi.org/10.1007/978-3-319-21837-3_40

2015-01-01

Abstract:Cloud computing has increased rapidly due to its abundant benefits in terms of low cost and accessability of data. Privacy protection and data security are two issues in cloud computing, as users often outsource sensitive information to honest-but-curious cloud storage providers (CSP). While encryption seriously obsoletes the traditional information retrieval over plaintext. Therefore, searchable encryption (SE) technology which allows the users to securely search over cipher-text through keywords and selectively retrieve files of interest becomes important. Dealing with single CSP is predicted to become less popular with cloud customers for fear of risks of single-point failure threat and potential malicious insiders. To tackle above problems, two schemes based on Identity-Based Encryption (IBE) and Key-Policy Attribute-Based Encryption (KP-ABE) are proposed in multi-clouds environment, respectively. Through rigorous security and performance analysis, both schemes can ensure security and reliability, and greatly reduce computational burden.

Zheli Liu,Chuan Fu,Jun Yang,Zhusong Liu,Lingling Xu

DOI: https://doi.org/10.1007/978-3-662-49017-4_9

2015-01-01

Abstract:The task of searchable encryption schemes in multi-user setting is to handle the problem of dynamical user injection and revocation with consideration of feasibility. Especially, we have to make sure that user revocation will not cause security problem, such as leakage of secret key. Recently, fine-grained access control using trusted third party is proposed to resolve this issue. However, it increases the management complexity for maintaining massive authentication information of users.We present a new concept of coarse-grained access control for the first time and use it to construct a multi-user searchable encryption model in hybrid cloud. In our construction, there are two typical schemes, one is broadcast encryption ( BE) scheme to simplify access control, the other is a single-user searchable encryption scheme, which supports two-phases operation and is secure when untrustful server colludes with the adversary. Moreover, we implement such a practical scheme using an improved searchable symmetric encryption scheme, and security analysis support our scheme.

Cheng Guo,Xue Chen,Yingmo Jie,Zhangjie Fu,Mingchu Li,Bin Feng

DOI: https://doi.org/10.1109/tsc.2017.2768045

IF: 11.019

2020-01-01

IEEE Transactions on Services Computing

Abstract:As cloud computing becomes prevalent, more and more data owners are likely to outsource their data to a cloud server. However, to ensure privacy, the data should be encrypted before outsourcing. Symmetric searchable encryption allows users to retrieve keyword over encrypted data without decrypting the data. Many existing schemes that are based on symmetric searchable encryption only support single keyword search, conjunctive keywords search, multiple keywords search, or single phrase search. However, some schemes, i.e., static schemes, only search one phrase in a query request. In this paper, we propose a multi-phrase ranked search over encrypted cloud data, which also supports dynamic update operations, such as adding or deleting files. We used an inverted index to record the locations of keywords and to judge whether the phrase appears. This index can search for keywords efficiently. In order to rank the results and protect the privacy of relevance score, the relevance score evaluation model is used in searching process on client-side. Also, the special construction of the index makes the scheme dynamic. The data owner can update the cloud data at very little cost. Security analyses and extensive experiments were conducted to demonstrate the safety and efficiency of the proposed scheme.

Chang Xu,Lan Yu,Liehuang Zhu,Can Zhang

DOI: https://doi.org/10.1007/s12083-021-01202-6

2021-07-01

Abstract:In data outsourcing services, to ensure data security and user privacy, data is usually stored in cloud servers in ciphertext form. This method makes users face the problem of how to search the keywords in the ciphertexts. Although the Dynamic Searchable Symmetric Encryption (DSSE) schemes can solve this problem, most DSSE schemes assume that all the data is stored in a single cloud server. The assumption is not realistic since data may be stored in multiple servers. Furthermore, the cloud servers are usually considered "honest-but-curious", though malicious servers can actively attack and return incomplete or incorrect results. In this paper, we propose a Blockchain-based DSSE under the Multiple Clouds (BDSSE-MC) scheme. The scheme enables the data owner to generate encrypted local file indexes and merges the local indexes into a global index through a smart contract. The search operation is also performed by the smart contract based on the global index. In this scheme, the attacker cannot obtain the original files and search results, only knows the number of clouds and the number of files. We provide security and privacy analysis. We also compare the experiments results with those of traditional solutions.

computer science, information systems,telecommunications

Cheng Zhang,Ying Chu,Li Ling

DOI: https://doi.org/10.3969/j.issn.1007-757X.2017.11.012

2017-01-01

Abstract:Searchable encryption has been widely applied in cloud storage service now,it can help the user to search over specified cipher-text rapidly without leaking users' data privacy.Searchable symmetric encryption (searchable encryption based on symmetric key cryptography) has a low calculating overhead and is very suitable for large data block encryption by private user.Because the "Build Index" algorithm of traditional SSE is insufficient,a new index is proposed with an improved algorithm.Experiment results indicate that the overhead of building index becomes smaller and searching time is still satisfactory,and the dynamic performance has been improved.

Ling Huaze,Xue Kaiping,Wei David S.L.,Li Ruidong

DOI: https://doi.org/10.52396/JUST-2021-0071

2021-01-01

Journal of University of Science and Technology of China

Abstract:As more and more enterprises and individuals choose to outsource their encrypted private data to the cloud, Searchable Encryption ( SE) , which solves the issue of keyword-searching over encrypted data, is becoming much more important. To overcome typos and semantic diversity existing in query requests, fuzzy search is introduced to achieve a misspelling-tolerate search-supported encryption scheme. However, current schemes of fuzzy search over encrypted data not only bring in high computing and communication overhead in multi-user scenarios but also are unable to cover all kinds of error types under the premise of an effective accuracy. In this paper, we thus propose a multi-user multi-keyword fuzzy searchable encryption scheme. Specifically, we introduce the permuterm index to support multi-keyword wildcard search which can solve more kinds of misspelling with a higher degree of correctness. Moreover, by letting the cloud server re-encrypt indexes user encrypt, our scheme supports unshared-key multi-user fuzzy search, reducing users ' computing overhead effectively and improving the level of privacy-preserving. The results of experiments demonstrate that, compared with existing schemes, our scheme not only has a better accuracy rate, but also supports more varieties of misspelling keyword search with acceptable computational overhead.

Yunling Wang,Jianfeng Wang,Xiaofeng Chen

DOI: https://doi.org/10.1007/bf03391580

2016-01-01

Journal of Communications and Information Networks

Abstract:Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources. Currently, many users prefer to outsource data to the cloud in order to mitigate the burden of local storage. However, storing sensitive data on remote servers poses privacy challenges and is currently a source of concern. SE (Searchable Encryption) is a positive way to protect users sensitive data, while preserving search ability on the server side. SE allows the server to search encrypted data without leaking information in plaintext data. The two main branches of SE are SSE (Searchable Symmetric Encryption) and PEKS (Public key Encryption with Keyword Search). SSE allows only private key holders to produce ciphertexts and to create trapdoors for search, whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors. This article surveys the two main techniques of SE: SSE and PEKS. Different SE schemes are categorized and compared in terms of functionality, efficiency, and security. Moreover, we point out some valuable directions for future work on SE schemes.

Qingshui Xue,Chenglong Tan

DOI: https://doi.org/10.1109/iciibms60103.2023.10347872

2023-01-01

Abstract:As the demand for cloud storage continues to grow, both individual users and enterprises are storing their data on cloud servers. However, cloud storage providers' servers are often semi-trusted, leading to frequent occurrences of data leaks in recent years. Currently, searchable encryption is an effective solution to safeguard data stored in the cloud. However, traditional searchable encryption is not well-suited for large-scale data and multiple users in cloud storage, as it results in low retrieval efficiency and consumes substantial resources.To address these issues, this paper proposes a distributed cloud storage solution using dynamic searchable encryption. The data stored in the cluster is verified and partitioned using the consistent hashing algorithm, avoiding single point failures and data loss in the index. The scheme utilizes multi-gate distribution to achieve efficient and parallel keyword retrieval, ensuring secure data searches and implementing a distributed storage system that is efficient, scalable, and load-balanced in a distributed environment.This approach primarily focuses on striking a balance between security, retrieval efficiency, and query accuracy. It achieves secure data storage and retrieval while ensuring high performance and accuracy in a distributed setting.

Jiming Liu,Zhenfu Cao,Xiaolei Dong,Jiachen Shen

DOI: https://doi.org/10.1007/978-981-15-0758-8_2

2019-01-01

Abstract:Searchable encryption (SE) is a new cryptographic technique that allows data users searching for the files of their interests over huge amounts of encrypted files on the cloud. When it comes to multi-user setting, more issues should be addressed comparing to single-user setting, including key distribution, search privilege control and access control. In this paper, we propose DMU-ABSE, a dynamic multi-user ciphertext-policy attribute-based searchable encryption scheme with file deletion and user revocation. We manipulate an attribute-based encryption to achieve fine-grained search privilege control and hidden policy in multi-user setting while searching time of the proposed scheme is constant (O(1)). With the help of proxy re-encryption, we build one searchable index matrix by different owners in order to improve the searching efficiency. Furthermore, our scheme implements access control by embedding decryption keys into the index matrix. The proposed scheme is proved IND-CKA and IND-CPA semantically secure and experimental results shows that our scheme is efficient.

Kangle Wang,Xiaolei Dong,Jiachen Shen,Zhenfu Cao

DOI: https://doi.org/10.1145/3377170.3377251

2019-01-01

Abstract:With the booming Internet industry, users' demand for resources is also increasing. In order to meet the needs of users, cloud computing came into being. In today's era, cloud storage is already the most popular application in cloud computing, and users are increasingly inclined to store important and private information in the cloud. One of the most common methods is to encrypt the information before uploading it to the cloud, but searching the information it needs in the cloud server becomes an obstacle, and symmetric searchable encryption can help users achieve this. In this paper, we design a verifiable method based on an efficient symmetric searchable encryption scheme to verify the correctness of search results returned by the cloud server. Through safety analysis and performance evaluation tests, we demonstrate that our solutions are safe and effective.

Zhen Li,Minghao Zhao,Han Jiang,Qiuliang Xu

DOI: https://doi.org/10.1007/s12243-017-0571-x

2017-01-01

Abstract:Multi-user searchable encryption (MSE) enables authorized users to search over encrypted documents in the cloud. Generally, security problems in existing MSE schemes are solved as follows: (1) transmitting authority values and search tokens through secure channels to resist keyword guessing attack; (2) involving a trusted third party (TTP) to manage users and (3) relying on online users to distribute the decryption keys. However, these methods result in extra overhead and heavily restrict the scalability of the systems. In this paper, we propose a secure channel-free and TTP-free MSE scheme. It is secure against keyword guessing attack by introducing a designated server. And it achieves fine-grained access control to grant and revoke the privileges of users without TTP. More specifically, each document is encrypted with a unique and independent key, where the key distribution is integrated with user authorization and search procedures. We provide a concrete construction of the scheme and give formal proofs of its security in the random oracle model.

mingchu li,wei jia,cheng guo,lieran zhang

DOI: https://doi.org/10.2991/isci-15.2015.107

2015-01-01

Abstract:The insecurity of cloud storage is notorious, it is difficult to both maintain privacy of client's data while still providing the ability to retrieval useful information. In the area of searchable encryption, many previous works presented their constructions based on non-adaptive security definition raised by R.Curtmola. In this paper, we propose an efficient scheme that is secure against more sophisticated server based on adaptive security definition. Furthermore, we combine some components of currently open-source search engine with our scheme to complete a prototype and provide results from experiments on a large-scale dataset to prove the availability and efficiency of our scheme.

Dexin Li,Xingwen Zhao,Hui Li,Kai Fan

DOI: https://doi.org/10.1109/jiot.2024.3408812

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Considerable attention has been directed towards dynamic searchable symmetric encryption (DSSE) since it has the capability to both search and update the encrypted database. Nevertheless, the majority of DSSE schemes operate in single dimensions, and the server is assumed to be honest but curious. Consequently, there are two significant issues that must be addressed. One concerns how searchable operations can be implemented in a multi-dimensional space. Another is the construction of a search-result-verifiable DSSE scheme within a malicious server model. In response to the above-mentioned problems, we proposed a multi-dimensional verifiable DSSE scheme with volume-hiding. Our design leverages the combination of various query methods across different dimensions to enable a wide array of search modes. The state chain is used in the scheme to guarantee forward privacy, while backward privacy is ensured through the encryption of the index. Our scheme employs a bitmap index of the same length to represent multiple file addresses that match a keyword, ensuring size consistency in search results, also known as volume-hiding. Multiset hash function is used to construct the verifiable search result. The security of the scheme is analyzed using a simulation-based proof method based on leakage functions.