Haitang Lu,Jie Chen,Jianting Ning,Kai Zhang

DOI: https://doi.org/10.1093/comjnl/bxac084

2023-01-01

Abstract:Dynamic searchable symmetric encryption (DSSE) with forward and backward privacy makes it possible to perform search on the outsourced encrypted database efficiently while still allowing updates under acceptable leakage. Current forward and backward private DSSE (FB-DSSE) scheme proposed by Zuo et al. cannot support conjunctive keyword query and the cloud server needs to be honest-but-curious. Recent FB-DSSE scheme supporting conjunctive keyword query proposed by Patranabis et al. cannot verify search results. On the other hand, searchable symmetric encryption scheme proposed by Wang et al. that supports conjunctive keyword query and the verification of search results cannot achieve forward and backward privacy. The problem of constructing a verifiable conjunctive FB-DSSE scheme is still open. In this paper, we propose a verifiable conjunctive dynamic searchable symmetric encryption scheme (VCDSSE). VCDSSE is a FB-DSSE scheme that additionally supports the verification of search results and conjunctive keyword query. We revisit homomorphic MAC to enable efficient verification of search results, adopt the technique of oblivious cross-tags to achieve conjunctive keyword query and utilize state chain to ensure forward and backward privacy. The formal security analysis and performance evaluation demonstrate that VCDSSE is secure and practical as compared with Mitra scheme in terms of search time.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk

DOI: https://doi.org/10.1007/978-3-030-29962-0_14

2019-01-01

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) enables a client to perform updates and searches on encrypted data which makes it very useful in practice. To protect DSSE from the leakage of updates (leading to break query or data privacy), two new security notions, forward and backward privacy, have been proposed recently. Although extensive attention has been paid to forward privacy, this is not the case for backward privacy. Backward privacy, first formally introduced by Bost et al., is classified into three types from weak to strong, exactly Type-III to Type-I. To the best of our knowledge, however, no practical DSSE schemes without trusted hardware (e.g. SGX) have been proposed so far, in terms of the strong backward privacy and constant roundtrips between the client and the server.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk

DOI: https://doi.org/10.48550/arXiv.1905.08561

2019-05-21

Cryptography and Security

Abstract:Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward privacy and backward privacy have been proposed. Nevertheless, the existing forward/backward-private DSSE schemes can only support single keyword queries. To address this problem, in this paper, we propose two DSSE schemes supporting range queries. One is forward-private and supports a large number of documents. The other can achieve backward privacy, while it can only support a limited number of documents. Finally, we also give the security proofs of the proposed DSSE schemes in the random oracle model.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk,Lei Xu

DOI: https://doi.org/10.1109/tdsc.2020.2994377

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Due to its capabilities of searches and updates over the encrypted database, the dynamic searchable symmetric encryption (DSSE) has received considerable attention recently. To resist leakage abuse attacks, a secure DSSE scheme usually requires forward and backward privacy. However, the existing forward and backward private DSSE schemes either only support single keyword queries or require more interactions between the client and the server. In this article, we first give a new leakage function for range queries, which is more complicated than the one for single keyword queries. Furthermore, we propose a concrete forward and backward private DSSE scheme by using a refined binary tree data structure. Finally, the detailed security analysis and extensive experiments demonstrate that our proposal is secure and efficient, respectively.

Zhigang Yao,Chungen Xu,Lei Xu,Lin Mei

DOI: https://doi.org/10.1007/978-3-030-34637-9_23

2019-01-01

Abstract:Dynamic searchable symmetric encryption (DSSE) allows addition and deletion operation on an encrypted database. Recently, several attack works (such as IKK) show that existing SSE definition which leaks access pattern and search pattern cannot capture the adversary in the real world. These works underline the necessity for forward privacy. To achieve forward privacy, updating search token is considered as a simple yet efficient method. In this paper, we concentrate on scenario of updating a batch of files containing the same keyword and propose an efficient forward private searchable encryption (EFSE) scheme with a novel batch update. In this scenario, by batch update method, the search token corresponding to the keyword only needs to be updated once. Then for each file in the batch, we use updated search token combining number of this file in the batch to transform the pair (file, keyword) into encrypted index. In the scenario mentioned above, the number of updating search token operation in our EFSE is 1, while the one in existing forward private searchable encryption scheme based on updating search token is the size of batch. In addition, by integrating Cash’s OXT scheme, we extend our EFSE scheme to support conjunctive keywords query. Finally, we give the rigorous security analysis for our proposed two schemes and give performance evaluation for the basic one.

Shi-Feng Sun,Ron Steinfeld,Shangqi Lai,Xingliang Yuan,Amin Sakzad,Joseph K. Liu,Surya Nepal,Dawu Gu

DOI: https://doi.org/10.14722/ndss.2021.24162

2021-01-01

Abstract:In Dynamic Symmetric Searchable Encryption (DSSE), forward privacy ensures that previous search queries cannot be associated with future updates, while backward privacy guarantees that subsequent search queries cannot be associated with deleted documents in the past. In this work, we propose a generic forward and backward-private DSSE scheme, which is, to the best of our knowledge, the first practical and non-interactive Type-II backward-private DSSE scheme not relying on trusted execution environments. To this end, we first introduce a new cryptographic primitive, named Symmetric Revocable Encryption (SRE), and propose a modular construction from some succinct cryptographic primitives. Then we present our DSSE scheme based on the proposed SRE, and instantiate it with lightweight symmetric primitives. At last, we implement our scheme and compare it with the most efficient Type-II backward-private scheme to date (Demertzis et al., NDSS 2020). In a typical network environment, our result shows that the search in our scheme outperforms it by 2 - 11 x under the same security notion.

Ke Huang,Xiaolei Dong,Zhenfu Cao,Jiachen Shen

DOI: https://doi.org/10.1088/1757-899x/715/1/012062

2020-01-01

IOP Conference Series Materials Science and Engineering

Abstract:Dynamic searchable symmetric encryption (DSSE) is helpful to users with limited storage. In DSSE, the users are able to perform search and update queries on the ciphertext which stored on the cloud server. However, DSSE may suffer from file-injection attacks and leak information after deletion. In order to solve these problems, DSSE schemes with forward security and/or backward security have been proposed. In this paper, we propose two efficient DSSE schemes. The first one supports forward security using binary tree as the basic data structure. The second one uses puncturable encryption to achieve both forward and backward privacy.

Zhilong Luo,Shi-Feng Sun,Zhedong Wang,Dawu Gu

DOI: https://doi.org/10.1007/978-981-97-5025-2_15

2024-01-01

Abstract:Publicly Verifiable Symmetric Searchable Encryption (PV-SSE) enables a client to delegate verification process of search results to an auditor without revealing private information. However, most of existing PV-SSE schemes are only designed for static databases, and how to design dynamic PV-SSE (PV-DSSE) schemes with strong security and good efficiency remains an open problem. In this paper, we propose a new dynamic PV-SSE scheme, which is, to the best of our knowledge, the first non-interactive PV-DSSE with forward privacy and Type-II backward privacy. In particular, we achieve both strong backward privacy and public verifiability within one roundtrip, by leveraging a special cryptographic primitive called compressed symmetric revocable encryption (CSRE) and developing a novel verification method based on set hash functions. Moreover, we provide concrete implementation of our scheme, and conduct a comprehensive performance evaluation compared with the state-of-art. In a typical network environment, our result shows that the search process in our scheme is 5x to 7x faster than the state-of-art with 8x to 9x lower communication cost.

Chang Xu,Ruijuan Wang,Liehuang Zhu,Chuan Zhang,Rongxing Lu,Kashif Sharif

DOI: https://doi.org/10.48550/arXiv.2203.13662

2022-03-25

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) supports keyword search over outsourced symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a variant of SSE, further enables data updating. Most DSSE works with conjunctive keyword search primarily consider forward and backward privacy. Ideally, the server should only learn the result sets involving all keywords in the conjunction. However, existing schemes suffer from keyword pair result pattern (KPRP) leakage, revealing the partial result sets containing two of query keywords. We propose the first DSSE scheme to address aforementioned concerns that achieves strong privacy-preserving conjunctive keyword search. Specifically, our scheme can maintain forward and backward privacy and eliminate KPRP leakage, offering a higher level of security. The search complexity scales with the number of documents stored in the database in several existing schemes. However, the complexity of our scheme scales with the update frequency of the least frequent keyword in the conjunction, which is much smaller than the size of the entire database. Besides, we devise a least frequent keyword acquisition protocol to reduce frequent interactions between clients. Finally, we analyze the security of our scheme and evaluate its performance theoretically and experimentally. The results show that our scheme has strong privacy preservation and efficiency.

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk

DOI: https://doi.org/10.1007/978-3-319-98989-1_12

2018-01-01

Abstract:Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward security and backward security have been proposed. Nevertheless, the existing forward/backward-secure DSSE schemes can only support single keyword queries. To address this problem, in this paper, we propose two DSSE schemes supporting range queries. One is forward-secure and supports a large number of documents. The other can achieve both forward security and backward security, while it can only support a limited number of documents. Finally, we also give the security proofs of the proposed DSSE schemes in the random oracle model.

Hanqi Zhang,Chang Xu,Rongxing Lu,Liehuang Zhu,Chuan Zhang,Yunguo Guan

DOI: https://doi.org/10.1109/tsc.2023.3301712

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Considerable attention has been paid to dynamic searchable symmetric encryption (DSSE) which allows users to search on dynamically updated encrypted databases. To improve the performance of real-world applications, recent non-interactive multi-client DSSE schemes are targeted at avoiding per-query interaction between data owners and data users. However, existing non-interactive multi-client DSSE schemes do not consider forward privacy or backward privacy, making them exposed to leakage abuse attacks. Besides, most existing DSSE schemes with forward and backward privacy rely on keeping a keyword operation counter or an inverted index, resulting in a heavy storage burden on the data owner side. To address these issues, we propose a non-interactive multi-client DSSE scheme with small client storage, and our proposed scheme can provide both forward privacy and backward privacy. Specifically, we first design a lightweight storage chain structure that binds all keywords to a single state to reduce the storage cost. Then, we present a Hidden Key technique, which preserves non-interactive forward privacy through time range queries, ensuring that data with newer timestamps cannot match earlier time ranges. We conduct extensive experiments to validate our methods, which demonstrate computational efficiency. Moreover, security analysis proves the privacy-preserving property of our methods.

computer science, information systems, software engineering

Huijuan Qiu,Zhenhua Liu

DOI: https://doi.org/10.1007/978-981-99-9331-4_15

2024-01-01

Abstract:Dynamic searchable symmetric encryption (DSSE) enables search and modification on encrypted data. While considerable efforts have been dedicated to achieving forward and backward privacy in DSSE, the potential adverse consequences of key corruption or exposure have been overlooked. In this paper, we introduce the updatability into DSSE to resist the key exposure attacks, propose a new concept named updatable and dynamic searchable symmetric encryption (U&D-SSE), and establish L-adaptive security model tailored to the update environment. Then we construct a U&D-SSE scheme with token inference, where a ciphertext can be updated by a token and a key can be inferred in bi-direction. Furthermore, a U&D-SSE scheme with token-free inference is proposed to achieve no-directional key update through indistinguishable obfuscation. Finally, both schemes are proven to be secure in the L-adaptive security model, and ensuring the preservation of forward and backward privacy.

Chenbin Zhao,Ruiying Du,Kun He,Jing Chen,Jiguo Li,Ximeng Liu,Jianting Ning

DOI: https://doi.org/10.1109/jiot.2024.3470772

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In the realm of secure data outsourcing, Verifiable Dynamic Searchable Symmetric Encryption (VDSSE) enables a client to verify search results obtained from an untrusted server while protecting the data privacy. Nevertheless, the storage cost of verification structure in some schemes escalates linearly with the number of keywords, and the generation of proofs demands a substantial number of exponentiation operations. Moreover, some schemes overlook forward and backward security in the dynamic database. In this paper, we introduce FB-VDSSE, an advanced VDSSE scheme that ensures both forward and backward security. Specifically, we introduce an efficient Accumulation Commitment Verification Structure (AC-VS) that attains a commitment verification value with a constant-size storage cost. Based on the AC-VS, we further propose a forward and backward secure VDSSE scheme. Within this scheme, the server exclusively generates a membership proof at the corresponding index of the vector, reducing the computation cost associated with the search operation. Finally, we provide the security proof and functional comparison, demonstrating that our scheme effectively ensures forward security, backward security, and verifiability. Additionally, the experimental evaluations underscore the efficiency of our scheme, showcasing its superior performance compared to relevant schemes in practical scenarios.

Jiafan Wang,Sherman S. M. Chow

DOI: https://doi.org/10.2478/popets-2022-0003

2021-11-20

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Dynamic searchable symmetric encryption (DSSE) allows a client to query or update an outsourced encrypted database. Range queries are commonly needed. Previous range-searchable schemes either do not support updates natively (SIGMOD’16) or use file indexes of many long bit-vectors for distinct keywords, which only support toggling updates via homomorphically flipping the presence bit. (ESORICS’18). We propose a generic upgrade of any (inverted-index) DSSE to support range queries (a.k.a. range DSSE), without homomorphic encryption, and a specific instantiation with a new trade-off reducing client-side storage . Our schemes achieve forward security, an important property that mitigates file injection attacks. Moreover, we identify a variant of injection attacks against the first somewhat dynamic scheme (ESORICS’18). We also extend the definition of backward security to range DSSE and show that our schemes are compatible with a generic upgrade of backward security (CCS’17). We comprehensively analyze the computation and communication overheads, including implementation details of client-side index-related operations omitted by prior schemes. We show high empirical efficiency for million-scale databases over a million-scale keyword space.

English Else

Xiangyu Wang,Jianfeng Ma,Ximeng Liu,Yinbin Miao,Yang Liu,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2022.3205670

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Spatial keyword queries are attractive techniques that have been widely deployed in real-life applications in recent years, such as social networks and location-based services. However, existing solutions neither support dynamic update nor satisfy the privacy requirements in real applications. In this article, we investigate the problem of Dynamic Searchable Symmetric Encryption (DSSE) for spatial keyword queries. First, we formulate the definition of DSSE for spatial keyword queries (namely, $\mathsf {DSSE}_{\mathsf {SKQ}}$ ) and extend the DSSE leakage functions to capture the leakages in $\mathsf {DSSE}_{\mathsf {SKQ}}$ . Then, we present a practical $\mathsf {DSSE}_{\mathsf {SKQ}}$ construction based on geometric prefix encoding inverted-index and encrypted bitmap. Rigorous security analysis proves that our construction can achieve not only forward/backward privacy but content privacy as well, which can resist the most existing leakage-abuse attacks. Evaluation results using real-world datasets demonstrate the efficiency and feasibility of our construction. Comparative analysis reveals that our construction outperforms state-of-the-art schemes in terms of privacy and performance, e.g., our construction is $175\times$ faster than existing schemes with only 51% server storage cost.

Haochen Dou,Zhenwu Dan,Peng Xu,Wei Wang,Shuning Xu,Tianyang Chen,Hai Jin

DOI: https://doi.org/10.1109/tifs.2024.3350330

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) is a prospective technique in the field of cloud storage for secure search over encrypted data. A DSSE client can issue update queries to an honest-but-curious server for adding or deleting his ciphertexts to or from the server and delegate keyword search over those ciphertexts to the server. Numerous investigations focus on achieving strong security, like forward-and-Type-I−-backward security, to reduce the information leakage of DSSE to the server as much as possible. However, the existing DSSE with such strong security cannot keep search correctness and stable security (or robustness, in short) if irrational queries are issued by the client, like duplicate add or delete queries and the delete queries for removing non-existed entries, to the server unintentionally. Hence, this work proposes two new DSSE schemes, named and , respectively. Both two schemes achieve forward-and-Type-I−-backward security while keeping robustness when irrational queries are issued. In terms of performance, has more efficient communication costs and roundtrips than . In contrast, has a more efficient search performance than . Its search performance is close to the existing DSSE scheme with the same security but fails to achieve robustness.

computer science, theory & methods,engineering, electrical & electronic

Wang Qiao,Guo Yu,Huang Hejiao,Jia Xiaohua

DOI: https://doi.org/10.1007/978-3-030-02744-5_9

2018-01-01

Abstract:Searchable Symmetric Encryption (SSE) makes it possible to privacy-preserving search over encrypted data stored on an untrusted server. Dynamic SSE schemes add the ability for the user to support secure update of encrypted data records. However, recent attacks show that update information can be exploited to recover the underlying values of ciphertexts. To improve the security, the notion of forward security is proposed, which aims to thwart those attacks by adding new documents without revealing if they match previous search queries. Unfortunately, existing forward secure SSE schemes are mostly for single-user settings, and cannot be easily extended to multi-user settings. In this paper, we propose a multi-user forward secure dynamic SSE scheme with optimal search complexity. By introducing a semi-trusted proxy server who does not collude with the cloud server, we take a nice method to solve multi-user queries problem in most forward secure SSE schemes. With the help of proxy server who maintains keywords’ state information, our scheme achieves forward security. Our experimental results demonstrate the efficiency of the proposed scheme. © Springer Nature Switzerland AG 2018.

Mohammad Etemad,Alptekin Küpçü,Charalampos Papamanthou,David Evans

DOI: https://doi.org/10.48550/arXiv.1710.00208

2017-09-30

Abstract:Searchable symmetric encryption (SSE) enables a client to perform searches over its outsourced encrypted files while preserving privacy of the files and queries. Dynamic schemes, where files can be added or removed, leak more information than static schemes. For dynamic schemes, forward privacy requires that a newly added file cannot be linked to previous searches. We present a new dynamic SSE scheme that achieves forward privacy by replacing the keys revealed to the server on each search. Our scheme is efficient and parallelizable and outperforms the best previous schemes providing forward privacy, and achieves competitive performance with dynamic schemes without forward privacy. We provide a full security proof in the random oracle model. In our experiments on the Wikipedia archive of about four million pages, the server takes one second to perform a search with 100,000 results.

Cryptography and Security

Zhongjun Zhang,Jianfeng Wang,Yunling Wang,Yaping Su,Xiaofeng Chen

DOI: https://doi.org/10.1007/978-3-030-29962-0_15

2019-01-01

Abstract:Searchable Symmetric Encryption (SSE) allows a server to perform search directly over encrypted data outsourced by user. Recently, the primitive of forward secure SSE has attracted significant attention due to its favorable property for dynamic data searching. That is, it can prevent the linkability from newly update data to previously searched keyword. However, the server is assumed to be honest-but-curious in the existing work. How to achieve verifiable forward secure SSE in malicious server model remains a challenging problem. In this paper, we propose an efficient verifiable forward secure SSE scheme, which can simultaneously achieve verifiability of search result and forward security property. In particular, we propose a new verifiable data structure based on the primitive of multiset hash functions, which enables efficient verifiable data update by incrementally hash operation. Compared with the state-of-the-art solution, our proposed scheme is superior in search and update efficiency while providing verifiability of search result. Finally, we present a formal security analysis and implement our scheme, which demonstrates that our proposed scheme is equipped with the desired security properties with practical efficiency.

Jing Chen,Zhenfu Cao,Jiachen Shen,Xiaolei Dong,Xingkai Wang

DOI: https://doi.org/10.1145/3377644.3377666

2020-01-01

Abstract:Users with limited computing and storage capabilities can access large amounts of data easily by uploading the database to cloud server. But this leads to security issues. Dynamic searchable encryption scheme is a solution, providing not only data privacy for users, but also the ability of searching for keywords on the ciphertext and inserting or deleting documents. However, most of the existing efficient dynamic searchable encryption schemes do not satisfy forward security, considering file-injection attack. In this paper, we design and implement a new forward secure dynamic symmetric searchable encryption (DSSE) scheme. We also use a new index structure inspired by linked list to achieve forward security instead of using ORAM. Our storage overhead is greatly reduced compared to previous works, without losing efficiency. Finally, we implement, evaluate and analyze our scheme.