Panyu Wu,Zhenfu Cao,Jiachen Shen,Xiaolei Dong,Yihao Yang,Jun Zhou,Liming Fang,Zhe Liu,Chunpeng Ge,Chunhua Su

DOI: https://doi.org/10.1109/pst58708.2023.10320157

2023-01-01

Abstract:Since data outsourcing poses privacy concerns with data leakage, searchable symmetric encryption (SSE) has emerged as a powerful solution that enables clients to perform query operations on encrypted data while preserving their privacy. Dynamic SSE schemes have been proposed to handle update operations. However, it is shown that updates might increase the risk of information leakage. Meanwhile, to meet the requirement of real-world applications, it is desirable to have the searchable encryption scheme which supports both multiple clients and multi-keyword queries. To address these issues, this paper proposes MMDSSE, a multi-client forward secure dynamic SSE scheme that supports multi-keyword queries. MMDSSE allows the clients narrow down the results by providing an arbitrary subset of the entire archive, and thus suitable for cloud storage environment. Security analysis and experimental evaluations show that MMDSSE is secure and efficient.

Cheng Guo,Wenfeng Li,Xinyu Tang,Kim-Kwang Raymond Choo,Yining Liu

DOI: https://doi.org/10.1109/tdsc.2023.3262060

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Dynamic searchable symmetric encryption (DSSE) allows efficient searches over encrypted databases and also supports clients in their updating of the data, such as those stored in a remote cloud server. However, recent attacks suggest the risk of leakage during such updates, which consequently impacts on the privacy of the queries. In addition, existing DSSE schemes that support forward privacy generally rely on the honest-but-curious server and support only single-keyword retrieval, which limits the application scenarios. In this paper, we present the design of a verifiable DSSE protocol, which supports efficient conjunctive query with forward privacy. In our scheme, the forward index is constructed by a novel form, i.e., $ t$t-puncturable PRFs, and the authentication tag is designed by symmetric cryptography. During conjunctive queries, we narrow the scope by an inverted index, and then we determine the results of the final query through the forward index. Meanwhile, we can use verification tag to check the correctness and completeness of the result. In addition, we present an extension to support backward privacy, and our experimental evaluations show that our proposed approach achieves better performance on both conjunctive queries and updates than other competing solutions and ensures efficient verification.

Haochen Dou,Zhenwu Dan,Peng Xu,Wei Wang,Shuning Xu,Tianyang Chen,Hai Jin

DOI: https://doi.org/10.1109/tifs.2024.3350330

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) is a prospective technique in the field of cloud storage for secure search over encrypted data. A DSSE client can issue update queries to an honest-but-curious server for adding or deleting his ciphertexts to or from the server and delegate keyword search over those ciphertexts to the server. Numerous investigations focus on achieving strong security, like forward-and-Type-I−-backward security, to reduce the information leakage of DSSE to the server as much as possible. However, the existing DSSE with such strong security cannot keep search correctness and stable security (or robustness, in short) if irrational queries are issued by the client, like duplicate add or delete queries and the delete queries for removing non-existed entries, to the server unintentionally. Hence, this work proposes two new DSSE schemes, named and , respectively. Both two schemes achieve forward-and-Type-I−-backward security while keeping robustness when irrational queries are issued. In terms of performance, has more efficient communication costs and roundtrips than . In contrast, has a more efficient search performance than . Its search performance is close to the existing DSSE scheme with the same security but fails to achieve robustness.

computer science, theory & methods,engineering, electrical & electronic

Ke Huang,Xiaolei Dong,Zhenfu Cao,Jiachen Shen

DOI: https://doi.org/10.1088/1757-899x/715/1/012062

2020-01-01

IOP Conference Series Materials Science and Engineering

Abstract:Dynamic searchable symmetric encryption (DSSE) is helpful to users with limited storage. In DSSE, the users are able to perform search and update queries on the ciphertext which stored on the cloud server. However, DSSE may suffer from file-injection attacks and leak information after deletion. In order to solve these problems, DSSE schemes with forward security and/or backward security have been proposed. In this paper, we propose two efficient DSSE schemes. The first one supports forward security using binary tree as the basic data structure. The second one uses puncturable encryption to achieve both forward and backward privacy.

Haitang Lu,Jie Chen,Jianting Ning,Kai Zhang

DOI: https://doi.org/10.1093/comjnl/bxac084

2023-01-01

Abstract:Dynamic searchable symmetric encryption (DSSE) with forward and backward privacy makes it possible to perform search on the outsourced encrypted database efficiently while still allowing updates under acceptable leakage. Current forward and backward private DSSE (FB-DSSE) scheme proposed by Zuo et al. cannot support conjunctive keyword query and the cloud server needs to be honest-but-curious. Recent FB-DSSE scheme supporting conjunctive keyword query proposed by Patranabis et al. cannot verify search results. On the other hand, searchable symmetric encryption scheme proposed by Wang et al. that supports conjunctive keyword query and the verification of search results cannot achieve forward and backward privacy. The problem of constructing a verifiable conjunctive FB-DSSE scheme is still open. In this paper, we propose a verifiable conjunctive dynamic searchable symmetric encryption scheme (VCDSSE). VCDSSE is a FB-DSSE scheme that additionally supports the verification of search results and conjunctive keyword query. We revisit homomorphic MAC to enable efficient verification of search results, adopt the technique of oblivious cross-tags to achieve conjunctive keyword query and utilize state chain to ensure forward and backward privacy. The formal security analysis and performance evaluation demonstrate that VCDSSE is secure and practical as compared with Mitra scheme in terms of search time.

Dexin Li,Xingwen Zhao,Hui Li,Kai Fan

DOI: https://doi.org/10.1109/jiot.2024.3408812

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Considerable attention has been directed towards dynamic searchable symmetric encryption (DSSE) since it has the capability to both search and update the encrypted database. Nevertheless, the majority of DSSE schemes operate in single dimensions, and the server is assumed to be honest but curious. Consequently, there are two significant issues that must be addressed. One concerns how searchable operations can be implemented in a multi-dimensional space. Another is the construction of a search-result-verifiable DSSE scheme within a malicious server model. In response to the above-mentioned problems, we proposed a multi-dimensional verifiable DSSE scheme with volume-hiding. Our design leverages the combination of various query methods across different dimensions to enable a wide array of search modes. The state chain is used in the scheme to guarantee forward privacy, while backward privacy is ensured through the encryption of the index. Our scheme employs a bitmap index of the same length to represent multiple file addresses that match a keyword, ensuring size consistency in search results, also known as volume-hiding. Multiset hash function is used to construct the verifiable search result. The security of the scheme is analyzed using a simulation-based proof method based on leakage functions.

Fanghan Ye,Xiaolei Dong,Jiachen Shen,Zhenfu Cao,Wenhua Zhao

DOI: https://doi.org/10.1109/ICPADS47876.2019.00131

2019-01-01

Abstract:Searchable encryption is a cryptographic primitive that allows users to search for keywords on encrypted data. It allows users to search in archives stored on cloud servers. Among searchable encryption schemes, those supporting multi-user settings are more suitable for daily application scenarios and more practical. However, since the cloud server is semi-trusted, the result set returned by the server is undefined, and most existing multi-user searchable encryption schemes rely heavily on trusted third parties to manage user permission. To address these problems, verifiable multi-user searchable encryption schemes with dynamic management of user search permissions, weak trust on trusted third parties and are desirable. In this paper, we propose such a scheme. Our scheme manages user permission and key distribution without a trusted third party. User search permission and user access permission matrices are generated separately to manage user permissions dynamically. In addition, our scheme can verify the result set returned by the cloud server. We also show that our scheme is index and trapdoor indistinguishable under chosen keyword attacks in the random oracle model. Finally, a detailed comparison experiment is made by using the actual document data set, and the results show that our scheme is efficient and practical.

Peng Xu,Shuai Liang,Wei Wang,Willy Susilo,Qianhong Wu,Hai Jin

DOI: https://doi.org/10.1007/978-3-319-60055-0_11

2017-01-01

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) allows a client not only to search over ciphertexts as the traditional searchable symmetric encryption does, but also to update these ciphertexts according to requirements, e.g., adding or deleting some ciphertexts. It has been recognized as a fundamental and promising method to build secure cloud storage. In this paper, we propose a new DSSE scheme to overcome the drawbacks of previous schemes. The biggest challenge is to realize the physical deletion of ciphertexts with small leakage. We employ both logical and physical deletions, and run physical deletion in due course to avoid extra information leakage. Our instantiation achieves noticeable improvements throughout all following aspects: search performance, storage cost, functionality, and information leakage when operating its functions. We also demonstrate its provable security under adaptive attacks and practical performance according to experimental results.

Panyu Wu,Jiachen Shen,Zhenfu Cao,Xiaolei Dong

DOI: https://doi.org/10.1007/s11704-024-3390-z

IF: 2.6688

2024-01-01

Frontiers of Computer Science

Abstract:Data outsourcing has become an industry trend with the popularity of cloud computing. How to search data securely and efficiently has received unprecedented attention. Dynamic Searchable Symmetric Encryption (DSSE) is an effective method to solve this problem, which supports file updates and keyword-based searches over encrypted data. Unfortunately, most existing DSSE schemes have privacy leakages during the addition and deletion phases, thus proposing the concepts of forward and backward privacy. At present, some secure DSSE schemes with forward and backward privacy have been proposed, but most of these DSSE schemes only achieve single-keyword query in the single-client setting, which seriously limits the application in practice. To solve this problem, we propose a multi-client and multi-keyword searchable symmetric encryption scheme with forward and backward privacy (MMKFB). Our scheme focuses on the multi-keyword threshold queries in the multi-client setting, which is a new pattern of multi-keyword search realized with the help of additive homomorphism. And performance analysis and experiments demonstrate that our scheme is more practical for use in small and medium size databases. Especially when a large number of files are updated at once, our scheme has advantages over some existing DSSE schemes in terms of computational efficiency and client storage overhead.

Xueqiao Liu,Guomin Yang,Yi Mu,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2018.2876831

2020-11-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In a cloud data storage system, symmetric key encryption is usually used to encrypt files due to its high efficiency. In order allow the untrusted/semi-trusted cloud storage server to perform searching over encrypted data while maintaining data confidentiality, searchable symmetric encryption (SSE) has been proposed. In a typical SSE scheme, a users stores encrypted files on a cloud storage server and later can retrieve the encrypted files containing specific keywords. The basic security requirement of SSE is that the cloud server learns no information about the files or the keywords during the searching process. Some SSE schemes also offer additional functionalities such as detecting cheating behavior of a malicious server (i.e., verifiability) and allowing update (e.g., modifying, deleting and adding) of documents on the server. However, the previous (verifiable) SSE schemes were designed for single users, which means the searching can only be done by the data owner, whereas in reality people often use cloud storage to share files with other users. In this paper we present a multi-user verifiable searchable symmetric encryption (MVSSE) scheme that achieves all the desirable features of a verifiable SSE and allows multiple users to perform searching. We then define an ideal functionality for MVSSE under the Universally Composable (UC-) security framework and prove that our ideal functionality implies the security requirements of a secure MVSSE, and our multi-user verifiable SSE scheme is UC-secure. We also implement our scheme to verify its high performance based on some real dataset.

computer science, information systems, software engineering, hardware & architecture

Cong Zuo,Shi-Feng Sun,Joseph K. Liu,Jun Shao,Josef Pieprzyk

DOI: https://doi.org/10.1007/978-3-030-29962-0_14

2019-01-01

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) enables a client to perform updates and searches on encrypted data which makes it very useful in practice. To protect DSSE from the leakage of updates (leading to break query or data privacy), two new security notions, forward and backward privacy, have been proposed recently. Although extensive attention has been paid to forward privacy, this is not the case for backward privacy. Backward privacy, first formally introduced by Bost et al., is classified into three types from weak to strong, exactly Type-III to Type-I. To the best of our knowledge, however, no practical DSSE schemes without trusted hardware (e.g. SGX) have been proposed so far, in terms of the strong backward privacy and constant roundtrips between the client and the server.

Hanqi Zhang,Chang Xu,Rongxing Lu,Liehuang Zhu,Chuan Zhang,Yunguo Guan

DOI: https://doi.org/10.1109/tsc.2023.3301712

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Considerable attention has been paid to dynamic searchable symmetric encryption (DSSE) which allows users to search on dynamically updated encrypted databases. To improve the performance of real-world applications, recent non-interactive multi-client DSSE schemes are targeted at avoiding per-query interaction between data owners and data users. However, existing non-interactive multi-client DSSE schemes do not consider forward privacy or backward privacy, making them exposed to leakage abuse attacks. Besides, most existing DSSE schemes with forward and backward privacy rely on keeping a keyword operation counter or an inverted index, resulting in a heavy storage burden on the data owner side. To address these issues, we propose a non-interactive multi-client DSSE scheme with small client storage, and our proposed scheme can provide both forward privacy and backward privacy. Specifically, we first design a lightweight storage chain structure that binds all keywords to a single state to reduce the storage cost. Then, we present a Hidden Key technique, which preserves non-interactive forward privacy through time range queries, ensuring that data with newer timestamps cannot match earlier time ranges. We conduct extensive experiments to validate our methods, which demonstrate computational efficiency. Moreover, security analysis proves the privacy-preserving property of our methods.

computer science, information systems, software engineering

Jianwei Li,Xiaoming Wang,Qingqing Gan,Fengling Wang

DOI: https://doi.org/10.1016/j.comcom.2022.04.026

IF: 5.047

2022-04-01

Computer Communications

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) allows users to outsource data with ciphertext format to untrusted servers and supports the operations of data adding and deleting, which is adopted in common usage by government and business. Recently, the primitive of Forward Privacy in DSSE has drawn great public interest owing to its beneficial feature, which is that it can guard against the newly uploaded files from linking to previous search tokens. However, most of existing Forward Private Searchable Encryption (FPSE) schemes focus on single-user environment, which means that only the users themselves can utilize the data, greatly limits the wide application in cloud computing. To our knowledge, it is difficult to migrate the FPSE schemes to multi-user network. First, to realize forward privacy, the data owner should share the entire key group to the legitimate users, which means the users have the privilege of tampering or deleting data rather than query only; secondly, some FPSE schemes use the special structures and can not be directly developed to multi-user network. Inspired by this, we present a scheme of multi-user forward private searchable encryption with dynamic authorization. The proposed scheme is based on a new structure of Multi-user State Chain and involves dynamic keyword-oriented authorization management. We prove our scheme can meet the secure characteristics, then conduct the performance evaluation and experiments. The results demonstrate that compared with the existing solutions, our scheme is superior in efficiency and practicability.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiming Liu,Zhenfu Cao,Xiaolei Dong,Jiachen Shen

DOI: https://doi.org/10.1007/978-981-15-0758-8_2

2019-01-01

Abstract:Searchable encryption (SE) is a new cryptographic technique that allows data users searching for the files of their interests over huge amounts of encrypted files on the cloud. When it comes to multi-user setting, more issues should be addressed comparing to single-user setting, including key distribution, search privilege control and access control. In this paper, we propose DMU-ABSE, a dynamic multi-user ciphertext-policy attribute-based searchable encryption scheme with file deletion and user revocation. We manipulate an attribute-based encryption to achieve fine-grained search privilege control and hidden policy in multi-user setting while searching time of the proposed scheme is constant (O(1)). With the help of proxy re-encryption, we build one searchable index matrix by different owners in order to improve the searching efficiency. Furthermore, our scheme implements access control by embedding decryption keys into the index matrix. The proposed scheme is proved IND-CKA and IND-CPA semantically secure and experimental results shows that our scheme is efficient.

Jing Chen,Zhenfu Cao,Jiachen Shen,Xiaolei Dong,Xingkai Wang

DOI: https://doi.org/10.1145/3377644.3377666

2020-01-01

Abstract:Users with limited computing and storage capabilities can access large amounts of data easily by uploading the database to cloud server. But this leads to security issues. Dynamic searchable encryption scheme is a solution, providing not only data privacy for users, but also the ability of searching for keywords on the ciphertext and inserting or deleting documents. However, most of the existing efficient dynamic searchable encryption schemes do not satisfy forward security, considering file-injection attack. In this paper, we design and implement a new forward secure dynamic symmetric searchable encryption (DSSE) scheme. We also use a new index structure inspired by linked list to achieve forward security instead of using ORAM. Our storage overhead is greatly reduced compared to previous works, without losing efficiency. Finally, we implement, evaluate and analyze our scheme.

Chen Guo,Xingbing Fu,Yaojun Mao,Guohua Wu,Fagen Li,Ting Wu

DOI: https://doi.org/10.3390/info9100242

2018-01-01

Information

Abstract:With the advent of cloud computing, more and more users begin to outsource encrypted files to cloud servers to provide convenient access and obtain security guarantees. Searchable encryption (SE) allows a user to search the encrypted files without leaking information related to the contents of the files. Searchable symmetric encryption (SSE) is an important branch of SE. Most of the existing SSE schemes considered single-user settings, which cannot meet the requirements for data sharing. In this work, we propose a multi-user searchable symmetric encryption scheme with dynamic updates. This scheme is applicable to the usage scenario where one data owner encrypts sensitive files and shares them among multiple users, and it allows secure and efficient searches/updates. We use key distribution and re-encryption to achieve multi-user access while avoiding a series of issues caused by key sharing. Our scheme is constructed based on the index structure where a bit matrix is combined with two static hash tables, pseudorandom functions and hash functions. Our scheme is proven secure in the random oracle model.

Javad Ghareh Chamani,Yun Wang,Dimitrios Papadopoulos,Mingyang Zhang,Rasool Jalili,Javad Gharehchamani

DOI: https://doi.org/10.1109/tdsc.2021.3127546

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:We study the problem of multi-user dynamic searchable symmetric encryption (DMUSSE) where a data owner stores its encrypted documents on an untrusted remote server and wishes to selectively allow multiple users to access them by issuing keyword search queries. Specifically, we consider the case where some of the users may be corrupted and colluding with the server to extract additional information about the dataset (beyond what they have access to). We provide the first formal security definition for the dynamic setting as well as forward and backward privacy definitions. We then propose $\mu$μSE, the first provably secure DMUSSE scheme and instantiate it in two versions, one based on oblivious data structures and one based on update queues, with different performance trade-offs. Furthermore, we extend $\mu$μSE to support verifiability of results. To achieve this, users need a secure digest initially computed by the data owner and changed after every update. We efficiently accommodate this, without relying on a trusted third party, by adopting a blockchain-based approach for the digests’ dissemination and deploy our schemes over the permissioned Hyperledger Fabric blockchain. We prototype both versions and experimentally evaluate their practical performance, both as stand-alone systems and running on top of Hyperledger Fabric.

computer science, information systems, software engineering, hardware & architecture

Kun He,Jing Chen,Qinxi Zhou,Ruiying Du,Yang Xiang

DOI: https://doi.org/10.1109/tifs.2020.3033412

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) enables users to search on the encrypted database stored on a semi-trusted server while keeping the search and update information under acceptable leakage. However, most existing DSSE schemes are not efficient enough in practice due to the complex structures and cryptographic primitives. Moreover, the storage cost on the client side grows linearly with the number of keywords in the database, which induces unaffordable storage cost when the size of keyword set is large. In this article, we focus on secure dynamic searchable symmetric encryption with constant client storage cost. Our framework is boosted by fish-bone chain, a novel two-level structure which consists of Logical Keyword Index Chain (LoKIC) and Document Index Chain (DIC). To instantiate the proposed framework, we propose a forward secure DSSE scheme, called CLOSE-F, and a forward and backward secure DSSE scheme, called CLOSE-FB. Experiments showed that the computation cost of CLOSE-F and CLOSE-FB are as efficient as the state-of-the-art solutions, while the storage costs on the client side are constant in both CLOSE-F and CLOSE-FB, which are much smaller than existing schemes.

computer science, theory & methods,engineering, electrical & electronic

Chang Xu,Lan Yu,Liehuang Zhu,Can Zhang

DOI: https://doi.org/10.1007/978-3-030-86137-7_18

2021-01-01

Abstract:With big data and cloud computing development, data owners begin to outsource their large-volume data to remote servers to reduce local storage costs. Researchers have currently proposed some Dynamic Searchable Symmetric Encryption (DSSE) schemes that support efficient keyword searches on encrypted data with dynamic update operations. Unfortunately, most of them are constructed based on a single server architecture, which means that they cannot be used directly when multiple servers participate in the search process. Some schemes assume that the server is honest-but-curious, which cannot be guaranteed, especially in the multi-server scenario. This paper proposes a Blockchain-based Verifiable DSSE scheme with forwarding security in Multi-server environments. In the scheme, the data owner encrypts the partitioned files and randomly stores them in different servers from which a single server cannot recover any complete file. The use of blockchain and smart contracts to achieve reliable and verifiable search can detect malicious servers' improper behaviors. Experimental evaluation show that the scheme achieves verifiable search, forward privacy with less leakage, and high search efficiency.

Zhilong Luo,Shi-Feng Sun,Zhedong Wang,Dawu Gu

DOI: https://doi.org/10.1007/978-981-97-5025-2_15

2024-01-01

Abstract:Publicly Verifiable Symmetric Searchable Encryption (PV-SSE) enables a client to delegate verification process of search results to an auditor without revealing private information. However, most of existing PV-SSE schemes are only designed for static databases, and how to design dynamic PV-SSE (PV-DSSE) schemes with strong security and good efficiency remains an open problem. In this paper, we propose a new dynamic PV-SSE scheme, which is, to the best of our knowledge, the first non-interactive PV-DSSE with forward privacy and Type-II backward privacy. In particular, we achieve both strong backward privacy and public verifiability within one roundtrip, by leveraging a special cryptographic primitive called compressed symmetric revocable encryption (CSRE) and developing a novel verification method based on set hash functions. Moreover, we provide concrete implementation of our scheme, and conduct a comprehensive performance evaluation compared with the state-of-art. In a typical network environment, our result shows that the search process in our scheme is 5x to 7x faster than the state-of-art with 8x to 9x lower communication cost.