Visible to the public Searchable Encryption 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Searchable Encryption 2015


Searchable encryption allows one to store encrypted data externally, but still allow for easy data searches that do not require the search to download everything before decrypting and to allow others to search data without having access to plaintext.  As an application, it is becoming increasingly important in the Cloud environment.  For the Science of Security community, it is an area of research related to cryptography, resilience, and composability. Research cited here was presented in 2015.

Mingchu Li; Wei Jia; Cheng Guo; Weifeng Sun; Xing Tan, "LPSSE: Lightweight Phrase Search with Symmetric Searchable Encryption in Cloud Storage," in Information Technology - New Generations (ITNG), 2015 12th International Conference on, pp. 174-178, 13-15 April 2015. doi: 10.1109/ITNG.2015.33

Abstract: Security of cloud storage has drawn more and more concerns. In the searchable encryption, many previous solutions can let people retrieve the documents containing single keyword or conjunctive keywords by storing encrypted documents with data indexes. However, searching documents with a phrase or consecutive keywords is still a remained open problem. In this paper, using the relative positions, we propose an efficient scheme LPSSE with symmetric searchable encryption that can support encrypted phrase searches in cloud storage. Our scheme is based on non-adaptive security definition by R. Curtmola and with lower costs of transmission and storage than existing systems. Furthermore, we combine some components of currently efficient search engines and our functions to complete a prototype. The experiment results also show that our scheme LPSSE is available and efficient.

Keywords: cloud computing; cryptography; storage management; LPSSE scheme; cloud storage security; data indexes; document retrieval; encrypted document storage; lightweight phrase search with symmetric searchable encryption; nonadaptive security; search engines; Arrays; Cloud computing; Encryption; Indexes; Servers; Cloud storage; Lightweight searchable encryption scheme; Phrase search; Searchable encryption; Symmetry (ID#: 16-9131)



Jun Yang; Chuan Fu; Nan Shen; Zheli Liu; Chunfu Jia; Jin Li, "General Multi-key Searchable Encryption," in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, pp. 89-95, 24-27 March 2015. doi: 10.1109/WAINA.2015.18

Abstract: We analysis outsourced server with multi-users and classify the data sharing into two main types. We focus on the data sharing between users in Searchable Encryption and the corresponding security goal. Then we present a general scheme for Searchable Encryption in which the cipher text can be generated from parameter by authorized users. With the concept of homomorphism and one-way function, we construct a general model to illustrate and fulfill the goals involved. We also promote such a model to a general Multi-Key Searchable Encryption which enables only a single submission for the retrievals in the documents encrypted by different keys. We also give two concrete examples to illustrate the feasibility and security in such a general model.

Keywords: cryptography; file servers; information retrieval; outsourcing; security of data; authorized users; ciphertext; data sharing classification; document encryption; multikey searchable encryption; one-way function; outsourced server analysis; Access control; Concrete; Data models; Encryption; Servers; Homomorphism; Multi-key; Searchable Encryption (ID#: 16-9132)



Emura, K.; Le Trieu Phong; Watanabe, Y., "Keyword Revocable Searchable Encryption with Trapdoor Exposure Resistance and Re-generateability," in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 167-174, 20-22 Aug. 2015. doi: 10.1109/Trustcom.2015.371

Abstract: In searchable encryption in the public key setting, a trapdoor is uploaded to a server, and the server runs the test algorithm by using the trapdoor. However, if trapdoors stored in the server will be exposed due to unexpected situations, then anyone can run the test algorithm. Therefore, the trapdoor revocation functionality is desirable in practice. Moreover, even certain keyword revocation functionality is supported, the impact of trapdoor exposure should be minimized. In addition to this, it seems difficult to assume that revoked keywords will never be used. Therefore, we need to consider the case where a new trapdoor can be generated even a trapdoor has been revoked before. In this paper, we give a formal definition of keyword revocable public key encryption with keyword search (KR-PEKS), and propose a generic construction of KR-PEKS from revocable identity-based encryption with a certain anonymity. Our construction is not only a generalization of revocable keyword search proposed by with Yu, Ni, Yang, Mu, and Susilo (Security and Communication Networks 2014), but also supports trapdoor exposure resistance which guarantees that an exposure of a trapdoor does not infect of other trapdoors, and trapdoor re-generateability which guarantee that a new trapdoor can be generated even a keyword has been revoked before.

Keywords: public key cryptography; KR-PEKS; generic construction; keyword revocable public key encryption-with-keyword search; keyword revocable searchable encryption; regenerateability; revocable identity-based encryption; trapdoor exposure resistance; keyword revocation; revocable identity-based encryption; searchable encryption (ID#: 16-9133)



Bing Wang; Wei Song; Wenjing Lou; Hou, Y.T., "Inverted Index Based Multi-Keyword Public-Key Searchable Encryption with Strong Privacy Guarantee," in Computer Communications (INFOCOM), 2015 IEEE Conference on, pp. 2092-2100, April 26 2015-May 1 2015. doi: 10.1109/INFOCOM.2015.7218594

Abstract: With the growing awareness of data privacy, more and more cloud users choose to encrypt their sensitive data before outsourcing them to the cloud. Search over encrypted data is therefore a critical function facilitating efficient cloud data access given the high data volume that each user has to handle nowadays. Inverted index is one of the most efficient searchable index structures and has been widely adopted in plaintext search. However, securing an inverted index and its associated search schemes is not a trivial task. A major challenge exposed from the existing efforts is the difficulty to protect user's query privacy. The challenge roots on two facts: 1) the existing solutions use a deterministic trapdoor generation function for queries; and 2) once a keyword is searched, the encrypted inverted list for this keyword is revealed to the cloud server. We denote this second property in the existing solutions as one-time-only search limitation. Additionally, conjunctive multi-keyword search, which is the most common form of query nowadays, is not supported in those works. In this paper, we propose a public-key searchable encryption scheme based on the inverted index. Our scheme preserves the high search efficiency inherited from the inverted index while lifting the one-time-only search limitation of the previous solutions. Our scheme features a probabilistic trapdoor generation algorithm and protects the search pattern. In addition, our scheme supports conjunctive multi-keyword search. Compared with the existing public key based schemes that heavily rely on expensive pairing operations, our scheme is more efficient by using only multiplications and exponentiations. To meet stronger security requirements, we strengthen our scheme with an efficient oblivious transfer protocol that hides the access pattern from the cloud. The simulation results demonstrate that our scheme is suitable for practical usage with moderate overhead.

Keywords: cloud computing; data privacy; public key cryptography; cloud computing; cloud data access; cloud server; cloud users; conjunctive multikeyword search; data privacy; data volume; inverted index; multikeyword public key searchable encryption; plaintext search; probabilistic trapdoor generation algorithm; public key searchable encryption scheme; search pattern; searchable index structures; sensitive data; trapdoor generation function; user query privacy; Encryption; Indexes; Polynomials; Privacy; Public key; Servers (ID#: 16-9134)



Syh-Yuan Tan; Ji-Jian Chin; Geong-Sen Poh; Kam, Y.H.S.; Wei-Chuen Yau, "A Client-Server Prototype of a Symmetric Key Searchable Encryption Scheme Using Open-Source Applications," in IT Convergence and Security (ICITCS), 2015 5th International Conference on, pp. 1-5, 24-27 Aug. 2015. doi: 10.1109/ICITCS.2015.7292892

Abstract: Searchable encryption is a cryptographic primitive that allows a user to confidentially store items on an outside server and grants the user the capability to search for any particular item that is stored without the server or any third party observers learning anything with regards to the item that is being searched for. In 2006, Curtmola et al. strengthened the security notions for symmetric-key searchable encyrption (SSE) and proposed two secure constructions that utilize only a conventional symmetric-key encryption scheme such as Advanced Encryption Standard (AES). In this work, we show a client-server prototype implementation of the adaptive-secure scheme by Curtmola et al. utilizing only open source software on both client and server side. We show that our implementation runs in reasonable time and provides confidential search functions as defined by SSE schemes.

Keywords: client-server systems; cryptography; data privacy; public domain software; AES; Advanced Encryption Standard; adaptive-secure scheme; client-server prototype; confidential item storage; confidential search function; cryptography; open source software; open-source applications; security; symmetric key searchable encryption scheme; Encryption; Indexes; Prototypes; Servers (ID#: 16-9135)



Wenjun Luo; Yaqiong Chen; Yousheng Zhou, "Dynamic Searchable Encryption with Multi-user Private Search for Cloud Computing," in Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, pp. 176-182, 26-28 Oct. 2015. doi: 10.1109/CIT/IUCC/DASC/PICOM.2015.359

Abstract: Dynamic searchable encryption enables data owner to store a dynamic collection of encrypted files to the cloud server and generate search tokens of queries over the cloud server. Upon receiving a token, the server can perform the search on the encrypted data while preserving privacy. Unlike many previous works that focused on a single-user scheme, we present a dynamic searchable encryption scheme with multi-user private search for cloud computing. We consider the use scenario of cloud storage services where an organization outsources its data to the cloud and authorizes a group of users to access the data. Our scheme is dependent on a red-black data structure which is highly parallelizable and dynamic, and its security is proven in the random oracle model.

Keywords: cloud computing; cryptography; data privacy; data structures; cloud computing; cloud server; cloud storage services; data owner; dynamic searchable encryption scheme; encrypted files; multiuser private search; privacy preservation; random oracle model; red-black data structure; search tokens; Cloud computing; Encryption; Indexes; Privacy; Servers; Secure cloud storage; privacy; multi-user setting  (ID#: 16-9136)



Koschuch, M.; Hombauer, M.; Schefer-Wenzl, S.; Habock, U.; Hrdlicka, S., "Fogging The Cloud — Implementing and Evaluating Searchable Encryption Schemes in Practice," in Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on, pp. 1365-1368, 11-15 May 2015. doi: 10.1109/INM.2015.7140497

Abstract: With the rise of cloud computing new ways to secure outsourced data have to be devised. Traditional approaches like simply encrypting all data before it is transferred only partially alleviate this problem. Searchable Encryption (SE) schemes enable the cloud provider to search for user supplied strings in the encrypted documents, while neither learning anything about the content of the documents nor about the search terms. Currently there are many different SE schemes defined in the literature, with their number steadily growing. But experimental results of real world performance, or direct comparisons between different schemes, are severely lacking. In this work we propose a simple Java client-server framework to efficiently implement different SE algorithms and compare their efficiency in practice. In addition, we demonstrate the possibilities of such a framework by implementing two different existing SE schemes from slightly different domains and compare their behavior in a real-world setting.

Keywords: Java; cloud computing; cryptography; document handling; Java client-server framework; SE schemes; cloud computing; encrypted documents; outsourced data security; searchable encryption schemes; user supplied strings; Arrays; Conferences; Encryption; Indexes; Servers (ID#: 16-9137)



Mallaiah, Kurra; Ramachandram, S; Gandhi, Rishi Kumar, "Multi User Searchable Encryption Schemes Using Trusted Proxy for Cloud Based Relational Databases," in Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on, pp. 1554-1559, 8-10 Oct. 2015. doi: 10.1109/ICGCIoT.2015.7380714

Abstract: Use of cloud Database-as-a-Service (DaaS) is gradually increasing in private and government organizations. Organizations are now considering outsourcing of their local databases to cloud database servers to minimize their operational and maintenance expenses. At the same time, users are apprehensive about the confidentiality breach of their vital data in cloud database. To achieve complete confidentiality of such data in outsourced databases, it is required to keep data in always-encrypted form in its entire life cycle i.e. at rest, in transition and while in operation in premises of cloud database services. Searchable encryption is a scheme, which allows users to perform an encrypted keyword search on encrypted data stored in database server directly without decrypting it. In many applications, it requires to access the database by multiple users where data is written by different users using different encryption keys. In this paper, we propose schemes for Multi user multi-key Encryption Search for cloud Relational Databases (MES-RD). It supports search operation on data encrypted under different keys by multiple users using a Trusted Proxy. These data may be stored in a shared table under one or other column of database server. To the best of our knowledge, the proposed schemes MES-RD are practical and first time proposed for databases.

Keywords: Computer hacking; Databases; Encryption; Levee; Organizations; Servers; Cloud computing; Database security; Multikey Encryption Search (ID#: 16-9138)



Xu, Lei; Xu, Chungen, "Efficient and Secure Data Retrieval Scheme Using Searchable Encryption in Cloud Storage," in Security and Privacy in Social Networks and Big Data (SocialSec), 2015 International Symposium on, pp. 15-21, 16-18 Nov. 2015. doi: 10.1109/SocialSec2015.16

Abstract: In the new era of data explosion, the problem of data storage and portability were solved with the advent of the cloud technologies. But the attendant problem is that most of the data stored by users are always uploaded as the form of plaintext, this means that the more data and information are uploaded by the user in cloud, the more privacy and information security risks will be. This paper presents a data retrieval system by using public key encryption system with keyword search, in which the client could test whether or not the file stored in cloud server contains the keyword without leaking the information about the encrypted file. We apply asymmetric pairings to achieve shorter key size scheme in the standard model, and adopt the dual system encryption technique to reduce the scheme's secure problem to the hard Symmetric External Diffie-Hellman assumption. In the last of paper, we analyse the scheme's efficiency and point out that our scheme is more efficient and secure than some other classical data retrieval models.

Keywords: Big data; Data privacy; Security; Social network services; asymmetric pairings; data retrieval; dual system encryption; keyword search encryption (ID#: 16-9139)



Chang Liu; Liehuang Zhu; Jinjun Chen, "Efficient Searchable Symmetric Encryption for Storing Multiple Source Data on Cloud," in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 451-458, 20-22 Aug. 2015. doi: 10.1109/Trustcom.2015.406

Abstract: Cloud computing has greatly facilitated large-scale data outsourcing due to its cost efficiency, scalability and many other advantages. Subsequent privacy risks force data owners to encrypt sensitive data, hence making the outsourced data no longer searchable. Searchable Symmetric Encryption (SSE) is an advanced cryptographic primitive addressing the above issue, which maintains efficient keyword search over encrypted data without disclosing much information to the storage provider. Existing SSE schemes implicitly assume that original user data is centralized, so that a searchable index can be built at once. Nevertheless, especially in cloud computing applications, user-side data centralization is not reasonable, e.g. an enterprise distributes its data in several data centers. In this paper, we propose the notion of Multi-Data-Source SSE (MDS-SSE), which allows each data source to build a local index individually and enables the storage provider to merge all local indexes into a global index afterwards. We propose a novel MDS-SSE scheme, in which an adversary only learns the number of data sources, the number of entire data files, the access pattern and the search pattern, but not any other distribution information such as how data files or search results are distributed over data sources. We offer rigorous security proof of our scheme, and report experimental results to demonstrate the efficiency of our scheme.

Keywords: cloud computing; cryptography; storage management; MDS-SSE scheme; cloud computing; large-scale data outsourcing; multiple source data storage; searchable symmetric encryption; Cloud computing; Distributed databases; Encryption; Indexes; Servers; Cloud Computing; Data Outsourcing; Multiple Data Sources; Searchable Symmetric Encryption (ID#: 16-9140)



Mithuna, R.; Suguna, M., "Integrity checking Over Encrypted Cloud Data," in Signal Processing, Communication and Networking (ICSCN), 2015 3rd International Conference on, pp. 1-5, 26-28 March 2015. doi: 10.1109/ICSCN.2015.7219916

Abstract: Cloud providers provide various promising services to users and this makes the cloud to be very popular among users. Cloud computing is a location independent computing wherein files are outsourced as a service. Users outsource their data to the third party cloud server to reduce various costs such as storage, management etc. The outsourced data may have sensitive and valuable information that needs to be secured. In order to assure confidentiality, users encrypt their data before outsourcing it to the cloud server. But the searching and retrieval of encrypted files becomes too complex. The existing works on searchable encryption focus on Single keyword search, Multi-keyword search, Boolean keyword search and rarely vary the search results. In Multi-Keyword Ranked Search Over Encrypted Cloud Data (MRSE), ranked searchable symmetric encryption scheme is used for efficient retrieval of similar data from the cloud server based on the ranking. Even though the ranking scheme provides most similar files from the cloud server, one cannot assure whether the retrieved files are having same fields are not. In this paper for the first time, ranking fixed by the cloud server is being tested to check the correctness of its order. Rank test method is used to check the integrity of the rank order over the search results. Since the rank fixed by cloud server is checked, the user can get accurate results and so privacy can be improved.

Keywords: cloud computing; cryptography; data integrity; data privacy; information retrieval; outsourcing; Boolean keyword search; MRSE; cloud computing; cloud provider; data confidentiality; encrypted file; integrity checking; location independent computing; multikeyword ranked search over encrypted cloud data; multikeyword search; outsourced data; outsourcing; rank test method; ranked searchable symmetric encryption scheme; ranking scheme; retrieved file; searchable encryption focus; single keyword search; third party cloud server; Encryption; Legged locomotion; Outsourcing; Privacy; Servers; cloud computing; encrypted file; integrity; privacy preserving; ranked results (ID#: 16-9141)



Peisong Shen; Chi Chen; Xue Tian; Jing Tian, "A Similarity Evaluation Algorithm and Its Application in Multi-Keyword Search on Encrypted Cloud Data," in Military Communications Conference, MILCOM 2015 - 2015 IEEE, pp. 1218-1223, 26-28 Oct. 2015. doi: 10.1109/MILCOM.2015.7357612

Abstract: Searchable symmetric encryption (SSE), known as privacy-preserving keyword search, allows users to perform keyword search on encrypted data. However, until now there are no practical SSE schemes which can support query-document similarity evaluation and provide top-k retrieval on encrypted cloud data. This problem slows down the process of SSE schemes' application in cloud storage service. In this paper, we propose a server-side similarity evaluation algorithm to realize the sorted search functionality. Based on this, we further propose an entire SSE solution to achieve the goal of privacy-preserving multi-keyword dynamic sorted (MKDS) search functionalities which steps closer to practical deployment. We formally demonstrate the security of our scheme and evaluate the practical performance of our scheme on the real-world dataset.

Keywords: cloud computing; private key cryptography; MKDS; SSE schemes; cloud storage; encrypted cloud data; multikeyword search; privacy-preserving keyword search; privacy-preserving multikeyword dynamic sorted; query-document similarity evaluation; searchable symmetric encryption; similarity evaluation algorithm; Cloud computing; Encryption; Heuristic algorithms; Indexes; Servers; ciphertext search; multi-keyword search; searchable symmetric encryption; similarity evaluation; top-k search (ID#: 16-9142)



Fisc, B.A.; Vo, B.; Krell, F.; Kumarasubramanian, A.; Kolesnikov, V.; Malkin, T.; Bellovin, S.M., "Malicious-Client Security in Blind Seer: A Scalable Private DBMS," in Security and Privacy (SP), 2015 IEEE Symposium on, pp. 395-410, 17-21 May 2015. doi: 10.1109/SP.2015.31

Abstract: The Blind Seer system (Oakland 2014) is an efficient and scalable DBMS that affords both client query privacy and server data protection. It also provides the ability to enforce authorization policies on the system, restricting client's queries while maintaining the privacy of both query and policy. Blind Seer supports a rich query set, including arbitrary boolean formulas, and is provably secure with respect to a controlled amount of search pattern leakage. No other system to date achieves this tradeoff of performance, generality, and provable privacy. A major shortcoming of Blind Seer is its reliance on semi-honest security, particularly for access control and data protection. A malicious client could easily cheat the query authorization policy and obtain any database records satisfying any query of its choice, thus violating basic security features of any standard DBMS. In sum, Blind Seer offers additional privacy to a client, but sacrifices a basic security tenet of DBMS. In the present work, we completely resolve the issue of a malicious client. We show how to achieve robust access control and data protection in Blind Seer with virtually no added cost to performance or privacy. Our approach also involves a novel technique for a semi-private function secure function evaluation (SPF-SFE) that may have independent applications. We fully implement our solution and report on its performance.

Keywords: Boolean functions; authorisation; data protection; database management systems; query processing; Blind Seer system; Boolean formulas; SPF-SFE; authorization policies; client query privacy; malicious-client security; query authorization policy; robust access control; scalable private DBMS; search pattern leakage; semiprivate function secure function evaluation; server data protection; Cryptography; Indexes; Logic gates; Privacy; Protocols; Servers; applied cryptography; private DBMS; searchable encryption (ID#: 16-9143)



Cheng Guo; Qiongqiong Song; Ruhan Zhuang; Bin Feng, "RSAE: Ranked Keyword Search over Asymmetric Encrypted Cloud Data," in Big Data and Cloud Computing (BDCloud), 2015 IEEE Fifth International Conference on, pp. 82-86, 26-28 Aug. 2015. doi: 10.1109/BDCloud.2015.11

Abstract: Cloud computing becomes more and more popular and is applied into many practical applications because of much cheaper and more powerful features. In cloud system, users can outsource local data to the cloud servers to lighten their local storage and computing resource loads, which products a new industry method of use-on-demand, pay-on-use. However outsourcing data to cloud servers makes sensitive information centralized into the server, which brings great challenge to protecting sensitive information privacy. For privacy preserving, the user encrypts sensitive data before outsourcing. Traditional searchable encryption methods make it possible for users to securely conduct keyword search over encrypted data and finally retrieve the most relevant Top-N files among the whole data. In this paper, we systematically propose a scheme to solve the problem of how to securely and efficiently retrieve the Top-N files by keyword-based searching over encrypted data by asymmetric encrypted.

Keywords: cloud computing; cryptography; data privacy; information retrieval; RSAE; Top-N file retrieval; asymmetric encrypted cloud data; cloud computing; data outsourcing; pay-on-use method; ranked keyword search; searchable encryption methods; sensitive information privacy; use-on-demand method; Cascading style sheets; Cloud computing; Encryption; Keyword search; Servers; Top-N files retrieval; asymmetric encryption; cloud data; identity based encryption; keyword search; searchable encryption (ID#: 16-9144)



Lai, R.W.F.; Chow, S.S.M., "Structured Encryption with Non-interactive Updates and Parallel Traversal," in Distributed Computing Systems (ICDCS), 2015 IEEE 35th International Conference on, pp. 776-777, June 29 2015-July 2 2015. doi: 10.1109/ICDCS.2015.104

Abstract: Searchable Symmetric Encryption (SSE) encrypts data in such a way that they can be searched efficiently. Some recent SSE schemes allow modification of data, yet they may incur storage overhead to support parallelism in searching, or additional computation to minimize the potential leakage incurred by the update, both penalize the performance. Moreover, most of them consider only keyword search and not applicable to arbitrary structured data. In this work, we propose the first parallel and dynamic symmetric-key structured encryption, which supports query of encrypted data structure. Our scheme leverages the rather simple randomized binary search tree to achieve non-interactive queries and updates.

Keywords: cryptography; data structures; parallel processing; query processing; SSE scheme; arbitrary structured data; dynamic symmetric-key structured encryption; encrypted data structure; noninteractive query; noninteractive update; parallel symmetric-key structured encryption; parallel traversal; potential leakage; randomized binary search tree; searchable symmetric encryption; structured encryption; Binary search trees; Complexity theory; Databases; Encryption; Keyword search; Servers; dynamic; non-interactive; parallel; structured encryption; symmetric searchable encryption (ID#: 16-9145)



Strizhov, M.; Ray, I., "Substring Position Search over Encrypted Cloud Data Using Tree-Based Index," in Cloud Engineering (IC2E), 2015 IEEE International Conference on, pp. 165-174, 9-13 March 2015. doi: 10.1109/IC2E.2015.33

Abstract: Existing Searchable Encryption (SE) solutions are able to handle simple boolean search queries, such as single or multi-keyword queries, but cannot handle substring search queries over encrypted data that also involves identifying the position of the substring within the document. These types of queries are relevant in areas such as searching DNA data. In this paper, we propose a tree-based Substring Position Searchable Symmetric Encryption (SSP-SSE) to overcome the existing gap. Our solution efficiently finds occurrences of a substrings over encrypted cloud data. We formally define the leakage functions and security properties of SSP-SSE. Then, we prove that the proposed scheme is secure against chosen-keyword attacks that involve an adaptive adversary. Our analysis demonstrates that SSP-SSE introduces very low overhead on computation and storage.

Keywords: cloud computing; cryptography; query processing; trees (mathematics); DNA data; SSP-SSE; adaptive adversary; boolean search queries; chosen-keyword attacks; cloud data; leakage functions; multikeyword queries; security properties; single keyword queries; substring position search; substring position searchable symmetric encryption; tree-based index; Cloud computing; Encryption; Indexes; Keyword search; Probabilistic logic; cloud computing; position heap tree; searchable symmetric encryption; substring position search (ID#: 16-9146)



Hongwei Li; Dongxiao Liu; Kun Jia; Xiaodong Lin, "Achieving Authorized and Ranked Multi-Keyword Search Over Encrypted Cloud Data," in Communications (ICC), 2015 IEEE International Conference on, pp. 7450-7455, 8-12 June 2015. doi: 10.1109/ICC.2015.7249517

Abstract: In cloud computing, it is important to protect user data. Thus, data owners usually encrypt their data before outsourcing them to the cloud server for security and privacy concerns. At the same time, very often users need to find data for specific keywords of interest to them. This motivates the research on the searchable encryption technique, which allows the search user to search over the encrypted data. Many mechanisms have been proposed, and are mainly focusing on the symmetric searchable encryption (SSE) technique. However, they do not consider the search authorization problem that requires the cloud server only to return the search results to authorized users. In this paper, we propose an authorized and ranked multi-keyword search scheme (ARMS) over encrypted cloud data by leveraging the ciphertext policy attribute-based encryption (CP-ABE) and SSE techniques. Security analysis demonstrates that the proposed ARMS scheme can achieve confidentiality of documents, trapdoor unlinkability and collusion resistance. Extensive experiments show that the ARMS is more superior and efficient than existing approaches in terms of functionalities and computational overhead.

Keywords: authorisation; cloud computing; cryptography; data protection; search problems; ARMS scheme; CP-ABE scheme; SSE technique; authorized and ranked multikeyword search scheme; ciphertext policy attribute-based encryption scheme; cloud computing; cloud data encryption; cloud server; collusion resistance; computational overhead; data privacy; data security; document confidentiality; search authorization problem; symmetric searchable encryption technique; trapdoor unlinkability; user data protection;Authorization;Encryption;Indexes;Servers;Sun;Multi-keyword Ranked Search; Search Authorization; Searchable Encryption (ID#: 16-9147)



Strizhov, M., "Towards a Practical and Efficient Search over Encrypted Data in the Cloud," in Cloud Engineering (IC2E), 2015 IEEE International Conference on, pp. 496-498, 9-13 March 2015. doi: 10.1109/IC2E.2015.86

Abstract: Searchable encryption allows a client to encrypt its document collection in such a way that the encrypted collection can still be searched. The most immediate application of searchable encryption is privacy / confidentiality preserving cloud storage, where it enables a client to securely outsource its document collection to an untrusted cloud provider without sacrificing the ability to search over it. Our research focuses on developing a novel searchable encryption framework that allows the cloud server to perform multi-keyword ranked search as well as substring search incorporating position information. We present some advances that we have accomplished in this area. We then layout our planned research work and a timeline to accomplish this.

Keywords: cloud computing; cryptography; data privacy; document handling; file servers; information retrieval; storage management; cloud server; document collection; encrypted data; multikeyword ranked search; position information; privacy/confidentiality preserving cloud storage; searchable encryption; substring search; untrusted cloud provider; Encryption; Frequency measurement; Indexes; Search problems; Servers; cloud computing; ranked search; searchable symmetric encryption; substring position search (ID#: 16-9148)



Dong, Qiuxiang; Guan, Zhi; Chen, Zhong, "Attribute-Based Keyword Search Efficiency Enhancement via an Online/Offline Approach," in Parallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on, pp. 298-305, 14-17 Dec. 2015. doi: 10.1109/ICPADS.2015.45

Abstract: Searchable encryption is a primitive, which not only protects data privacy of data owners but also enables data users to search over the encrypted data. Most existing searchable encryption schemes are in the single-user setting. There are only few schemes in the multiple data users setting, i.e., encrypted data sharing. Among these schemes, most of the early techniques depend on a trusted third party with interactive search protocols or need cumbersome key management. To remedy the defects, the most recent approaches borrow ideas from attribute-based encryption to enable attribute-based keyword search (ABKS). However, all these schemes incur high computational costs and are not suitable for mobile devices, such as mobile phones, with power consumption constraints. In this paper, we develop new techniques that split the computation for the keyword encryption and trapdoor/token generation into two phases: a preparation phase that does the vast majority of the work to encrypt a keyword or create a token before it knows the keyword or the attribute list/access control policy that will be used. A second phase then rapidly assembles an intermediate ciphertext or trapdoor when the specifics become known. The preparation work can be performed while the mobile device is plugged into a power source, then it can later rapidly perform keyword encryption or token generation operations on the move without significantly draining the battery. We name our scheme Online/Offline ABKS. To the best of our knowledge, this is the first work on constructing efficient multi-user searchable encryption scheme for mobile devices through moving the majority of the cost of keyword encryption and token generation into an offline phase.

Keywords: Cloud computing; Encryption; Keyword search; Search problems; Servers; Mobile Devices; Multi-Owner/Multi-User; Offline; Online; Power Consumption; Searchable Encryption (ID#: 16-9149)



Petcher, A.; Morrisett, G., "A Mechanized Proof of Security for Searchable Symmetric Encryption," in Computer Security Foundations Symposium (CSF), 2015 IEEE 28th, pp. 481-494, 13-17 July 2015. doi: 10.1109/CSF.2015.36

Abstract: We present a mechanized proof of security for an efficient Searchable Symmetric Encryption (SSE) scheme completed in the Foundational Cryptography Framework (FCF). FCF is a Coq library for reasoning about cryptographic schemes in the computational model that features a small trusted computing base and an extensible design. Through this effort, we provide the first mechanized proof of security for an efficient SSE scheme, and we demonstrate that FCF is well-suited to reasoning about such complex protocols.

Keywords: cryptographic protocols; inference mechanisms; theorem proving; trusted computing; Coq library; FCF; SSE scheme; cryptographic scheme; foundational cryptography framework; protocol; reasoning; searchable symmetric encryption; security mechanized proof; trusted computing; Databases; Encryption; Games; Semantics; Servers (ID#: 16-9150)



Frank, J.C.; Frank, S.M.; Thurlow, L.A.; Kroeger, T.M.; Miller, E.L.; Long, D.D.E., "Percival: A Searchable Secret-Split Datastore," in Mass Storage Systems and Technologies (MSST), 2015 31st Symposium on, pp. 1-12, May 30 2015-June 5 2015. doi: 10.1109/MSST.2015.7208296

Abstract: Maintaining information privacy is challenging when sharing data across a distributed long-term datastore. In such applications, secret splitting the data across independent sites has been shown to be a superior alternative to fixed-key encryption; it improves reliability, reduces the risk of insider threat, and removes the issues surrounding key management. However, the inherent security of such a datastore normally precludes it from being directly searched without reassembling the data; this, however, is neither computationally feasible nor without risk since reassembly introduces a single point of compromise. As a result, the secret-split data must be pre-indexed in some way in order to facilitate searching. Previously, fixed-key encryption has also been used to securely pre-index the data, but in addition to key management issues, it is not well suited for long term applications. To meet these needs, we have developed Percival: a novel system that enables searching a secret-split datastore while maintaining information privacy. We leverage salted hashing, performed within hardware security modules, to access prerecorded queries that have been secret split and stored in a distributed environment; this keeps the bulk of the work on each client, and the data custodians blinded to both the contents of a query as well as its results. Furthermore, Percival does not rely on the datastore's exact implementation. The result is a flexible design that can be applied to both new and existing secret-split datastores. When testing Percival on a corpus of approximately one million files, it was found that the average search operation completed in less than one second.

Keywords: cryptography; data privacy; Percival; distributed environment; distributed long-term datastore; hardware security modules; information privacy; salted hashing; searchable secret-split datastore; Encryption; Hardware; Indexes; Search problems; Servers (ID#: 16-9151)



Gopularam, B.P.; Dara, S.; Niranjan, N., "Experiments in Encrypted and Searchable Network Audit Logs," in Emerging Information Technology and Engineering Solutions (EITES), 2015 International Conference on, pp. 18-22, 20-21 Feb. 2015. doi: 10.1109/EITES.2015.13

Abstract: We consider the scenario where a consumer can securely outsource their network telemetry data to a Cloud Service Provider and enable a third party to audit such telemetry for any security forensics. Especially we consider the use case of privacy preserving search in network log audits. In this paper we experiment with advances in Identity Based Encryption and Attribute-Based encryption schemes for auditing network logs.

Keywords: cloud computing; cryptography; data privacy; digital forensics; telemetry; attribute-based encryption; cloud service provider; encrypted network audit logs; identity based encryption; network telemetry data; privacy preserving search; searchable network audit logs; security forensics; Encryption; Privacy; Public key; Servers; Telemetry; audit log privacy; identity based encryption; network telemetry (ID#: 16-9152)



Xingliang Yuan; Xinyu Wang; Yilei Chu; Cong Wang; Chen Qian, "Towards a Scalable, Private, and Searchable Key-Value Store," in Communications and Network Security (CNS), 2015 IEEE Conference on, pp. 773-774, 28-30 Sept. 2015. doi: 10.1109/CNS.2015.7346929

Abstract: Modern distributed key-value stores are offering superior performance, incremental scalability, and fine availability for data-intensive computing and cloud-based applications. Among those distributed data stores, the designs that ensure the confidentiality of sensitive data, however, have not been fully explored yet. In this paper, we focus on designing and implementing a scalable, private, and searchable key-value store. We first design a secure data partition algorithm that distributes encrypted data evenly across a cluster of nodes. Based on this algorithm, we then implement an encrypted key-value store. To enable secure search queries for given attributes or keywords, we leverage searchable symmetric encryption to design the encrypted local indexes that consider security, efficiency, and data locality simultaneously. Performance evaluation at Microsoft Azure is conducted in terms of Put/Get throughput and latency under different workloads. The comparison with HBase shows that our prototype can function in a practical manner.

Keywords: cryptography; telecommunication security; encrypted key-value store; private key-value store; scalable key-value store; searchable key-value store; secure data partition algorithm; secure search queries; Cloud computing; Distributed databases; Encryption; Indexes; Throughput (ID#: 16-9153)



Rui Zhang; Rui Xue, "Efficient Keyword Search for Public-Key Setting," in Military Communications Conference, MILCOM 2015 - 2015 IEEE, pp. 1236-1241, 26-28 Oct. 2015. doi: 10.1109/MILCOM.2015.7357615

Abstract: Querying over encrypted data is gaining increasing popularity in cloud based data hosting services. Security and efficiency are recognized as two important and yet conflicting requirements for querying over encrypted data. In this paper we propose an efficient public-key encryption with keyword search scheme (EPEKS for short) that support binary search for inverted index-based encrypted data. First, we describe approaches of constructing a searchable encryption scheme that supports binary search. Second, we present a novel framework for EPEKS, and provide its formal security definitions in terms of IND-PEKS-CKA security and search pattern privacy by modifying Nishioka's security notions [1]. Third, built on the proposed framework, we design a concrete EPEKS scheme based on the groups of prime order. The scheme enjoys strong notions of security, namely statistical IND-PEKS-CKA security and statistical search pattern privacy. Finally, we experimentally evaluate the proposed EPEKS scheme and show that it is significantly more efficient in terms of search over encrypted data than existing search pattern secure PEKS schemes.

Keywords: public key cryptography; statistical analysis; telecommunication security; EPEKS; Nishioka security notion; binary search; cloud based data hosting service; inverted index-based data encryption; keyword search scheme; public key encryption; statistical IND-PEKS-CKA security; statistical search pattern privacy; Encryption; Indexes; Privacy; Public key; Servers (ID#: 16-9154)



Wang, Boyang; Li, Ming; Wang, Haitao; Li, Hui, "Circular Range Search on Encrypted Spatial Data," in Communications and Network Security (CNS), 2015 IEEE Conference on, pp. 182-190, 28-30 Sept. 2015. doi: 10.1109/CNS.2015.7346827

Abstract: Searchable encryption is a promising technique enabling meaningful search operations to be performed on encrypted databases while protecting user privacy from untrusted third-party service providers. However, while most of the existing works focus on common SQL queries, geometric queries on encrypted spatial data have not been well studied. Especially, circular range search is an important type of geometric query on spatial data which has wide applications, such as proximity testing in Location-Based Services and Delaunay triangulation in computational geometry. In this paper, we propose two novel symmetric-key searchable encryption schemes supporting circular range search. Informally, both of our schemes can correctly verify whether a point is inside a circle on encrypted spatial data without revealing data privacy or query privacy to a semi-honest cloud server. We formally define the security of our proposed schemes, prove that they are secure under Selective Chosen-Plaintext Attacks, and evaluate their performance through experiments in a real-world cloud platform (Amazon EC2).

Keywords: Cloud computing; Data privacy; Encryption; Nearest neighbor searches; Servers; Spatial databases (ID#: 16-9155)



Pengyan Shen; Kai Guo; Mingzhong Xiao; Quanqing Xu, "Spy: A QoS-Aware Anonymous Multi-Cloud Storage System Supporting DSSE," in Cluster, Cloud and Grid Computing (CCGrid), 2015 15th IEEE/ACM International Symposium on, pp.951-960, 4-7 May 2015. doi: 10.1109/CCGrid.2015.88

Abstract: Constructing an overlay storage system based on multiple personal cloud storages is a desirable technique and novel idea for cloud storages. Existing designs provide the basic functions with some customized features. Unfortunately, some important issues have always been ignored including privacy protection, QoS and cipher-text search. In this paper, we present Spy, our design for an anonymous storage overlay network on multiple personal cloud storage, supporting a flexible QoS awareness and cipher-text search. We reform the original Tor protocol by extending the command set and adding a tail part to the Tor cell, which makes it possible for coordination among proxy servers and still keeps the anonymity. Based on which, we proposed a flexible user-defined QoS policy and employed a Dynamic Searchable Symmetric Encryption (DSSE) scheme to support secure cipher-text search. Extensive security analysis prove the security on privacy preserving and experiments show how different QoS policy work according to different security requirements.

Keywords: cloud computing; cryptography; data privacy; information retrieval; quality of service; storage management; DSSE; QoS-aware anonymous multicloud storage system; Spy; Tor cell; Tor protocol; anonymous storage overlay network; cipher-text search; dynamic searchable symmetric encryption scheme; flexible QoS awareness; flexible user-defined QoS policy; multiple personal cloud storage; multiple personal cloud storages; overlay storage system; privacy protection; security requirements; Cloud computing; Encryption; Indexes; Quality of service; Servers; Cipher-text search; DSSE; PCS; Privacy Preserving; QoS (ID#: 16-9156)



Dongsheng Wang; Xiaohua Jia; Cong Wang; Kan Yang; Shaojing Fu; Ming Xu, "Generalized Pattern Matching String Search on Encrypted Data in Cloud Systems," in Computer Communications (INFOCOM), 2015 IEEE Conference on, pp. 2101-2109, April 26 2015-May 1 2015. doi: 10.1109/INFOCOM.2015.7218595

Abstract: Searchable encryption is an important and challenging issue. It allows people to search on encrypted data. This is a very useful function when more and more people choose to host their data in the cloud and the cloud server is not fully trustable. Existing solutions for searchable encryption are only limited to some simple functions of search, such as boolean search or similarity search. In this paper, we propose a scheme for Generalized Pattern-matching String-search on Encrypted data (GPSE) in cloud systems. GPSE allows users to specify their search queries by using generalized wildcard-based string patterns (such as SQL-like patterns). It gives users great expressive power in specifying highly targeted search queries. In the framework of GPSE, we particularly implemented two most commonly used pattern matching search functions on encrypted data, the substring matching and the longest-prefix-first matching. We also prove that GPSE is secure under the known-plaintext model. Experiments over real data sets show that GPSE achieves high search accuracy.

Keywords: cloud computing; cryptography; query processing; string matching; GPSE scheme;cloud systems; encrypted data; generalized pattern matching string search; generalized wildcard-based string patterns; known-plaintext model; longest-prefix-first matching; search query specification; searchable encryption; substring matching; Accuracy; Cryptography; Euclidean distance; Indexes; Pattern matching; Servers (ID#: 16-9157)



Boyang Wang; Ming Li; Haitao Wang; Hui Li, "Circular Range Search on Encrypted Spatial Data," in Distributed Computing Systems (ICDCS), 2015 IEEE 35th International Conference on, pp. 794-795, June 29 2015-July 2 2015. doi: 10.1109/ICDCS.2015.113

Abstract: Searchable encryption is a promising technique enabling meaningful search operations to be performed on encrypted databases while protecting user privacy from untrusted third-party service providers. However, while most of the existing works focus on common SQL queries, geometric queries on encrypted spatial data have not been well studied. Especially, circular range search is an important type of geometric query on spatial data which has wide applications, such as proximity testing in Location-Based Services and Delaunay triangulation in computational geometry. In this poster, we propose two novel symmetric-key searchable encryption schemes supporting circular range search. Informally, both of our schemes can correctly verify whether a point is inside a circle on encrypted spatial data without revealing data privacy or query privacy to a semi-honest cloud server. We formally define the security of our proposed schemes, prove that they are secure under Selective Chosen-Plaintext Attacks, and evaluate their performance through experiments in a real-world cloud platform (Amazon EC2). To the best of our knowledge, this work represents the first study in secure circular range search on encrypted spatial data.

Keywords: SQL; computational geometry; data privacy; mesh generation; private key cryptography; query processing; Amazon EC2;Delaunay triangulation; SQL query; circular range search; computational geometry; data privacy; encrypted database; encrypted spatial data; geometric query; location-based service; proximity testing; query privacy; selective chosen-plaintext attack; semi-honest cloud server; symmetric-key searchable encryption scheme; user privacy protection; Companies; Data privacy; Encryption; Servers; Spatial databases (ID#: 16-9158)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.