13,381 research outputs found
Adaptively Secure Computationally Efficient Searchable Symmetric Encryption
Searchable encryption is a technique that allows a client to store documents on a server in encrypted form. Stored documents can be retrieved selectively while revealing as little information as\ud
possible to the server. In the symmetric searchable encryption domain, the storage and the retrieval are performed by the same client. Most conventional searchable encryption schemes suffer\ud
from two disadvantages.\ud
First, searching the stored documents takes time linear in the size of the database, and/or uses heavy arithmetic operations.\ud
Secondly, the existing schemes do not consider adaptive attackers;\ud
a search-query will reveal information even about documents stored\ud
in the future. If they do consider this, it is at a significant\ud
cost to updates.\ud
In this paper we propose a novel symmetric searchable encryption\ud
scheme that offers searching at constant time in the number of\ud
unique keywords stored on the server. We present two variants of\ud
the basic scheme which differ in the efficiency of search and\ud
update. We show how each scheme could be used in a personal health\ud
record system
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency
Recently, several practical attacks raised serious concerns over the security
of searchable encryption. The attacks have brought emphasis on forward privacy,
which is the key concept behind solutions to the adaptive leakage-exploiting
attacks, and will very likely to become mandatory in the design of new
searchable encryption schemes. For a long time, forward privacy implies
inefficiency and thus most existing searchable encryption schemes do not
support it. Very recently, Bost (CCS 2016) showed that forward privacy can be
obtained without inducing a large communication overhead. However, Bost's
scheme is constructed with a relatively inefficient public key cryptographic
primitive, and has a poor I/O performance. Both of the deficiencies
significantly hinder the practical efficiency of the scheme, and prevent it
from scaling to large data settings. To address the problems, we first present
FAST, which achieves forward privacy and the same communication efficiency as
Bost's scheme, but uses only symmetric cryptographic primitives. We then
present FASTIO, which retains all good properties of FAST, and further improves
I/O efficiency. We implemented the two schemes and compared their performance
with Bost's scheme. The experiment results show that both our schemes are
highly efficient, and FASTIO achieves a much better scalability due to its
optimized I/O
Secure k-Nearest Neighbor Query over Encrypted Data in Outsourced Environments
For the past decade, query processing on relational data has been studied
extensively, and many theoretical and practical solutions to query processing
have been proposed under various scenarios. With the recent popularity of cloud
computing, users now have the opportunity to outsource their data as well as
the data management tasks to the cloud. However, due to the rise of various
privacy issues, sensitive data (e.g., medical records) need to be encrypted
before outsourcing to the cloud. In addition, query processing tasks should be
handled by the cloud; otherwise, there would be no point to outsource the data
at the first place. To process queries over encrypted data without the cloud
ever decrypting the data is a very challenging task. In this paper, we focus on
solving the k-nearest neighbor (kNN) query problem over encrypted database
outsourced to a cloud: a user issues an encrypted query record to the cloud,
and the cloud returns the k closest records to the user. We first present a
basic scheme and demonstrate that such a naive solution is not secure. To
provide better security, we propose a secure kNN protocol that protects the
confidentiality of the data, user's input query, and data access patterns.
Also, we empirically analyze the efficiency of our protocols through various
experiments. These results indicate that our secure protocol is very efficient
on the user end, and this lightweight scheme allows a user to use any mobile
device to perform the kNN query.Comment: 23 pages, 8 figures, and 4 table
- ā¦