114 research outputs found
Recommended from our members
R-PEKS: RBAC Enabled PEKS for Secure Access of Cloud Data
In the recent past, few works have been done by combining attribute-based access control with multi-user PEKS, i.e., public key encryption with keyword search. Such attribute enabled searchable encryption is most suitable for applications where the changing of privileges is done once in a while. However, to date, no efficient and secure scheme is available in the literature that is suitable for these applications where changing privileges are done frequently. In this paper our contributions are twofold. Firstly, we propose a new PEKS scheme for string search, which, unlike the previous constructions, is free from bi-linear mapping and is efficient by 97% compared to PEKS for string search proposed by Ray et.al in TrustCom 2017. Secondly, we introduce role based access control (RBAC) to multi-user PEKS, where an arbitrary group of users can search and access the encrypted files depending upon roles. We termed this integrated scheme as R-PEKS. The efficiency of R-PEKS over the PEKS scheme is up to 90%. We provide formal security proofs for the different components of R-PEKS and validate these schemes using a commercial dataset
Sharing of Data Using Key Aggregation and Searchable Encryption
Sharing data with different users is an important functionality of the cloud. However, while enjoying the convenience provided by the cloud storage, user’s main concern is regarding the data leakage present in cloud. A promising approach to prevent this is encryption of data before uploading onto cloud. The desire to selectively and securely share documents with any group of users demands different documents to have different encryption keys. This necessitates the distribution of a large number of keys to users for both encryption and search, those users will have to securely store these keys, and submit an equally large number of keyword trapdoors to the cloud in order to perform search. In this paper, we resolve this problem by extending the concept of Key Aggregate Searchable Encryption (KASE) scheme which employs a single aggregate key and a single trapdoor. Here, the data owner only needs to distribute a single key to a user for sharing a large number of documents, and the user only needs to submit a single trapdoor to the cloud for querying the documents. Also, we provide a functionality of selection of keyword based on their rank by the Data owner in such a way that the selected keywords describe the file. Thus, this scheme makes the management of the keys efficient and also makes the sharing of documents over the cloud more secure
Searchable Symmetric Encryption and its applications
In the age of personalized advertisement and online identity profiles, people’s personal information is worth more to corporations than ever. Storing data in the cloud is increasing in popularity due to bigger file sizes and people just storing more information digitally. The leading cloud storage providers require insight into what users store on their servers. This forces users to trust their cloud storage provider not to misuse their information. This opens the possibility that private information is sold to hackers or is made publicly available on the internet. However, the more realistic case is that the service provider sells or misuses your metadata for use in personalized advertisements or other, less apparent purposes. This thesis will explore Searchable Sym- metric Encryption (SSE) algorithms and how we can utilize them to make a more secure cloud storage serviceMasteroppgave i informatikkINF399MAMN-PROGMAMN-IN
Secure Remote Storage of Logs with Search Capabilities
Dissertação de Mestrado em Engenharia InformáticaAlong side with the use of cloud-based services, infrastructure and storage, the use of application logs
in business critical applications is a standard practice nowadays. Such application logs must be stored
in an accessible manner in order to used whenever needed. The debugging of these applications is a
common situation where such access is required. Frequently, part of the information contained in logs
records is sensitive.
This work proposes a new approach of storing critical logs in a cloud-based storage recurring to
searchable encryption, inverted indexing and hash chaining techniques to achieve, in a unified way, the
needed privacy, integrity and authenticity while maintaining server side searching capabilities by the logs
owner.
The designed search algorithm enables conjunctive keywords queries plus a fine-grained search
supported by field searching and nested queries, which are essential in the referred use case. To the
best of our knowledge, the proposed solution is also the first to introduce a query language that enables
complex conjunctive keywords and a fine-grained search backed by field searching and sub queries.A gerac¸ ˜ao de logs em aplicac¸ ˜oes e a sua posterior consulta s˜ao fulcrais para o funcionamento de qualquer
neg´ocio ou empresa. Estes logs podem ser usados para eventuais ac¸ ˜oes de auditoria, uma vez
que estabelecem uma baseline das operac¸ ˜oes realizadas. Servem igualmente o prop´ osito de identificar
erros, facilitar ac¸ ˜oes de debugging e diagnosticar bottlennecks de performance. Tipicamente, a maioria
da informac¸ ˜ao contida nesses logs ´e considerada sens´ıvel.
Quando estes logs s˜ao armazenados in-house, as considerac¸ ˜oes relacionadas com anonimizac¸ ˜ao,
confidencialidade e integridade s˜ao geralmente descartadas. Contudo, com o advento das plataformas
cloud e a transic¸ ˜ao quer das aplicac¸ ˜oes quer dos seus logs para estes ecossistemas, processos de
logging remotos, seguros e confidenciais surgem como um novo desafio. Adicionalmente, regulac¸ ˜ao
como a RGPD, imp˜oe que as instituic¸ ˜oes e empresas garantam o armazenamento seguro dos dados.
A forma mais comum de garantir a confidencialidade consiste na utilizac¸ ˜ao de t ´ecnicas criptogr ´aficas
para cifrar a totalidade dos dados anteriormente `a sua transfer ˆencia para o servidor remoto. Caso sejam
necess´ arias capacidades de pesquisa, a abordagem mais simples ´e a transfer ˆencia de todos os dados
cifrados para o lado do cliente, que proceder´a `a sua decifra e pesquisa sobre os dados decifrados.
Embora esta abordagem garanta a confidencialidade e privacidade dos dados, rapidamente se torna
impratic ´avel com o crescimento normal dos registos de log. Adicionalmente, esta abordagem n˜ao faz
uso do potencial total que a cloud tem para oferecer.
Com base nesta tem´ atica, esta tese prop˜oe o desenvolvimento de uma soluc¸ ˜ao de armazenamento
de logs operacionais de forma confidencial, integra e autˆ entica, fazendo uso das capacidades de armazenamento
e computac¸ ˜ao das plataformas cloud. Adicionalmente, a possibilidade de pesquisa sobre
os dados ´e mantida. Essa pesquisa ´e realizada server-side diretamente sobre os dados cifrados e sem
acesso em momento algum a dados n˜ao cifrados por parte do servidor..
Towards more Secure and Efficient Password Databases
Password databases form one of the backbones of nowadays web applications.
Every web application needs to store its users’ credentials (email and password) in
an efficient way, and in popular applications (Google, Facebook, Twitter, etc.) these
databases can grow to store millions of user credentials simultaneously. However,
despite their critical nature and susceptibility to targeted attacks, the techniques
used for securing password databases are still very rudimentary, opening the way to
devastating attacks. Just in the year of 2016, and as far as publicly disclosed, there
were more than 500 million passwords stolen in internet hacking attacks.
To solve this problem we commit to study several schemes like property-preserving
encryption schemes (e.g. deterministic encryption), encrypted data-structures that
support operations (e.g. searchable encryption), partially homomorphic encryption
schemes, and commodity trusted hardware (e.g. TPM and Intel SGX).
In this thesis we propose to make a summary of the most efficient and secure techniques
for password database management systems that exist today and recreating
them to accommodate a new and simple universal API.
We also propose SSPM(Simple Secure Password Management), a new password
database scheme that simultaneously improves efficiency and security of current
solutions existing in literature. SSPM is based on Searchable Symmetric Encryption
techniques, more specifically ciphered data structures, that allow efficient queries
with the minimum leak of access patterns. SSPM adapts these structures to work
with the necessary operation of password database schemes preserving the security
guarantees.
Furthermore, SSPM explores the use of trusted hardware to minimize the revelation
of access patterns during the execution of operations and protecting the storage
of cryptographic keys. Experimental results with real password databases shows us
that SSPM has a similar performance compared with the solutions used today in
the industry, while simultaneous increasing the offered security conditions
Searchable Encryption for Cloud and Distributed Systems
The vast development in information and communication technologies has spawned many new computing and storage architectures in the last two decades. Famous for its powerful computation ability and massive storage capacity, cloud services, including storage and computing, replace personal computers and software systems in many industrial applications. Another famous and influential computing and storage architecture is the distributed system, which refers to an array of machines or components geographically dispersed but jointly contributes to a common task, bringing premium scalability, reliability, and efficiency. Recently, the distributed cloud concept has also been proposed to benefit both cloud and distributed computing. Despite the benefits of these new technologies, data security and privacy are among the main concerns that hinder the wide adoption of these attractive architectures since data and computation are not under the control of the end-users in such systems. The traditional security mechanisms, e.g., encryption, cannot fit these new architectures since they would disable the fast access and retrieval of remote storage servers. Thus, an urgent question turns to be how to enable refined and efficient data retrieval on encrypted data among numerous records (i.e., searchable encryption) in the cloud and distributed systems, which forms the topic of this thesis.
Searchable encryption technologies can be divided into Searchable Symmetric Encryption (SSE) and Public-key Encryption with Keyword Search (PEKS). The intrinsical symmetric key hinders data sharing since it is problematic and insecure to reveal one’s key to others. However, SSE outperforms PEKS due to its premium efficiency and is thus is prefered in a number of keyword search applications. Then multi-user SSE with rigorous and fine access control undoubtedly renders a satisfactory solution of both efficiency and security, which is the first problem worthy of our much attention. Second, functions and versatility play an essential role in a cloud storage application but it is still tricky to realize keyword search and deduplication in the cloud simultaneously. Large-scale data usually renders significant data redundancy and saving cloud storage resources turns to be inevitable. Existing schemes only facilitate data retrieval due to keywords but rarely consider other demands like deduplication. To be noted, trivially and hastily affiliating a separate deduplication scheme to the searchable encryption leads to disordered system architecture and security threats. Therefore, attention should be paid to versatile solutions supporting both keyword search and deduplication in the cloud. The third problem to be addressed is implementing multi-reader access for PEKS. As we know, PEKS was born to support multi-writers but enabling multi-readers in PEKS is challenging. Repeatedly encrypting the same keyword with different readers’ keys is not an elegant solution. In addition to keyword privacy, user anonymity coming with a multi-reader setting should also be formulated and preserved. Last but not least, existing schemes targeting centralized storage have not taken full advantage of distributed computation, which is considerable efficiency and fast response. Specifically, all testing tasks between searchable ciphertexts and trapdoor/token are fully undertaken by the only centralized cloud server, resulting in a busy system and slow response. With the help of distributed techniques, we may now look forward to a new turnaround, i.e., multiple servers jointly work to perform the testing with better efficiency and scalability. Then the intractable multi-writer/multi-reader mode supporting multi-keyword queries may also come true as a by-product.
This thesis investigates searchable encryption technologies in cloud storage and distributed systems and spares effort to address the problems mentioned above. Our first work can be classified into SSE. We formulate the Multi-user Verifiable Searchable Symmetric Encryption (MVSSE) and propose a concrete scheme for multi-user access. It not only offers multi-user access and verifiability but also supports extension on updates as well as a non-single keyword index. Moreover, revocable access control is obtained that the search authority is validated each time a query is launched, different from existing mechanisms that once the search authority is granted, users can search forever. We give simulation-based proof, demonstrating our proposal possesses Universally Composable (UC)-security. Second, we come up with a redundancy elimination solution on top of searchable encryption. Following the keyword comparison approach of SSE, we formulate a hybrid primitive called Message-Locked Searchable Encryption (MLSE) derived in the way of SSE’s keyword search supporting keyword search and deduplication and present a concrete construction that enables multi-keyword query and negative keyword query as well as deduplication at a considerable small cost, i.e., the tokens are used for both search and deduplication. And it can further support Proof of Storage (PoS), testifying the content integrity in cloud storage. The semantic security is proved in Random Oracle Model using the game-based methodology. Third, as the branch of PEKS, the Broadcast Authenticated Encryption with Keyword Search (BAEKS) is proposed to bridge the gap of multi-reader access for PEKS, followed by a scheme. It not only resists Keyword Guessing Attacks (KGA) but also fills in the blank of anonymity. The scheme is proved secure under Decisional Bilinear Diffie-Hellman (DBDH) assumption in the Random Oracle Model.
For distributed systems, we present a Searchable Encryption based on Efficient Privacy-preserving Outsourced calculation framework with Multiple keys (SE-EPOM) enjoying desirable features, which can be classified into PEKS. Instead of merely deploying a single server, multiple servers are employed to execute the test algorithm in our scheme jointly. The refined search, i.e., multi-keyword query, data confidentiality, and search pattern hiding, are realized. Besides, the multi-writer/multi-reader mode comes true. It is shown that under the distributed circumstance, much efficiency can be substantially achieved by our construction. With simulation-based proof, the security of our scheme is elaborated.
All constructions proposed in this thesis are formally proven according to their corresponding security definitions and requirements. In addition, for each cryptographic primitive designed in this thesis, concrete schemes are initiated to demonstrate the availability and practicality of our proposal
Efficient Similarity Search over Encrypted Data
Abstract — In recent years, due to the appealing features of cloud computing, large amount of data have been stored in the cloud. Although cloud based services offer many advantages, privacy and security of the sensitive data is a big concern. To mitigate the concerns, it is desirable to outsource sensitive data in encrypted form. Encrypted storage protects the data against illegal access, but it complicates some basic, yet important func-tionality such as the search on the data. To achieve search over encrypted data without compromising the privacy, considerable amount of searchable encryption schemes have been proposed in the literature. However, almost all of them handle exact query matching but not similarity matching; a crucial requirement for real world applications. Although some sophisticated secure multi-party computation based cryptographic techniques are available for similarity tests, they are computationally intensive and do not scale for large data sources. In this paper, we propose an efficient scheme for similarity search over encrypted data. To do so, we utilize a state-of-the-art algorithm for fast near neighbor search in high dimensional spaces called locality sensitive hashing. To ensure the confidential-ity of the sensitive data, we provide a rigorous security definition and prove the security of the proposed scheme under the provided definition. In addition, we provide a real world application of the proposed scheme and verify the theoretical results with empirical observations on a real dataset. I
Split keyword fuzzy and synonym search over encrypted cloud data
A substitute solution for various organizations of data owners to store their data in the cloud using storage as a service(SaaS). The outsourced sensitive data is encrypted before uploading into the cloud to achieve data privacy. The encrypted data is search based on keywords and retrieve interested files by data user using a lot of traditional Search scheme. Existing search schemes supports exact keyword match or fuzzy keyword search, but synonym based multi-keyword search are not supported. In the real world scenario, cloud users may not know the exact keyword for searching and they might give synonym of the keyword as the input for search instead of exact or fuzzy keyword due to lack of appropriate knowledge of data. In this paper, we describe an efficient search approach for encrypted data called as Split Keyword Fuzzy and Synonym Search (SKFS). Multi-keyword ranked search with accurate keyword and Fuzzy search supports synonym queries are a major contribution of SKFS. The wildcard Technique is used to store the keywords securely within the index tree. Index tree helps to search faster, accurate and low storage cost. Extensive experimental results on real-time data sets shows, the proposed solution is effective and efficient for multi-keyword ranked search and synonym queries Fuzzy based search over encrypted cloud data. © 2017 Springer Science+Business Media, LL
- …