58 research outputs found
Global Heuristic Search on Encrypted Data (GHSED)
Important document are being kept encrypted in remote servers. In order to retrieve these encrypted data, efficient search methods needed to enable the retrieval of the document without knowing the content of the documents In this paper a technique called a global heuristic search on encrypted data (GHSED) technique will be described for search in an encrypted files using public key encryption stored on an untrusted server and retrieve the files that satisfy a certain search pattern without revealing any information about the original files. GHSED technique would satisfy the following: (1) Provably secure, the untrusted server cannot learn anything about the plaintext given only the cipher text. (2) Provide controlled searching, so that the untrusted server cannot search for a word without the user's authorization. (3) Support hidden queries, so that the user may ask the untrusted server to search for a secret word without revealing the word to the server. (4) Support query isolation, so the untrusted server learns nothing more than the search result about the plaintext
A practical and secure multi-keyword search method over encrypted cloud data
Cloud computing technologies become more and more popular every year, as many organizations tend to outsource their data utilizing robust and fast services of clouds while lowering the cost of hardware ownership. Although its benefits are welcomed, privacy is still a remaining concern that needs to be addressed. We propose an efficient privacy-preserving search method over encrypted cloud data that utilizes minhash functions. Most of the work in literature can only support a single feature search in queries which reduces the effectiveness. One of the main advantages of our proposed method is the capability of multi-keyword search in a single query. The proposed method is proved to satisfy adaptive semantic security definition. We also combine an effective ranking capability that is based on term frequency-inverse document frequency (tf-idf) values of keyword document pairs. Our analysis demonstrates that the proposed scheme is proved to be privacy-preserving, efficient and effective
Efficient and secure ranked multi-keyword search on encrypted cloud data
Information search and document retrieval from a remote database (e.g. cloud server) requires submitting the search terms to the database holder. However, the search terms may contain sensitive information that must be kept secret from the database holder. Moreover, the privacy concerns apply to the relevant documents retrieved by the user in the later stage since they may also contain sensitive data and reveal information about sensitive search terms. A related protocol, Private Information Retrieval (PIR), provides useful cryptographic tools to hide the queried search terms and the data retrieved from the database while returning most relevant documents to the user. In this paper, we propose a practical privacy-preserving ranked keyword search scheme based on PIR that allows multi-keyword queries with ranking capability. The proposed scheme increases the security of the keyword search scheme while still satisfying efficient computation and communication requirements. To the best of our knowledge the majority of previous works are not efficient for assumed scenario where documents are large files. Our scheme outperforms the most efficient proposals in literature in terms of time complexity by several orders of magnitude
Privacy Enhancing Protocols using Pairing Based Cryptography
This thesis presents privacy enhanced cryptographic constructions,
consisting of formal definitions, algorithms and motivating
applications. The contributions are a step towards the development of
cryptosystems which, from the design phase, incorporate privacy as a
primary goal. Privacy offers a form of protection over personal and
other sensitive data to individuals, and has been the subject of much
study in recent years.
Our constructions are based on a special type of algebraic group called
bilinear groups. We present existing cryptographic constructions which
use bilinear pairings, namely Identity-Based Encryption (IBE). We define
a desirable property of digital signatures, blindness, and present new
IBE constructions which incorporate this property.
Blindness is a desirable feature from a privacy perspective as it allows
an individual to obscure elements such as personal details in the data
it presents to a third party. In IBE, blinding focuses on obscuring
elements of the identity string which an individual presents to the key
generation centre. This protects an individual's privacy in a direct
manner by allowing her to blind sensitive elements of the identity
string and also prevents a key generation centre from subsequently
producing decryption keys using her full identity string. Using blinding
techniques, the key generation centre does not learn the full identity
string.
In this thesis, we study selected provably-secure cryptographic
constructions. Our contribution is to reconsider the design of such
constructions with a view to incorporating privacy. We present the new,
privacy-enhanced cryptographic protocols using these constructions as
primitives. We refine useful existing security notions and present
feasible security definitions and proofs for these constructions
Privacy-Preserving Secret Shared Computations using MapReduce
Data outsourcing allows data owners to keep their data at \emph{untrusted}
clouds that do not ensure the privacy of data and/or computations. One useful
framework for fault-tolerant data processing in a distributed fashion is
MapReduce, which was developed for \emph{trusted} private clouds. This paper
presents algorithms for data outsourcing based on Shamir's secret-sharing
scheme and for executing privacy-preserving SQL queries such as count,
selection including range selection, projection, and join while using MapReduce
as an underlying programming model. Our proposed algorithms prevent an
adversary from knowing the database or the query while also preventing
output-size and access-pattern attacks. Interestingly, our algorithms do not
involve the database owner, which only creates and distributes secret-shares
once, in answering any query, and hence, the database owner also cannot learn
the query. Logically and experimentally, we evaluate the efficiency of the
algorithms on the following parameters: (\textit{i}) the number of
communication rounds (between a user and a server), (\textit{ii}) the total
amount of bit flow (between a user and a server), and (\textit{iii}) the
computational load at the user and the server.\BComment: IEEE Transactions on Dependable and Secure Computing, Accepted 01
Aug. 201
A new trapdoorindistinguishable public key encryption with keyword search
Abstract The public key encryption with keyword search (PEKS) provides a way for users to search data which are encrypted under the users' public key on a storage system. However, the original schemes are based on the unrealistic assumption of a secure channel between the receiver and the server. Baek et al. [1] first proposed a secure channel-free public key encryption with keyword search (SCF-PEKS) to remove the assumption. However, Rhee et al
Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset
The ability to query and update over encrypted data is an essential feature to enable breach- resilient cyber-infrastructures. Statistical attacks on searchable encryption (SE) have demonstrated the importance of sealing information leaks in access patterns. In response to such attacks, the community has proposed the Oblivious Random Access Machine (ORAM). However, due to the logarithmic communication overhead of ORAM, the composition of ORAM and SE is known to be costly in the conventional client-server model, which poses a critical barrier toward its practical adaptations.
In this paper, we propose a novel hardware-supported privacy-enhancing platform called Practical Oblivious Search and Update Platform (POSUP), which enables oblivious keyword search and update operations on large datasets with high efficiency. We harness Intel SGX to realize efficient oblivious data structures for oblivious search/update purposes. We implemented POSUP and evaluated its per- formance on a Wikipedia dataset containing ≥ 229 keyword-file pairs. Our implementation is highly efficient, taking only 1 ms to access a 3 KB block with Circuit-ORAM. Our experiments have shown that POSUP offers up to 70× less end-to-end delay with 100× reduced network bandwidth consump- tion compared with the traditional ORAM-SE composition without secure hardware. POSUP is also at least 4.5× faster for up to 99.5% of keywords that can be searched compared with state-of-the-art Intel SGX-assisted search platforms
Rate-limited secure function evaluation
We introduce the notion of rate-limited secure function evaluation (RL-SFE). Loosely speaking, in an RL-SFE protocol participants can monitor and limit the number of distinct inputs (i.e., rate) used by their counterparts in multiple executions of an SFE, in a private and verifiable manner. The need for RL-SFE naturally arises in a variety of scenarios: e.g., it enables service providers to “meter” their customers’ usage without compromising their privacy, or can be used to prevent oracle attacks against SFE constructions. We consider three variants of RL-SFE providing different levels of security. As a stepping
stone, we also formalize the notion of commit-first SFE (CF-SFE) wherein parties are committed to their inputs before each SFE execution. We provide compilers for transforming any CF-SFE protocol into each of the three RL-SFE variants. Our compilers are accompanied with simulation-based proofs of security in the standard model and show a clear tradeoff between the level of security offered and the overhead required. Moreover, motivated by the fact that in many client-server applications clients do not keep state, we also describe a general approach for transforming the resulting RL-SFE protocols into stateless ones. As a case study, we take a closer look at the oblivious polynomial evaluation (OPE) protocol of Hazay and Lindell, show that it is commit-first, and instantiate efficient ratelimited variants of it
- …