907 research outputs found
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency
Recently, several practical attacks raised serious concerns over the security
of searchable encryption. The attacks have brought emphasis on forward privacy,
which is the key concept behind solutions to the adaptive leakage-exploiting
attacks, and will very likely to become mandatory in the design of new
searchable encryption schemes. For a long time, forward privacy implies
inefficiency and thus most existing searchable encryption schemes do not
support it. Very recently, Bost (CCS 2016) showed that forward privacy can be
obtained without inducing a large communication overhead. However, Bost's
scheme is constructed with a relatively inefficient public key cryptographic
primitive, and has a poor I/O performance. Both of the deficiencies
significantly hinder the practical efficiency of the scheme, and prevent it
from scaling to large data settings. To address the problems, we first present
FAST, which achieves forward privacy and the same communication efficiency as
Bost's scheme, but uses only symmetric cryptographic primitives. We then
present FASTIO, which retains all good properties of FAST, and further improves
I/O efficiency. We implemented the two schemes and compared their performance
with Bost's scheme. The experiment results show that both our schemes are
highly efficient, and FASTIO achieves a much better scalability due to its
optimized I/O
Achieving Secure and Efficient Cloud Search Services: Cross-Lingual Multi-Keyword Rank Search over Encrypted Cloud Data
Multi-user multi-keyword ranked search scheme in arbitrary language is a
novel multi-keyword rank searchable encryption (MRSE) framework based on
Paillier Cryptosystem with Threshold Decryption (PCTD). Compared to previous
MRSE schemes constructed based on the k-nearest neighbor searcha-ble encryption
(KNN-SE) algorithm, it can mitigate some draw-backs and achieve better
performance in terms of functionality and efficiency. Additionally, it does not
require a predefined keyword set and support keywords in arbitrary languages.
However, due to the pattern of exact matching of keywords in the new MRSE
scheme, multilingual search is limited to each language and cannot be searched
across languages. In this pa-per, we propose a cross-lingual multi-keyword rank
search (CLRSE) scheme which eliminates the barrier of languages and achieves
semantic extension with using the Open Multilingual Wordnet. Our CLRSE scheme
also realizes intelligent and per-sonalized search through flexible keyword and
language prefer-ence settings. We evaluate the performance of our scheme in
terms of security, functionality, precision and efficiency, via extensive
experiments
Privacy-Preserving Genetic Relatedness Test
An increasing number of individuals are turning to Direct-To-Consumer (DTC)
genetic testing to learn about their predisposition to diseases, traits, and/or
ancestry. DTC companies like 23andme and Ancestry.com have started to offer
popular and affordable ancestry and genealogy tests, with services allowing
users to find unknown relatives and long-distant cousins. Naturally, access and
possible dissemination of genetic data prompts serious privacy concerns, thus
motivating the need to design efficient primitives supporting private genetic
tests. In this paper, we present an effective protocol for privacy-preserving
genetic relatedness test (PPGRT), enabling a cloud server to run relatedness
tests on input an encrypted genetic database and a test facility's encrypted
genetic sample. We reduce the test to a data matching problem and perform it,
privately, using searchable encryption. Finally, a performance evaluation of
hamming distance based PP-GRT attests to the practicality of our proposals.Comment: A preliminary version of this paper appears in the Proceedings of the
3rd International Workshop on Genome Privacy and Security (GenoPri'16
- …