FSPVDsse: A Forward Secure Publicly Verifiable Dynamic SSE scheme

A symmetric searchable encryption (SSE) scheme allows a client (data owner) to search on encrypted data outsourced to an untrusted cloud server. The search may either be a single keyword search or a complex query search like conjunctive or Boolean keyword search. Information leakage is quite high for dynamic SSE, where data might be updated. It has been proven that to avoid this information leakage an SSE scheme with dynamic data must be forward private. A dynamic SSE scheme is said to be forward private, if adding a keyword-document pair does not reveal any information about the previous search result with that keyword. In SSE setting, the data owner has very low computation and storage power. In this setting, though some schemes achieve forward privacy with honest-but-curious cloud, it becomes difficult to achieve forward privacy when the server is malicious, meaning that it can alter the data. Verifiable dynamic SSE requires the server to give a proof of the result of the search query. The data owner can verify this proof efficiently. In this paper, we have proposed a generic publicly verifiable dynamic SSE (DSSE) scheme that makes any forward private DSSE scheme verifiable without losing forward privacy. The proposed scheme does not require any extra storage at owner-side and requires minimal computational cost as well for the owner. Moreover, we have compared our scheme with the existing results and show that our scheme is practical.Comment: 17 pages, Published in ProvSec 201

VCKSCF: Efficient Verifiable Conjunctive Keyword Search Based on Cuckoo Filter for Cloud Storage

Searchable Symmetric Encryption(SSE) remains to be one of the hot topics in the field of cloud storage technology. However, malicious servers may return incorrect search results intentionally, which will bring significant security risks to users. Therefore, verifiable searchable encryption emerged. In the meantime, single-keyword query limits the applications of searchable encryption. Accordingly, more expressive searchable encryption schemes are desirable. In this paper, we propose a verifiable conjunctive keyword search scheme based on Cuckoo filter (VCKSCF), which significantly reduces verification and storage overhead. Security analysis indicates that the proposed scheme achieves security in the face of indistinguishability under chosen keyword attack and the unforgeability of proofs and search tokens. Meanwhile, the experimental evaluation demonstrates that it achieves preferable performance in real-world settings

An In-Depth Analysis on Efficiency and Vulnerabilities on a Cloud-Based Searchable Symmetric Encryption Solution

Searchable Symmetric Encryption (SSE) has come to be as an integral cryptographic approach in a world where digital privacy is essential. The capacity to search through encrypted data whilst maintaining its integrity meets the most important demand for security and confidentiality in a society that is increasingly dependent on cloud-based services and data storage. SSE offers efficient processing of queries over encrypted datasets, allowing entities to comply with data privacy rules while preserving database usability. Our research goes into this need, concentrating on the development and thorough testing of an SSE system based on Curtmola’s architecture and employing Advanced Encryption Standard (AES) in Cypher Block Chaining (CBC) mode. A primary goal of the research is to conduct a thorough evaluation of the security and performance of the system. In order to assess search performance, a variety of database settings were extensively tested, and the system's security was tested by simulating intricate threat scenarios such as count attacks and leakage abuse. The efficiency of operation and cryptographic robustness of the SSE system are critically examined by these reviews

Efficient Strong Privacy-Preserving Conjunctive Keyword Search Over Encrypted Cloud Data

Searchable symmetric encryption (SSE) supports keyword search over outsourced symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a variant of SSE, further enables data updating. Most DSSE works with conjunctive keyword search primarily consider forward and backward privacy. Ideally, the server should only learn the result sets involving all keywords in the conjunction. However, existing schemes suffer from keyword pair result pattern (KPRP) leakage, revealing the partial result sets containing two of query keywords. We propose the first DSSE scheme to address aforementioned concerns that achieves strong privacy-preserving conjunctive keyword search. Specifically, our scheme can maintain forward and backward privacy and eliminate KPRP leakage, offering a higher level of security. The search complexity scales with the number of documents stored in the database in several existing schemes. However, the complexity of our scheme scales with the update frequency of the least frequent keyword in the conjunction, which is much smaller than the size of the entire database. Besides, we devise a least frequent keyword acquisition protocol to reduce frequent interactions between clients. Finally, we analyze the security of our scheme and evaluate its performance theoretically and experimentally. The results show that our scheme has strong privacy preservation and efficiency

OS2: Oblivious similarity based searching for encrypted data outsourced to an untrusted domain

© 2017 Pervez et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Public cloud storage services are becoming prevalent and myriad data sharing, archiving and collaborative services have emerged which harness the pay-as-you-go business model of public cloud. To ensure privacy and confidentiality often encrypted data is outsourced to such services, which further complicates the process of accessing relevant data by using search queries. Search over encrypted data schemes solve this problem by exploiting cryptographic primitives and secure indexing to identify outsourced data that satisfy the search criteria. Almost all of these schemes rely on exact matching between the encrypted data and search criteria. A few schemes which extend the notion of exact matching to similarity based search, lack realism as those schemes rely on trusted third parties or due to increase storage and computational complexity. In this paper we propose Oblivious Similarity based Search (OS2) for encrypted data. It enables authorized users to model their own encrypted search queries which are resilient to typographical errors. Unlike conventional methodologies, OS2 ranks the search results by using similarity measure offering a better search experience than exact matching. It utilizes encrypted bloom filter and probabilistic homomorphic encryption to enable authorized users to access relevant data without revealing results of search query evaluation process to the untrusted cloud service provider. Encrypted bloom filter based search enables OS2 to reduce search space to potentially relevant encrypted data avoiding unnecessary computation on public cloud. The efficacy of OS2 is evaluated on Google App Engine for various bloom filter lengths on different cloud configurations

Secure Remote Storage of Logs with Search Capabilities

Dissertação de Mestrado em Engenharia InformáticaAlong side with the use of cloud-based services, infrastructure and storage, the use of application logs in business critical applications is a standard practice nowadays. Such application logs must be stored in an accessible manner in order to used whenever needed. The debugging of these applications is a common situation where such access is required. Frequently, part of the information contained in logs records is sensitive. This work proposes a new approach of storing critical logs in a cloud-based storage recurring to searchable encryption, inverted indexing and hash chaining techniques to achieve, in a unified way, the needed privacy, integrity and authenticity while maintaining server side searching capabilities by the logs owner. The designed search algorithm enables conjunctive keywords queries plus a fine-grained search supported by field searching and nested queries, which are essential in the referred use case. To the best of our knowledge, the proposed solution is also the first to introduce a query language that enables complex conjunctive keywords and a fine-grained search backed by field searching and sub queries.A gerac¸ ˜ao de logs em aplicac¸ ˜oes e a sua posterior consulta s˜ao fulcrais para o funcionamento de qualquer neg´ocio ou empresa. Estes logs podem ser usados para eventuais ac¸ ˜oes de auditoria, uma vez que estabelecem uma baseline das operac¸ ˜oes realizadas. Servem igualmente o prop´ osito de identificar erros, facilitar ac¸ ˜oes de debugging e diagnosticar bottlennecks de performance. Tipicamente, a maioria da informac¸ ˜ao contida nesses logs ´e considerada sens´ıvel. Quando estes logs s˜ao armazenados in-house, as considerac¸ ˜oes relacionadas com anonimizac¸ ˜ao, confidencialidade e integridade s˜ao geralmente descartadas. Contudo, com o advento das plataformas cloud e a transic¸ ˜ao quer das aplicac¸ ˜oes quer dos seus logs para estes ecossistemas, processos de logging remotos, seguros e confidenciais surgem como um novo desafio. Adicionalmente, regulac¸ ˜ao como a RGPD, imp˜oe que as instituic¸ ˜oes e empresas garantam o armazenamento seguro dos dados. A forma mais comum de garantir a confidencialidade consiste na utilizac¸ ˜ao de t ´ecnicas criptogr ´aficas para cifrar a totalidade dos dados anteriormente `a sua transfer ˆencia para o servidor remoto. Caso sejam necess´ arias capacidades de pesquisa, a abordagem mais simples ´e a transfer ˆencia de todos os dados cifrados para o lado do cliente, que proceder´a `a sua decifra e pesquisa sobre os dados decifrados. Embora esta abordagem garanta a confidencialidade e privacidade dos dados, rapidamente se torna impratic ´avel com o crescimento normal dos registos de log. Adicionalmente, esta abordagem n˜ao faz uso do potencial total que a cloud tem para oferecer. Com base nesta tem´ atica, esta tese prop˜oe o desenvolvimento de uma soluc¸ ˜ao de armazenamento de logs operacionais de forma confidencial, integra e autˆ entica, fazendo uso das capacidades de armazenamento e computac¸ ˜ao das plataformas cloud. Adicionalmente, a possibilidade de pesquisa sobre os dados ´e mantida. Essa pesquisa ´e realizada server-side diretamente sobre os dados cifrados e sem acesso em momento algum a dados n˜ao cifrados por parte do servidor..

An Enhanced TBAHIBE-LBKQS Techniques for Privacy Preservation in Wireless Network

In recent days, providing security to the data stored in wireless network is an important and challenging task. For this purpose, several existing privacy preservation and encryption algorithms are proposed in the existing works. But, it has some drawbacks such as, high cost, required more amount of time for execution and low level security. In order to overcome all these drawbacks, this paper proposes a novel technique such as, Tiered Blind and Anonymous Hierarchical Identity Based Encryption (TBAHIBE) and Location Based Keyword Query Search (LBKQS) for providing privacy preservation to the data stored in wireless network environment. In this work, the privacy is provided to the packet data stored in the Electronic Health Record (EHR). It includes two modules such as, secure data storage and location based keyword query search. In the first module, the packet data of the egg and, receptor, doctor and lab technician are stored in the encrypted format by using the proposed TBAHIBE technique. Here, the authenticated persons can view the packet data, for instance, the doctor can view the donor and receptor packet details. In the second module, the location based search is enabled based on the keyword and query. Here, the doctor, patient and other users can fetch the packet details in a filtered format. The main advantage of this paper is, it provides high privacy to the packet data in a secured way. The experimental results evaluate the performance of the proposed system in terms of computation cost, communication cost, query evaluation, encryption time, decryption time and key generation time

A Privacy-Preserving, Accountable and Spam-Resilient Geo-Marketplace

Mobile devices with rich features can record videos, traffic parameters or air quality readings along user trajectories. Although such data may be valuable, users are seldom rewarded for collecting them. Emerging digital marketplaces allow owners to advertise their data to interested buyers. We focus on geo-marketplaces, where buyers search data based on geo-tags. Such marketplaces present significant challenges. First, if owners upload data with revealed geo-tags, they expose themselves to serious privacy risks. Second, owners must be accountable for advertised data, and must not be allowed to subsequently alter geo-tags. Third, such a system may be vulnerable to intensive spam activities, where dishonest owners flood the system with fake advertisements. We propose a geo-marketplace that addresses all these concerns. We employ searchable encryption, digital commitments, and blockchain to protect the location privacy of owners while at the same time incorporating accountability and spam-resilience mechanisms. We implement a prototype with two alternative designs that obtain distinct trade-offs between trust assumptions and performance. Our experiments on real location data show that one can achieve the above design goals with practical performance and reasonable financial overhead.Comment: SIGSPATIAL'19, 10 page