101 research outputs found
FSPVDsse: A Forward Secure Publicly Verifiable Dynamic SSE scheme
A symmetric searchable encryption (SSE) scheme allows a client (data owner)
to search on encrypted data outsourced to an untrusted cloud server. The search
may either be a single keyword search or a complex query search like
conjunctive or Boolean keyword search. Information leakage is quite high for
dynamic SSE, where data might be updated. It has been proven that to avoid this
information leakage an SSE scheme with dynamic data must be forward private. A
dynamic SSE scheme is said to be forward private, if adding a keyword-document
pair does not reveal any information about the previous search result with that
keyword.
In SSE setting, the data owner has very low computation and storage power. In
this setting, though some schemes achieve forward privacy with
honest-but-curious cloud, it becomes difficult to achieve forward privacy when
the server is malicious, meaning that it can alter the data. Verifiable dynamic
SSE requires the server to give a proof of the result of the search query. The
data owner can verify this proof efficiently. In this paper, we have proposed a
generic publicly verifiable dynamic SSE (DSSE) scheme that makes any forward
private DSSE scheme verifiable without losing forward privacy. The proposed
scheme does not require any extra storage at owner-side and requires minimal
computational cost as well for the owner. Moreover, we have compared our scheme
with the existing results and show that our scheme is practical.Comment: 17 pages, Published in ProvSec 201
VCKSCF: Efficient Verifiable Conjunctive Keyword Search Based on Cuckoo Filter for Cloud Storage
Searchable Symmetric Encryption(SSE) remains to be one of the hot topics in the field of cloud storage technology. However, malicious servers may return incorrect search results intentionally, which will bring significant security risks to users. Therefore, verifiable searchable encryption emerged. In the meantime, single-keyword query limits the applications of searchable encryption. Accordingly, more expressive searchable encryption schemes are desirable. In this paper, we propose a verifiable conjunctive keyword search scheme based on Cuckoo filter (VCKSCF), which significantly reduces verification and storage overhead. Security analysis indicates that the proposed scheme achieves security in the face of indistinguishability under chosen keyword attack and the unforgeability of proofs and search tokens. Meanwhile, the experimental evaluation demonstrates that it achieves preferable performance in real-world settings
An In-Depth Analysis on Efficiency and Vulnerabilities on a Cloud-Based Searchable Symmetric Encryption Solution
Searchable Symmetric Encryption (SSE) has come to be as an integral cryptographic approach in a world where digital privacy is essential. The capacity to search through encrypted data whilst maintaining its integrity meets the most important demand for security and confidentiality in a society that is increasingly dependent on cloud-based services and data storage. SSE offers efficient processing of queries over encrypted datasets, allowing entities to comply with data privacy rules while preserving database usability. Our research goes into this need, concentrating on the development and thorough testing of an SSE system based on Curtmola’s architecture and employing Advanced Encryption Standard (AES) in Cypher Block Chaining (CBC) mode. A primary goal of the research is to conduct a thorough evaluation of the security and performance of the system. In order to assess search performance, a variety of database settings were extensively tested, and the system's security was tested by simulating intricate threat scenarios such as count attacks and leakage abuse. The efficiency of operation and cryptographic robustness of the SSE system are critically examined by these reviews
Efficient Strong Privacy-Preserving Conjunctive Keyword Search Over Encrypted Cloud Data
Searchable symmetric encryption (SSE) supports keyword search over outsourced
symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a
variant of SSE, further enables data updating. Most DSSE works with conjunctive
keyword search primarily consider forward and backward privacy. Ideally, the
server should only learn the result sets involving all keywords in the
conjunction. However, existing schemes suffer from keyword pair result pattern
(KPRP) leakage, revealing the partial result sets containing two of query
keywords. We propose the first DSSE scheme to address aforementioned concerns
that achieves strong privacy-preserving conjunctive keyword search.
Specifically, our scheme can maintain forward and backward privacy and
eliminate KPRP leakage, offering a higher level of security. The search
complexity scales with the number of documents stored in the database in
several existing schemes. However, the complexity of our scheme scales with the
update frequency of the least frequent keyword in the conjunction, which is
much smaller than the size of the entire database. Besides, we devise a least
frequent keyword acquisition protocol to reduce frequent interactions between
clients. Finally, we analyze the security of our scheme and evaluate its
performance theoretically and experimentally. The results show that our scheme
has strong privacy preservation and efficiency
OS2: Oblivious similarity based searching for encrypted data outsourced to an untrusted domain
© 2017 Pervez et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Public cloud storage services are becoming prevalent and myriad data sharing, archiving and collaborative services have emerged which harness the pay-as-you-go business model of public cloud. To ensure privacy and confidentiality often encrypted data is outsourced to such services, which further complicates the process of accessing relevant data by using search queries. Search over encrypted data schemes solve this problem by exploiting cryptographic primitives and secure indexing to identify outsourced data that satisfy the search criteria. Almost all of these schemes rely on exact matching between the encrypted data and search criteria. A few schemes which extend the notion of exact matching to similarity based search, lack realism as those schemes rely on trusted third parties or due to increase storage and computational complexity. In this paper we propose Oblivious Similarity based Search (OS2) for encrypted data. It enables authorized users to model their own encrypted search queries which are resilient to typographical errors. Unlike conventional methodologies, OS2 ranks the search results by using similarity measure offering a better search experience than exact matching. It utilizes encrypted bloom filter and probabilistic homomorphic encryption to enable authorized users to access relevant data without revealing results of search query evaluation process to the untrusted cloud service provider. Encrypted bloom filter based search enables OS2 to reduce search space to potentially relevant encrypted data avoiding unnecessary computation on public cloud. The efficacy of OS2 is evaluated on Google App Engine for various bloom filter lengths on different cloud configurations
Secure Remote Storage of Logs with Search Capabilities
Dissertação de Mestrado em Engenharia InformáticaAlong side with the use of cloud-based services, infrastructure and storage, the use of application logs
in business critical applications is a standard practice nowadays. Such application logs must be stored
in an accessible manner in order to used whenever needed. The debugging of these applications is a
common situation where such access is required. Frequently, part of the information contained in logs
records is sensitive.
This work proposes a new approach of storing critical logs in a cloud-based storage recurring to
searchable encryption, inverted indexing and hash chaining techniques to achieve, in a unified way, the
needed privacy, integrity and authenticity while maintaining server side searching capabilities by the logs
owner.
The designed search algorithm enables conjunctive keywords queries plus a fine-grained search
supported by field searching and nested queries, which are essential in the referred use case. To the
best of our knowledge, the proposed solution is also the first to introduce a query language that enables
complex conjunctive keywords and a fine-grained search backed by field searching and sub queries.A gerac¸ ˜ao de logs em aplicac¸ ˜oes e a sua posterior consulta s˜ao fulcrais para o funcionamento de qualquer
neg´ocio ou empresa. Estes logs podem ser usados para eventuais ac¸ ˜oes de auditoria, uma vez
que estabelecem uma baseline das operac¸ ˜oes realizadas. Servem igualmente o prop´ osito de identificar
erros, facilitar ac¸ ˜oes de debugging e diagnosticar bottlennecks de performance. Tipicamente, a maioria
da informac¸ ˜ao contida nesses logs ´e considerada sens´ıvel.
Quando estes logs s˜ao armazenados in-house, as considerac¸ ˜oes relacionadas com anonimizac¸ ˜ao,
confidencialidade e integridade s˜ao geralmente descartadas. Contudo, com o advento das plataformas
cloud e a transic¸ ˜ao quer das aplicac¸ ˜oes quer dos seus logs para estes ecossistemas, processos de
logging remotos, seguros e confidenciais surgem como um novo desafio. Adicionalmente, regulac¸ ˜ao
como a RGPD, imp˜oe que as instituic¸ ˜oes e empresas garantam o armazenamento seguro dos dados.
A forma mais comum de garantir a confidencialidade consiste na utilizac¸ ˜ao de t ´ecnicas criptogr ´aficas
para cifrar a totalidade dos dados anteriormente `a sua transfer ˆencia para o servidor remoto. Caso sejam
necess´ arias capacidades de pesquisa, a abordagem mais simples ´e a transfer ˆencia de todos os dados
cifrados para o lado do cliente, que proceder´a `a sua decifra e pesquisa sobre os dados decifrados.
Embora esta abordagem garanta a confidencialidade e privacidade dos dados, rapidamente se torna
impratic ´avel com o crescimento normal dos registos de log. Adicionalmente, esta abordagem n˜ao faz
uso do potencial total que a cloud tem para oferecer.
Com base nesta tem´ atica, esta tese prop˜oe o desenvolvimento de uma soluc¸ ˜ao de armazenamento
de logs operacionais de forma confidencial, integra e autˆ entica, fazendo uso das capacidades de armazenamento
e computac¸ ˜ao das plataformas cloud. Adicionalmente, a possibilidade de pesquisa sobre
os dados ´e mantida. Essa pesquisa ´e realizada server-side diretamente sobre os dados cifrados e sem
acesso em momento algum a dados n˜ao cifrados por parte do servidor..
An Enhanced TBAHIBE-LBKQS Techniques for Privacy Preservation in Wireless Network
In recent days, providing security to the data stored in wireless network is an important and challenging task. For this purpose, several existing privacy preservation and encryption algorithms are proposed in the existing works. But, it has some drawbacks such as, high cost, required more amount of time for execution and low level security. In order to overcome all these drawbacks, this paper proposes a novel technique such as, Tiered Blind and Anonymous Hierarchical Identity Based Encryption (TBAHIBE) and Location Based Keyword Query Search (LBKQS) for providing privacy preservation to the data stored in wireless network environment. In this work, the privacy is provided to the packet data stored in the Electronic Health Record (EHR). It includes two modules such as, secure data storage and location based keyword query search. In the first module, the packet data of the egg and, receptor, doctor and lab technician are stored in the encrypted format by using the proposed TBAHIBE technique. Here, the authenticated persons can view the packet data, for instance, the doctor can view the donor and receptor packet details. In the second module, the location based search is enabled based on the keyword and query. Here, the doctor, patient and other users can fetch the packet details in a filtered format. The main advantage of this paper is, it provides high privacy to the packet data in a secured way. The experimental results evaluate the performance of the proposed system in terms of computation cost, communication cost, query evaluation, encryption time, decryption time and key generation time
A Privacy-Preserving, Accountable and Spam-Resilient Geo-Marketplace
Mobile devices with rich features can record videos, traffic parameters or
air quality readings along user trajectories. Although such data may be
valuable, users are seldom rewarded for collecting them. Emerging digital
marketplaces allow owners to advertise their data to interested buyers. We
focus on geo-marketplaces, where buyers search data based on geo-tags. Such
marketplaces present significant challenges. First, if owners upload data with
revealed geo-tags, they expose themselves to serious privacy risks. Second,
owners must be accountable for advertised data, and must not be allowed to
subsequently alter geo-tags. Third, such a system may be vulnerable to
intensive spam activities, where dishonest owners flood the system with fake
advertisements. We propose a geo-marketplace that addresses all these concerns.
We employ searchable encryption, digital commitments, and blockchain to protect
the location privacy of owners while at the same time incorporating
accountability and spam-resilience mechanisms. We implement a prototype with
two alternative designs that obtain distinct trade-offs between trust
assumptions and performance. Our experiments on real location data show that
one can achieve the above design goals with practical performance and
reasonable financial overhead.Comment: SIGSPATIAL'19, 10 page
- …