SGX-Based Secure Indexing System

With the rising popularity of cloud computing technology, many positive effects have been exerted, whereas many security issues arise. The main existing way to ensure data confidentiality is to encrypt the data. However, the encrypted data renders keyword indexing more difficult to achieve, and the way to specify the plain-text keywords for the cipher-text data also reveals the privacy of the data owner to the untrusted service provider. In the meantime, many challenges are imposed on the software-based methods to index encrypted data, and existing hardware-based solutions typically have a large code footprint in a trusted environment. To solve these problems, an SGX-based secure indexing solution was built based on the combination of hardware and software and using Intel’s Software Guard Extensions (SGX) technology. The results of the security analysis suggest that our scheme only leaks the access patterns, and our trust code protected by the SGX hardware is very small, thereby minimizing the exposed attack surface. Besides, our experiments verify that our scheme is efficient and practical, both in performance and storage aspects.

[1]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[2]  Chin-Chen Chang,et al.  Blockchain based searchable encryption for electronic health record sharing , 2019, Future Gener. Comput. Syst..

[3]  Pil Joong Lee,et al.  Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System , 2007, Pairing.

[4]  Peng Wang,et al.  Improving the one-position inheritance artificial bee colony algorithm using heuristic search mechanisms , 2019, Soft Comput..

[5]  Ming Li,et al.  Authorized Private Keyword Search over Encrypted Data in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems.

[6]  Witold Pedrycz,et al.  NewMCOS: Towards a Practical Multi-Cloud Oblivious Storage Scheme , 2020, IEEE Transactions on Knowledge and Data Engineering.

[7]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[8]  Jin Li,et al.  DivORAM: Towards a practical oblivious RAM with variable block size , 2018, Inf. Sci..

[9]  Michael K. Reiter,et al.  Differentially Private Access Patterns for Searchable Symmetric Encryption , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[10]  Gil Segev,et al.  Tight Tradeoffs in Searchable Symmetric Encryption , 2018, IACR Cryptol. ePrint Arch..

[11]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[12]  Chanil Park,et al.  Privacy-preserving identity-based broadcast encryption , 2012, Inf. Fusion.

[13]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[14]  Wenjing Lou,et al.  Searchable Symmetric Encryption with Forward Search Privacy , 2019, IEEE Transactions on Dependable and Secure Computing.

[15]  Fucai Zhou,et al.  Dynamic Fully Homomorphic encryption-based Merkle Tree for lightweight streaming authenticated data structures , 2018, J. Netw. Comput. Appl..

[16]  Ryo Nishimaki,et al.  CCA Proxy Re-Encryption without Bilinear Maps in the Standard Model , 2010, Public Key Cryptography.