Augmenting Encrypted Search: A Decentralized Service Realization with Enforced Execution

Searchable symmetric encryption (SSE) allows the data owner to outsource an encrypted database to a remote server in a private manner while maintaining the ability for selectively search. So far, most existing solutions focus on an honest-but-curious server, while security designs against a malicious server have not drawn enough attention. A few recent works have attempted to construct verifiable SSE that enables the data owner to verify the integrity of search results. Nevertheless, these verification mechanisms are highly dependent on specific SSE schemes, and fail to support complex queries. A general verification mechanism is desired that can be applied to all SSE schemes. In this work, instead of concentrating on a central server, we explore the potential of the smart contract, an emerging blockchain-based decentralized technology, and construct decentralized SSE schemes where the data owner can receive correct search results with assurance without worrying about potential wrongdoings of a malicious server. We study both public and private blockchain environments and propose two designs with a trade-off between security and efficiency. To better support practical applications, the multi-user setting of SSE is further investigated where the data owner allows authenticated users to search keywords in shared documents. We implement prototypes of our two designs and present experiments and evaluations to demonstrate the practicability of our decentralized SSE schemes.

[1]  Rishabh Poddar,et al.  Oblix: An Efficient Oblivious Search Index , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[2]  Jason Teutsch,et al.  Demystifying Incentives in the Consensus Computer , 2015, CCS.

[3]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[4]  Tal Malkin,et al.  Malicious-Client Security in Blind Seer: A Scalable Private DBMS , 2015, 2015 IEEE Symposium on Security and Privacy.

[5]  瀬崎 薫,et al.  Practical Byzantine Fault Tolerance strategy in Wireless Networks (モバイルコンピューティングとユビキタス通信(MBL) Vol.2010-MBL-56) , 2010 .

[6]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[7]  Dongsu Han,et al.  Enhancing Security and Privacy of Tor's Ecosystem by Using Trusted Execution Environments , 2017, NSDI.

[8]  Ahmad-Reza Sadeghi,et al.  HardIDX: Practical and Secure Index with SGX , 2017, DBSec.

[9]  Shengshan Hu,et al.  Securing SIFT: Privacy-Preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data. , 2016, IEEE transactions on image processing : a publication of the IEEE Signal Processing Society.

[10]  Hugo Krawczyk,et al.  Rich Queries on Encrypted Data: Beyond Exact Matches , 2015, ESORICS.

[11]  Qian Wang,et al.  Searchable Encryption over Feature-Rich Data , 2018, IEEE Transactions on Dependable and Secure Computing.

[12]  Prateek Saxena,et al.  A Secure Sharding Protocol For Open Blockchains , 2016, CCS.

[13]  Angelos D. Keromytis,et al.  Blind Seer: A Scalable Private DBMS , 2014, 2014 IEEE Symposium on Security and Privacy.

[14]  Cong Wang,et al.  Enabling Generic, Verifiable, and Secure Data Search in Cloud Services , 2018, IEEE Transactions on Parallel and Distributed Systems.

[15]  Yanjiao Chen,et al.  Privacy-Preserving Collaborative Model Learning: The Case of Word Vector Training , 2018, IEEE Transactions on Knowledge and Data Engineering.

[16]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[17]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, IEEE Symposium on Security and Privacy.

[18]  Cong Wang,et al.  Searching an Encrypted Cloud Meets Blockchain: A Decentralized, Reliable and Fair Realization , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[19]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[20]  Kaoru Kurosawa,et al.  UC-Secure Searchable Symmetric Encryption , 2012, Financial Cryptography.

[21]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[22]  Qian Wang,et al.  Towards Private and Scalable Cross-Media Retrieval , 2021, IEEE Transactions on Dependable and Secure Computing.

[23]  David Pointcheval,et al.  Verifiable Dynamic Symmetric Searchable Encryption: Optimality and Forward Security , 2016, IACR Cryptol. ePrint Arch..

[24]  George Kollios,et al.  GRECS: Graph Encryption for Approximate Shortest Distance Queries , 2015, IACR Cryptol. ePrint Arch..

[25]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[26]  Latifur Khan,et al.  SGX-Log: Securing System Logs With SGX , 2017, AsiaCCS.

[27]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[28]  Melissa Chase,et al.  Structured Encryption and Controlled Disclosure , 2010, IACR Cryptol. ePrint Arch..

[29]  Raphael Bost,et al.  ∑oφoς: Forward Secure Searchable Encryption , 2016, CCS.

[30]  Aggelos Kiayias,et al.  Edinburgh Research Explorer Efficient Encrypted Keyword Search for Multi-user Data Sharing , 2016 .

[31]  Hugo Krawczyk,et al.  Outsourced symmetric private information retrieval , 2013, IACR Cryptol. ePrint Arch..

[32]  Seny Kamara,et al.  Boolean Searchable Symmetric Encryption with Worst-Case Sub-linear Complexity , 2017, EUROCRYPT.

[33]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[34]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[35]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[36]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..