A Novel Methodology to Mitigate Keyword Guessing Attack using Keyword and Signature Hash

The importance of electronic data and its rapid growth leads to gradual increase to the data usage over the network servers and on the other side high priority is needed for the data security and privacy. The existing keyword search schemes for data retrieval from the centralized storage uses keyword as a valid parameter. Even though, keywords are encrypted and then used, intruders are able to guess keywords and can verify it using offline dictionary attack. The ability of guessing keywords by intruders reveals the stored data which affects data security and privacy. We need an additional parameter to the keyword used for search which will make the keyword guessing attack impossible. The additional parameter we used in our encryption framework is a signature file whose content needs to be independent of data. The content of signature file can be any data such as image, table, text, etc. which depends on the choice of user. This signature is hashed with keyword which makes the adversary difficult to guess the content of signature of the user. The existing approaches used keyword along with private key as search parameters, the guessing of appropriate keyword reveals the private key of user. In our framework, addition of signature along with keyword ensures both authentication as well as data privacy.

[1]  Mototsugu Nishioka,et al.  Perfect Keyword Privacy in PEKS Systems , 2012, ProvSec.

[2]  Willy Susilo,et al.  Public key encryption with keyword search secure against keyword guessing attacks without random oracle , 2013, Inf. Sci..

[3]  Kihyun Kim,et al.  Public Key Encryption with Conjunctive Field Keyword Search , 2004, WISA.

[4]  Willy Susilo,et al.  A Secure Channel Free Public Key Encryption with Keyword Search Scheme without Random Oracle , 2009, CANS.

[5]  B. Parvathavarthini,et al.  An Enhanced Distributed Weighted Clustering Routing Protocol for Key Management , 2015 .

[6]  Ravi Sandhu,et al.  Proceedings of the 1st ACM conference on Computer and communications security , 1993, Conference on Computer and Communications Security.

[7]  S. Sreejith,et al.  Learning Cyber Security Through Gamification , 2015 .

[8]  D. Arivazhagan,et al.  Generating a Digital Signature Based on New Cryptographic Scheme for User Authentication and Security , 2014 .

[9]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[10]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[11]  Satya Prakash Ghrera,et al.  A New Group Key Transfer Protocol using CBU Hash Function , 2013 .

[12]  Nor Ashidi Mat Isa,et al.  A Steganography Approach over Video Images to Improve Security , 2015 .

[13]  Jae-Young Lee A Study on the Use of Secure Data in Cloud Storage for Collaboration , 2015 .

[14]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[15]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[16]  Eli Biham,et al.  Cryptanalysis of reduced variants of RIJNDAEL , 2000 .