Searchable Symmetric Encryption with Forward Search Privacy

Searchable symmetric encryption (SSE) has been widely applied in the encrypted database for queries in practice. Although SSE is powerful and feature-rich, it is always plagued by information leaks. Some recent attacks point out that forward privacy which disallows leakage from update operations, now becomes a basic requirement for any newly designed SSE schemes. However, the subsequent search operations can still leak a significant amount of information. To further strengthen security, we extend the definition of forward privacy and propose the notion of “forward search privacy”. Intuitively, it requires search operations over newly added documents do not leak any information about past queries. The enhanced security notion poses new challenges to the design of SSE. We address the challenges by developing the hidden pointer technique (HPT) and propose a new SSE scheme called Khons, which satisfies our security notion (with the original forward privacy notion) and is also efficient. We implemented Khons and our experiment results on large dataset (wikipedia) show that it is more efficient than existing SSE schemes with forward privacy.

[1]  Ioannis Demertzis,et al.  Searchable Encryption with Optimal Locality: Achieving Sublogarithmic Read Efficiency , 2018, IACR Cryptol. ePrint Arch..

[2]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[3]  Kaoru Kurosawa,et al.  UC-Secure Searchable Symmetric Encryption , 2012, Financial Cryptography.

[4]  Sanjam Garg,et al.  TWORAM: Efficient Oblivious RAM in Two Rounds with Applications to Searchable Encryption , 2016, CRYPTO.

[5]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[6]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[7]  Raphael Bost,et al.  ∑oφoς: Forward Secure Searchable Encryption , 2016, CCS.

[8]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[9]  Hugo Krawczyk,et al.  Rich Queries on Encrypted Data: Beyond Exact Matches , 2015, ESORICS.

[10]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[11]  Michael Stonebraker,et al.  Clay: Fine-Grained Adaptive Partitioning for General Database Schemas , 2016, Proc. VLDB Endow..

[12]  Woo-Hwan Kim,et al.  Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates , 2017, CCS.

[13]  Rui Li,et al.  Adaptively Secure Conjunctive Query Processing over Encrypted Data for Cloud Computing , 2017, 2017 IEEE 33rd International Conference on Data Engineering (ICDE).

[14]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[15]  Carlo Curino,et al.  Schism , 2010, Proc. VLDB Endow..

[16]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[17]  Carl A. Gunter,et al.  Dynamic Searchable Encryption via Blind Storage , 2014, 2014 IEEE Symposium on Security and Privacy.

[18]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[19]  Silvio Micali,et al.  How to Construct Random Functions (Extended Abstract) , 1984, FOCS.

[20]  Elaine Shi,et al.  ShadowCrypt: Encrypted Web Applications for Everyone , 2014, CCS.

[21]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[22]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[23]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[24]  Brice Minaud,et al.  Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives , 2017, CCS.

[25]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[26]  Shamkant B. Navathe,et al.  Vertical partitioning algorithms for database design , 1984, TODS.

[27]  Qian Wang,et al.  Searchable Encryption over Feature-Rich Data , 2018, IEEE Transactions on Dependable and Secure Computing.

[28]  Elaine Shi,et al.  Constants Count: Practical Improvements to Oblivious RAM , 2015, USENIX Security Symposium.

[29]  Yi Lu,et al.  AdaptDB: Adaptive Partitioning for Distributed Joins , 2017, Proc. VLDB Endow..

[30]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[31]  Adam J. Aviv,et al.  A Practical Oblivious Map Data Structure with Secure Deletion and History Independence , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[32]  Jian Weng,et al.  Privacy-Preserving Indexing and Query Processing for Secure Dynamic Cloud Storage , 2018, IEEE Transactions on Information Forensics and Security.

[33]  Stavros Papadopoulos,et al.  Practical Private Range Search Revisited , 2016, SIGMOD Conference.

[34]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[35]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.