Private Large-Scale Databases with Distributed Searchable Symmetric Encryption

With the growing popularity of remote storage, the ability to outsource a large private database yet be able to search on this encrypted data is critical. Searchable symmetric encryption SSE is a practical method of encrypting data so that natural operations such as searching can be performed on this data. It can be viewed as an efficient private-key alternative to powerful tools such as fully homomorphic encryption, oblivious RAM, or secure multiparty computation. The main drawbacks of existing SSE schemes are the limited types of search available to them and their leakage. In this paper, we present a construction of a private outsourced database in the two-server model e.g. two cloud services which can be thought of as an SSE scheme on a B-tree that allows for a wide variety of search features such as range queries, substring queries, and more. Our solution can hide all leakage due to access patterns "metadata" between queries and features a tunable parameter that provides a smooth tradeoff between privacy and efficiency. This allows us to implement a solution that supports databases which are terabytes in size and contain millions of records with only a $$5{\times }$$ slowdown compared to MySQL when the query result size is around 10i¾?% of the database, though the fixed costs dominate smaller queries resulting in over $$100{\times }$$ relative slowdown under 1i¾?s actual. In addition, our solution also provides a mechanism for allowing data owners to set filters that prevent prohibited queries from returning any results, without revealing the filtering terms. Finally, we also present the benchmarks of our prototype implementation.

[1]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[2]  Tal Malkin,et al.  Malicious-Client Security in Blind Seer: A Scalable Private DBMS , 2015, 2015 IEEE Symposium on Security and Privacy.

[3]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[4]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[5]  Chinya V. Ravishankar,et al.  Combining ORAM with PIR to Minimize Bandwidth Costs , 2015, CODASPY.

[6]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[7]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[8]  Travis Mayberry,et al.  Efficient Private File Retrieval by Combining ORAM and PIR , 2014, NDSS.

[9]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[10]  Hugo Krawczyk,et al.  Outsourced symmetric private information retrieval , 2013, IACR Cryptol. ePrint Arch..

[11]  Moni Naor,et al.  Communication preserving protocols for secure function evaluation , 2001, STOC '01.

[12]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[13]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[14]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[15]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[16]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[17]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[18]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[19]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[20]  Rafail Ostrovsky,et al.  Private Searching on Streaming Data , 2005, Journal of Cryptology.

[21]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[22]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[23]  Melissa Chase,et al.  Structured Encryption and Controlled Disclosure , 2010, IACR Cryptol. ePrint Arch..

[24]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[25]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[26]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[27]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[28]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[29]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[30]  Charalampos Papamanthou,et al.  Parallel and Dynamic Searchable Symmetric Encryption , 2013, Financial Cryptography.

[31]  Kaoru Kurosawa,et al.  UC-Secure Searchable Symmetric Encryption , 2012, Financial Cryptography.

[32]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[33]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[34]  Jinsheng Zhang,et al.  KT-ORAM: A Bandwidth-efficient ORAM Built on K-ary Tree of PIR Nodes , 2014, IACR Cryptol. ePrint Arch..