A multi-server oblivious dynamic searchable encryption framework

Data privacy is one of the main concerns for data outsourcing on the cloud. Although standard encryption can provide confidentiality, it also prevents the clients from searching/retrieving meaningful information on the outsourced data thereby, degrading the benefits of using cloud services. To address this data utilization vs. privacy dilemma, Dynamic Searchable Symmetric Encryption (DSSE) has been proposed, which enables encrypted search and update functionality over the encrypted data via a secure index. Despite a lot of efforts, state-of-the-art DSSE constructions still leak significant information from the access pattern, making them vulnerable against various practical attacks. While generic Oblivious Random Access Machine (ORAM) can hide the access pattern, it incurs a logarithmic communication overhead, which was shown costly to be directly used in the DSSE setting. In this article, by exploiting the multi-cloud infrastructure, we develop a comprehensive Oblivious Distributed DSSE (ODSE) framework that allows oblivious search and updates on the encrypted index with high security and improved efficiency over the use of generic ORAM. Our framework contains a series of ODSE schemes each featuring different levels of performance and security required by various types of real-life applications. ODSE offers desirable security guarantees such as informationtheoretic security and robustness in the presence of a malicious adversary. We fully implemented ODSE framework and evaluated its performance in a real cloud environment (Amazon EC2). Our experiments showed that ODSE schemes are 3×-57× faster than using generic ORAMs on a DSSE encrypted index under real network settings.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Cong Wang,et al.  Secure Ranked Keyword Search over Encrypted Cloud Data , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[3]  Attila A. Yavuz,et al.  Oblivious Dynamic Searchable Encryption on Distributed Cloud Systems , 2018, DBSec.

[4]  Charles V. Wright,et al.  The Shadow Nemesis: Inference Attacks on Efficiently Deployable, Efficiently Searchable Encryption , 2016, CCS.

[5]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[6]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[7]  Muhammad Naveed,et al.  The Fallacy of Composition of Oblivious RAM and Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[8]  Matthew Green,et al.  Forward Secure Asynchronous Messaging from Puncturable Encryption , 2015, 2015 IEEE Symposium on Security and Privacy.

[9]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[10]  Ting Yu,et al.  Dynamic and Efficient Private Keyword Search over Inverted Index--Based Encrypted Data , 2016, ACM Trans. Internet Techn..

[11]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[12]  Amos Beimel,et al.  Robust Information-Theoretic Private Information Retrieval , 2002, SCN.

[13]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[14]  Andreas Peter,et al.  Distributed Searchable Symmetric Encryption , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[15]  P. Vishvapathi,et al.  Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data , 2022 .

[16]  Liehuang Zhu,et al.  Search pattern leakage in searchable encryption: Attacks and new construction , 2014, Inf. Sci..

[17]  N. Cao,et al.  Privacy-preserving multi-keyword ranked search over encrypted cloud data , 2011, 2011 Proceedings IEEE INFOCOM.

[18]  Ming Li,et al.  Verifiable Privacy-Preserving Multi-Keyword Text Search in the Cloud Supporting Similarity-Based Ranking , 2013, IEEE Transactions on Parallel and Distributed Systems.

[19]  Sanjam Garg,et al.  TWORAM: Round-Optimal Oblivious RAM with Applications to Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[20]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[21]  Jorge Guajardo,et al.  Practical and secure dynamic searchable encryption via oblivious access on distributed data structure , 2016, ACSAC.

[22]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[23]  Raphael Bost,et al.  ∑oφoς: Forward Secure Searchable Encryption , 2016, CCS.

[24]  Andreas Peter,et al.  A Survey of Provably Secure Searchable Encryption , 2014, ACM Comput. Surv..

[25]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[26]  Fucai Zhou,et al.  Integrity Preserving Multi-keyword Searchable Encryption for Cloud Computing , 2016, ProvSec.

[27]  Elaine Shi,et al.  Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM , 2016, TCC.

[28]  Elaine Shi,et al.  Ring ORAM: Closing the Gap Between Small and Large Client Storage Oblivious RAM , 2014, IACR Cryptol. ePrint Arch..

[29]  Guevara Noubir,et al.  Toward Robust Hidden Volumes Using Write-Only Oblivious RAM , 2014, IACR Cryptol. ePrint Arch..

[30]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[31]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[32]  Kartik Nayak,et al.  Asymptotically Tight Bounds for Composing ORAM with PIR , 2017, Public Key Cryptography.

[33]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometric codes , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[34]  Abdullatif Shikfa Substring search over encrypted data , 2018 .

[35]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[36]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[37]  Cong Wang,et al.  Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data , 2014 .

[38]  Charalampos Papamanthou,et al.  Parallel and Dynamic Searchable Symmetric Encryption , 2013, Financial Cryptography.

[39]  Florian Kerschbaum,et al.  Searchable Encryption with Secure and Efficient Updates , 2014, CCS.

[40]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[41]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[42]  Brice Minaud,et al.  Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives , 2017, CCS.