Efficient Dynamic Searchable Encryption with Forward Privacy

Etemad, Mohammad; Küpçü, Alptekin; Papamanthou, Charalampos; Evans, David

doi:10.1515/popets-2018-0002

Cited by 93 publications

(54 citation statements)

References 28 publications

(91 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, several forward-private DSSE schemes only relying on symmetric primitives have been proposed (e.g., [20], [21], [22], [23]), some of which offer parallelism (e.g., [20], [21], [23]), and improved I/O access with computation efficiency using a caching strategy (e.g., [20], [21], [22]). For example, Lai et al in [20] modeled the relationship between keywords and files in DSSE as bipartite graphs.…”

Section: Related Workmentioning

confidence: 99%

“…• Highly secure against File-Injection Attacks: IM-DSSE offers forward privacy (see [2] or §4 for definition) which is an imperative security feature to mitigate the impact of practical file-injection attacks [11], [16]. Only a limited number of DSSE schemes offer this property (i.e., [2], [11], [15], [18], [20], [21], [22], [23]), some of which incur high client storage with costly update (e.g., [2]) or high delay, due to oblivious access techniques (e.g., [18]) and public-key operations (e.g., [11]). Additionally, IM-DSSE offers size-obliviousness property, where it hides all size information involved with the encrypted index and update query including (i) update query size (i.e., number of unique keywords in the updated file); (ii) and the number of keyword-file pairs in the database.…”

Section: Improvements Over Preliminary Versionmentioning

confidence: 99%

“…• Fully Parallelizable: IM-DSSE also supports parallelization (as in [5], [20], [21], [23]) for both update and search operations and, therefore, it takes full advantage of modern computing architecture to minimize the delay of cryptographic operations. Experiments on Amazon cloud indicates that the search latency of our framework is highly practical and mostly dominated by the clientserver communication (see §5).…”

Section: Improvements Over Preliminary Versionmentioning

confidence: 99%

See 2 more Smart Citations

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage Services

Hoang

Yavuz

Merchan

2021

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

Searchable encryption has received a significant attention from the research community with various constructions being proposed, each achieving asymptotically optimal complexity for specific metrics (e.g., search, update). Despite their elegance, the recent attacks and deployment efforts have shown that the optimal asymptotic complexity might not always imply practical performance, especially if the application demands a high privacy. In this article, we introduce a novel Dynamic Searchable Symmetric Encryption (DSSE) framework called Incidence Matrix (IM)-DSSE, which achieves a high level of privacy, efficient search/update, and low client storage with actual deployments on real cloud settings. We harness an incidence matrix along with two hash tables to create an encrypted index, on which both search and update operations can be performed effectively with minimal information leakage. This simple set of data structures surprisingly offers a high level of DSSE security while achieving practical performance. Specifically, IM-DSSE achieves forward-privacy, backward-privacy and size-obliviousness simultaneously. We also create several DSSE variants, each offering different trade-offs that are suitable for different cloud applications and infrastructures. We fully implemented our framework and evaluated its performance on a real cloud system (Amazon EC2). We have released IM-DSSE as an open-source library for wide development and adaptation.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Improvements Over Preliminary Versionmentioning

confidence: 99%

Section: Improvements Over Preliminary Versionmentioning

confidence: 99%

See 1 more Smart Citation

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage Services

Hoang

Yavuz

Merchan

2021

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

show abstract

“…Kamara et al [44] proposed a Dynamic SSE (DSSE) scheme that supports update functionality. Afterward, several DSSE schemes proposed offering different features in terms of security (e.g., [9]), efficiency (e.g., [14,22,45]), and query functionalities (e.g., [15,43,74]). Another line of research focuses on developing encrypted query techniques that are compliant with legacy systems.…”

Section: Related Workmentioning

confidence: 99%

“…23: Build keyword hash table (TW). All data in ORAM structures(12,22) are encrypted with ORAM key ko. B, B denote an ORAM block in ODS-DB and ODS-IDX, resp.…”

mentioning

confidence: 99%

Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset

Hoang

Ozmen

Jang

et al. 2018

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

The ability to query and update over encrypted data is an essential feature to enable breach-resilient cyber-infrastructures. Statistical attacks on searchable encryption (SE) have demonstrated the importance of sealing information leaks in access patterns. In response to such attacks, the community has proposed the Oblivious Random Access Machine (ORAM). However, due to the logarithmic communication overhead of ORAM, the composition of ORAM and SE is known to be costly in the conventional client-server model, which poses a critical barrier toward its practical adaptations. In this paper, we propose a novel hardware-supported privacy-enhancing platform called Practical Oblivious Search and Update Platform (POSUP), which enables oblivious keyword search and update operations on large datasets with high efficiency. We harness Intel SGX to realize efficient oblivious data structures for oblivious search/update purposes. We implemented POSUP and evaluated its performance on a Wikipedia dataset containing ≥229 keyword-file pairs. Our implementation is highly efficient, taking only 1 ms to access a 3 KB block with Circuit-ORAM. Our experiments have shown that POSUP offers up to 70× less end-to-end delay with 100× reduced network bandwidth consumption compared with the traditional ORAM-SE composition without secure hardware. POSUP is also at least 4.5× faster for up to 99.5% of keywords that can be searched compared with state-of-the-art Intel SGX-assisted search platforms.

show abstract

A k‐nearest neighbor query method based on trust and location privacy protection

Guo

Zhu

Yang

et al. 2020

Concurrency and Computation

View full text Add to dashboard Cite

Spatial query is an important supporting technology in the Internet of Things (IoT) and location-based services (LBS). The k-nearest neighbor query is widely used for spatial queries. However, user location privacy may be leaked in the query. In addition, some users are malicious or uncooperative. With the objective of overcoming these problems, a k-nearest neighbor query method based on trust and location privacy protection is proposed. First, we employ a new K-anonymity method based on cooperation to protect a query user's location privacy. In this method, the query user constructs an anonymous group by introducing a trust mechanism to incentivize cooperation among users. Then, according to the different radii of the selection area set by the query user, agent users with higher reputation values who send query requests for the query user are selected. Finally, the agent users obtain the query results from the LBS server and forward them to the query user, and the query user screens the results according to his or her real location. The experiments show that our method can effectively stimulate users to cooperate, better exclude malicious users, and improve the accuracy of the query results while protecting the privacy of the query user.

show abstract

Efficient Dynamic Searchable Encryption with Forward Privacy

Cited by 93 publications

References 28 publications

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage Services

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage Services

Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset

A k‐nearest neighbor query method based on trust and location privacy protection

Contact Info

Product

Resources

About