Practical and secure dynamic searchable encryption via oblivious access on distributed data structure

Hoang, Thang Manh; Yavuz, Attila A.; Guajardo, Jorge

doi:10.1145/2991079.2991088

Cited by 28 publications

(24 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The problem of this approach is the high communication cost that is resulted from using ORAM like structures. In the scheme of Hoang et al's [6], they use a distributed oblivious data structure that is a distributed encrypted incidence matrix created on two non-colluding servers. There are only a few forward private searchable encryption schemes that do not use ORAM.…”

Section: Related Workmentioning

confidence: 99%

“…There were also non-trivial solutions using an oblivious data storage, e.g. Oblivious RAM (ORAM) [4], [5] or Distributed Oblivious Data structure (DOD) [6], which hides search patterns and access patterns from the server. In this approach, the server cannot observe which files matches the token, therefore cannot learn anything about the query.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency

Song

Dong

Yuan

et al. 2020

IEEE Trans. Dependable and Secure Comput.

105

View full text Add to dashboard Cite

Recently, several practical attacks raised serious concerns over the security of searchable encryption. The attacks have brought emphasis on forward privacy, which is the key concept behind solutions to the adaptive leakage-exploiting attacks, and will very likely to become mandatory in the design of new searchable encryption schemes. For a long time, forward privacy implies inefficiency and thus most existing searchable encryption schemes do not support it. Very recently, Bost (CCS 2016) showed that forward privacy can be obtained without inducing a large communication overhead. However, Bost's scheme is constructed with a relatively inefficient public key cryptographic primitive, and has a poor I/O performance. Both of the deficiencies significantly hinder the practical efficiency of the scheme, and prevent it from scaling to large data settings. To address the problems, we first present FAST, which achieves forward privacy and the same communication efficiency as Bost's scheme, but uses only symmetric cryptographic primitives. We then present FASTIO, which retains all good properties of FAST, and further improves I/O efficiency. We implemented the two schemes and compared their performance with Bost's scheme. The experiment results show that both our schemes are highly efficient, and FASTIO achieves a much better scalability due to its optimized I/O.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency

Song

Dong

Yuan

et al. 2020

IEEE Trans. Dependable and Secure Comput.

105

View full text Add to dashboard Cite

show abstract

“…A number of attacks (e.g., [16], [25], [26], [27], [28]) have been demonstrated. Several DSSE schemes have been proposed to deal with such leakages (e.g., [29], [30]) but they are neither efficient nor provably secure. ORAM techniques (e.g., [19]) can hide search and access patterns in DSSE.…”

Section: Related Workmentioning

confidence: 99%

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage Services

Hoang

Yavuz

Merchan

2021

IEEE Trans. Serv. Comput.

Self Cite

View full text Add to dashboard Cite

Searchable encryption has received a significant attention from the research community with various constructions being proposed, each achieving asymptotically optimal complexity for specific metrics (e.g., search, update). Despite their elegance, the recent attacks and deployment efforts have shown that the optimal asymptotic complexity might not always imply practical performance, especially if the application demands a high privacy. In this article, we introduce a novel Dynamic Searchable Symmetric Encryption (DSSE) framework called Incidence Matrix (IM)-DSSE, which achieves a high level of privacy, efficient search/update, and low client storage with actual deployments on real cloud settings. We harness an incidence matrix along with two hash tables to create an encrypted index, on which both search and update operations can be performed effectively with minimal information leakage. This simple set of data structures surprisingly offers a high level of DSSE security while achieving practical performance. Specifically, IM-DSSE achieves forward-privacy, backward-privacy and size-obliviousness simultaneously. We also create several DSSE variants, each offering different trade-offs that are suitable for different cloud applications and infrastructures. We fully implemented our framework and evaluated its performance on a real cloud system (Amazon EC2). We have released IM-DSSE as an open-source library for wide development and adaptation.

show abstract

“…ORAM-SE Composition in Standard Client-Server Model. Due to the ORAM logarithmic bandwidth blowup, the performance of ORAM and SE composition in the standard network setting was shown to be inefficient [7,35,53]. Naveed et al [53] conducted an analytical analysis and concluded that this combination is worse than streaming the entire outsourced data for some keyword distributions.…”

Section: Motivationmentioning

confidence: 99%

“…Naveed et al [53] conducted an analytical analysis and concluded that this combination is worse than streaming the entire outsourced data for some keyword distributions. Hoang et al [35] performed real experiments on the cloud environment and further demonstrated the inefficiency of a direct ORAM and SE composition in the client-server model. Our experiment in this paper further confirms that the ORAM and SE composition incurs high delays for a large dataset with standard network settings.…”

Section: Motivationmentioning

confidence: 99%

Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset

Hoang

Ozmen

Jang

et al. 2018

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

The ability to query and update over encrypted data is an essential feature to enable breach-resilient cyber-infrastructures. Statistical attacks on searchable encryption (SE) have demonstrated the importance of sealing information leaks in access patterns. In response to such attacks, the community has proposed the Oblivious Random Access Machine (ORAM). However, due to the logarithmic communication overhead of ORAM, the composition of ORAM and SE is known to be costly in the conventional client-server model, which poses a critical barrier toward its practical adaptations. In this paper, we propose a novel hardware-supported privacy-enhancing platform called Practical Oblivious Search and Update Platform (POSUP), which enables oblivious keyword search and update operations on large datasets with high efficiency. We harness Intel SGX to realize efficient oblivious data structures for oblivious search/update purposes. We implemented POSUP and evaluated its performance on a Wikipedia dataset containing ≥229 keyword-file pairs. Our implementation is highly efficient, taking only 1 ms to access a 3 KB block with Circuit-ORAM. Our experiments have shown that POSUP offers up to 70× less end-to-end delay with 100× reduced network bandwidth consumption compared with the traditional ORAM-SE composition without secure hardware. POSUP is also at least 4.5× faster for up to 99.5% of keywords that can be searched compared with state-of-the-art Intel SGX-assisted search platforms.

show abstract

Practical and secure dynamic searchable encryption via oblivious access on distributed data structure

Cited by 28 publications

References 22 publications

Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency

Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage Services

Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset

Contact Info

Product

Resources

About