Secure searchable public key encryption scheme against keyword guessing attacks

Rhee, Hyun Sook; Susilo, Willy; Kim, Hyun-Jeong

doi:10.1587/elex.6.237

Cited by 101 publications

(52 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As observed by Jeong et al [20], in the case when the attacker is the server, SCF-PEKS consistency implies insecurity against keyword guessing attacks. To highlight this observation, let us consider the work presented in [29]. In their work, an SCF-PEKS scheme secure against keyword attacks in the random oracle model is presented.…”

Section: Two Types Of Attackers In Scf-peksmentioning

confidence: 99%

“…Based on this observation, it is not possible to construct an SCF-PEKS scheme secure against keyword guessing attacks, where the attacker is the server. Thereafter, in this work (and also the work by [29]), we do not consider this type of attack. Rather, we focus on analyzing the scheme based on the possible attacks by an outsider (which is neither the server nor the receiver)).…”

Section: Two Types Of Attackers In Scf-peksmentioning

confidence: 99%

“…For brevity, we will not review Baek et al's scheme in this section, but we refer the readers to [2] for more detailed account. As in [29,35], an attacker A, who is neither the server nor the receiver, can perform an off-line keyword attack as follows:…”

Section: Two Types Of Attackers In Scf-peksmentioning

confidence: 99%

“…This problem was answered by Rhee et al [29] by constructing a new secure SCF-PEKS scheme against keyword guessing attacks in the random oracle model. Nevertheless, its security in the real life is questionable, since the random oracle model is required in this scheme.…”

Section: Two Types Of Attackers In Scf-peksmentioning

confidence: 99%

“…The adversary A can obtain the relation between the modified challenge ciphertext C under receiver R and the trapdoor T w 0 of receiver R through interacting with the email server in real environment. Clearly, the ciphertext in [29] is similar to that [30], and hence, it is also susceptible to the chosen ciphertext attack.…”

Section: Chosen Ciphertext Attackmentioning

confidence: 99%

See 4 more Smart Citations

Public key encryption with keyword search secure against keyword guessing attacks without random oracle

Fang

Susilo

et al. 2013

Information Sciences

Self Cite

191

View full text Add to dashboard Cite

. Public key encryption with keyword search secure against keyword guessing attacks without random oracle. Information Sciences, 238 221-241.Public key encryption with keyword search secure against keyword guessing attacks without random oracle AbstractThe notion of public key encryption with keyword search (PEKS) was put forth by Boneh et al. to enable a server to search from a collection of encrypted emails given a "trapdoor" (i.e., an encrypted keyword) provided by the receiver. The nice property in this scheme allows the server to search for a keyword, given the trapdoor. Hence, the verifier can merely use an untrusted server, which makes this notion very practical. Following Boneh et al. 's work, there have been subsequent works that have been proposed to enhance this notion. Two important notions include the so-called keyword guessing attack and secure channel free, proposed by Byun et al. and Baek et al., respectively. The former realizes the fact that in practice, the space of the keywords used is very limited, while the latter considers the removal of secure channel between the receiver and the server to make PEKS practical. Unfortunately, the existing construction of PEKS secure against keyword guessing attack is only secure under the random oracle model, which does not reflect its security in the real world. Furthermore, there is no complete definition that captures secure channel free PEKS schemes that are secure against chosen keyword attack, chosen ciphertext attack, and against keyword guessing attacks, even though these notions seem to be the most practical application of PEKS primitives. In this paper, we make the following contributions. First, we define the strongest model of PEKS which is secure channel free and secure against chosen keyword attack, chosen ciphertext attack, and keyword guessing attack. In particular, we present two important security notions namely IND-SCF-CKCA and IND-KGA. The former is to capture an inside adversary, while the latter is to capture an outside adversary. Intuitively, it should be clear that IND-SCF-CKCA captures a more stringent attack compared to IND-KGA. Second, we present a secure channel free PEKS scheme secure without random oracle under the well known assumptions, namely DLP, DBDH, SXDH and truncated q-ABDHE assumption. Our contributions fill the gap in the literature and hence, making the notion of PEKS Keywords without, against, random, oracle, secure, encryption, key, public, guessing, search, keyword, attacks AbstractThe notion of public key encryption with keyword search (PEKS) was put forth by Boneh et al. to enable a server to search from a collection of encrypted emails given a "trapdoor" (i.e., an encrypted keyword) provided by the receiver. The nice property in this scheme allows the server to search for a keyword, given the trapdoor. Hence, the verifier can merely use an untrusted server, which makes this notion very practical. Following Boneh et al.'s work, there have been subsequent works that have been proposed to enhance this notion. T...

show abstract

Section: Two Types Of Attackers In Scf-peksmentioning

confidence: 99%

Section: Two Types Of Attackers In Scf-peksmentioning

confidence: 99%

Section: Two Types Of Attackers In Scf-peksmentioning

confidence: 99%

Section: Two Types Of Attackers In Scf-peksmentioning

confidence: 99%

Section: Chosen Ciphertext Attackmentioning

confidence: 99%

See 3 more Smart Citations

Public key encryption with keyword search secure against keyword guessing attacks without random oracle

Fang

Susilo

et al. 2013

Information Sciences

Self Cite

191

View full text Add to dashboard Cite

show abstract

Constructing designated server public key encryption with keyword search schemes withstanding keyword guessing attacks

2018

Int J Communication

View full text Add to dashboard Cite

Designated server public key encryption with keyword search (dPEKS) removes the secure channel requirement in public key encryption with keyword search (PEKS). With the dPEKS mechanism, a user is able to delegate the search tasks on the ciphertexts sent to him/her to a designated storage server without leaking the corresponding plaintexts. However, the current dPEKS framework inherently suffers from the security vulnerability caused by the keyword guessing (KG) attack. How to build the dPEKS schemes withstanding the KG attacks is still an unsolved problem up to now. In this work, we introduce an enhanced dPEKS (edPEKS) framework to remedy the security vulnerability in the current dPEKS framework. The edPEKS framework provides resistance to the KG attack by either the outside attacker or the malicious designated server. We provide a semi-generic edPEKS construction that exploits the existing dPEKS schemes. Our security proofs demonstrate that the derived edPEKS scheme achieves the keyword ciphertext indistinguishability, the keyword ciphertext unforgeability, and the keyword trapdoor indistinguishability if the underlying dPEKS scheme satisfies the keyword ciphertext indistinguishability and the hash Diffie-Hellman problem is intractable. In addition, a concrete edPEKS scheme is presented to show the instantiation of the proposed semi-generic construction.KEYWORDS designated server, keyword guessing attack, malicious designated server, outside attacker, public key encryption with keyword search

show abstract

Generic constructions of secure‐channel free searchable encryption with adaptive security

Emura

Miyaji

Rahman

et al. 2014

Security Comm Networks

View full text Add to dashboard Cite

For searching keywords against encrypted data, the public key encryption scheme with keyword search (PEKS), and its an extension called secure-channel free PEKS (SCF-PEKS) have been proposed. In SCF-PEKS, a receiver makes a trapdoor for a keyword, and uploads it on a server. A sender computes an encrypted keyword, and sends it to the server. The server executes the searching procedure (called the test algorithm, which takes as inputs an encrypted keyword, trapdoor, and secret key of the server). In this paper, we extend the security of SCF-PEKS, calling it adaptive SCF-PEKS, wherein an adversary (modeled as a "malicious-but-legitimate" receiver) is allowed to issue test queries adaptively, and show that adaptive SCF-PEKS can be generically constructed by anonymous identity-based encryption (anonymous IBE) only. That is, for constructing adaptive SCF-PEKS we need not require any additional cryptographic primitive when compared to the Abdalla et al. PEKS construction (J. Cryptology 2008), even though adaptive SCF-PEKS requires additional functionalities. Note that our generic construction needs to apply the KEM/DEM framework (a.k.a. hybrid encryption), where KEM stands for key encapsulation mechanism, and DEM stands for data encapsulation mechanism. We also show that there is a class of anonymous IBE that can be applied for constructing adaptive SCF-PEKS without using hybrid encryption, and propose an adaptive SCF-PEKS construction based on this IBE. Although our second construction is not fully generic, it is efficient compared to the first, since we can exclude the DEM part. Finally, we instantiate an adaptive SCF-PEKS scheme (via our second construction) that achieves a similar level of efficiency for the costs of the test procedure and encryption, compared to the (non-adaptive secure) SCF-PEKS scheme by Fang et al. (CANS2009).

show abstract

Secure searchable public key encryption scheme against keyword guessing attacks

Cited by 101 publications

References 6 publications

Public key encryption with keyword search secure against keyword guessing attacks without random oracle

Public key encryption with keyword search secure against keyword guessing attacks without random oracle

Constructing designated server public key encryption with keyword search schemes withstanding keyword guessing attacks

Generic constructions of secure‐channel free searchable encryption with adaptive security

Contact Info

Product

Resources

About