Structured Encryption and Controlled Disclosure

Searching on remote encrypted data (commonly known as searchable encryption) has become an important issue in secure data outsourcing, since it allows users to outsource encrypted data to an untrusted third party while maintains the capability of keyword search on the data.Searchable encryption can be achieved using the classical method called oblivious RAM, but the resultant schemes are too inefficient to be applied in the real-world scenarios (e.g., cloud computing). Recently, a number of efficient searchable encryption schemes have been proposed under weaker security guarantees. Such schemes, however, still leak statistical information about the users' search pattern.In this paper, we first present two concrete attack methods to show that the search pattern leakage will result in such a situation: an adversary who has some auxiliary knowledge can uncover the underlying keywords of user queries. To address this issue, we then develop a grouping-based construction (GBC) to transform an existing searchable encryption scheme to a new scheme hiding the search pattern. Finally, experiments based on the realworld dataset demonstrate the effectiveness of our attack methods and the feasibility of our construction.

show abstract

“…Definition 6 explains the concept of CKA2-security from [10,11], which has been considered as "state of the art". …”

Section: Definition 5 (Group Pattern) the Group Pattern Over An N-qumentioning

confidence: 99%

“…We analyze the security of GBC under the "state of the art" security definition from [10,11] (as defined in Section 3). The CKA2-security is parametrized by a leakage function L, which is assumed to be leaked to an adversary.…”

Section: Appendix a Security Proof Of Gbcmentioning

confidence: 99%

Search pattern leakage in searchable encryption: Attacks and new construction

Liu¹,

Zhu²,

Wang³

et al. 2014

Information Sciences

171

107

View full text Add to dashboard Cite

show abstract

“…A scheme achieving sublinear search time using inverted index was also proposed. Most of the subsequent SSE schemes, such as schemes in [5,[20][21][22][23][24][25][26][27] adopted or extended the model proposed by Curtmola et al [19]. All these schemes are based on a single server.…”

Section: Searchable Symmetric Encryption (Sse)mentioning

confidence: 99%

Searchable Data Vault: Encrypted Queries in Secure Distributed Cloud Storage

et al. 2017

View full text Add to dashboard Cite

Cloud storage services allow users to efficiently outsource their documents anytime and anywhere. Such convenience, however, leads to privacy concerns. While storage providers may not read users' documents, attackers may possibly gain access by exploiting vulnerabilities in the storage system. Documents may also be leaked by curious administrators. A simple solution is for the user to encrypt all documents before submitting them. This method, however, makes it impossible to efficiently search for documents as they are all encrypted. To resolve this problem, we propose a multi-server searchable symmetric encryption (SSE) scheme and construct a system called the searchable data vault (SDV). A unique feature of the scheme is that it allows an encrypted document to be divided into blocks and distributed to different storage servers so that no single storage provider has a complete document. By incorporating the scheme, the SDV protects the privacy of documents while allowing for efficient private queries. It utilizes a web interface and a controller that manages user credentials, query indexes and submission of encrypted documents to cloud storage services. It is also the first system that enables a user to simultaneously outsource and privately query documents from a few cloud storage services. Our preliminary performance evaluation shows that this feature introduces acceptable computation overheads when compared to submitting documents directly to a cloud storage service.

show abstract

“…Similarly, our reputation path discovery scheme is run recursively, in which each node will update his/her friend list to the CS continuously. We first apply the structured encryption [12] together with the proxy re-encryption for both the enquiry of neighbor nodes in an encrypted manner and update friend list without disclosing the detail to the server. Apart from these operations, we also design the new user grant and user revocation in an efficient and secure way.…”

Section: A Main Ideamentioning

confidence: 99%

A Multi-Hop Privacy-Preserving Reputation Scheme in Online Social Networks

Guo

Zhu

Zhang

et al. 2011

2011 IEEE Global Telecommunications Conference - GLOBECOM 2011

View full text Add to dashboard Cite

Abstract-Online Social Networks (OSNs) are becoming immensely popular nowadays, and they change the ways people think and live. In this paper, we propose a novel reputation system which allows users to find potential connections between unfamiliar people and obtains a relative objective globally meaningful reputation value. To some extent, our scheme provides a way to judge people in OSNs without real interactions, but based on the existing overall attitudes on particular people. Moreover, our scheme can protect the confidentially of the potential relationships in which no one is able to acquire the detailed connections between two end nodes. Contrary to those which publish each individual's reputation online, we treat the reputation value in our system as a private issue that has been carefully guaranteed in our scheme.

show abstract

Structured Encryption and Controlled Disclosure

Cited by 356 publications

References 30 publications

Search pattern leakage in searchable encryption: Attacks and new construction

Search pattern leakage in searchable encryption: Attacks and new construction

Searchable Data Vault: Encrypted Queries in Secure Distributed Cloud Storage

A Multi-Hop Privacy-Preserving Reputation Scheme in Online Social Networks

Contact Info

Product

Resources

About