Abstract
We consider the need for security while providing services that are comparable to that of traditional applications to fully exploit cloud services to its fullest potential. While Dynamic Searchable Symmetric Encryption (DSSE) supports such needs, we want to be able to protect against file-injection attacks. Hence, we require forward privacy and a scheme which allows for a wide range of searching capabilities. We propose an extension, based on the RSA problem, to a DSSE scheme that supports range queries allowing the scheme to also support multiple clients. Furthermore, we describe how we can further manage clients using Attribute-Based Encryption (ABE) such that clients cannot decrypt ciphertexts that fall outside of their access rights.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, Josep M., Sako, K., Sebé, F. (eds.) FC 2010. LNCS, vol. 6054, pp. 136–149. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14992-4_13
Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)
Jarecki, S., Jutla, C., Krawczyk, H., Rosu, M., Steiner, M.: Outsourced symmetric private information retrieval. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security 2013, pp. 875–888. ACM (2013)
Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: Canetti, R., Garay, Juan A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_20
Zuo, C., Sun, S., Liu, J.K., Shao, J., Pieprzyk, J.: Dynamic searchable symmetric encryption schemes supporting range queries with forward (and backward) security. IACR Cryptology ePrint Archive, vol. 2018, p. 628 (2018)
Sun, S.-F., Liu, Joseph K., Sakzad, A., Steinfeld, R., Yuen, T.H.: An efficient non-interactive multi-client searchable encryption with support for boolean queries. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 154–172. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_8
Dawn Xiaoding, S., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceedings of 2000 IEEE Symposium on Security and Privacy. S&P 2000, pp. 44–55 (2000)
Cash, D., et al.: Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation. Citeseer (2014)
Deng, Z., Li, K., Li, K., Zhou, J.: A multi-user searchable encryption scheme with keyword authorization in a cloud storage. Future Gener. Comput. Syst. 72, 208–218 (2017)
Faber, S., Jarecki, S., Krawczyk, H., Nguyen, Q., Rosu, M.-C., Steiner, M.: Rich queries on encrypted data: beyond exact matches. IACR Cryptology ePrint Archive, vol. 2015, p. 927 (2015)
Jiang, H., Li, X., Xu, Q.: An improvement to a multi-client searchable encryption scheme for boolean queries (in English). J. Med. Syst. 40(12), 1–11 (2016)
Kasra Kermanshahi, S., Liu, Joseph K., Steinfeld, R.: Multi-user cloud-based secure keyword search. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10342, pp. 227–247. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60055-0_12
Sun, L., Xu, C., Zhang, Y.: A dynamic and non-interactive boolean searchable symmetric encryption in multi-client setting. J. Inf. Secur. Appl. 40, 145–155 (2018)
Zuo, C., Macindoe, J., Yang, S., Steinfeld, R., Liu, J.K.: Trusted boolean search on cloud using searchable symmetric encryption. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 113–120 (2016)
Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable encryption with small leakage. In: NDSS, vol. 71, pp. 72–75 (2014)
Bost, R.: ∑ oφoς: forward secure searchable encryption. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1143–1154. ACM (2016)
Bost, R., Fouque, P.-A., Pointcheval, D.: Verifiable dynamic symmetric searchable encryption: optimality and forward security. IACR Cryptology ePrint Archive, vol. 2016, p. 62 (2016)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334 (2007)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_4
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Appendix
Appendix
Proof of Theorem 1.
For a one-way trapdoor permutation \( \varPi \), a PRF \( F \), random oracle hash functions \( H_{1} \) and \( H_{2} \) that outputs \( \mu \) and \( \lambda \) bits respectively.
where \( {\mathbf{n}} \) is a set of queried keywords s.t \( n \in {\mathbf{n}} \) . Then \( {\text{MC-}}\Gamma _{\text{A}} \) is \( {\mathcal{L}}_{{{\text{MC-}}\Gamma _{\text{A}} }} \) -adaptively-secure.
Proof.
Inherited from [5], we create a set of games, \( {\text{DSSEReal}}_{{\mathcal{A}}}^{{{\text{MC-}}\Gamma _{\text{A}} }} \left( {1^{\lambda } } \right) \) and \( {\text{DSSEIdeal}}_{{{\mathcal{A}},S}}^{{{\text{MC-}}\Gamma _{\text{A}} }} \left( {1^{\lambda } } \right). \)
Game \( \varvec{G}_{0} \). \( G_{0} \) is precisely portrays the real-world game \( {\text{DSSEReal}}_{{\mathcal{A}}}^{{{\text{MC-}}\Gamma _{\text{A}} }} \left( {1^{\lambda } } \right). \)
Game \( \varvec{G}_{1} \). In \( G_{1} \), a random key is select for an input of new keyword \( n \), instead of generating \( K_{n} \) through \( F \), removing the need to generate a client key, as such in Algorithm 2. The key is then stored in a table for later use. If an adversary \( {\mathcal{A}} \) can differentiate games \( G_{0} \) and \( G_{1} \), we can then make a reduction table to distinguish between \( F \) and a true random function. More formally, an efficient adversary \( B_{1} \) is made present s.t
Game \( \varvec{G}_{2} \), \( \varvec{ G}_{3} \). We replace hash functions \( H_{1} \) and \( H_{2} \) with random strings in \( G_{2} \) and \( G_{3} \) respectively. These games are as described in more detail in [5]. Where differentiating these games is depends on the hardness of the \( \varPi \), we conclude present an efficient adversary \( B_{2} \) s.t
where \( N \) is the number of times \( H_{1} \) and \( H_{2} \) ran.
Game \( \varvec{G}_{4} \). In \( G_{4} \), for the random generated encrypted strings of \( H_{1} \) and \( H_{2} \) that are stored, later reused in the search protocol for \( H_{1} \) and \( H_{2} \). Results in \( G_{4} \) to behave exactly like games \( G_{2} \) and \( G_{3} \) s.t
Simulator \( \varvec{S} \). With respect to information leakage “contain pattern” (\( {\text{cp}} \)), an update token \( UT \) can be specifically reused to determine inclusive relationships between keywords. Consequently, the same can be done with “search pattern” (\( {\text{sp}} \)) “history” (\( {\text{Hist}} \)) to simulate the Search and Update operations. In Algorithm 3, we map range queries to a set of specified keywords \( {\mathbf{n}} \) s.t
Finally,
completing the proof.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Loh, R., Zuo, C., Liu, J.K., Sun, SF. (2019). A Multi-client DSSE Scheme Supporting Range Queries. In: Guo, F., Huang, X., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2018. Lecture Notes in Computer Science(), vol 11449. Springer, Cham. https://doi.org/10.1007/978-3-030-14234-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-14234-6_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-14233-9
Online ISBN: 978-3-030-14234-6
eBook Packages: Computer ScienceComputer Science (R0)