Abstract
Due to the numerous advantages in terms of cost reduction, usability, and flexibility, today we are witnessing the adoption of solutions where individuals and enterprises prefer to outsource (part of) their private information or assets for processing to third parties. Yet, such adoption will not become a complete success unless outsourced data storages reliably guarantee the privacy of sensitive information. With this aim in mind, some data storage providers offer the possibility of encrypting assets, achieving a remarkable degree of privacy, but at the expense of usability. At best, advanced cryptographic primitives can be directly implemented over the encrypted data to allow its owners to perform certain operations, such as keyword-based searches, on the side of the data storages. The paper at hand proposes a novel approach based on fully homomorphic encryption to correlate encrypted pieces of data in outsourced data storages. The goal was to enrich searchable encryption solutions by transparently adding related keywords to a given query, yet preventing the data storages to know the outsourced information, the received query, the resulting response, or the relationship between queries and responses. The conducted experiments show that nowadays, the main bottleneck resides in the inefficiency of the existing fully homomorphic encryption algorithms. Nevertheless, our proposal is not tied to any particular algorithm, thereby allowing users to select the most efficient in terms of computing time.
Similar content being viewed by others
References
Kaufman, C., Perlman, R., Speciner, M.: Network Security: Private Communication in a Public World, 2nd edn. Prentice Hall Press, Upper Saddle River (2002)
Stolfo, S.J., Salem, M.B., Keromytis, A.D.: Fog computing: mitigating insider data theft attacks in the cloud. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops, pp. 125–128 (2012)
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)
Kapadia, J.S.: Survey on various techniques for data storage security in cloud computing. Int. J. Sci. Eng. Res. 4(5), 842–848 (2013)
di Vimercati, S.C., Foresti, S.: Privacy of outsourced data. In: Privacy and Identity Management for Life, IFIP Advances in Information and Communication Technology, vol. 320, pp. 174–187 (2010)
Fontaine, C., Galand, F.: A survey of homomorphic encryption for nonspecialists. EURASIP J. Inf. Secur. 15(1–15), 15 (2007)
Tang, Q.: Theory and practice of cryptography solutions for secure information systems. In: Search in Encrypted Data, Theoretical Models and Practical Applications, pp. 84–108. IGI Global, Hershey (2013)
Harb, H.M., Fouad, K.M., Nagdy, N.M.: Semantic retrieval approach for web documents. Int. J. Adv. Comput. Sci. Appl. 2(9), 67–76 (2011)
Liu, Q., Wang, G., Wu, J.: An efficient privacy preserving keyword search scheme in cloud computing. In: Proceedings of the 12th IEEE International Conference on Computational Science and Engineering, pp. 715–720 (2009)
Wang, C., Cao, N., Li, J., Ren, K., Lou, W.: Secure ranked keyword search over encrypted cloud data. In: Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems, pp. 253–262 (2010)
Li, R., Xu, Z., Kang, W., Yow, K.C., Xu, C.Z.: Efficient multi-keyword ranked query over encrypted data in cloud computing. Future Gener. Comput. Syst. 30(1), 179–190 (2014)
Baeza-Yates, R., Ribeiro-Neto, B.: Modern Information Retrieval. Addison-Wesley, Boston (1999)
Boneh, D., Crescendo, G., Ostrovsky, R., Persiano, G.: Advances in cryptology. In: Public Key Encryption with Keyword Search, vol. 3027, pp. 506–522. Springer, Berlin (2004)
Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Proceedings of the 1st Workshop on Real-Life Cryptographic Protocols and Standardization, pp. 136–149 (2010)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 44–55 (2000)
Goh, E.-J.: Secure indexes, IACR Cryptology ePrint Archive, Report 2003/216 (2003)
Bösh, C., Brinkman, R., Hartel, P., Jonker, W.: Secure data management. In: Conjunctive Wildcard Search Over Encrypted Data, vol. 6933, pp. 114–127. Springer, Berlin (2011)
Cao, N., Wang, C., Ming, L., Ren, K., Lou, W.: Privacy–preserving multi-keyword ranked search over encrypted cloud data. In: Proceedings of the 30th IEEE International Conference on Computer Communications, pp. 829–837 (2011)
Chuah, M., Hu, W.: Privacy-aware bedtree based solution for fuzzy multi-keyword search over encrypted data. In: Proceedings of the 31st International Conference on Distributed Computing Systems Workshops, pp. 273–281 (2011)
Liu, C., Zhu, L., Wang, M., Tan, Y.: Search pattern leakage in searchable encryption: attacks and new construction. Inf. Sci. 265, 176–188 (2014)
Naveed, M., Prabhakaran, M., Gunter, C.A.: Dynamic searchable encryption via blind storage, IACR Cryptology ePrint Archive, Report 2014/219 (2014)
Bösh, C., Tang, Q., Hartel, P., Jonker, W.: Selective document retrieval from encrypted database. In: Proceedings of the 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 224–241 (2012)
Kuzu, M., Islam, M.S., Kantarcioglu, M.: Efficient similarity search over encrypted data. In: Proceedings of the IEEE 28th International Conference on Data Engineering, pp. 1156–1167 (2012)
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pp. 309–325 (2012)
Gentry, C., Halevi, S., Smart, N.P.: Fully homomorphic encryption with polylog overhead. In: Proceedings of the 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 465–482 (2012)
Mani, M., Shah, K., Gunda, M.: Enabling secure database as a service using fully homomorphic encryption: challenges and opportunities, CoRR arXiv:1302.2654 (2013)
Sen, J.: Homomorphic encryption: theory and applications, CoRR arXiv:1305.5886 (2013)
Bala, P.S., Aghila, G.: A review on semantic relationship based applications. Int. J. Found. Comput. Sci. Technol. 3(2), 9–21 (2013)
Trellian Software. Keyword and search engines statistics. http://keyworddiscovery.com/keyword-stats.html
hCrypt Project. The Scarab library: libScarab v1.0.0. http://hcrypt.com/scarab-library (2011)
Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University, USA (2009)
Cheon, J., Coron, J.-S., Kim, J., Lee, M., Lepoint, T., Tibouchi, M., Yun, A.: Batch fully homomorphic encryption over the integers. In: Proceedings of the 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 315–335 (2013)
Oracle Corp.. Virtualbox. http://www.virtualbox.org
Acknowledgments
This work has been partially funded with support from the Spanish MICINN (Project RECLAMO, Virtual and Collaborative Honeynets based on Trust Management and Autonomous Systems applied to Intrusion Management, with code TIN2011-28287-C02-02) and the European Commission (FEDER/ERDF). Thanks also to the Funding Program for Research Groups of Excellence granted by the Séneca Foundation with code 04552/GERM/06.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Huertas Celdrán, A., Dólera Tormo, G., Gómez Mármol, F. et al. Resolving privacy-preserving relationships over outsourced encrypted data storages. Int. J. Inf. Secur. 15, 195–209 (2016). https://doi.org/10.1007/s10207-015-0283-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-015-0283-z