Skip to main content
SpringerLink
Log in

Towards Multi-user Searchable Encryption Scheme with Support for SQL Queries

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Due to the tremendous benefits of cloud computing, organizations are highly motivated to store electronic records on clouds. However, outsourcing data to cloud servers separates it from physical control, resulting in data privacy disclosure. Although encryption enhances data confidentiality, it also complicates the execution of encrypted database operations. In this paper, we propose a multi-user shared searchable encryption scheme that supports multi-user selective authorization and secure access to encrypted databases. First, we apply the Diffie-Hellman protocol to a trapdoor generate algorithm to facilitate fine-grained search control without incremental conversions. Second, we utilize a private key to generate an encrypted index by bilinear mapping, which makes it impossible for an adversary to obtain trapdoor keywords by traversing the keyword space and to carry out keyword guessing attacks. Third, we use double-layered encryption to encrypt a symmetric decryption key. Only the proxies whose attributes are matched with the access control list can obtain the key of decrypted data. Through theoretical security analysis and experimental verifications, we show that our scheme can provide secure and efficacious ciphertext retrieval without the support of a secure channel.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Xu L, Yuan X, Wang C, Wang Q, Xu C (2019) Hardening database padding for searchable encryption. In: The 2019 IEEE conference on computer communications, pp 2503–2511. https://doi.org/10.1109/INFOCOM.2019.8737588

  2. Chen Y, Xie X, Wang P, Tso R (2019) Witness-based searchable encryption with optimal overhead for cloud-edge computing. Future Generation Computer System (100)715–723. https://doi.org/10.1016/j.future.2019.05.038

  3. Ronald R L, Len A, Michael D L (1978) On data banks and privacy homomorphisms. Foundations of Secure Computation (4)169–180

  4. Curtmola R, Garay JA, Kamara S, Ostrovsky R (2006) Searchable symmetric encryption improved definitions and efficient constructions

  5. Song DX, Wagner D, Perrig A (2000) Practical techniques for searches on encrypted data. In: The 21st IEEE Symp on security and privacy, pp 44–55. https://doi.org/10.1109/SECPRI.2000.848445

  6. Goh E-J (2003) Secure indexes, IACR ePrint Cryptography Archive

  7. Golle P, Staddon J, Waters BR (2004) Secure conjunctive keyword search over encrypted data. Lect Notes Comput Sci 31–45. https://doi.org/10.1007/978-3-540-24852-1-3

  8. Cao N, Wang C, Li M, Ren K, Lou W (2013) Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans Parall Distkbuted Syst. (25)222–233. https://doi.org/10.1109/TPDS.2013.45

  9. Demertzis I, Chamani J G, Papadopoulos D, Papamanthou C (2020) Dynamic searchable encryption with small client storage. In: The 27th annual network and distributed system security symposium, pp 1–18

  10. Xia Z, Wang X, Sun X, Wang Q (2016) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parall Distkbuted Syst. (27)951–963. https://doi.org/10.1109/TPDS.2015.2401003

  11. Zhang R, Xue R, Yu T, Liu L (2016) Pvsae: A public verifiable searchable encryption service framework for outsourced encrypted data. In: The 2016 IEEE international conference on web services, pp 428–435. https://doi.org/10.1109/ICWS.2016.62

  12. Patel S, Persiano G, Yeo K (2018) Symmetric searchable encryption with sharing and unsharing. In: The 23rd European symposium on research in computer security, pp 207– 227

  13. Zhang Z, Wang J, Wang Y, Su Y, Chen X (2019) Towards efficient verifiable forward secure searchable symmetric encryption. In: The 24rd European symposium on research in computer security, pp 304–321

  14. Raluca AP, Catherine MSR, Nickolai Z (2011) Cryptdb: Protecting confidentiality with encrypted query processing. In: The 23rd ACM Symposium on operating systems principles, pp 85–100

  15. Olumofin I, Goldberg I (2012) Revisiting the computational practicality of private information retrieval. In: The 16th international conference on financial cryptography and data security, pp 158–172

  16. Wong WK, Kao B, Cheung DW-L, Li R, Yiu S-M (2014) Secure query processing with data interoperability in a cloud database environment. In: The 2014 ACM SIGMOD conference, pp 1395–1406. https://doi.org/10.1145/2588555.2588572

  17. Liu G, Yang G, Wang H, Xiang Y, Dai H (2018) A novel secure scheme for supporting complex sql queries over encrypted databases in cloud computing. Secur Commun Netw. 7383514:1–7383514:15. https://doi.org/10.1155/2018/7383514

  18. Li R, Liu AX, Wang AL, Bruhadeshwar B (2016) Fast and scalable range query processing with strong privacy protection for cloud computing. IEEE/ACM Trans Netw 24:2305–2318. https://doi.org/10.1109/TNET.2015.2457493

    Article  Google Scholar 

  19. Karras P, Nikitin A, Saad M, Bhatt R, Antyukhov D, Idreos S (2016) Adaptive indexing over encrypted numeric data. In: The 2016 International conference on management of data, pp 171–183

  20. Azraoui M, Önen M., Molva R (2018) Framework for searchable encryption with sql databases. In: The 8th International conference on cloud computing and services science, pp 57–67. https://doi.org/10.5220/0006666100570067

  21. Yu Z, Gao C, Jing Z, Gupta B B, Cai Q (2018) A practical public key encryption scheme based on learning parity with noise. IEEE Access (6):31918–31923

  22. Ning J, Xu J, Liang K, Zhang F, Chang E (2019) Passive attacks against searchable encryption. IEEE Trans Inf Forens Secur 14(3):789–802

    Article  Google Scholar 

  23. Kamara S, Moataz T (2017) Boolean searchable symmetric encryption with worst-case sub-linear complexity. In: the 36th Annual international conference on the theory and applications of cryptographic techniques, pp 94–124

  24. Jiang S, Zhu X, Guo L, Liu J (2019) Publicly verifiable boolean query over outsourced encrypted data. IEEE Transa Cloud Comput 7(3):799–813

    Article  Google Scholar 

  25. Gupta MBB (2020) An efficient KP design framework of attribute-based searchable encryption for user level revocation in cloud. Concurr Comput Pract Exp 32(18):1–17

    Google Scholar 

  26. Yuan X, Yuan X, Zhang Y, Li B, Wang C (2020) Enabling encrypted boolean queries in geographically distributed databases. IEEE Trans Parall Distrib Syst 31(3):634–646

    Article  Google Scholar 

  27. Boneh D, Franklin MK (2001) Identity-based encryption from the weil pairing. In: The 21st annual international cryptology conference, pp 213–229

  28. Dua D, Graff C (2020) UCI machine learning repository. http://archive.ics.uci.edu/ml

  29. Jiang S, Zhu X, Guo L, Liu J (2019) Publicly verifiable boolean query over outsourced encrypted data. IEEE Trans Cloud Comput 7(3):799–813

    Article  Google Scholar 

  30. Wang D, Li W, Wang P (2018) Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Trans Industrial Inf 14(9):4081–4092

    Article  Google Scholar 

  31. Wang C, Wang D, Tu Y, Xu G, Wang H (2020) Understanding node capture attacks in user authentication schemes for wireless sensor networks. IEEE Trans Dependable Secure Comput. https://doi.org/10.1109/TDSC.2020.2974220

  32. Wang D, Cheng H, Wang P, Huang X, Jian G (2017) Zipf’s law in passwords. IEEE Trans Inf Forensics Sec 12(11):2776–2791

    Article  Google Scholar 

Download references

Acknowledgments

This work is supported by National Key R&D Program of China(2018YFA0704703); National Natural Science Foundation of China(61972215, 61702399, 61972073); Natural Science Foundation of TianJin(17JCZDJC30500)

Author information

Authors and Affiliations

  1. College of Cyber Science, Nankai University, Tianjin, 300350, China

    Mingyue Li & Chunfu Jia

  2. Tianjin Key Laboratory of Network and Data Security Technology, Nankai University, Tianjin, 300350, China

    Mingyue Li & Chunfu Jia

  3. School of Cyber Security and Computer, Hebei University, Baoding, 071002, China

    Ruizhong Du

Authors
  1. Mingyue Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruizhong Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chunfu Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruizhong Du.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix: Security of secret keys

Appendix: Security of secret keys

We define Game 2 according to the security of OWE IBE[27].

Game 2: The adversary A does not know the master key MSK. Besides, A can make Skeygen and DecryKey queries.

Setup. The challenger runs the Init algorithm and sends the parameters params to adversary A. It maintains the MSK itself.

Phase 1. The adversary forms the following queries.

  • On Skeygen query (S,IDi,gy,MSK). The adversary A issues private key queries for {ID1,...,IDm}. The challenger performs the corresponding algorithm to generate the attribute private key aki by the attributes of IDi. It gives the key aki to A.

  • On DecryKey query (c,IDi,y,gx). The challenger responds by performing the corresponding algorithm to generate the attribute private key aki to the IDi. It then decrypts the ciphertext c by running the algorithm DecryKey and returns the plaintext to A.

Challenge. When Phase 1 ends, the adversary outputs a ID∉{ID1,...,IDm} to challenger. The challenger opts a random K ∈{0, 1}N and encrypts it by using ID. Then the ciphertext c is returned to A.

Phase 2. The adversary issues more queries {IDm+ 1,...,IDn} adaptively with the constraint that ID∉{IDm+ 1,...,IDn}. The challenger responds as in Phase 1.

Guess. The adversary A outputs a guess \(K^{\prime }\in \{0,1\}^{N}\) and wins the game if \(K^{\prime }=K\). The advantage of A winning is defined as

$$ Adv(A) = |Pr[K = K^{\prime}]-1/2| $$

Definition 3

If polynomially adversary A wins Game 2 with a negligible advantage, then the scheme is semantically secure.

Proof

Let A be a PPT adversary with an advantage ε in Game 2. Suppose qD is the number of executing Skeygen queries and the number of executing DecryKey queries. Then there is an emulator B that has an advantage at least ε against OWE IBE in O(time(A)).

The emulator B uses the adversary A to gain advantage ε against OWE IBE. In the Init process, the emulator B returns A the parameters params, and the interactions between B and A are as follows. □

Phase 1. When adversary A issues Skeygen query (S,IDi,gy,MSK), emulator B gets the attribute private key aki corresponding to the attribute public key by runs the algorithm Skeygen. Then B sends it to adversary A.

When adversary A issues DecryKey query (c,IDi,y,gx), the emulator B decrypts the encrypted 𝜗 of c. Then B uses 𝜗 and the attribute private key aki to decrypt the remaining data. Finally, B sends the results to adversary A.

Challenge. When the adversary A decides that Phase 1 ends, it opts an identity \(ID^{\prime }\) to challenge. Note that \(ID^{\prime }\) did not appear in any query of Phase1.

After receiving the \(ID^{\prime }\), emulator B chooses a random K ∈{0, 1}N and uses \(ID^{\prime }\) to encrypt K. Then B encrypts the 𝜗 of \(c^{\prime }\) and returns it to adversary A.

Phase 2. The adversary A forms more queries as follows.

  • Skeygen query (\(ID^{*}\neq \{ID ,ID^{\prime }\}\)). the emulator B responds as in Phase1.

  • DecryKey query (\(ID^{*}\neq \{ID,ID^{\prime }\}\) and \(c^{*}\neq \{c,c^{\prime }\)}). The emulator B responds as in Phase1. These queries might be responsed adaptively as in Phase1.

Guess. Adversary A outputs a guess \(K^{\prime }\) and wins the game if \(K^{\prime } = K\). The advantage of A against our scheme is the same as that of B against OWE IBE. The probability for B against OWE IBE is \(\varepsilon ^{\prime }=\varepsilon /q_{D} n<1/2q_{D}n\). Therefore, the probability that our encryption scheme is secure is at least (1 − 1/2qDn) in Game 2.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, M., Du, R. & Jia, C. Towards Multi-user Searchable Encryption Scheme with Support for SQL Queries. Mobile Netw Appl 27, 417–430 (2022). https://doi.org/10.1007/s11036-021-01836-z

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-021-01836-z

Keywords

Search

Navigation