research-article

Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates

Authors:

Woo-Hwan KimAuthors Info & Claims

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Pages 1449 - 1463

https://doi.org/10.1145/3133956.3133970

Published: 30 October 2017 Publication History

Abstract

The recently proposed file-injection type attacks are highlighting the importance of forward security in dynamic searchable symmetric encryption (DSSE). Forward security enables to thwart those attacks by hiding the information about the newly added files matching a previous search query. However, there are still only a few DSSE schemes that provide forward security, and they have factors that hinder efficiency. In particular, all of these schemes do not support actual data deletion, which increments both storage space and computational complexity. In this paper, we design and implement a forward secure DSSE scheme with optimal search and update complexity, for both computation and communication point of view. As a starting point, we propose a new, simple, theoretical data structure, called dual dictionary that can take advantage of both the inverted and the forward indexes at the same time. This data structure allows to delete data explicitly and in real time, which greatly improves efficiency compared to previous works. In addition, our scheme provides forward security by encrypting the newly added data with fresh keys not related with the previous search tokens. We implemented our scheme for Enron email and Wikipedia datasets and measured its performance. The comparison with Sophos shows that our scheme is very efficient in practice, for both searches and updates in dynamic environments.

Supplemental Material

MP4 File

Download
2326.74 MB

References

[1]

Gilad Asharov, Moni Naor, Gil Segev, and Ido Shahaf. 2016. Searchable symmetric encryption: Optimal locality in linear space via two-dimensional balanced allocations. In Proceedings of the Forty-eighth Annual ACM Symposium on theory of Computing (STOC '16). ACM, New York, NY, USA, 1101--1114. https://doi.org/10.1145/2897518.2897562

Digital Library

[2]

Giuseppe Attardi. 2016. Wikipedia Extractor. (2016). http://medialab.di.unipi.it/ wiki/Wikipedia Extractor

[3]

Christoph Bösch, Pieter Hartel, Willem Jonker, and Andreas Peter. 2014. A survey of provably secure searchable encryption. ACM Comput. Surv. 47, 2, Article 18 (Aug. 2014), 51 pages. https://doi.org/10.1145/2636328

Digital Library

[4]

Raphael Bost. 2016. ∑oøoç - Forward secure searchable encryption. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, New York, NY, USA, 1143--1154. https://doi.org/10.1145/2976749.2978303

Digital Library

[5]

Raphael Bost, Pierre-Alain Fouque, and David Pointcheval. 2016. Verifiable dynamic symmetric searchable encryption: Optimality and forward security. Cryptology ePrint Archive, Report 2016/062. (2016). http://eprint.iacr.org/2016/ 062

[6]

David Cash, Paul Grubbs, Jason Perry, and Thomas Ristenpart. 2015. Leakage- abuse attacks against searchable encryption. In Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security (CCS '15). ACM, New York, NY, USA, 668--679. https://doi.org/10.1145/2810103.2813700

Digital Library

[7]

David Cash, Joseph Jaeger, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel-Cătălin Roşu, and Michael Steiner. 2014. Dynamic searchable encryption in very-large databases: Data structures and implementation. In Proceedings of the 2014 Network and Distributed System Security (NDSS) Symposium (NDSS'14). Internet Society, Reston, VA, U.S.A, 23--26.

[8]

David Cash, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel-Cătă alin Roşu, and Michael Steiner. 2013. Highly-scalable searchable symmetric encryp- tion with support for boolean queries. In Advances in Cryptology -- CRYPTO 2013: 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18--22, 2013. Proceedings, Part I. Springer Berlin Heidelberg, Berlin, Heidelberg, 353--373. https://doi.org/10.1007/978-3-642-40041-4 20

[9]

David Cash and Stefano Tessaro. 2014. The locality of searchable symmetric encryption. In Advances in Cryptology -- EUROCRYPT 2014: 33rd Annual International Conference on the theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings, Phong Q. Nguyen and Elis- abeth Oswald (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 351--368. https://doi.org/10.1007/978-3-642-55220-5 20

[10]

Yan-Cheng Chang and Michael Mitzenmacher. 2005. Privacy preserving key- word searches on remote encrypted data. In Applied Cryptography and Network Security: third International Conference, ACNS 2005, New York, NY, USA, June 7--10, 2005. Proceedings, John Ioannidis, Angelos Keromytis, and Moti Yung (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 442--455. https: //doi.org/10.1007/11496137 30

[11]

Melissa Chase and Seny Kamara. 2010. Structured encryption and controlled dis- closure. In Advances in Cryptology - ASIACRYPT 2010: 16th International Confer- ence on the theory and Application of Cryptology and Information Security, Singa- pore, December 5-9, 2010. Proceedings, Masayuki Abe (Ed.). Springer Berlin Heidel- berg, Berlin, Heidelberg, 577--594. https://doi.org/10.1007/978-3-642-17373--8 33

[12]

Dwaine Clarke, Srinivas Devadas, Marten van Dijk, Blaise Gassend, and G. Edward Suh. 2003. Incremental multiset hash functions and their application to memory integrity checking. In Advances in Cryptology - ASIACRYPT 2003: 9th International Conference on the theory and Application of Cryptology and Information Security, Taipei, Taiwan, November 30 -- December 4, 2003. Proceedings, Chi-Sung Laih (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 188--207. hthps://doi.org/10.1007/978-3-540-40061-5 12

[13]

Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky. 2006. Searchable symmetric encryption: Improved definitions and efficient constructions. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06). ACM, New York, NY, USA, 79--88. https://doi.org/10.1145/ 1180405.1180417

Digital Library

[14]

Wei Dai. 2016. Crypto++ Library 5.6.5. (2016). https://www.cryptopp.com

[15]

Enron Email Dataset. 2015. (2015). https://www.cs.cmu.edu/~./enron

[16]

Samsung Electronics. 2013. Samsung Solid State Drive White Paper. (2013). http://www.samsung.com/semiconductor/minisite/ssd/product/ consumer/850pro.html

[17]

Facebook. 2016. RocksDB: A persistent key-value store for fast storage environ- ment. (2016). http://rocksdb.org

[18]

Wikimedia Foundation. 2016. Wikimedia Downloads. (2016). Retrieved February 4, 2016 from https://dumps.wikimedia.org

[19]

Sanjam Garg, Payman Mohassel, and Charalampos Papamanthou. 2016. TWORAM: Efficient oblivious RAM in two rounds with applications to searchable encryption. In Advances in Cryptology -- CRYPTO 2016: 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14--18, 2016, Proceedings, Part III, Matthew Robshaw and Jonathan Katz (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 563--592. https://doi.org/10.1007/978-3-662-53015-3 20

[20]

Shafi Goldwasser and Mihir Bellare. 2008. Lecture Notes on Cryptography. https://cseweb.ucsd.edu/~mihir/papers/gb.html

[21]

Florian Hahn and Florian Kerschbaum. 2014. Searchable encryption with secure and efficient updates. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, New York, NY, USA, 310--320. https://doi.org/10.1145/2660267.2660297

Digital Library

[22]

Mohammad Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In Pro- ceedings of the 2012 Network and Distributed System Security (NDSS) Symposium . Internet Society, Reston, VA, U.S.A.

[23]

Seny Kamara and Charalampos Papamanthou. 2013. Parallel and dynamic searchable symmetric encryption. In Financial Cryptography and Data Security: 17th International Conference, FC 2013, Okinawa, Japan, April 1--5, 2013, Revised Se- lected Papers, Ahmad-Reza Sadeghi (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 258--274. https://doi.org/10.1007/978-3-642-39884-1 22

[24]

Seny Kamara, Charalampos Papamanthou, and Tom Roeder. 2012. Dynamic searchable symmetric encryption. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12). ACM, New York, NY, USA, 965--976. https://doi.org/10.1145/2382196.2382298

Digital Library

[25]

Dong-Chan Kim, Deukjo Hong, Jung-Keun Lee, Woo-Hwan Kim, and Daesung Kwon. 2015. LSH: A new fast secure hash function family. In Information Security and Cryptology - ICISC 2014: 17th International Conference, Seoul, South Korea, December 3-5, 2014, Revised Selected Papers, Jooyoung Lee and Jongsung Kim (Eds.). Springer International Publishing, Cham, 286--313. https://doi.org/10. 1007/978-3-319-15943-0 18

[26]

Muhammad Naveed. 2015. The fallacy of composition of oblivious RAM and searchable encryption. Cryptology ePrint Archive, Report 2015/668. (2015). http://eprint.iacr.org/2015/668

[27]

Muhammad Naveed, Manoj Prabhakaran, and Carl A. Gunter. 2014. Dynamic searchable encryption via blind storage. In Proceedings of the 2014 IEEE Sympo- sium on Security and Privacy (SP '14) . 639--654. https://doi.org/10.1109/SP.2014.47

Digital Library

[28]

Vasilis Pappas, Fernando Krell, Binh Vo, Vladimir Kolesnikov, Tal Malkin, Seung Geol Choi, Wesley George, Angelos Keromytis, and Steve Bellovin. 2014. Blind Seer: A scalable private DBMS. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP '14). 359--374. https://doi.org/10.1109/SP.2014.30

Digital Library

[29]

NLTK Project. 2016. Natural Language Toolkit. (2016). http://www.nltk.org

[30]

Dawn Xiaodong Song, David Wagner, and Adrian Perrig. 2000. Practical tech- niques for searches on encrypted data. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (SP '00). IEEE Computer Society, Washington, DC, USA, 44--55. http://dl.acm.org/citation.cfm?id=882494.884426

[31]

Emil Stefanov, Charalampos Papamanthou, and Elaine Shi. 2014. Practical dynamic searchable encryption with small leakage. In Proceedings of the 2014 Network and Distributed System Security (NDSS) Symposium. Internet Society, Reston, VA, U.S.A.

[32]

Attila A. Yavuz and Jorge Guajardo. 2016. Dynamic searchable symmetric en- cryption with minimal leakage and efficient updates on commodity hardware. In Selected Areas in Cryptography -- SAC 2015: 22nd International Conference, Sackville, NB, Canada, August 12--14, 2015, Revised Selected Papers, Orr Dunkel- man and Liam Keliher (Eds.). Springer International Publishing, Cham, 241--259. https://doi.org/10.1007/978-3-319-31301-6 15

Digital Library

[33]

Yupeng Zhang, Jonathan Katz, and Charalampos Papamanthou. 2016. All your queries are belong to us: the power of file-injection attacks on searchable encryp- tion. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Associa- tion, Austin, TX, 707--720. https://www.usenix.org/conference/usenixsecurity16/ technical-sessions/presentation/zhang

Cited By

Zou ZGao RLi XWang XZhang X(2025)A Dynamic Symmetric Searchable Encryption Scheme for Rapid Conjunctive QueriesAlgorithms and Architectures for Parallel Processing10.1007/978-981-96-1545-2_15(249-269)Online publication date: 13-Feb-2025
https://doi.org/10.1007/978-981-96-1545-2_15
Peng TGong BTu SNamoun AAlshmrany SWaqas MAlasmary HChen S(2024)Forward and Backward Private Searchable Encryption for Cloud-Assisted Industrial IoTSensors10.3390/s2423759724:23(7597)Online publication date: 28-Nov-2024
https://doi.org/10.3390/s24237597
Bulbul SAbduljabbar ZNajem DNyangaresi VMa JAldarwish A(2024)Fast Multi-User Searchable Encryption with Forward and Backward Private Access ControlJournal of Sensor and Actuator Networks10.3390/jsan1301001213:1(12)Online publication date: 2-Feb-2024
https://doi.org/10.3390/jsan13010012
Show More Cited By

Index Terms

Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates
1. Security and privacy
  1. Database and storage security
    1. Management and querying of encrypted data

Recommendations

Towards Efficient Verifiable Forward Secure Searchable Symmetric Encryption
Computer Security – ESORICS 2019
Abstract
Searchable Symmetric Encryption (SSE) allows a server to perform search directly over encrypted data outsourced by user. Recently, the primitive of forward secure SSE has attracted significant attention due to its favorable property for dynamic ...
Dynamic Searchable Symmetric Encryption Schemes Supporting Range Queries with Forward (and Backward) Security
Computer Security
Abstract
Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these ...
A forward-secure public-key encryption scheme
EUROCRYPT'03: Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques

Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious and realistic concern. In an effort to mitigate the damage caused by exposure of secret data (e.g., keys) stored on such ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

October 2017

2682 pages

ISBN:9781450349468

DOI:10.1145/3133956

General Chair:
Bhavani Thuraisingham
The University of Texas at Dallas, USA
,
Program Chairs:
David Evans
University of Virginia
,
Tal Malkin
Columbia University
,
Dongyan Xu
Purdue University

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '17

Sponsor:

SIGSAC

CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security

October 30 - November 3, 2017

Texas, Dallas, USA

Acceptance Rates

CCS '17 Paper Acceptance Rate 151 of 836 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

119
Total Citations
View Citations
1,044
Total Downloads

Downloads (Last 12 months)67
Downloads (Last 6 weeks)3

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zou ZGao RLi XWang XZhang X(2025)A Dynamic Symmetric Searchable Encryption Scheme for Rapid Conjunctive QueriesAlgorithms and Architectures for Parallel Processing10.1007/978-981-96-1545-2_15(249-269)Online publication date: 13-Feb-2025
https://doi.org/10.1007/978-981-96-1545-2_15
Peng TGong BTu SNamoun AAlshmrany SWaqas MAlasmary HChen S(2024)Forward and Backward Private Searchable Encryption for Cloud-Assisted Industrial IoTSensors10.3390/s2423759724:23(7597)Online publication date: 28-Nov-2024
https://doi.org/10.3390/s24237597
Bulbul SAbduljabbar ZNajem DNyangaresi VMa JAldarwish A(2024)Fast Multi-User Searchable Encryption with Forward and Backward Private Access ControlJournal of Sensor and Actuator Networks10.3390/jsan1301001213:1(12)Online publication date: 2-Feb-2024
https://doi.org/10.3390/jsan13010012
Lin WMa JLi TYe HZhang JXiao Y(2024)CrptAC: Find the Attack Chain with Multiple Encrypted System LogsElectronics10.3390/electronics1307137813:7(1378)Online publication date: 5-Apr-2024
https://doi.org/10.3390/electronics13071378
Song XZheng YBai JDong CLiu ZChang EQuek TGao DZhou JCardenas A(2024)DISCO: Dynamic Searchable Encryption with Constant StateProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637674(1724-1738)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637674
Liu QPeng YJiang HWu JWang TPeng TWang G(2024)Authorized Keyword Search on Mobile Devices in Secure Data OutsourcingIEEE Transactions on Mobile Computing10.1109/TMC.2023.328816023:5(4181-4195)Online publication date: May-2024
https://doi.org/10.1109/TMC.2023.3288160
Wang RZhou JCao ZDong XRaymond Choo K(2024)Updatable Private Set Intersection With Forward PrivacyIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.346147519(8573-8586)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3461475
Jiang JWang D(2024)QPASE: Quantum-Resistant Password-Authenticated Searchable Encryption for Cloud StorageIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.337280419(4231-4246)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3372804
Dou YChan H(2024)Leakage-Suppressed Encrypted Keyword Queries Over Multiple Cloud ServersIEEE Transactions on Cloud Computing10.1109/TCC.2023.333322312:1(26-39)Online publication date: Jan-2024
https://doi.org/10.1109/TCC.2023.3333223
Ge YGao YNing JMa JChen X(2024)Verifiable Multilevel Dynamic Searchable Encryption With Forward and Backward Privacy in Cloud-Assisted IoTIEEE Internet of Things Journal10.1109/JIOT.2024.345727011:24(40861-40874)Online publication date: 15-Dec-2024
https://doi.org/10.1109/JIOT.2024.3457270
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten