Advertisement

The VLDB Journal

, Volume 28, Issue 1, pp 25–46 | Cite as

VBTree: forward secure conjunctive queries over encrypted data for cloud computing

  • Zhiqiang WuEmail author
  • Kenli Li
Regular Paper
  • 240 Downloads

Abstract

This paper concerns the fundamental problem of processing conjunctive keyword queries over an outsourced data table on untrusted public clouds in a privacy-preserving manner. The data table can be properly implemented with tree-based searchable symmetric encryption schemes, such as the known Keyword Red–Black tree and the Indistinguishable Bloom-filter Tree in ICDE’17. However, as for these trees, there still exist many limitations to support sub-linear time updates. One of the reasons is that their tree branches are directly exposed to the cloud. To achieve efficient conjunctive queries while supporting dynamic updates, we introduce a novel tree data structure called virtual binary tree (VBTree). Our key design is to organize indexing elements into the VBTree in a top-down fashion, without storing any tree branches and tree nodes. The tree only exists in a logical view, and all of the elements are actually stored in a hash table. To achieve forward privacy, which is discussed by Bost in CCS’16, we also propose a storage mechanism called version control repository (VCR), to record and control versions of keywords and queries. VCR has a smaller client-side storage compared to other forward-private schemes. With our proposed approach, data elements can be quickly searched while the index can be privately updated. The security of the VBTree is formally proved under the IND-CKA2 model. We test our scheme on a real e-mail dataset and a user location dataset. The testing results demonstrate its high efficiency and scalability in both searching and updating processes.

Keywords

Privacy preserving Cloud computing Searchable symmetric encryption 

References

  1. 1.
    Amazon: “Amazon Web services” (2017). http://aws.amazon.com
  2. 2.
    Microsoft: “Microsoft Azure” (2017). http://www.microsoft.com/azure
  3. 3.
    Google: “Google App Engine” (2017). http://code.google.com/appengine
  4. 4.
    Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: 25th USENIX Security Symposium (USENIX), pp. 707–720. USENIX Association (2016)Google Scholar
  5. 5.
    Curtmola, R., Garay, J., Kamara, S., et al.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), vol. 95, No. 5, pp. 79–88. ACM (2006)Google Scholar
  6. 6.
    Kamara, S., Papamanthou, C.: Parallel and dynamic searchable symmetric encryption. In: Sadeghi, A.R. (ed.) Financial Cryptography and Data Security FC 2013. Lecture Notes in Computer Science, vol. 7859, pp. 258–274. Springer, Berlin, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Bost, R.: \(\Sigma o\varphi o\varsigma \): forward secure searchable encryption. In: ACM Sigsac Conference on Computer and Communications Security (CCS), pp. 1143–1154. ACM (2016)Google Scholar
  8. 8.
    Liu, Z., Lv, S., et al.: FFSSE: flexible forward secure searchable encryption with efficient performance. ACR Cryptology ePrint Archive (2017)Google Scholar
  9. 9.
    Li, R., Liu, A.X.: Adaptively secure conjunctive query processing over encrypted data for cloud computing. In: International Conference on Data Engineering (ICDE), pp. 697–708. IEEE (2017)Google Scholar
  10. 10.
    Goh, E.J.: Secure indexes. IACR Cryptology ePrint Archive (2003)Google Scholar
  11. 11.
    Li, R., Liu, A.X., Wang, A.L., et al.: Fast range query processing with strong privacy protection for cloud computing. In: International Conference on Very Large Data Bases (VLDB), pp. 1953–1964 (2014)Google Scholar
  12. 12.
    Naveed, M., Prabhakaran, M., Gunter, C.A.: Dynamic searchable encryption via blind storage. In: Security and Privacy (S&P), pp. 639–654 (2014)Google Scholar
  13. 13.
    Li, R., Liu, A.X., Wang, A.L., et al.: Fast and scalable range query processing with strong privacy protection for cloud computing. In: Transactions on Networking (TON), pp. 2305–2318 (2016)Google Scholar
  14. 14.
    Xia, Z., Wang, X., Sun, X., Wang, Q.: A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. Trans. Parallel Distrib. Syst. (TPDS) 27(2), 340–352 (2016)CrossRefGoogle Scholar
  15. 15.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy (S&P), pp. 44–55 (2000)Google Scholar
  16. 16.
    Chang, Y.C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Applied Cryptography and Network Security (ACNS), pp. 442–455. Springer, Berlin (2005)Google Scholar
  17. 17.
    Bezawada, B., Liu, A.X., Jayaraman, B., et al.: Privacy preserving string matching for cloud computing. In: IEEE International Conference on Distributed Computing Systems (ICDCS), pp. 609–618 (2015)Google Scholar
  18. 18.
    Chase, M., Kamara, S.: Structured encryption and controlled disclosure. In: Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT), pp. 577–594. Springer, New York (2010)Google Scholar
  19. 19.
    Kurosawa, K., Ohtaki, Y.: UC-secure searchable symmetric encryption. In: Financial Cryptography and Data Security (FC), pp. 285–298. Springer, New York (2012)Google Scholar
  20. 20.
    Liesdonk, P.V., Sedghi, S., Doumen, J., Hartel, P., Jonker, W.: Computationally efficient searchable symmetric encryption. In: VLDB Conference on Secure Data Management (SDM), pp. 87–100. Springer, New York (2010)Google Scholar
  21. 21.
    Cash, D., Jarecki, S., Jutla, C., et al.: Highly-scalable searchable symmetric encryption with support for Boolean queries. In: International Cryptology Conference (CRYPTO), pp. 353–373. Springer, New York (2013)Google Scholar
  22. 22.
    Pappas, V., Krell, F., Vo, B., et al.: Blind seer: a scalable private DBMS. In: Security and Privacy (S&P), pp. 359–374 (2014)Google Scholar
  23. 23.
    Ishai, Y., Kushilevitz, E., Lu, S., et al.: Private large-scale databases with distributed searchable symmetric encryption. In: Cryptographers ’Track at the RSA Conference, pp. 90–107. Springer, New York (2016)Google Scholar
  24. 24.
    Kamara, S., Moataz, T.: SQL on structurally-encrypted databases. IACR Cryptology ePrint Archive (2016)Google Scholar
  25. 25.
    Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS), pp. 965–976. ACM (2012)Google Scholar
  26. 26.
    Cash, D., Jaeger, J., Jarecki, S., et al.: Dynamic searchable encryption in very-large databases: data structures and implementation. In: Network and Distributed System Security (NDSS), pp. 23–26. ISOC (2014)Google Scholar
  27. 27.
    Kamara, S., Moataz, T.: Boolean searchable symmetric encryption with worst-case sub-linear complexity. In: European Cryptology Conference (EUROCRYPT). Springer, New York (2017)Google Scholar
  28. 28.
    Wang, B., Yu, S., Lou, W., et al.: Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud. In: INFOCOM, pp. 2112–2120 (2014)Google Scholar
  29. 29.
    Fu, Z., Wu, X., Guan, C., et al.: Toward efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. In: Transactions on Information Forensics and Security (TIFS), pp. 2706–2716Google Scholar
  30. 30.
    Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable encryption with small leakage. In: Network and Distributed System Security (NDSS), pp. 23–26. ISOC (2014)Google Scholar
  31. 31.
    Garg, S., Mohassel, P., Papamanthou, C.: TWORAM: round-optimal oblivious RAM with applications to searchable encryption. IACR Cryptology ePrint Archive (2015)Google Scholar
  32. 32.
    Bost, R., Fouque, P.A., Pointcheval, D.: Verifiable dynamic symmetric searchable encryption: optimality and forward security. IACR Cryptology ePrint Archive (2016)Google Scholar
  33. 33.
    Chang, Z., Xie, D., Li, F.: Oblivious RAM: a dissection and experimental evaluation. In: International Conference on Very Large Data Bases (VLDB), pp. 1113–1124 (2016)Google Scholar
  34. 34.
    Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: Network and Distributed System Security (NDSS). ISOC (2012)Google Scholar
  35. 35.
    Popa, R.A., Redfield, C., Zeldovich, N., et al.: CryptDB: protecting confidentiality with encrypted query processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP), pp. 85–100. ACM (2011)Google Scholar
  36. 36.
    Mavroforakis, C., Chenette, N., O’Neill, A., et al.: Modular order-preserving encryption, Revisited. ACM International Conference on Management of Data (SIGMOD), pp. 763–777. ACM (2015)Google Scholar
  37. 37.
    Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property-preserving encrypted databases. In: ACM Sigsac Conference on Computer and Communications Security (CCS), pp. 644–655. ACM (2015)Google Scholar
  38. 38.
    Yao, A.C.: Protocols for secure computations. In: Foundations of Computer Science (SFCS), pp. 160–164 (1982)Google Scholar
  39. 39.
    Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS), pp. 257–266. ACM (2008)Google Scholar
  40. 40.
    Dijk, M.V., Gentry, C., Halevi, S., et al.: Fully homomorphic encryption over the integers. In: Advances in Cryptology – EUROCRYPT, pp. 24–43. Springer, Berlin, Heidelberg (2010)Google Scholar
  41. 41.
    Enron email dataset (2015). http://www.cs.cmu.edu/~enron/
  42. 42.
    Cho, E., Myers, S.A., Leskovec, J.: Friendship and mobility: user movement in location-based social networks. In: Proceedings of the 17th International Conference on Knowledge Discovery and Data mining (SIGKDD), pp. 1082–1090. ACM (2011)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.College of Information Science and Engineering, National Supercomputing Center in ChangshaHunan UniversityHunanChina

Personalised recommendations