Advertisement

Fast Two-Server Multi-User Searchable Encryption with Strict Access Pattern Leakage

  • Cédric Van RompayEmail author
  • Refik Molva
  • Melek Önen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11149)

Abstract

A recent paper showed that most Multi-User Searchable Encryption protocols do not provide any privacy without the assumption that all users can be trusted, an assumption too strong to be realistic for a MUSE system. As to the few MUSE protocols that are not affected, they all suffer from some scalability issues. We present the first MUSE protocol that does protect against user-server collusions, and yet scales very well. The protocol is also very simple. We prove that the leakage of the protocol is limited to the access pattern of queries and we report on performance measurements from a proof-of-concept implementation.

Keywords

Multi-user searchable encryption Diffie-Hellman Access pattern 

Notes

Acknowledgements

This work was supported by the EU FP7 ERANET program under grant CHIST-ERA-2016 UPRISE-IOT.

Supplementary material

References

  1. 1.
    Asghar, M.R., Russello, G., Crispo, B., Ion, M.: Supporting complex queries and access policies for multi-user encrypted databases. In: CCSW 2013, Proceedings of the 2013 ACM Cloud Computing Security Workshop, Co-located with CCS 2013, Berlin, Germany, 4 November 2013, pp. 77–88 (2013).  https://doi.org/10.1145/2517488.2517492
  2. 2.
    Bao, F., Deng, R.H., Ding, X., Yang, Y.: Private query on encrypted data in multi-user settings. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 71–85. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-79104-1_6CrossRefGoogle Scholar
  3. 3.
    Bsch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. 47(2), 1–51 (2014).  https://doi.org/10.1145/2636328CrossRefGoogle Scholar
  4. 4.
    Cash, D., et al.: Dynamic searchable encryption in very large databases: data structures and implementation. In: Proceedings of NDSS, vol. 14 (2014)Google Scholar
  5. 5.
    Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998).  https://doi.org/10.1145/293347.293350MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, 30 October–3 November 2006, pp. 79–88 (2006).  https://doi.org/10.1145/1180405.1180417
  7. 7.
    Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for Boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_20CrossRefGoogle Scholar
  8. 8.
    Dong, C., Russello, G., Dulay, N.: Shared and searchable encrypted data for untrusted servers. In: Atluri, V. (ed.) DBSec 2008. LNCS, vol. 5094, pp. 127–143. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-70567-3_10CrossRefGoogle Scholar
  9. 9.
    Faber, S., Jarecki, S., Krawczyk, H., Nguyen, Q., Rosu, M., Steiner, M.: Rich queries on encrypted data: beyond exact matches. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 123–145. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-24177-7_7CrossRefGoogle Scholar
  10. 10.
    Fuller, B., et al.: SoK: cryptographically protected database search. In: 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, 22–26 May 2017, pp. 172–191 (2017).  https://doi.org/10.1109/SP.2017.10
  11. 11.
    Grubbs, P., McPherson, R., Naveed, M., Ristenpart, T., Shmatikov, V.: Breaking web applications built on top of encrypted data. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1353–1364 (2016).  https://doi.org/10.1145/2976749.2978351
  12. 12.
    Hamlin, A., Shelat, A., Weiss, M., Wichs, D.: Multi-Key Searchable Encryption, Revisited (2018). https://eprint.iacr.org/2018/018. Cryptology ePrint Archive, Report 2018/018
  13. 13.
    Huberman, B.A., Franklin, M.K., Hogg, T.: Enhancing privacy and trust in electronic communities. In: EC, pp. 78–86 (1999).  https://doi.org/10.1145/336992.337012
  14. 14.
    Hwang, Y.H., Lee, P.J.: Public key encryption with conjunctive keyword search and its extension to a multi-user system. In: Takagi, T., Okamoto, E., Okamoto, T., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 2–22. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73489-5_2CrossRefGoogle Scholar
  15. 15.
    Kiayias, A., Oksuz, O., Russell, A., Tang, Q., Wang, B.: Efficient encrypted keyword search for multi-user data sharing. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part I. LNCS, vol. 9878, pp. 173–195. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45744-4_9CrossRefGoogle Scholar
  16. 16.
    Kiss, Á., Liu, J., Schneider, T., Asokan, N., Pinkas, B.: Private set intersection for unequal set sizes with mobile applications. PoPETs 2017(4), 177–197 (2017).  https://doi.org/10.1515/popets-2017-0044CrossRefGoogle Scholar
  17. 17.
    Lindell, Y.: How to simulate it - a tutorial on the simulation proof technique. In: Tutorials on the Foundations of Cryptography, pp. 277–346 (2017)CrossRefGoogle Scholar
  18. 18.
    Popa, R.A., Zeldovich, N.: Multi-Key Searchable Encryption. IACR Cryptology ePrint Archive 2013, 508 (2013). http://eprint.iacr.org/2013/508
  19. 19.
    Popa, R.A., Stark, E., Valdez, S., Helfer, J., Zeldovich, N., Balakrishnan, H.: Building web applications on top of encrypted data using Mylar. In: Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2014, Seattle, WA, USA, 2–4 April 2014, pp. 157–172 (2014). https://www.usenix.org/conference/nsdi14/technical-sessions/presentation/popa
  20. 20.
    Van Rompay, C., Molva, R., Önen, M.: Secure and scalable multi-user searchable encryption. IACR Cryptology ePrint Archive 2018, 90 (2018). http://eprint.iacr.org/2018/090
  21. 21.
    Van Rompay, C., Molva, R., Önen, M.: Multi-user searchable encryption in the cloud. In: Lopez, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 299–316. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-23318-5_17CrossRefGoogle Scholar
  22. 22.
    Van Rompay, C.V., Molva, R., Önen, M.: A leakage-abuse attack against multi-user searchable encryption. PoPETs 2017(3), 168 (2017).  https://doi.org/10.1515/popets-2017-0034CrossRefGoogle Scholar
  23. 23.
    Tang, Q.: Nothing is for free: security in searching shared and encrypted data. IEEE Trans. Inf. Forensics Secur. 9(11), 1943–1952 (2014).  https://doi.org/10.1109/TIFS.2014.2359389CrossRefGoogle Scholar
  24. 24.
    Yang, J., Fu, C., Shen, N., Liu, Z., Jia, C., Li, J.: General multi-key searchable encryption. In: 29th IEEE International Conference on Advanced Information Networking and Applications Workshops, AINA 2015 Workshops, Gwangju, South Korea, 24–27 March 2015, pp. 89–95 (2015).  https://doi.org/10.1109/WAINA.2015.18
  25. 25.
    Yang, J., Liu, Z., Li, J., Jia, C., Cui, B.: Multi-key searchable encryption without random oracle. In: 2014 International Conference on Intelligent Networking and Collaborative Systems, Salerno, Italy, 10–12 September 2014, pp. 79–84 (2014).  https://doi.org/10.1109/INCoS.2014.143
  26. 26.
    Yang, Y., Lu, H., Weng, J.: Multi-User Private Keyword Search for Cloud Computing, pp. 264–271. IEEE, November 2011.  https://doi.org/10.1109/CloudCom.2011.43. http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6133152

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.EURECOMBiotFrance

Personalised recommendations