Restricted Queries over an Encrypted Index with Applications to Regulatory Compliance

  • Nikita Borisov
  • Soumyadeb Mitra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5037)


Compliance storage is an increasingly important area for businesses faced with a myriad of new document retention regulations. Today, businesses have turned to Write-One Read Many (WORM) storage technology to achieve compliance. But WORM answers only a part of the compliance puzzle; in addition to guaranteed document retention, businesses also need secure indexing, to ensure auditors can find required documents in a large database, secure deletion to expire documents (and their index entries) from storage once they are past their expiry period, and support for litigation holds, which require that certain documents are retained pending the resolution of active litigation.

We build upon previous work in compliance storage and attribute-based encryption to design a system that satisfies all three of these requirements. In particular, we design a new encrypted index, which allows the owner of a database of documents to grant access to only those documents that match a particular query. This enables litigation holds for expired documents, and at the same time restricts auditor access for unexpired documents, greatly limiting the potential for auditor abuse as compared to previous work. We show by way of formal security proofs that our construction is secure and that it prevents reconstruction attacks wherein the index is used to recover the contents of the document. Our experiments show that our scheme can be practical for large databases and moderate sizes of queries.


Access Structure Inverted Index Keyword Query Conjunctive Query Disposition Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    The Enterprise Storage Group, Inc.: Compliance: The effect on information management and the storage industry (2003),
  2. 2.
    Securities and Exchange Commission: Guidance to broker-dealers on the use of electronic storage media under the national commerce act of 2000 with respect to rule 17a-4(f) (2001),
  3. 3.
    Congress of the United States of America: Sarbanes–Oxley act (2002),
  4. 4.
    EMC Corpopration: EMC Centera content addressed storage system (2003),
  5. 5.
    IBM Corporation: IBM TotalStorage DR550 (2006),
  6. 6.
    Network Appliance, Inc.: SnaplockTM compliance and SnapLock enterprise software (2003),
  7. 7.
    Mitra, S., Hsu, W.W., Winslett, M.: Trustworthy keyword search for regulatory-compliant records retention. In: Dayal, U., Whang, K.Y., Lomet, D., Alonso, G., Lohman, G., Kersten, M., Cha, S.K., Kim, Y.K. (eds.) Conference on Very Large Data Bases, VLDB Endowment, September 2006, pp. 1001–1015 (2006)Google Scholar
  8. 8.
    Cohen, W.W.: Enron email dataset (2005),
  9. 9.
    Witten, I.H., Moffat, A., Bell, T.C.: Managing Gigabytes: Compressing and Indexing Documents and Images. Morgan Kaufmann, San Francisco (1999)Google Scholar
  10. 10.
    Zhu, Q., Hsu, W.W.: Fossilized index: the linchpin of trustworthy non-alterable electronic records. In: ACM SIGMOD International Conference on Management of Data, pp. 395–406. ACM, New York (2005)CrossRefGoogle Scholar
  11. 11.
    Mitra, S., Winslett, M., Borisov, N.: Deleting index entries from compliance storage. In: Kemper, A. (ed.) Conference on Extending Database Technology (March 2008)Google Scholar
  12. 12.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Wright, R., di Vimercati, S.D.C. (eds.) ACM Conference on Computer and Communications Security, October 2006, pp. 89–98. ACM, New York (2006)Google Scholar
  13. 13.
    Frey, G., Rück, H.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation 62(206), 865–874 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639–1646 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Miyaji, A., Nakabayashi, M., Takano, S.: New Explicit Conditions of Elliptic Curve Traces for FR-Reduction. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 84(5), 1234–1243 (2001)Google Scholar
  16. 16.
    Ballard, L., Green, M., de Medeiros, B., Monrose, F.: Correlation-resistant storage via keyword-searchable encryption. Cryptology ePrint Archive, Report 2005/417 (2005),
  17. 17.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. Journal of Cryptology 17(4) (2004)Google Scholar
  18. 18.
    Bellare, M., Canetti, R., Krawczyk, H.: Message authentication using hash functions: the HMAC construction. CryptoBytes 2(1), 12–15 (1996)Google Scholar
  19. 19.
    Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, pp. 44–55 (2000)Google Scholar
  20. 20.
    Goh, E.J.: Secure indexes. Cryptology ePrint Archive, Report 2003/216 (2003),
  21. 21.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Waters, B., Balfanz, D., Durfee, G., Smetters, D.: Building an encrypted and searchable audit log. In: Network and Distributed System Security Symposium (2004)Google Scholar
  23. 23.
    Golle, P., Staddon, J., Waters, B.: Secure Conjunctive Keyword Search over Encrypted Data. In: International Conference on Applied Cryptography and Network Security (June 2004)Google Scholar
  24. 24.
    Ballard, L., Kamara, S., Monrose, F.: Achieving Efficient Conjunctive Keyword Searches over Encrypted Data. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 414–426. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Park, D., Kim, K., Lee, P.: Public key encryption with conjunctive field keyword search. In: WISA, pp. 73–86 (2004)Google Scholar
  26. 26.
    Byun, J., Lee, D., Lim, J.: Efficient Conjunctive Keyword Search on Encrypted Data Storage System. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 184–196. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  27. 27.
    Hwang, Y., Lee, P.: Public key encryption with conjunctive keyword search and its extension to a multi-user system. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Ostrovsky, R., Waters, B.: Attribute-based encryption with non-monotonic access structures. [34] 195–203Google Scholar
  29. 29.
    Chase, M.: Multi-authority attribute-based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy (2007)Google Scholar
  31. 31.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)Google Scholar
  32. 32.
    Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. [34], 456–465Google Scholar
  33. 33.
    Kapadia, A., Tsang, P., Smith, S.: Attribute-based publishing with hidden credentials and hidden policies. In: Arbaugh, W., Cowan, C. (eds.) Network and Distributed System Security Symposium (March 2007)Google Scholar
  34. 34.
    Syverson, P., Wright, R.: The 14th ACM Conference on Computer and Communications Security. ACM, New York (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Nikita Borisov
    • 1
  • Soumyadeb Mitra
    • 2
  1. 1.Department of Electric and Computer EngineeringUniversity of Illinois at Urbana–Champaign  
  2. 2.Data Domain 

Personalised recommendations