Skip to main content
SpringerLink
Log in
Book cover

Australasian Conference on Information Security and Privacy

ACISP 2017: Information Security and Privacy pp 266–281Cite as

Secure and Practical Searchable Encryption: A Position Paper

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10342))

Abstract

Searchable Encryption (SE) makes it possible for users to outsource an encrypted database and search operations to cloud service providers without leaking the content of data or queries to them. A number of SE schemes have been proposed in the literature; however, most of them leak a significant amount of information that could lead to inference attacks. To minimise information leakage, there are a number of solutions, such as Oblivious Random Access Memory (ORAM) and Private Information Retrieval (PIR). Unfortunately, existing solutions are prohibitively costly and impractical. A practical scheme should support not only a lightweight user client but also a flexible key management mechanism for multi-user access.

In this position paper, we briefly analyse several leakage-based attacks, and identify a set of requirements for a searchable encryption system for cloud database storage to be secure against these attacks while ensuring usability of the system. We also discuss several possible solutions to fulfil the identified requirements.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Rightscale 2016 state of the cloud report. https://www.rightscale.com/lp/state-of-the-cloud. Last Accessed 3 July 2016

  2. Asghar, M.R., Russello, G., Crispo, B., Ion, M.: Supporting complex queries and access policies for multi-user encrypted databases. In: Juels, A., Parno, B. (eds.) CCSW 2013, pp. 77–88. ACM (2013)

    Google Scholar 

  3. Bao, F., Deng, R.H., Ding, X., Yang, Y.: Private query on encrypted data in multi-user settings. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 71–85. Springer, Heidelberg (2008). doi:10.1007/978-3-540-79104-1_6

    Chapter  Google Scholar 

  4. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: S&P 2007, pp. 321–334. IEEE Computer Society (2007)

    Google Scholar 

  5. Bost, R.: \(\sum \)o\(\varphi \)o\(\varsigma \): Forward secure searchable encryption. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) SIGSAC 2016, pp. 1143–1154. ACM (2016)

    Google Scholar 

  6. Bost, R., Fouque, P., Pointcheval, D.: Verifiable dynamic symmetric searchable encryption: optimality and forward security. IACR Cryptology ePrint Archive 2016, 62 (2016)

    Google Scholar 

  7. Cao, N., Wang, C., Li, M., Ren, K., Lou, W.: Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25(1), 222–233 (2014)

    Article  Google Scholar 

  8. Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: Ray, I., Li, N., Kruegel, C. (eds.) SIGSAC 2015, pp. 668–679. ACM (2015)

    Google Scholar 

  9. Cash, D., Jaeger, J., Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M., Steiner, M.: Dynamic searchable encryption in very-large databases: data structures and implementation. In: NDSS 2014. The Internet Society (2014)

    Google Scholar 

  10. Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 442–455. Springer, Heidelberg (2005). doi:10.1007/11496137_30

    Chapter  Google Scholar 

  11. Cheng, R., Yan, J., Guan, C., Zhang, F., Ren, K.: Verifiable searchable symmetric encryption from indistinguishability obfuscation. In: Bao, F., Miller, S., Zhou, J., Ahn, G. (eds.) ASIA CCS 2015, pp. 621–626. ACM (2015)

    Google Scholar 

  12. Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  13. Crescenzo, G., Cook, D., McIntosh, A., Panagos, E.: Practical private information retrieval from a time-varying, multi-attribute, and multiple-occurrence database. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 339–355. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43936-4_22

    Google Scholar 

  14. Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) CCS 2006, pp. 79–88. ACM (2006)

    Google Scholar 

  15. Dautrich, J., Ravishankar, C.V.: Combining ORAM with PIR to minimize bandwidth costs. In: Park, J., Squicciarini, A.C. (eds.) CODASPY 2015, pp. 289–296. ACM (2015)

    Google Scholar 

  16. Devadas, S., Dijk, M., Fletcher, C.W., Ren, L., Shi, E., Wichs, D.: Onion ORAM: a constant bandwidth blowup oblivious RAM. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 145–174. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49099-0_6

    Chapter  Google Scholar 

  17. Dong, C., Russello, G., Dulay, N.: Shared and searchable encrypted data for untrusted servers. In: Atluri, V. (ed.) DBSec 2008. LNCS, vol. 5094, pp. 127–143. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70567-3_10

    Chapter  Google Scholar 

  18. Ferretti, L., Pierazzi, F., Colajanni, M., Marchetti, M.: Scalable architecture for multi-user encrypted SQL operations on cloud database services. IEEE Trans. Cloud Comput. 2(4), 448–458 (2014)

    Article  Google Scholar 

  19. Garg, S., Mohassel, P., Papamanthou, C.: TWORAM: efficient oblivious RAM in two rounds with applications to searchable encryption. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 563–592. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53015-3_20

    Chapter  Google Scholar 

  20. Goh, E.: Secure indexes. IACR Cryptology ePrint Archive 2003, 216 (2003)

    Google Scholar 

  21. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  22. Hahn, F., Kerschbaum, F.: Searchable encryption with secure and efficient updates. In: Ahn, G., Yung, M., Li, N. (eds.) SIGSAC 2014, pp. 310–320. ACM (2014)

    Google Scholar 

  23. Hang, I., Kerschbaum, F., Damiani, E.: ENKI: access control for encrypted query processing. In: Sellis, T.K., Davidson, S.B., Ives, Z.G. (eds.) SIGMOD 2015, pp. 183–196. ACM (2015)

    Google Scholar 

  24. Hoang, T., Yavuz, A.A., Guajardo, J.: Practical and secure dynamic searchable encryption via oblivious access on distributed data structure. In: Schwab, S., Robertson, W.K., Balzarotti, D. (eds.) ACSAC 2016. pp. 302–313. ACM (2016)

    Google Scholar 

  25. Hwang, Y.H., Lee, P.J.: Public key encryption with conjunctive keyword search and its extension to a multi-user system. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 2–22. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73489-5_2

    Chapter  Google Scholar 

  26. Ishai, Y., Kushilevitz, E., Lu, S., Ostrovsky, R.: Private large-scale databases with distributed searchable symmetric encryption. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 90–107. Springer, Cham (2016). doi:10.1007/978-3-319-29485-8_6

    Chapter  Google Scholar 

  27. Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: NDSS 2012. The Internet Society (2012)

    Google Scholar 

  28. Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M., Steiner, M.: Outsourced symmetric private information retrieval. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) SIGSAC 2013, pp. 875–888. ACM (2013)

    Google Scholar 

  29. Kamara, S., Papamanthou, C.: Parallel and dynamic searchable symmetric encryption. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 258–274. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39884-1_22

    Chapter  Google Scholar 

  30. Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) CCS 2012, pp. 965–976. ACM (2012)

    Google Scholar 

  31. Kiayias, A., Oksuz, O., Russell, A., Tang, Q., Wang, B.: Efficient encrypted keyword search for multi-user data sharing. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 173–195. Springer, Cham (2016). doi:10.1007/978-3-319-45744-4_9

    Chapter  Google Scholar 

  32. Liu, C., Zhu, L., Wang, M., Tan, Y.: Search pattern leakage in searchable encryption: attacks and new construction. Inf. Sci. 265, 176–188 (2014)

    Article  Google Scholar 

  33. Naveed, M.: The fallacy of composition of oblivious RAM and searchable encryption. IACR Cryptology ePrint Archive 2015, 668 (2015)

    Google Scholar 

  34. Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property-preserving encrypted databases. In: Ray, I., Li, N., Kruegel, C. (eds.) SIGSAC 2015, pp. 644–655. ACM (2015)

    Google Scholar 

  35. Naveed, M., Prabhakaran, M., Gunter, C.A.: Dynamic searchable encryption via blind storage. In: SP 2014, pp. 639–654. IEEE Computer Society (2014)

    Google Scholar 

  36. Ostrovsky, R.: Efficient computation on oblivious RAMs. In: Ortiz, H. (ed.) STOC 1990, pp. 514–523. ACM (1990)

    Google Scholar 

  37. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). doi:10.1007/3-540-48910-X_16

    Google Scholar 

  38. Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted query processing. In: Wobber, T., Druschel, P. (eds.) SOSP 2011, pp. 85–100. ACM (2011)

    Google Scholar 

  39. Popa, R.A., Zeldovich, N.: Multi-key searchable encryption. IACR Cryptology ePrint Archive 2013, 508 (2013)

    Google Scholar 

  40. Ren, L., Fletcher, C.W., Kwon, A., Stefanov, E., Shi, E., van Dijk, M., Devadas, S.: Constants count: practical improvements to oblivious RAM. In: Jung, J., Holz, T. (eds.) USENIX Security 2015, pp. 415–430. USENIX Association (2015)

    Google Scholar 

  41. Rizomiliotis, P., Gritzalis, S.: ORAM based forward privacy preserving dynamic searchable symmetric encryption schemes. In: Ray, I., Wang, X., Ren, K., Kerschbaum, F., Nita-Rotaru, C. (eds.) CCSW 2015, pp. 65–76. ACM (2015)

    Google Scholar 

  42. Rompay, C., Molva, R., Önen, M.: Multi-user Searchable Encryption in the Cloud. In: Lopez, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 299–316. Springer, Cham (2015). doi:10.1007/978-3-319-23318-5_17

    Chapter  Google Scholar 

  43. Samanthula, B.K., Jiang, W., Bertino, E.: Privacy-preserving complex query evaluation over semantically secure encrypted data. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 400–418. Springer, Cham (2014). doi:10.1007/978-3-319-11203-9_23

    Google Scholar 

  44. Sarfraz, M.I., Nabeel, M., Cao, J., Bertino, E.: Dbmask: Fine-grained access control on encrypted relational databases. In: Park, J., Squicciarini, A.C. (eds.) CODASPY 2015, pp. 1–11. ACM (2015)

    Google Scholar 

  45. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: S&P 2000, pp. 44–55. IEEE Computer Society (2000)

    Google Scholar 

  46. Stefanov, E., van Dijk, M., Shi, E., Fletcher, C.W., Ren, L., Yu, X., Devadas, S.: Path ORAM: an extremely simple oblivious RAM protocol. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) SIGSAC 2013, pp. 299–310. ACM (2013)

    Google Scholar 

  47. Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable encryption with small leakage. In: NDSS 2013, vol. 71, pp. 72–75 (2014)

    Google Scholar 

  48. Stefanov, E., Shi, E.: Multi-cloud oblivious storage. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) SIGSAC 2013, pp. 247–258. ACM (2013)

    Google Scholar 

  49. Sun, W., Liu, X., Lou, W., Hou, Y.T., Li, H.: Catch you if you lie to me: efficient verifiable conjunctive keyword search over large dynamic encrypted cloud data. In: INFOCOM 2015, pp. 2110–2118. IEEE (2015)

    Google Scholar 

  50. Sun, W., Yu, S., Lou, W., Hou, Y.T., Li, H.: Protecting your right: attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud. In: INFOCOM 2014, pp. 226–234. IEEE (2014)

    Google Scholar 

  51. Tang, Q.: Nothing is for free: security in searching shared and encrypted data. IEEE Trans. Inf. Forensics Secur. 9(11), 1943–1952 (2014)

    Article  Google Scholar 

  52. Wang, B., Song, W., Lou, W., Hou, Y.T.: Inverted index based multi-keyword public-key searchable encryption with strong privacy guarantee. In: INFOCOM 2015, pp. 2092–2100. IEEE (2015)

    Google Scholar 

  53. Wang, B., Yu, S., Lou, W., Hou, Y.T.: Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud. In: INFOCOM 2014, pp. 2112–2120. IEEE (2014)

    Google Scholar 

  54. Wang, B., Hou, Y., Li, M., Wang, H., Li, H.: Maple: scalable multi-dimensional range search over encrypted cloud data with tree-based index. In: Moriai, S., Jaeger, T., Sakurai, K. (eds.) ASIA CCS 2014, pp. 111–122. ACM (2014)

    Google Scholar 

  55. Williams, P., Sion, R.: Usable PIR. In: NDSS 2008. The Internet Society (2008)

    Google Scholar 

  56. Yang, Y., Liu, J.K., Liang, K., Choo, K.-K.R., Zhou, J.: Extended proxy-assisted approach: achieving revocable fine-grained encryption of cloud data. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 146–166. Springer, Cham (2015). doi:10.1007/978-3-319-24177-7_8

    Chapter  Google Scholar 

  57. Yavuz, A.A., Guajardo, J.: Dynamic searchable symmetric encryption with minimal leakage and efficient updates on commodity hardware. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 241–259. Springer, Cham (2016). doi:10.1007/978-3-319-31301-6_15

    Chapter  Google Scholar 

  58. Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: USENIX Security 2016, pp. 707–720. USENIX Association (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of Auckland, Auckland, New Zealand

    Shujie Cui, Muhammad Rizwan Asghar, Steven D. Galbraith & Giovanni Russello

Authors
  1. Shujie Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Rizwan Asghar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steven D. Galbraith
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Giovanni Russello
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shujie Cui .

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, Queensland, Australia

    Josef Pieprzyk

  2. Queensland University of Technology, Brisbane, Queensland, Australia

    Suriadi Suriadi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Cui, S., Asghar, M.R., Galbraith, S.D., Russello, G. (2017). Secure and Practical Searchable Encryption: A Position Paper. In: Pieprzyk, J., Suriadi, S. (eds) Information Security and Privacy. ACISP 2017. Lecture Notes in Computer Science(), vol 10342. Springer, Cham. https://doi.org/10.1007/978-3-319-60055-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-60055-0_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-60054-3

  • Online ISBN: 978-3-319-60055-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation