Secure Keyword Search over Data Archives in the Cloud - Performance and Security Aspects of Searchable Encryption

Christian Neuhaus, Frank Feinbube, Daniel Janusz, Andreas Polze

2015

Abstract

Encryption can protect the confidentiality of data stored in the cloud, but also prevents search. To solve this problem, searchable encryption schemes have been proposed that allow keyword search over document collections. To investigate the practical value of such schemes and the tradeoff between security, functionality and performance, we integrate a prototypical implementation of a searchable encryption scheme into a document-oriented database. We give an overview of the performance benchmarking results of the approach and analyze the threats to data confidentiality and corresponding countermeasures.

References

  1. Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., and Shi, H. (2005). Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions. In Advances in Cryptology-CRYPTO 2005, pages 205-222. Springer.
  2. Agrawal, R., Kiernan, J., Srikant, R., and Xu, Y. (2004). Order preserving encryption for numeric data. In Proceedings of SIGMOD 7804 International Conference on Management of Data, pages 563-574. ACM.
  3. Arasu, A., Blanas, S., Eguro, K., Joglekar, M., Kaushik, R., Kossmann, D., Ramamurthy, R., Upadhyaya, P., and Venkatesan, R. (2013). Secure database-as-a-service with cipherbase. In Proceedings of SIGMOD 7813 International Conference on Management of Data, pages 1033-1036. ACM.
  4. Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. Dependable and Secure Computing, IEEE Transactions on, 1(1):11-33.
  5. Bagnato, A., Kordy, B., Meland, P. H., and Schweitzer, P. (2012). Attribute decoration of attack-defense trees. International Journal of Secure Software Engineering (IJSSE), 3(2):1-35.
  6. Bajaj, S. and Sion, R. (2011). Trusteddb: A trusted hardware based database with privacy and data confidentiality. In Proceedings of SIGMOD 7811 International Conference on Management of Data, pages 205-216. ACM.
  7. Bloom, B. H. (1970). Space/Time Trade-offs in Hash Coding with Allowable Errors. Communications of the ACM, 13(7):422-426.
  8. Boneh, D., Di Crescenzo, G., Ostrovsky, R., and Persiano, G. (2004). Public key encryption with keyword search. In Advances in Cryptology-Eurocrypt 2004, pages 506-522. Springer.
  9. Boneh, D. and Waters, B. (2007). Conjunctive, subset, and range queries on encrypted data. In Theory of cryptography, pages 535-554. Springer.
  10. Byun, J. W., Rhee, H. S., Park, H.-A., and Lee, D. H. (2006). Off-line keyword guessing attacks on recent keyword search schemes over encrypted data. In Secure Data Management, pages 75-83. Springer.
  11. Curtmola, R., Garay, J., Kamara, S., and Ostrovsky, R. (2006). Searchable symmetric encryption: improved definitions and efficient constructions. In Proceedings of the 13th ACM conference on Computer and communications security, pages 79-88. ACM.
  12. Floratou, A., Teletia, N., DeWitt, D. J., Patel, J. M., and Zhang, D. (2012). Can the elephants handle the nosql onslaught? Proc. VLDB Endow., pages 1712-1723.
  13. Gentry, C. (2009). Fully homomorphic encryption using ideal lattices. In Proceedings of the 41st annual ACM symposium on Theory of Computing, pages 169-178. ACM.
  14. Goh, E.-J. et al. (2003). Secure indexes. IACR Cryptology ePrint Archive, 2003:216.
  15. Hore, B., Mehrotra, S., and Tsudik, G. (2004). A privacypreserving index for range queries. In Proceedings of the 13th International Conference on Very Large Data Bases, VLDB 7804, pages 720-731.
  16. Islam, M., Kuzu, M., and Kantarcioglu, M. (2012). Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In Network and Distributed System Security Symposium (NDSS'12).
  17. ITSEC (1991). Information technology security evaluation criteria (itsec): Preliminary harmonised criteria. Technical report, Commission of the European Communities.
  18. Kamara, S. and Lauter, K. (2010). Cryptographic cloud storage. Financial Cryptography and Data Security, pages 136-149.
  19. Kamara, S., Papamanthou, C., and Roeder, T. (2012). Dynamic searchable symmetric encryption. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 965-976. ACM.
  20. Kordy, B., Mauw, S., Radomirovic, S., and Schweitzer, P. (2012). Attack-defense trees. Journal of Logic and Computation.
  21. Krawczyk, H., Bellare, M., and Canetti, R. (1997). HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (Informational). Updated by RFC 6151.
  22. Lindell, Y., Pinkas, B., and Smart, N. P. (2008). Implementing two-party computation efficiently with security against malicious adversaries. In Security and Cryptography for Networks, pages 2-20. Springer.
  23. Liu, C., Zhu, L., Wang, M., and an Tan, Y. (2013). Search pattern leakage in searchable encryption: Attacks and new constructions. Cryptology ePrint Archive, Report 2013/163.
  24. Popa, R. A., Redfield, C. M. S., Zeldovich, N., and Balakrishnan, H. (2011). Cryptdb: Protecting confidentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP 7811, pages 85-100. ACM.
  25. Rivest, R. L., Adleman, L., and Dertouzos, M. L. (1978). On data banks and privacy homomorphisms. Foundations of secure computation, 32(4):169-178.
  26. Schneier, B. (1999). Attack trees. Dr. Dobb's Journal, 24(12):21-29.
  27. Shmueli, E., Waisenberg, R., Elovici, Y., and Gudes, E. (2005). Designing secure indexes for encrypted databases. In Proceedings of the 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, DBSec'05, pages 54-68.
  28. Song, D. X., Wagner, D., and Perrig, A. (2000). Practical techniques for searches on encrypted data. In Security and Privacy, 2000. S&P 2000. Proceedings. 2000 IEEE Symposium on, pages 44-55. IEEE.
  29. Van Dijk, M., Gentry, C., Halevi, S., and Vaikuntanathan, V. (2010). Fully homomorphic encryption over the integers. Advances in Cryptology-EUROCRYPT 2010, pages 24-43.
  30. Wang, S., Agrawal, D., and El Abbadi, A. (2011). A comprehensive framework for secure query processing on relational data in the cloud. In Proceedings of the 8th VLDB Workshop on Secure Data Management, SDM'11, pages 52-69, Berlin, Heidelberg. SpringerVerlag.
  31. Yang, Z., Zhong, S., and Wright, R. N. (2006). Privacypreserving queries on encrypted data. In Proceedings of the 11th European Conference on Research in Computer Security, ESORICS'06, pages 479-495.
Download


Paper Citation


in Harvard Style

Neuhaus C., Feinbube F., Janusz D. and Polze A. (2015). Secure Keyword Search over Data Archives in the Cloud - Performance and Security Aspects of Searchable Encryption . In Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-104-5, pages 427-438. DOI: 10.5220/0005428704270438


in Bibtex Style

@conference{closer15,
author={Christian Neuhaus and Frank Feinbube and Daniel Janusz and Andreas Polze},
title={Secure Keyword Search over Data Archives in the Cloud - Performance and Security Aspects of Searchable Encryption},
booktitle={Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2015},
pages={427-438},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005428704270438},
isbn={978-989-758-104-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Secure Keyword Search over Data Archives in the Cloud - Performance and Security Aspects of Searchable Encryption
SN - 978-989-758-104-5
AU - Neuhaus C.
AU - Feinbube F.
AU - Janusz D.
AU - Polze A.
PY - 2015
SP - 427
EP - 438
DO - 10.5220/0005428704270438