×

A survey on design and implementation of protected searchable data in the cloud. (English) Zbl 1423.68153

Summary: While cloud computing has exploded in popularity in recent years thanks to the potential efficiency and cost savings of outsourcing the storage and management of data and applications, a number of vulnerabilities that led to multiple attacks have deterred many potential users.
As a result, experts in the field argued that new mechanisms are needed in order to create trusted and secure cloud services. Such mechanisms would eradicate the suspicion of users towards cloud computing by providing the necessary security guarantees. Searchable Encryption is among the most promising solutions – one that has the potential to help offer truly secure and privacy-preserving cloud services. We start this paper by surveying the most important searchable encryption schemes and their relevance to cloud computing. In light of this analysis we demonstrate the inefficiencies of the existing schemes and expand our analysis by discussing certain confidentiality and privacy issues. Further, we examine how to integrate such a scheme with a popular cloud platform. Finally, we have chosen – based on the findings of our analysis – an existing scheme and implemented it to review its practical maturity for deployment in real systems. The survey of the field, together with the analysis and with the extensive experimental results provides a comprehensive review of the theoretical and practical aspects of searchable encryption.

MSC:

68P25 Data encryption (aspects in computer science)
68M11 Internet topics
68P20 Information storage and retrieval of data
68-02 Research exposition (monographs, survey articles) pertaining to computer science
PDFBibTeX XMLCite
Full Text: DOI Link

References:

[1] Song, D. X.; Wagner, D.; Perrig, A., Practical techniques for searches on encrypted data, ((2000)), 44-55
[2] E.-J. Goh, Secure indexes, Cryptology eprint archive, Report (2003)/216, http://eprint.iacr.org/2003/216; E.-J. Goh, Secure indexes, Cryptology eprint archive, Report (2003)/216, http://eprint.iacr.org/2003/216
[3] Curtmola, R.; Garay, J. A.; Kamara, S.; Ostrovsky, R., Searchable symmetric encryption: improved definitions and efficient constructions, ((2006)), 79-88
[4] Chase, M.; Kamara, S., Structured encryption and controlled disclosure, ((2010)), 577-594 · Zbl 1253.94042
[5] Kamara, S.; Papamanthou, C.; Roeder, T., Dynamic searchable symmetric encryption, ((2012)), 965-976
[6] Kurosawa, K.; Ohtaki, Y., UC-Secure Searchable Symmetric Encryption, ((2012)), 285-298
[7] Kamara, S.; Papamanthou, C., Parallel and dynamic searchable symmetric encryption, ((2013)), 258-274
[8] Cash, D.; Jaeger, J.; Jarecki, S.; Jutla, C. S.; Krawczyk, H.; Rosu, M.-C.; Steiner, M., Dynamic searchable encryption in very-large databases: data structures and implementation, ((2014))
[9] Naveed, M.; Prabhakaran, M.; Gunter, C. A., Dynamic searchable encryption via blind storage, ((2014)), 639-654
[10] Hahn, F.; Kerschbaum, F., Searchable encryption with secure and efficient updates, ((2014)), 310-320
[11] Cash, D.; Jarecki, S.; Jutla, C. S.; Krawczyk, H.; Rosu, M.-C.; Steiner, M., Highly-scalable searchable symmetric encryption with support for boolean queries, ((2013)), 353-373 · Zbl 1311.68057
[12] Jarecki, S.; Jutla, C. S.; Krawczyk, H.; Rosu, M.-C.; Steiner, M., Outsourced symmetric private information retrieval, ((2013)), 875-888
[13] Boneh, D.; Di Crescenzo, G.; Ostrovsky, R.; Persiano, G., Public key encryption with keyword search, ((2004)), 506-522 · Zbl 1122.68424
[14] Boneh, D.; Waters, B., Conjunctive, subset, and range queries on encrypted data, ((2007)), 535-554 · Zbl 1156.94335
[15] Michalas, A.; Paladi, N.; Gehrmann, C., Security aspects of e-health systems migration to the cloud, (E-Health Networking, Applications and Services (Healthcom), 2014 IEEE 16th International Conference on (2014), IEEE), 212-218
[16] Paladi, N.; Gehrmann, C.; Michalas, A., Providing user security guarantees in public infrastructure clouds, IEEE Transactions on Cloud Computing, PP, 99 (2016), 1-1
[17] Paladi, N.; Michalas, A.; Gehrmann, C., Domain based storage protection with secure access control for the cloud, (Proceedings of the 2014 International Workshop on Security in Cloud Computing. Proceedings of the 2014 International Workshop on Security in Cloud Computing, ASIACCS ’14 (2014), ACM: ACM New York, NY, USA)
[18] Blaze, M.; Bleumer, G.; Strauss, M., Divertible protocols and atomic proxy cryptography, ((1998)), 127-144 · Zbl 0929.68048
[19] Paladi, N.; Michalas, A., “One of our hosts in another country”: Challenges of data geolocation in cloud storage, (Wireless Communications, Vehicular Technology, Information Theory and Aerospace Electronic Systems (VITAE), 2014 4th International Conference on (2014)), 1-6
[20] Gentry, C., A fully homomorphic encryption scheme (2009), Stanford University: Stanford University Stanford, CA, USA, aAI3382729
[21] Dimitriou, T.; Michalas, A., (Multi-Party trust computation in decentralized environments. Multi-Party trust computation in decentralized environments, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS) (2012)), 1-5
[22] Dimitriou, T.; Michalas, A., Multi-party trust computation in decentralized environments in the presence of malicious adversaries, Ad Hoc Networks, 15, 53-66 (2014)
[23] Ostrovsky, R., Efficient computation on oblivious RAMs, ((1990)), 514-523
[24] Goldreich, O.; Ostrovsky, R., Software protection and simulation on oblivious rams, J. ACM, 43, 3, 431-473 (1996) · Zbl 0885.68041
[25] Bloom, B. H., Space/Time trade-offs in hash coding with allowable errors, Commun. ACM, 13, 7, 422-426 (1970) · Zbl 0195.47003
[26] Chang, Y.-C.; Mitzenmacher, M., Privacy preserving keyword searches on remote encrypted data, ((2005)), 442-455 · Zbl 1126.68386
[27] Canetti, R., Universally composable security: a new paradigm for cryptographic protocols, ((2001)), 136-145
[28] van Liesdonk, P.; Sedghi, S.; Doumen, J.; Hartel, P.; Jonker, W., Computationally efficient searchable symmetric encryption, (Jonker, W.; Petkovi, M., Secure Data Management. Secure Data Management, Lecture Notes in Computer Science, 6358 (2010), Springer Berlin Heidelberg), 87-100
[29] Stefanov, E.; Papamanthou, C.; Shi, E., Practical dynamic searchable encryption with small leakage, ((2014))
[30] van Liesdonk, P.; Sedghi, S.; Doumen, J.; Hartel, P.; Jonker, W., Computationally efficient searchable symmetric encryption, (Jonker, W.; Petković, M., Secure Data Management: 7th VLDB Workshop, SDM 2010, Singapore, September 17, 2010. Proceedings (2010), Springer Berlin Heidelberg: Springer Berlin Heidelberg Berlin, Heidelberg), 87-100
[31] Boost C++ Libraries, 8 (2014) http://www.boost.org/; Boost C++ Libraries, 8 (2014) http://www.boost.org/
[32] Crypto++ Library, 11 (2015) https://www.cryptopp.com/; Crypto++ Library, 11 (2015) https://www.cryptopp.com/ · Zbl 1378.94025
[33] J.-P. Barrette-LaPierre,Curlpp, 5 (2015) http://www.curlpp.org/; J.-P. Barrette-LaPierre,Curlpp, 5 (2015) http://www.curlpp.org/
[34] Curl and libcurl, 12 (2015). http://curl.haxx.se/; Curl and libcurl, 12 (2015). http://curl.haxx.se/
[35] Enron email dataset, 5 (2015). https://www.cs.cmu.edu/ enron/; Enron email dataset, 5 (2015). https://www.cs.cmu.edu/ enron/
[36] J. Seward, C. Armour-Brown, C. Borntrger, J. Fitzhardinge, T. Hughes, P. Jovanovic, D. Jevtic, F. Krohm, C. Love, M. Johnson, P. Mackerras, D. Müller, N. Nethercote, P. Pavlu, I. Raisr, B.V. Assche, R. Walsh, P. Waroquiers, J. Weidendorfer,9 (2015) Valgrind. http://valgrind.org/; J. Seward, C. Armour-Brown, C. Borntrger, J. Fitzhardinge, T. Hughes, P. Jovanovic, D. Jevtic, F. Krohm, C. Love, M. Johnson, P. Mackerras, D. Müller, N. Nethercote, P. Pavlu, I. Raisr, B.V. Assche, R. Walsh, P. Waroquiers, J. Weidendorfer,9 (2015) Valgrind. http://valgrind.org/
[37] Verginadis, Y.; Michalas, A.; Gouvas, P.; Schiefer, G.; Hbsch, G.; Paraskakis, I., (Paasword: a holistic data privacy and security by design framework for cloud services. Paasword: a holistic data privacy and security by design framework for cloud services, Proceedings of the 5th International Conference on Cloud Computing and Services Science (2015)), 206-213
[38] Michalas, A.; Dowsley, R., Towards trusted ehealth services in the cloud, (2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC) (2015)), 618-623
[39] Michalas, A.; Yigzaw, K. Y., LocLess: do you really care your cloud files are?, (2016 IEEE/ACM 9th International Conference on Utility and Cloud Computing (UCC) (2015)), 618-623
[40] Verginadis, Y.; Michalas, A.; Gouvas, P.; Schiefer, G.; Hübsch, G.; Paraskakis, I., (Paasword: a holistic data privacy and security by design framework for cloud services (2017)), 1-16
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.