Presentation is loading. Please wait.

Presentation is loading. Please wait.

Searchable Encryption in Cloud

Published byBrice Houston Modified over 6 years ago

Similar presentations

Presentation on theme: "Searchable Encryption in Cloud"— Presentation transcript:

1 Searchable Encryption in Cloud
Presented by Myunggu Kang

2 Security Threats for Public Cloud
• Remote and cloud storage is widely used for backups or outsourcing data to reduce operational costs. • However, these remote servers cannot be trusted - administrators, or hackers with root rights can have a full access to data • Thus, sensitive data must be encrypted before outsourcing - This reduces security and privacy risks.

3 What is the Searchable Encryption?
• Encryption makes it impossible for both insiders and outsiders to access data without the keys, but it is hard to search data. • One possible solution to re-enable searching functionality is to download the all data, decrypt them, and then search for the desired results in the data. - For most applications, this approach would be impractical. • Server decrypt the data, runs the query on the server side, and sends only the results back to user. - This allows the server to learn the plaintext data

4 What is the Searchable Encryption?
• Search functionality on the server side - Without decrypting data - With the smallest possible loss of data confidentiality

5 “Practical Techniques for Searches on Encrypted Data”
• [Song-Wagner-Perrig-S&P’00] • First practical scheme for searching in encrypted data • Symmetric key, single keyword search • Perform a sequential scan without an index • Basic Scheme - Encrypt each word separately and then embed a hash value inside ciphertext - To search, the server extract the hash value and check

6 “Practical Techniques for Searches on Encrypted Data”
• Encryption (Create searchable ciphertext) - Step1: Each document is divided up into ‘words’, each ‘word’ may be a 64-bit block 𝑊 𝑖 - Step2: Encrypt word as 𝑋 𝑖 = 𝐸(𝑊 𝑖 ) split into two parts as 𝑋 𝑖 = <𝐿 𝑖 , 𝑅 𝑖 > - Step3: Generate key 𝑘 𝑖 as 𝑘 𝑖 = 𝐹 𝑘 1 ( 𝐿 𝑖 ) generate 𝑆 𝑖 using the pseudo-random generator generate 𝐹 𝑘 𝑖 ( 𝑆 𝑖 ) using the pseudo-random function - Step4: Compute <𝐿 𝑖 , 𝑅 𝑖 >  <𝑆 𝑖 , 𝐹 𝑘 𝑖 ( 𝑆 𝑖 )> - Step5: Store the ciphertext on Bob

7 “Practical Techniques for Searches on Encrypted Data”
• Decryption (Searching) - Step1: In order to retrieve certain word from the ciphertext, Alice creates trapdoor 𝐸 𝑘 1 ( 𝑊 𝑖 ) = (𝐿 𝑖 ||𝑅 𝑖 ) and key 𝑘 𝑖 = 𝑓 𝑘 2 ( 𝐿 𝑖 ) - Step2: Bob computes 𝐶 𝑖  𝐸 𝑘 1 ( 𝑊 𝑖 ) - Step3: If the result is 𝑆 𝑖 || 𝑓 𝑘 1 (S), the ciphertext contains the searching word, thus, Bob sends the ciphertext to Alice

8 “Practical Techniques for Searches on Encrypted Data”
• Leaks the potential positions of the queried keywords in a document - After several queries, it is possible to learn the words inside the documents with statistical analysis. • The complexity of the encryption and search algorithms is linear in the total number of words per document. - Encryption: one encryption, one XOR, and two pseudo-random functions - Trapdoor: one encryption and a pseudo-random function - Search: one XOR and one pseudo-random function => Supports very slow search • For better efficiency, index-based approach can be adopted.

9 “Secure Indexes” • [Goh-ePrint-03]
• Address the limitations of “Song” by adding an index for each document - Use of fixed-size words, special document encryption • Use a Bloom Filter as a per-document index - A Bloom Filter is a data structure that is used to answer set membership queries. - No false negative: Rejection is always correct - A false positive possible: Acceptance might be wrong • Index Scheme consists of the following four algorithms:

10 “Secure Indexes” • Build Index Kpriv = (k1, . . . , kr) {0, 1}sr
- Keygen(s) by Alice: Given a security parameter s, choose a pseudo-random function f : {0, 1}n×{0, 1}s {0, 1}s and the master key Kpriv = (k1, , kr) {0, 1}sr - BuildIndex(D,Kpriv) by Alice: Document D : Did {0, 1}n A list of words (w0, ,wt) {0, 1}nt Kpriv = (k1, , kr) {0, 1}sr Output IDid = (Did, BF) trapdoor codeword x1 = f (wi , k1) . . . xr = f (wi , kr) y1 = f (Did , x1) . . . yr = f (Did , xr) Wi BF for Did

11 “Secure Indexes” • Search Index - SearchIndex(Tw, IDid) by Server:
- Keygen(s) by Alice: Given a security parameter s, choose a pseudo-random function f : {0, 1}n×{0, 1}s {0, 1}s and the master key Kpriv = (k1, , kr) {0, 1}sr - Trapdoor(Kpriv,w) by Alice: Given the master key Kpriv = (k1, , kr) {0, 1}sr and word w, output the trapdoor for word w as Tw = (f(w, k1) , , f(w, kr)) {0, 1}sr - SearchIndex(Tw, IDid) by Server: Input trapdoor Tw = (x1,…, xr) {0, 1}sr index IDid = (Did , BF) for document Did R y1 = f (Did , x1) . . . yr = f (Did , xr) Test if BF contains 1’s in all r locations denoted by y1, , yr If so, output 1; Otherwise, output 0

12 “Secure Indexes” • Inefficient for managing key (k1, . . . , kr)
• Weak search semantics - Simple Boolean keyword search: very hard to control the false positive • Search performance is linear to # of files in collection - Given search trapdoor, server needs to test the Bloom filter for every file.

13 Public Key Encryption with Keyword Search
• [Boneh et al. EUROCRYPT’04] • First searchable encryption scheme using a public key system • Index: a list of encrypted keywords appended as an index per file document - Contributor of each file encrypts a set of keywords individually with the public key • PEKS Scheme consists of the following four algorithms:

14 Public Key Encryption with Keyword Search
• Basic scheme - To create a searchable ciphertext, sender encrypts message with a standard public key system and appends the PEKS of each keyword. The sender then sends the ciphertext - To search, the receiver uses the master secret key to derive a secret key for a specific keyword. The resulting secret key is used as the trapdoor and sent to the server. The server tries to decrypt the ciphertext. If the decryption is successful, the attached encrypted message contains the keyword.

15 Public Key Encryption with Keyword Search - Summary
• Pros. - Multiple contributors -> Example applications: secure gateway, e.g., spam filtering • Cons. - Search Inefficiency -> Linearly scan the appended encrypted keywords in every document, and do pairing computation - Keyword privacy may not be guaranteed -> Dictionary attack: Server encrypts every possible keyword with the public key, and then do the search with trapdoor. Based on the search result, sever knows the keyword hidden in the trapdoor.

16 Conclusion • Symmetric Searchable Encryption
- More efficient, but less expressive - Multi-keyword search functionalities rarely supported • Public key based searchable encryption - More expressive, but less efficient - Supports multi-keyword • Most studies focus on text-formed data, regardless of complex data structures in reality

17 Question?

18 “Secure Indexes” – Membership Verification
• Test the existence of a keyword by verifying its membership in the Bloom filter

Download ppt "Searchable Encryption in Cloud"

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.

Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
SECURING THE CLOUDS Presented By: Dr. Mohammed Imtiaz Ahmed Librarian, Pt. Ravi Shankar Shukla University Raipur (C.G), 492010 Mohammed Bakhtawar Ahmed.

SECURING THE CLOUDS Presented By: Dr. Mohammed Imtiaz Ahmed Librarian, Pt. Ravi Shankar Shukla University Raipur (C.G), Mohammed Bakhtawar Ahmed.
Introduction to Practical Cryptography Lecture 9 Searchable Encryption.

Introduction to Practical Cryptography Lecture 9 Searchable Encryption.
1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
A Designer’s Guide to KEMs Alex Dent

A Designer’s Guide to KEMs Alex Dent
Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.

Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.

1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.
Public Key Encryption that Allows PIR Queries Dan Boneh 、 Eyal Kushilevitz 、 Rafail Ostrovsky and William E. Skeith Crypto 2007.

Public Key Encryption that Allows PIR Queries Dan Boneh 、 Eyal Kushilevitz 、 Rafail Ostrovsky and William E. Skeith Crypto 2007.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Similar presentations

Ads by Google