Danial Shiraly; Nasrollah Pakniat; Ziba Eslami
Abstract
Public key encryption with keyword search (PEKS) is a cryptographic primitive designed for performing secure search operations over encrypted data stored on untrusted cloud servers. However, in some applications of cloud computing, there is a hierarchical access-privilege setup among users so that upper-level ...
Read More
Public key encryption with keyword search (PEKS) is a cryptographic primitive designed for performing secure search operations over encrypted data stored on untrusted cloud servers. However, in some applications of cloud computing, there is a hierarchical access-privilege setup among users so that upper-level users should be able to monitor data used by lower-level ones in the hierarchy. To support such situations, Wang et al. introduced the notion of hierarchical ID-based searchable encryption. However, Wang et al.'s construction suffers from a serious security problem. To provide a PEKS scheme that securely supports hierarchical structures, Li et al. introduced the notion of hierarchical public key encryption with keyword search (HPEKS). However, Li et al.'s HPEKS scheme is established on traditional public key infrastructure (PKI) which suffers from costly certificate management problem. To address these issues, in this paper, we consider designated-server HPEKS in identity-based setting. We introduce the notion of designated-server hierarchical identity-based searchable encryption (dHIBSE) and provide a formal definition of its security model. We then propose a dHIBSE scheme and prove its security under our model. Finally, we provide performance analysis as well as comparisons with related schemes to show the overall superiority of our dHIBSE scheme.
Javad Ghareh Chamani; Mohammad Sadeq Dousti; Rasool Jalili; Dimitrios Papadopoulos
Abstract
While cloud computing is growing at a remarkable speed, privacy issues are far from being solved. One way to diminish privacy concerns is to store data on the cloud in encrypted form. However, encryption often hinders useful computation cloud services. A theoretical approach is to employ the so-called ...
Read More
While cloud computing is growing at a remarkable speed, privacy issues are far from being solved. One way to diminish privacy concerns is to store data on the cloud in encrypted form. However, encryption often hinders useful computation cloud services. A theoretical approach is to employ the so-called fully homomorphic encryption, yet the overhead is so high that it is not considered a viable solution for practical purposes. The next best thing is to craft special-purpose cryptosystems which support the set of operations required to be addressed by cloud services. In this paper, we put forward one such cryptosystem, which supports efficient search over structured data types, such as timestamps or network addresses, which are comprised of several segments with well-known values. The new cryptosystem, called SESOS, provides the ability to execute LIKE queries, along with the search for exact matches, as well as comparison. In addition, the extended version, called XSESOS, allows for verifying the integrity of ciphertexts. At its heart, SESOS combines any order-preserving encryption (OPE) scheme with a novel encryption scheme called Multi-map Perfectly Secure Cryptosystem(MuPS). We prove that MuPS is perfectly secure, and hence SESOS enjoys the same security properties of the underlying OPE scheme. The overhead of executing equality and comparison operations is negligible. The performance of LIKE queries is significantly improved by up to 1370X and the performance of result decryption improved by 520X compared to existing solutions on a database with merely 100K records (the improvement is even more significant in larger databases).