TY - GEN
T1 - Dynamic searchable encryption via blind storage
AU - Naveed, Muhammad
AU - Prabhakaran, Manoj
AU - Gunter, Carl A.
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/11/13
Y1 - 2014/11/13
N2 - Dynamic Searchable Symmetric Encryption allows a client to store a dynamic collection of encrypted documents with a server, and later quickly carry out keyword searches on these encrypted documents, while revealing minimal information to the server. In this paper we present a new dynamic SSE scheme that is simpler and more efficient than existing schemes while revealing less information to the server than prior schemes, achieving fully adaptive security against honest-but-curious servers. We implemented a prototype of our scheme and demonstrated its efficiency on datasets from prior work. Apart from its concrete efficiency, our scheme is also simpler: in particular, it does not require the server to support any operation other than upload and download of data. Thus the server in our scheme can be based solely on a cloud storage service, rather than a cloud computation service as well, as in prior work. In building our dynamic SSE scheme, we introduce a new primitive called Blind Storage, which allows a client to store a set of files on a remote server in such a way that the server does not learn how many files are stored, or the lengths of the individual files, as each file is retrieved, the server learns about its existence (and can notice the same file being downloaded subsequently), but the file's name and contents are not revealed. This is a primitive with several applications other than SSE, and is of independent interest.
AB - Dynamic Searchable Symmetric Encryption allows a client to store a dynamic collection of encrypted documents with a server, and later quickly carry out keyword searches on these encrypted documents, while revealing minimal information to the server. In this paper we present a new dynamic SSE scheme that is simpler and more efficient than existing schemes while revealing less information to the server than prior schemes, achieving fully adaptive security against honest-but-curious servers. We implemented a prototype of our scheme and demonstrated its efficiency on datasets from prior work. Apart from its concrete efficiency, our scheme is also simpler: in particular, it does not require the server to support any operation other than upload and download of data. Thus the server in our scheme can be based solely on a cloud storage service, rather than a cloud computation service as well, as in prior work. In building our dynamic SSE scheme, we introduce a new primitive called Blind Storage, which allows a client to store a set of files on a remote server in such a way that the server does not learn how many files are stored, or the lengths of the individual files, as each file is retrieved, the server learns about its existence (and can notice the same file being downloaded subsequently), but the file's name and contents are not revealed. This is a primitive with several applications other than SSE, and is of independent interest.
KW - cloud security
KW - dynamic searchable encryption
KW - secure cloud storage
UR - http://www.scopus.com/inward/record.url?scp=84914140074&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84914140074&partnerID=8YFLogxK
U2 - 10.1109/SP.2014.47
DO - 10.1109/SP.2014.47
M3 - Conference contribution
AN - SCOPUS:84914140074
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 639
EP - 654
BT - Proceedings - IEEE Symposium on Security and Privacy
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 35th IEEE Symposium on Security and Privacy, SP 2014
Y2 - 18 May 2014 through 21 May 2014
ER -