Secure Search in Cloud Computing
2016 Central South University Workshop on Trusted ComputingJune 7- June 8, 2016
Presenter: Dr. Qin LiuAffiliation: Hunan University
Email:[email protected]
1
2
3
4
Secure Search
Public key setting
Future Work
Symmetric key setting
1
Searchable Encryption
Access pattern: which files have been returnedSearch pattern: whether two searches were performed for the same keyword
Symmetric key setting: the keys encrypting the index and the token are the same. Asymmetric key setting: the keys encrypting the index and the token are the different.
How to preserve user privacy during search?
2 Public Key Setting
• Bob sends to Alice an email encrypted under Alice’s public key.
• Alice’s email gateway wants to test whether the email contains the keyword urgent so that it could route the email to her PDA immediately.
• But,Alice does not want the email gateway to be able to decrypther messages
Boneh, Dan, et al. "Public key encryption with keyword search." Advances in Cryptology-Eurocrypt 2004. Springer Berlin Heidelberg, 2004.
Efficient Searchable Encryption
• Problem• The user needs to perform decryption• Thin client has only limited resources
• Requirements• Enable the cloud to perform partial decryption without compromising search privacy• User can access data from the cloud anytime and anywhere with any devices
Liu Q, Wang G, Wu J. An efficient privacy preserving keyword search scheme in cloud computing[C]//Computational Science and Engineering, 2009. CSE'09. International Conference on. IEEE, 2009, 2: 715-720.
2 Public Key Setting
Efficient Searchable Encryption
• Key technique• Alice takes both Bob and CSP’s public key as inputs of the
encryption algorithm• CSP uses its secret key to perform partial decrypt and generate
an intermediate value• Bob use the intermediate value to quickly recover data
2 Public Key Setting
Private Search (PS)
Cloud
Bob
[1] [1] [0] [0]
F1 F2 0 NA
A compressed version of all files
F1: {A,B}
F2:{B,D}
F3:{C,D}
Given a public dictionary that contains all keywords, e.g.,
dictionary=<A,B,C,D>.
Bob wants to retrieve files with keywords A and B
2 Public Key Setting
R. Ostrovsky and W. Skeith III, “Private searching on streaming data,”in Proceedings of CRYPTO, 2005.
Private Search (PS)
Homomorphic encryption
E(x)*E(y) = E(x+y)
E(x)^y = E(x*y)
F1: { A, B} F2: {B,D} F3: {C,D}
F1 F2 0 NA
[1] [1] [0] [0]key trick: map unmatched files to 0
F1 NA
F1 F2 F3
F2 0
survival collision survival unmatched
E(F2)* E(0) =E(F2)
2 Public Key Setting
Liu Q, Tan C C, Wu J, et al. Cooperative private searching in clouds[J]. Journal of Parallel and Distributed Computing, 2012, 72(8): 1019-1031.
Problem for simple PS• Processing each query is expensive. Given n users, the cloud
needs to execute n queries• Performance bottleneck on the cloud
• COPS Architecture• A proxy server (ADL) is introduced between the users and the
cloud (trusted)• Aggregate user queries
• Distribute searching results
2 Public Key Setting
Cooperative Private Search (COPS)
Cooperative Private Search (COPS) Key technique
• The user and the cloud share• Shuffle functions shuffle the dictionary and the query
• --- to preserve search privacy
• Pseudonym function: hide file name
• Obfuscated function: hide file content
• ---preserve access privacy
Key merits• User privacy is preserved from
• The cloud
• The proxy server
• Other users
2 Public Key Setting
Efficient Information Retrieval for Ranked Queries (EIRQ) Problem for Simple COPS
• No ranked queries• The cloud returns all matched files
2 Public Key Setting
G. Wang, Q. Liu, F. Li, S. Yang, and J. Wu,"Outsourcing Privacy-Preserving Social Networks to a Cloud," Proc. Of 32nd IEEE International Conference on Computer Communications(IEEE INFOCOM 2013)Q. Liu, C. C. Tan, J. Wu, and G. Wang, “Towards Differential Query Services in Cost-Efficient Clouds,” IEEE Transactions on Parallel and Distributed Systems (TPDS), 2014
Queries are classified into 0,1,…,r-1 ranks.
Rank-i query retrieves (1-i/r) percentage of matched files
Files that match rank 0 queries
Files that match rank 1 queries
Files that match rank i queries
Will not be filtered Filtered with probability 1/r
Filtered with probability i/r
……… …
The cloud
Cannot know which files are filtered/returned
Cannot know each queries’ rank
Efficient Information Retrieval for Ranked Queries (EIRQ)
2 Public Key Setting
Key techniques: Construct a mask matrix to protect query ranks
Filter files without knowing which files are filtered
QueryGenStep 1:
User ADL Cloud
Keywords, rank
FileFilter
FileRecovery
MatrixConstruct
Step 2:
Step 4:
Step 3:
Mask matrix
Buffer
Certain percentage of files matching user keywords
Efficient Information Retrieval for Ranked Queries (EIRQ)
2 Public Key Setting
ADL constructs a mask matrix that is encrypted with its publics key, and sends it to the cloud
Cloud
ADL
A
B
C
D
[1] [1]
[1] [1]
[1] [0]
[0] [0]
… …
[0] [0]
{A, B} Rank 0
{A, C} Rank 1
Alice
Bob
Number of ranks, r=2
Number of keywords
Construct Mask Matrix
Efficient Information Retrieval for Ranked Queries (EIRQ)
2 Public Key Setting
Cloud
F1: { A, B} F2: {B, D} F3: {C, D}
buffer
ADL
…
A
B
C
D
[1] [1]
[1] [1]
[1] [0]
[0] [0]
… …
[0] [0]
The cloud chooses a random column for each file
…
F1 and F2 will be returnedF3 will be filtered with 50%
A file, matched rank i query,
the probability to be filtered i/r
For F3: 50% 50%
E(0)*E(0)=E(0) E(0)*E(0)=E(0)
E(0)^F3 =E(0) E(1)^ F3 =E(F3)
Filter Files
Efficient and Privacy-Preserving Search in Multi-Source Personal Health Record Clouds
Xin Yao, Yaping Lin, Qin Liu, Shuai Long, “Efficient and Privacy-Preserving Search in Multi-Source Personal Health Record Clouds”, accepted by ISCC 2015.
2 Symmetric Key Setting
ICA3PP 2015
(Xiaoyu Zhu, GuoJun Wang, and Qin Liu)
Verifiable Dynamic Fuzzy Search over Encrypted Data in Cloud Computing
•The scheme can not only fulfill the fuzzy search functionality while maintaining
privacy, but also can update documents dynamically and support the verifiability
of the searching result.
What are we doing?
• Dynamic Attribute-based Keyword Search
in Cloud Computing (submitted to MASS 2016)
• Verifiable Ranked Search over Dynamic Encrypted
Data in Cloud Computing (Submitted to ICNP 2016)
• Verifiable Dynamic Search over Encrypted Data in Untrusted Cloud (Prepared for ICA3PP 2016)
• Efficient Multi-keyword Fuzzy Search in Cloud Computing (Prepared for Infocom 2017)
4 Future Work
Verifiable Searchable Encryption
Fuzzy keyword search
Multi-keyword search
Thank You !