DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay

Yubo Zheng; Peng Xu; Wei Wang; Tianyang Chen; Willy Susilo; Kaitai Liang; Hai Jin

doi:10.1007/978-3-031-17146-8_5

DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay

Yubo Zheng, Peng Xu^*, Wei Wang, Tianyang Chen, Willy Susilo, Kaitai Liang, Hai Jin

^*Corresponding author for this work

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

Abstract

Many practical secure systems have been designed to prevent real-world attacks via maximizing the attacking cost so as to reduce attack intentions. Inspired by this philosophy, we propose a new concept named delay encryption with keyword search (DEKS) to resist the notorious keyword guessing attack (KGA), in the context of secure cloud-based searchable services. Avoiding the use of complex (and unreasonable) assumptions, as compared to existing works, DEKS optionally leverages a catalyst that enables one (e.g., a valid data user) to easily execute encryption; without the catalyst, any unauthenticated system insiders and outsiders take severe time consumption on encryption. By this, DEKS can overwhelm a KGA attacker in the encryption stage before it obtains any advantage. We leverage the repeated squaring function, which is the core building block of our design, to construct the first DEKS instance. The experimental results show that DEKS is practical in thwarting KGA for both small and large-scale datasets. For example, in the Wikipedia, a KGA attacker averagely takes 7.23 years to break DEKS when the delay parameter T= 2 ²⁴. The parameter T can be flexibly adjusted based on practical needs, and theoretically, its upper bound is infinite.

Original language	English
Title of host publication	Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings
Editors	Vijayalakshmi Atluri, Roberto Di Pietro, Christian D. Jensen, Weizhi Meng
Publisher	Springer
Pages	86-104
Number of pages	19
ISBN (Print)	9783031171451
DOIs	https://doi.org/10.1007/978-3-031-17146-8_5
Publication status	Published - 2022
Event	27th European Symposium on Research in Computer Security, ESORICS 2022 - Virtual, Online Duration: 26 Sep 2022 → 30 Sep 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13555 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	27th European Symposium on Research in Computer Security, ESORICS 2022
City	Virtual, Online
Period	26/09/22 → 30/09/22

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

Delay encryption with keyword search
Keyword guessing attack
Privacy
Security

Access to Document

10.1007/978-3-031-17146-8_5

Cite this

Zheng, Y., Xu, P., Wang, W., Chen, T., Susilo, W., Liang, K., & Jin, H. (2022). DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay. In V. Atluri, R. Di Pietro, C. D. Jensen, & W. Meng (Eds.), Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings (pp. 86-104). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13555 LNCS). Springer. https://doi.org/10.1007/978-3-031-17146-8_5

Zheng, Yubo ; Xu, Peng ; Wang, Wei ; Chen, Tianyang ; Susilo, Willy ; Liang, Kaitai ; Jin, Hai. / DEKS : A Secure Cloud-Based Searchable Service Can Make Attackers Pay. Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings. editor / Vijayalakshmi Atluri ; Roberto Di Pietro ; Christian D. Jensen ; Weizhi Meng. Springer, 2022. pp. 86-104 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b051a5b8e73448b4afc7fbc9184396d0,

title = "DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay",

abstract = "Many practical secure systems have been designed to prevent real-world attacks via maximizing the attacking cost so as to reduce attack intentions. Inspired by this philosophy, we propose a new concept named delay encryption with keyword search (DEKS) to resist the notorious keyword guessing attack (KGA), in the context of secure cloud-based searchable services. Avoiding the use of complex (and unreasonable) assumptions, as compared to existing works, DEKS optionally leverages a catalyst that enables one (e.g., a valid data user) to easily execute encryption; without the catalyst, any unauthenticated system insiders and outsiders take severe time consumption on encryption. By this, DEKS can overwhelm a KGA attacker in the encryption stage before it obtains any advantage. We leverage the repeated squaring function, which is the core building block of our design, to construct the first DEKS instance. The experimental results show that DEKS is practical in thwarting KGA for both small and large-scale datasets. For example, in the Wikipedia, a KGA attacker averagely takes 7.23 years to break DEKS when the delay parameter T= 2 24. The parameter T can be flexibly adjusted based on practical needs, and theoretically, its upper bound is infinite.",

keywords = "Delay encryption with keyword search, Keyword guessing attack, Privacy, Security",

author = "Yubo Zheng and Peng Xu and Wei Wang and Tianyang Chen and Willy Susilo and Kaitai Liang and Hai Jin",

note = "Green Open Access added to TU Delft Institutional Repository {\textquoteleft}You share, we take care!{\textquoteright} – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. ; 27th European Symposium on Research in Computer Security, ESORICS 2022 ; Conference date: 26-09-2022 Through 30-09-2022",

year = "2022",

doi = "10.1007/978-3-031-17146-8_5",

language = "English",

isbn = "9783031171451",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "86--104",

editor = "Vijayalakshmi Atluri and {Di Pietro}, Roberto and Jensen, {Christian D.} and Weizhi Meng",

booktitle = "Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings",

address = "Germany",

}

Zheng, Y, Xu, P, Wang, W, Chen, T, Susilo, W, Liang, K & Jin, H 2022, DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay. in V Atluri, R Di Pietro, CD Jensen & W Meng (eds), Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13555 LNCS, Springer, pp. 86-104, 27th European Symposium on Research in Computer Security, ESORICS 2022, Virtual, Online, 26/09/22. https://doi.org/10.1007/978-3-031-17146-8_5

DEKS : A Secure Cloud-Based Searchable Service Can Make Attackers Pay. / Zheng, Yubo; Xu, Peng; Wang, Wei; Chen, Tianyang; Susilo, Willy; Liang, Kaitai; Jin, Hai.

Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings. ed. / Vijayalakshmi Atluri; Roberto Di Pietro; Christian D. Jensen; Weizhi Meng. Springer, 2022. p. 86-104 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13555 LNCS).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - DEKS

T2 - 27th European Symposium on Research in Computer Security, ESORICS 2022

AU - Zheng, Yubo

AU - Xu, Peng

AU - Wang, Wei

AU - Chen, Tianyang

AU - Susilo, Willy

AU - Liang, Kaitai

AU - Jin, Hai

N1 - Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

PY - 2022

Y1 - 2022

N2 - Many practical secure systems have been designed to prevent real-world attacks via maximizing the attacking cost so as to reduce attack intentions. Inspired by this philosophy, we propose a new concept named delay encryption with keyword search (DEKS) to resist the notorious keyword guessing attack (KGA), in the context of secure cloud-based searchable services. Avoiding the use of complex (and unreasonable) assumptions, as compared to existing works, DEKS optionally leverages a catalyst that enables one (e.g., a valid data user) to easily execute encryption; without the catalyst, any unauthenticated system insiders and outsiders take severe time consumption on encryption. By this, DEKS can overwhelm a KGA attacker in the encryption stage before it obtains any advantage. We leverage the repeated squaring function, which is the core building block of our design, to construct the first DEKS instance. The experimental results show that DEKS is practical in thwarting KGA for both small and large-scale datasets. For example, in the Wikipedia, a KGA attacker averagely takes 7.23 years to break DEKS when the delay parameter T= 2 24. The parameter T can be flexibly adjusted based on practical needs, and theoretically, its upper bound is infinite.

AB - Many practical secure systems have been designed to prevent real-world attacks via maximizing the attacking cost so as to reduce attack intentions. Inspired by this philosophy, we propose a new concept named delay encryption with keyword search (DEKS) to resist the notorious keyword guessing attack (KGA), in the context of secure cloud-based searchable services. Avoiding the use of complex (and unreasonable) assumptions, as compared to existing works, DEKS optionally leverages a catalyst that enables one (e.g., a valid data user) to easily execute encryption; without the catalyst, any unauthenticated system insiders and outsiders take severe time consumption on encryption. By this, DEKS can overwhelm a KGA attacker in the encryption stage before it obtains any advantage. We leverage the repeated squaring function, which is the core building block of our design, to construct the first DEKS instance. The experimental results show that DEKS is practical in thwarting KGA for both small and large-scale datasets. For example, in the Wikipedia, a KGA attacker averagely takes 7.23 years to break DEKS when the delay parameter T= 2 24. The parameter T can be flexibly adjusted based on practical needs, and theoretically, its upper bound is infinite.

KW - Delay encryption with keyword search

KW - Keyword guessing attack

KW - Privacy

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85140730185&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-17146-8_5

DO - 10.1007/978-3-031-17146-8_5

M3 - Conference contribution

AN - SCOPUS:85140730185

SN - 9783031171451

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 86

EP - 104

BT - Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings

A2 - Atluri, Vijayalakshmi

A2 - Di Pietro, Roberto

A2 - Jensen, Christian D.

A2 - Meng, Weizhi

PB - Springer

Y2 - 26 September 2022 through 30 September 2022

ER -

Zheng Y, Xu P, Wang W, Chen T, Susilo W, Liang K et al. DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay. In Atluri V, Di Pietro R, Jensen CD, Meng W, editors, Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings. Springer. 2022. p. 86-104. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-031-17146-8_5

DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Embargoed Document

Fingerprint

Cite this