TY - JOUR
T1 - Privacy preserving search services against online attack
AU - Zhao, Yi
AU - Ning, Jianting
AU - Liang, Kaitai
AU - Zhao, Yanqi
AU - Chen, Liqun
AU - Yang, Bo
PY - 2020/8
Y1 - 2020/8
N2 - Searchable functionality is provided in many online services such as mail services or outsourced data storage. To protect users privacy, data in these services is usually stored after being encrypted using searchable encryption. This enables the data user to securely search encrypted data from a remote server without leaking data and query information. Public key encryption with keyword search is one of the research branches of searchable encryption; this provides privacy-preserving searchable functionality for applications such as encrypted email systems. However, it has an inherent vulnerability in that the information of a query may be leaked using a keyword guessing attack. Most of existing works aim to make the system resistant to offline keyword guessing, but this does not protect against online attacks on real world services. In this paper, we move a step forward to present a generic framework able to resist online keyword guessing attack using a server-assisted model. Specifically, we design a novel primitive C mirrored all-but-one lossy encryption, which can prevent a specific user from generating valid encryptions. This primitive can be seen as an access control on encryption ability. Combining searchable encryption technique with the new primitive makes online keyword guessing attack impossible for the specified user, even if the attack is launched online. We further give formal security analysis for the generic framework, and a concrete implementation with efficiency analysis to show that our design is practical.
AB - Searchable functionality is provided in many online services such as mail services or outsourced data storage. To protect users privacy, data in these services is usually stored after being encrypted using searchable encryption. This enables the data user to securely search encrypted data from a remote server without leaking data and query information. Public key encryption with keyword search is one of the research branches of searchable encryption; this provides privacy-preserving searchable functionality for applications such as encrypted email systems. However, it has an inherent vulnerability in that the information of a query may be leaked using a keyword guessing attack. Most of existing works aim to make the system resistant to offline keyword guessing, but this does not protect against online attacks on real world services. In this paper, we move a step forward to present a generic framework able to resist online keyword guessing attack using a server-assisted model. Specifically, we design a novel primitive C mirrored all-but-one lossy encryption, which can prevent a specific user from generating valid encryptions. This primitive can be seen as an access control on encryption ability. Combining searchable encryption technique with the new primitive makes online keyword guessing attack impossible for the specified user, even if the attack is launched online. We further give formal security analysis for the generic framework, and a concrete implementation with efficiency analysis to show that our design is practical.
KW - Encrypted data
KW - Keyword search
KW - Online keyword guessing attack
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85084651164&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2020.101836
DO - 10.1016/j.cose.2020.101836
M3 - Article
AN - SCOPUS:85084651164
SN - 0167-4048
VL - 95
JO - Computers and Security
JF - Computers and Security
M1 - 101836
ER -