Privacy preserving search services against online attack

Searchable functionality is provided in many online services such as mail services or outsourced data storage. To protect users privacy, data in these services is usually stored after being encrypted using searchable encryption. This enables the data user to securely search encrypted data from a remote server without leaking data and query information. Public key encryption with keyword search is one of the research branches of searchable encryption; this provides privacy-preserving searchable functionality for applications such as encrypted email systems. However, it has an inherent vulnerability in that the information of a query may be leaked using a keyword guessing attack. Most of existing works aim to make the system resistant to offline keyword guessing, but this does not protect against online attacks on real world services. In this paper, we move a step forward to present a generic framework able to resist online keyword guessing attack using a server-assisted model. Specifically, we design a novel primitive C mirrored all-but-one lossy encryption, which can prevent a specific user from generating valid encryptions. This primitive can be seen as an access control on encryption ability. Combining searchable encryption technique with the new primitive makes online keyword guessing attack impossible for the specified user, even if the attack is launched online. We further give formal security analysis for the generic framework, and a concrete implementation with efficiency analysis to show that our design is practical.