Enabling generic, verifiable, and secure data search in cloud services

Jie Zhu, Qi Li, Cong Wang, Xingliang Yuan, Qian Wang, Kui Ren

    Research output: Contribution to journalArticleResearchpeer-review

    Abstract

    Searchable Symmetric Encryption (SSE) has been widely studied in cloud storage, which allows cloud services to directly search over encrypted data. Most SSE schemes only work with honest-but-curious cloud services that do not deviate from the prescribed protocols. However, this assumption does not always hold in practice due to the untrusted nature in storage outsourcing. To alleviate the issue, there have been studies on Verifiable Searchable Symmetric Encryption (VSSE), which functions against malicious cloud services by enabling results verification. But to our best knowledge, existing VSSE schemes exhibit very limited applicability, such as only supporting static database, demanding specific SSE constructions, or only working in the single-user model. In this paper, we propose GSSE, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates. To generically support result verification, we first decouple the proof index in GSSE from SSE. We then leverage Merkle Patricia Tree (MPT) and Incremental Hash to build the proof index with data update support. We also develop a timestamp-chain for data freshness maintenance across multiple users. Rigorous analysis and experimental evaluations show that GSSE is secure and introduces small overhead for result verification.

    Original languageEnglish
    Pages (from-to)1721-1735
    Number of pages15
    JournalIEEE Transactions on Parallel and Distributed Systems
    Volume29
    Issue number8
    DOIs
    Publication statusPublished - Aug 2018

    Keywords

    • Cloud computing
    • Data integrity
    • Data models
    • Encryption
    • Indexes
    • Servers

    Cite this

    Zhu, Jie ; Li, Qi ; Wang, Cong ; Yuan, Xingliang ; Wang, Qian ; Ren, Kui. / Enabling generic, verifiable, and secure data search in cloud services. In: IEEE Transactions on Parallel and Distributed Systems. 2018 ; Vol. 29, No. 8. pp. 1721-1735.
    @article{f760e87250684723bf36736418a4b56e,
    title = "Enabling generic, verifiable, and secure data search in cloud services",
    abstract = "Searchable Symmetric Encryption (SSE) has been widely studied in cloud storage, which allows cloud services to directly search over encrypted data. Most SSE schemes only work with honest-but-curious cloud services that do not deviate from the prescribed protocols. However, this assumption does not always hold in practice due to the untrusted nature in storage outsourcing. To alleviate the issue, there have been studies on Verifiable Searchable Symmetric Encryption (VSSE), which functions against malicious cloud services by enabling results verification. But to our best knowledge, existing VSSE schemes exhibit very limited applicability, such as only supporting static database, demanding specific SSE constructions, or only working in the single-user model. In this paper, we propose GSSE, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates. To generically support result verification, we first decouple the proof index in GSSE from SSE. We then leverage Merkle Patricia Tree (MPT) and Incremental Hash to build the proof index with data update support. We also develop a timestamp-chain for data freshness maintenance across multiple users. Rigorous analysis and experimental evaluations show that GSSE is secure and introduces small overhead for result verification.",
    keywords = "Cloud computing, Data integrity, Data models, Encryption, Indexes, Servers",
    author = "Jie Zhu and Qi Li and Cong Wang and Xingliang Yuan and Qian Wang and Kui Ren",
    year = "2018",
    month = "8",
    doi = "10.1109/TPDS.2018.2808283",
    language = "English",
    volume = "29",
    pages = "1721--1735",
    journal = "IEEE Transactions on Parallel and Distributed Systems",
    issn = "1045-9219",
    publisher = "IEEE, Institute of Electrical and Electronics Engineers",
    number = "8",

    }

    Enabling generic, verifiable, and secure data search in cloud services. / Zhu, Jie; Li, Qi; Wang, Cong; Yuan, Xingliang; Wang, Qian; Ren, Kui.

    In: IEEE Transactions on Parallel and Distributed Systems, Vol. 29, No. 8, 08.2018, p. 1721-1735.

    Research output: Contribution to journalArticleResearchpeer-review

    TY - JOUR

    T1 - Enabling generic, verifiable, and secure data search in cloud services

    AU - Zhu, Jie

    AU - Li, Qi

    AU - Wang, Cong

    AU - Yuan, Xingliang

    AU - Wang, Qian

    AU - Ren, Kui

    PY - 2018/8

    Y1 - 2018/8

    N2 - Searchable Symmetric Encryption (SSE) has been widely studied in cloud storage, which allows cloud services to directly search over encrypted data. Most SSE schemes only work with honest-but-curious cloud services that do not deviate from the prescribed protocols. However, this assumption does not always hold in practice due to the untrusted nature in storage outsourcing. To alleviate the issue, there have been studies on Verifiable Searchable Symmetric Encryption (VSSE), which functions against malicious cloud services by enabling results verification. But to our best knowledge, existing VSSE schemes exhibit very limited applicability, such as only supporting static database, demanding specific SSE constructions, or only working in the single-user model. In this paper, we propose GSSE, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates. To generically support result verification, we first decouple the proof index in GSSE from SSE. We then leverage Merkle Patricia Tree (MPT) and Incremental Hash to build the proof index with data update support. We also develop a timestamp-chain for data freshness maintenance across multiple users. Rigorous analysis and experimental evaluations show that GSSE is secure and introduces small overhead for result verification.

    AB - Searchable Symmetric Encryption (SSE) has been widely studied in cloud storage, which allows cloud services to directly search over encrypted data. Most SSE schemes only work with honest-but-curious cloud services that do not deviate from the prescribed protocols. However, this assumption does not always hold in practice due to the untrusted nature in storage outsourcing. To alleviate the issue, there have been studies on Verifiable Searchable Symmetric Encryption (VSSE), which functions against malicious cloud services by enabling results verification. But to our best knowledge, existing VSSE schemes exhibit very limited applicability, such as only supporting static database, demanding specific SSE constructions, or only working in the single-user model. In this paper, we propose GSSE, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates. To generically support result verification, we first decouple the proof index in GSSE from SSE. We then leverage Merkle Patricia Tree (MPT) and Incremental Hash to build the proof index with data update support. We also develop a timestamp-chain for data freshness maintenance across multiple users. Rigorous analysis and experimental evaluations show that GSSE is secure and introduces small overhead for result verification.

    KW - Cloud computing

    KW - Data integrity

    KW - Data models

    KW - Encryption

    KW - Indexes

    KW - Servers

    UR - http://www.scopus.com/inward/record.url?scp=85042351359&partnerID=8YFLogxK

    U2 - 10.1109/TPDS.2018.2808283

    DO - 10.1109/TPDS.2018.2808283

    M3 - Article

    VL - 29

    SP - 1721

    EP - 1735

    JO - IEEE Transactions on Parallel and Distributed Systems

    JF - IEEE Transactions on Parallel and Distributed Systems

    SN - 1045-9219

    IS - 8

    ER -