Enabling generic, verifiable, and secure data search in cloud services

Jie Zhu, Qi Li, Cong Wang, Xingliang Yuan, Qian Wang, Kui Ren

    Research output: Contribution to journalArticleResearchpeer-review

    20 Citations (Scopus)

    Abstract

    Searchable Symmetric Encryption (SSE) has been widely studied in cloud storage, which allows cloud services to directly search over encrypted data. Most SSE schemes only work with honest-but-curious cloud services that do not deviate from the prescribed protocols. However, this assumption does not always hold in practice due to the untrusted nature in storage outsourcing. To alleviate the issue, there have been studies on Verifiable Searchable Symmetric Encryption (VSSE), which functions against malicious cloud services by enabling results verification. But to our best knowledge, existing VSSE schemes exhibit very limited applicability, such as only supporting static database, demanding specific SSE constructions, or only working in the single-user model. In this paper, we propose GSSE, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates. To generically support result verification, we first decouple the proof index in GSSE from SSE. We then leverage Merkle Patricia Tree (MPT) and Incremental Hash to build the proof index with data update support. We also develop a timestamp-chain for data freshness maintenance across multiple users. Rigorous analysis and experimental evaluations show that GSSE is secure and introduces small overhead for result verification.

    Original languageEnglish
    Pages (from-to)1721-1735
    Number of pages15
    JournalIEEE Transactions on Parallel and Distributed Systems
    Volume29
    Issue number8
    DOIs
    Publication statusPublished - Aug 2018

    Keywords

    • Cloud computing
    • Data integrity
    • Data models
    • Encryption
    • Indexes
    • Servers

    Cite this