Secure and practical Searchable Encryption: a position paper

Shujie Cui, Muhammad Rizwan Asghar, Steven D. Galbraith, Giovanni Russello

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

9 Citations (Scopus)


Searchable Encryption (SE) makes it possible for users to outsource an encrypted database and search operations to cloud service providers without leaking the content of data or queries to them. A number of SE schemes have been proposed in the literature; however, most of them leak a significant amount of information that could lead to inference attacks. To minimise information leakage, there are a number of solutions, such as Oblivious Random Access Memory (ORAM) and Private Information Retrieval (PIR). Unfortunately, existing solutions are prohibitively costly and impractical. A practical scheme should support not only a lightweight user client but also a flexible key management mechanism for multi-user access. In this position paper, we briefly analyse several leakage-based attacks, and identify a set of requirements for a searchable encryption system for cloud database storage to be secure against these attacks while ensuring usability of the system. We also discuss several possible solutions to fulfil the identified requirements.

Original languageEnglish
Title of host publicationInformation Security and Privacy
Subtitle of host publication22nd Australasian Conference, ACISP 2017 Auckland, New Zealand, July 3–5, 2017 Proceedings, Part I
EditorsJosef Pieprzyk, Suriadi Suriadi
Place of PublicationCham Switzerland
Number of pages16
ISBN (Electronic)9783319600550
ISBN (Print)9783319600543
Publication statusPublished - 2017
Externally publishedYes
EventAustralasian Conference on Information Security and Privacy 2017 - Massey University, Auckland, New Zealand
Duration: 3 Jul 20175 Jul 2017
Conference number: 22nd (Proceedings)

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceAustralasian Conference on Information Security and Privacy 2017
Abbreviated titleACISP 2017
Country/TerritoryNew Zealand
Internet address

Cite this