Privacy preserving search services against online attack

Author

Yi ZHAO, Chang'an University
Jianting NIAN, Singapore Management UniversityFollow
Kaitai LIANG, University of Surrey
Yanqi ZHAO, Shaanxi Normal University
Liqun CHEN, University of Surrey
Bo YANG, Shaanxi Normal University

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

8-2020

Abstract

Searchable functionality is provided in many online services such as mail services or outsourced data storage. To protect users privacy, data in these services is usually stored after being encrypted using searchable encryption. This enables the data user to securely search encrypted data from a remote server without leaking data and query information. Public key encryption with keyword search is one of the research branches of searchable encryption; this provides privacy-preserving searchable functionality for applications such as encrypted email systems. However, it has an inherent vulnerability in that the information of a query may be leaked using a keyword guessing attack. Most of existing works aim to make the system resistant to offline keyword guessing, but this does not protect against online attacks on real world services. In this paper, we move a step forward to present a generic framework able to resist online keyword guessing attack using a server-assisted model. Specifically, we design a novel primitive C mirrored all-but-one lossy encryption, which can prevent a specific user from generating valid encryptions. This primitive can be seen as an access control on encryption ability. Combining searchable encryption technique with the new primitive makes online keyword guessing attack impossible for the specified user, even if the attack is launched online. We further give formal security analysis for the generic framework, and a concrete implementation with efficiency analysis to show that our design is practical.

Keywords

Keyword search, Encrypted data, Security, Online keyword guessing attack

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Computers and Security

Volume

95

First Page

1

Last Page

10

ISSN

0167-4048

Identifier

10.1016/j.cose.2020.101836

Publisher

Elsevier

Embargo Period

5-24-2021

Citation

ZHAO, Yi; NIAN, Jianting; LIANG, Kaitai; ZHAO, Yanqi; CHEN, Liqun; and YANG, Bo. Privacy preserving search services against online attack. (2020). Computers and Security. 95, 1-10.
Available at: https://ink.library.smu.edu.sg/sis_research/5958

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1016/j.cose.2020.101836