Publication Type

Journal Article

Version

publishedVersion

Publication Date

12-2016

Abstract

Public key encryption with keyword search (PEKS) is a well-known cryptographic primitive for secure searchable data encryption in cloud storage. Unfortunately, it is inherently subject to the (inside) offline keyword guessing attack (KGA), which is against the data privacy of users. Existing countermeasures for dealing with this security issue mainly suffer from low efficiency and are impractical for real applications. In this paper, we provide a practical and applicable treatment on this security vulnerability by formalizing a new PEKS system named server-aided public key encryption with keyword search (SA-PEKS). In SA-PEKS, to generate the keyword ciphertext/trapdoor, the user needs to query a semitrusted third-party called keyword server (KS) by running an authentication protocol, and hence, security against the offline KGA can be obtained. We then introduce a universal transformation from any PEKS scheme to a secure SA-PEKS scheme using the deterministic blind signature. To illustrate its feasibility, we present the first instantiation of SA-PEKS scheme by utilizing the Full Domain Hash RSA signature and the PEKS scheme proposed by Boneh et al. in Eurocrypt 2004. Finally, we describe how to securely implement the client-KS protocol with a rate-limiting mechanism against online KGA and evaluate the performance of our solutions in experiments.

Keywords

off-line keyword guessing attack, Public key encryption with keyword search, server-aided

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

IEEE Transactions on Information Forensics and Security

Volume

11

Issue

12

First Page

2833

Last Page

2842

ISSN

1556-6013

Identifier

10.1109/TIFS.2016.2599293

Publisher

Institute of Electrical and Electronics Engineers

Additional URL

http://doi.org/10.1109/TIFS.2016.2599293

Share

COinS