A Novel Methodology to Mitigate Keyword Guessing Attack using Keyword and Signature Hash

Abstract

The importance of electronic data and its rapid growth leads to gradual increase to the data usage over the network servers and on the other side high priority is needed for the data security and privacy. The existing keyword search schemes for data retrieval from the centralized storage uses keyword as a valid parameter. Even though, keywords are encrypted and then used, intruders are able to guess keywords and can verify it using offline dictionary attack. The ability of guessing keywords by intruders reveals the stored data which affects data security and privacy. We need an additional parameter to the keyword used for search which will make the keyword guessing attack impossible. The additional parameter we used in our encryption framework is a signature file whose content needs to be independent of data. The content of signature file can be any data such as image, table, text, etc. which depends on the choice of user. This signature is hashed with keyword which makes the adversary difficult to guess the content of signature of the user. The existing approaches used keyword along with private key as search parameters, the guessing of appropriate keyword reveals the private key of user. In our framework, addition of signature along with keyword ensures both authentication as well as data privacy.