Cryptographically enforced search pattern hiding

Abstract

Searchable encryption is a cryptographic primitive that allows a client to out- source encrypted data to an untrusted storage provider, while still being able to query the data without decrypting. To allow the server to perform the search on the encrypted data, a so-called trapdoor is generated by the client and sent to the server. With help of the trapdoor, the server is able to perform the search, on behalf of the client, on the still encrypted data. All reasonably efficient searchable encryption schemes have a common prob- lem. They leak the search pattern which reveals whether two searches were performed for the same keyword or not. Hence, the search pattern gives in- formation on the occurrence frequency of each query, which can be exploited by statistical analysis, eventually allowing an attacker to gain full knowledge about the underlying plaintext keywords. Thus, attacking the search pattern is a serious problem that renders the encryption less useful. The goal of this thesis is to construct novel searchable encryption schemes that are efficient and that do not leak the search pattern to mitigate the above attack. In addition, we show the practical applicability of our proposed solu- tions in real world scenarios by implementing the main building blocks of our constructions in C. Our contributions can be summarized as follows: • We survey the notion of provably secure searchable encryption by giving a complete and comprehensive overview of the two main SE techniques: Searchable Symmetric Encryption and Public Key Encryption with Key- word Search. • We propose two constructions that hide the search pattern with reason- able efficiency in practical application scenarios. One scheme is entirely based on efficient XOR and pseudo-random functions, while the other scheme makes use of recent advances in somewhat homomorphic en- cryption to achieve efficient solutions. To hide the search pattern, we use two different approaches. The first approach processes the whole encrypted database on the server side by calculating the inner prod- uct of a query and the database records. In this way, we conceal which of the database records are important per query. The second approach introduces a third party to help with the search. The idea is that the database server randomly shuffles the positions of the database entries, so that the third party performs the actual search on a newly shuffled index per query. In this way, the positions of the processed database entries are different for each (distinct) query. • We propose a third scheme that illustrates how to use the techniques from our previous schemes, to construct a novel and efficient search scheme for a concrete application scenario. The scheme can be used to perform private/hidden queries on different kinds of unencrypted data, such as RSS feeds.