Message-Locked Searchable Encryption: A New Versatile Tool for Secure Cloud Storage

Abstract

Message-Locked Encryption (MLE) is a useful tool to enable deduplication over encrypted data in cloud storage. It can significantly improve the cloud service quality by eliminating redundancy to save storage resources, and hence user cost, and also providing defense against different types of attacks, such as duplicate faking attack and brute-force attack. A typical MLE scheme only focuses on deduplication. On the other hand, supporting search operations on stored content is another essential requirement for cloud storage. In this article, we present a message-locked searchable encryption (MLSE) scheme in a dual-server setting, which achieves simultaneously the desirable features of supporting deduplication and enabling users to perform search operations over encrypted data. In addition, it supports both multi-keyword and negative keyword searches. We formulate the security notions of MLSE and prove our scheme satisfies all the security requirements. Moreover, we provide an interesting extension of our construction to support Proof of Storage (PoS). Compared with the existing solutions, MLSE achieves better functionalities and efficiency, and hence enables more versatile and efficient cloud storage service.