RESeED: A secure regular‐expression search tool for storage clouds

Abstract

SummaryLack of trust has become one of the main concerns of users who tend to utilize one or multiple Cloud providers. Trustworthy Cloud‐based computing and data storage require secure and efficient solutions which allow clients to remotely store and process their data in the Cloud. User‐side encryption is an established method to secure the user data on the Cloud. However, using encryption, we lose processing capabilities, such as searching, over the Cloud data. In this paper, we present RESeED, a tool that provides user‐transparent and Cloud‐agnostic regular‐expression search functionality over encrypted data across multiple Clouds. Upon a client's intent to upload a new document to the Cloud, RESeED analyzes the document's content and updates its data structures accordingly. Then, it encrypts and transfers the document to the Cloud. RESeED provides the regular‐expression search functionality over encrypted data by translating the search queries on‐the‐fly to finite automata and analyzing concise and secure representations of the data before asking the Cloud to download the encrypted documents. RESeED's parallel architecture enables efficient search over large‐scale (and potentially big data scale) data‐sets. We evaluate the performance of RESeED experimentally and demonstrate its scalability and correctness using real‐world data‐sets from arXiv.org and Internet Engineering Task Force (IETF). Our results show that RESeED produces accurate query responses with a reasonable (≃6%) storage overhead. The results also demonstrate that for many search queries, RESeED performs faster in compare with the grep utility that functions on unencrypted data. Copyright © 2017 John Wiley & Sons, Ltd.