Dynamic Searchable Symmetric Encryption (DSSE), which enables users to search and update encrypted data on an untrusted server without decryption, is a proven method when dealing with availability issues for outsourced data. However, the existing DSSE schemes suffer from forward and backward privacy problems. Although forward and backward privacy DSSE schemes can prevent these attacks, they still suffer from other challenges, such as count attacks, high communication overhead, and low computing efficiency. To solve the above problems simultaneously, we propose a secure and efficient dynamic searchable encryption scheme, which integrates a clustering algorithm, padding strategy, and trusted execution environments (TEE). The purpose of the scheme is to prevent count attacks while ensuring forward and backward privacy security. Our scheme also reduces the computing overhead and storage cost of the client by using TEE (e.g. Intel Software Guard Extension, Intel SGX) while maximizing the protection of client privacy. Furthermore, the scheme provides a secure hardware isolation environment for the cluster padding and search/update process to prevent malicious attacks from external software or super administrators. Finally, we provide corresponding security proofs and experimental evaluation which demonstrate both the security and efficiency of our scheme, respectively.
Read full abstract