Searchable Symmetric Encryption Research Articles

Towards forward secure verifiable data streaming with support for keyword query

Verifiable data streaming (VDS) allows users to continuously upload their encrypted data items to untrusted cloud servers to reduce the burden of local storage. Meanwhile, it enables users to update outsourced data and initiate queries to verify data integrity. However, most previous works focus on queries for a certain index and are not compatible with general keyword queries. To this end, we propose a VDS protocol that supports keyword queries. Specifically, we first present an efficient dynamic symmetric searchable encryption (DSSE) with range query, which can represent multiple queried keywords within a range as the concise query token, thereby achieving communication-optimized keyword queries while achieving unbounded data appending. Furthermore, we construct a new VDS protocol supporting keyword queries by integrating the proposed range DSSE. Specifically, suppose the user searches for multiple keywords within a certain range. In that case, cloud servers can match the corresponding data items based on the user's query token, and users can verify the integrity of these data items. Security analysis demonstrates that our VDS protocol achieves forward security. Experimental results show that it sacrifices acceptable costs in exchange for keyword retrieval capability.

Secure and Efficient Multi-keyword Fuzzy Search Over Encrypted Data on Alliance Chain

Background:: Data regulation can effectively resist data privacy leakage and abuse in the process of external sharing of energy big data, but how to securely retrieve vast amounts of regulatory data is a challenge. Objective:: To securely retrieve vast amounts of regulatory data, a secure and efficient searchable encryption scheme that supports multi-keyword fuzzy retrieval on the alliance chain is proposed. Method:: This scheme encrypts and stores the regulatory data on the hyperledger fabric alliance chain. Energy big data files (EBDF) are encrypted and stored on a cloud server. Using the symmetric searchable encryption technology to achieve secure retrieval of regulatory data on the chain and secure access to EBDF. To improve search efficiency, we propose a SDPHashMap index structure and use the special manhatton distance matrix(SMDM) measurement to calculate the similarity of queried keywords and index keywords to locate the trapdoor retrieval hash address. Utilizing the cuckoo filter cluster to test the membership of queried keywords. Results:: This scheme stores EBDF off-chain, effectively relieving the storage and communication pressure of the blockchain, improving search speed, and providing more accurate retrieval services than single keyword fuzzy retrieval. By the simulation-based adversary- challenger game model, the security analysis demonstrates that the proposed scheme has adaptive selected keyword attack semantic security. Conclusion:: Experimental results show that the proposed scheme has high efficiency in trapdoor generation and multi-keyword search stages.

Healthcare and the Internet of Medical Things: Applications, Trends, Key Challenges, and Proposed Resolutions

In recent years, the Internet of medical things (IoMT) has become a significant technological advancement in the healthcare sector. This systematic review aims to identify and summarize the various applications, key challenges, and proposed technical solutions within this domain, based on a comprehensive analysis of the existing literature. This review highlights diverse applications of the IoMT, including mobile health (mHealth) applications, remote biomarker detection, hybrid RFID-IoT solutions for scrub distribution in operating rooms, IoT-based disease prediction using machine learning, and the efficient sharing of personal health records through searchable symmetric encryption, blockchain, and IPFS. Other notable applications include remote healthcare management systems, non-invasive real-time blood glucose measurement devices, distributed ledger technology (DLT) platforms, ultra-wideband (UWB) radar systems, IoT-based pulse oximeters, accident and emergency informatics (A&EI), and integrated wearable smart patches. The key challenges identified include privacy protection, sustainable power sources, sensor intelligence, human adaptation to sensors, data speed, device reliability, and storage efficiency. The proposed mitigations encompass network control, cryptography, edge-fog computing, and blockchain, alongside rigorous risk planning. The review also identifies trends and advancements in the IoMT architecture, remote monitoring innovations, the integration of machine learning and AI, and enhanced security measures. This review makes several novel contributions compared to the existing literature, including (1) a comprehensive categorization of IoMT applications, extending beyond the traditional use cases to include emerging technologies such as UWB radar systems and DLT platforms; (2) an in-depth analysis of the integration of machine learning and AI in IoMT, highlighting innovative approaches in disease prediction and remote monitoring; (3) a detailed examination of privacy and security measures, proposing advanced cryptographic solutions and blockchain implementations to enhance data protection; and (4) the identification of future research directions, providing a roadmap for addressing current limitations and advancing the scientific understanding of IoMT in healthcare. By addressing current limitations and suggesting future research directions, this work aims to advance scientific understanding of the IoMT in healthcare.

Secure query processing for smart grid data using searchable symmetric encryption

In the last decade, the smart grid has utilized many modern technologies and applications compared with the conventional grid. Cloud computing offers numerous managed services and storage solutions for smart grid data. To balance security, privacy, efficiency, and utility, more efforts should be made to keep up with the rapid evolution of technology. Searchable encryption techniques are widely considered an intelligent solution to ensure data privacy and security while maintaining the functionality to search over encrypted data. In this paper, we propose a more reliable and efficient searchable symmetric encryption scheme for smart grid data. It is a dynamic keyword searchable scheme that uses a symmetric cipher based on a key hashing algorithm (DKS-SCKHA) to generate a secure index. This scheme eliminates the false-positive issue associated with the use of bloom filters and narrows the scope of the retrieved search results. Additionally, it efficiently supports both partial and exact query processing on the encrypted database. Both theoretical and security analyses demonstrate the efficiency and security of the DKS-SCKHA scheme compared to other previous schemes. Comprehensive experiments on a smart grid dataset showed that the DKS-SCKHA scheme is 35–68% more efficient than the schemes compared in this paper. The DKS-SCKHA scheme supports three keyword search scenarios: single, conjunctive, and disjunctive. Furthermore, the DKS-SCKHA scheme is extended to support dynamic fuzzy keyword search on the encrypted database (DEFKS-SCKHA). We evaluated the security and efficiency of the DEFKS-SCKHA scheme through security analysis and experimental evaluation. Theoretical analysis shows that the proposed scheme is secure against known-ciphertext and known-background attacks.

SEDCPT: A secure and efficient Dynamic Searchable Encryption scheme with cluster padding assisted by TEE

Dynamic Searchable Symmetric Encryption (DSSE), which enables users to search and update encrypted data on an untrusted server without decryption, is a proven method when dealing with availability issues for outsourced data. However, the existing DSSE schemes suffer from forward and backward privacy problems. Although forward and backward privacy DSSE schemes can prevent these attacks, they still suffer from other challenges, such as count attacks, high communication overhead, and low computing efficiency. To solve the above problems simultaneously, we propose a secure and efficient dynamic searchable encryption scheme, which integrates a clustering algorithm, padding strategy, and trusted execution environments (TEE). The purpose of the scheme is to prevent count attacks while ensuring forward and backward privacy security. Our scheme also reduces the computing overhead and storage cost of the client by using TEE (e.g. Intel Software Guard Extension, Intel SGX) while maximizing the protection of client privacy. Furthermore, the scheme provides a secure hardware isolation environment for the cluster padding and search/update process to prevent malicious attacks from external software or super administrators. Finally, we provide corresponding security proofs and experimental evaluation which demonstrate both the security and efficiency of our scheme, respectively.

CoD-DSSE: A practical efficient dynamic searchable symmetric encryption with lightweight clients

Dynamic searchable symmetric encryption(DSSE) combines dynamic update with searchable encryption, allowing users to not only achieve keyword retrieval, but also dynamically update encrypted data stored on semi-trusted cloud server, effectively protecting user’s privacy. However, the majority of existing DSSE schemes exhibit inefficiencies in practical applications because of their complex structure. In addition, to store the status of keywords, the storage requirements of the client increase proportionally with the number of keyword/document pairs. Therefore, the client storage will be overwhelmed when confronted with a substantial increase in the volume of keyword/document pairs. To solve these issues, we propose a practical efficient dynamic searchable symmetric encryption scheme with lightweight clients—CoD-DSSE. A novel index structure similar to a chest of drawers is proposed in CoD-DSSE, which allows users to efficiently search all document indexes through XOR operations and keeps the keyword status on the server to lightweight clients. Furthermore, we use a random number generator to construct new search tokens for forward security and achieve backward security by using a Bloom filter to store the deleted document index, which can significantly reduce communication costs. The experimental and security analyses show that CoD-DSSE is efficient and secure in practice.

A provably lightweight and secure DSSE scheme, with a constant storage cost for a smart device client.

Outsourcing data to remote cloud providers is becoming increasingly popular amongst organizations and individuals. A semi-trusted server uses Searchable Symmetric Encryption (SSE) to keep the search information under acceptable leakage levels whilst searching an encrypted database. A dynamic SSE (DSSE) scheme enables the adding and removing of documents by performing update queries, where some information is leaked to the server each time a record is added or removed. The complexity of structures and cryptographic primitives in most existing DSSE schemes makes them inefficient, in terms of storage, and query requests generate overhead costs on the Smart Device Client (SDC) side. Achieving constant storage cost for SDCs enhances the viability, efficiency, and easy user experience of smart devices, promoting their widespread adoption in various applications while upholding robust privacy and security standards. DSSE schemes must address two important privacy requirements: forward and backward privacy. Due to the increasing number of keywords, the cost of storage on the client side is also increasing at a linear rate. This article introduces an innovative, secure, and lightweight Dynamic Searchable Symmetric Encryption (DSSE) scheme, ensuring Type-II backward and forward privacy without incurring ongoing storage costs and high-cost query generation for the SDC. The proposed scheme, based on an inverted index structure, merges the hash table with linked nodes, linking encrypted keywords in all hash tables. Achieving a one-time O(1) storage cost without keyword counters on the SDC side, the scheme enhances security by generating a fresh key for each update. Experimental results show low-cost query generation on the SDC side (6,460 nanoseconds), making it compatible with resource-limited devices. The scheme outperforms existing ones, reducing server-side search costs significantly.

SDTA: Secure Decentralized Trading Alliance for Electronic Medical Data

Abstract Massive medical data are indispensable for training diagnostic models to provide high-quality health monitoring services. The methods for sharing data in existing works involve securely and essentially copying data but often overlook the integration and efficiency of data storage, exchange and application. In this paper, we propose a Secure Decentralized Trading Alliance (SDTA) to encompass the entire process holistically. With monetary incentives, we formulate a chain-net structure for recording data digests and authentic transactions, thereby transforming data sharing into data trading without duplicating data storage. Data privacy is promised by encryption. To manage and employ encrypted medical data, users can update and search their encrypted data using an index and keywords, subsequently retrieving data within the SDTA framework. It is realized by a novel dynamic searchable symmetric encryption (SSE) with an $l$-level access strategy, which confines users to data pertinent solely to them, thus circumventing unnecessary data leakage. We scrutinize the storage efficiency and prove the fairness and security of SDTA. Finally, we generate datasets of varying sizes, where the time required to search for a single keyword is approximately 0.04 s with 1 000 000 (keyword, identifier) pairs, showing it quite acceptable.

Exploiting Hidden Information Leakages in Backward Privacy for Dynamic Searchable Symmetric Encryption

Dynamic searchable symmetric encryption (DSSE) enables searches over encrypted data as well as data dynamics such as flexible data addition and deletion operations. A major security concern in DSSE is how to preserve forward and backward privacy, which are typically achieved by removing the linkability between the newly added data and previous queries, and between the deleted data and future queries, respectively. After information leakage types were formally defined for different levels of backward privacy (i.e., Type-I, II, III), many backward private DSSE schemes have been constructed under the definitions. However, we observed that the backward privacy can be violated by leveraging additional secondary leakage, which is typically leaked in specific constructions of schemes in spite of their theoretical guarantees. In this paper, in order to understand the security gap between the theoretical definitions and practical constructions, we conduct an in-depth analysis of the root cause for the secondary leakage, and demonstrate how it can be abused to violate Type-II backward privacy (e.g., the exposure of the deletion history) of DSSE constructions in practice. We then propose a novel Type-II backward private DSSE scheme based on Intel SGX, which is resilient to the secondary leakage abuse attack. According to the comparative analysis of our scheme with the state-of-the-art SGX-based DSSE schemes, Bunker-B (EuroSec’19) and SGX-SE1 (ACNS’20), our scheme shows higher efficiency in terms of the search latency with a negligible utility loss under the same security level (cf. Bunker-B) while showing similar efficiency with a higher security level (cf. SGX-SE1). Finally, we formally prove that our scheme guarantees Type-II backward privacy.

Forward Private Verifiable Dynamic Searchable Symmetric Encryption With Efficient Conjunctive Query

Forward Private Verifiable Dynamic Searchable Symmetric Encryption With Efficient Conjunctive Query

LSE: Efficient Symmetric Searchable Encryption Based on Labeled PSI

LSE: Efficient Symmetric Searchable Encryption Based on Labeled PSI

An In-Depth Analysis on Efficiency and Vulnerabilities on a Cloud-Based Searchable Symmetric Encryption Solution

Searchable Symmetric Encryption (SSE) has come to be as an integral cryptographic approach in a world where digital privacy is essential. The capacity to search through encrypted data whilst maintaining its integrity meets the most important demand for security and confidentiality in a society that is increasingly dependent on cloud-based services and data storage. SSE offers efficient processing of queries over encrypted datasets, allowing entities to comply with data privacy rules while preserving database usability. Our research goes into this need, concentrating on the development and thorough testing of an SSE system based on Curtmola’s architecture and employing Advanced Encryption Standard (AES) in Cypher Block Chaining (CBC) mode. A primary goal of the research is to conduct a thorough evaluation of the security and performance of the system. In order to assess search performance, a variety of database settings were extensively tested, and the system's security was tested by simulating intricate threat scenarios such as count attacks and leakage abuse. The efficiency of operation and cryptographic robustness of the SSE system are critically examined by these reviews.

Fast Multi-User Searchable Encryption with Forward and Backward Private Access Control

Untrusted servers are servers or storage entities lacking complete trust from the data owner or users. This characterization implies that the server hosting encrypted data may not enjoy full trust from data owners or users, stemming from apprehensions related to potential security breaches, unauthorized access, or other security risks. The security of searchable encryption has been put into question by several recent attacks. Currently, users can search for encrypted documents on untrusted cloud servers using searchable symmetric encryption (SSE). This study delves deeply into two pivotal concepts of privacy within dynamic searchable symmetric encryption (DSSE) schemes: forward privacy and backward privacy. The former serves as a safeguard against the linkage of recently added documents to previously conducted search queries, whereas the latter guarantees the irretrievability of deleted documents in subsequent search inquiries. However, the provision of fine-grained access control is complex in existing multi-user SSE schemes. SSE schemes may also incur high computation costs due to the need for fine-grained access control, and it is essential to support document updates and forward privacy. In response to these issues, this paper suggests a searchable encryption scheme that uses simple primitive tools. We present a multi-user SSE scheme that efficiently controls access to dynamically encrypted documents to resolve these issues, using an innovative approach that readily enhances previous findings. Rather than employing asymmetric encryption as in comparable systems, we harness low-complexity primitive encryption tools and inverted index-based DSSE to handle retrieving encrypted files, resulting in a notably faster system. Furthermore, we ensure heightened security by refreshing the encryption key after each search, meaning that users are unable to conduct subsequent searches with the same key and must obtain a fresh key from the data owner. An experimental evaluation shows that our scheme achieves forward and Type II backward privacy and has much faster search performance than other schemes. Our scheme can be considered secure, as proven in a random oracle model.

SWiSSSE: System-Wide Security for Searchable Symmetric Encryption

This paper initiates a new direction in the design and analysis of searchable symmetric encryption (SSE) schemes. We provide the first comprehensive security model and definition for SSE that takes into account leakage from the entirety of the SSE system, including not only from access to encrypted indices but also from access to the encrypted database documents themselves. Such system-wide leakage is intrinsic in end-to-end SSE systems, and can be used to break almost all state-of-the-art SSE schemes (Gui et al., IEEE S&P 2023). We then provide a static SSE construction meeting our new security notion. The proposed SSE scheme involves a combination of novel techniques: bucketization to hide volumes of responses to queries, and delayed, pseudorandom write-backs to disrupt access pattern. Our implementation and analysis of the proposed scheme demonstrates that it offers very strong security against general classes of (system-wide) leakage-abuse attacks with moderate overhead. Our scheme scales smoothly to databases containing hundreds of thousand of documents and millions of keyword-document pairs. To the best of our knowledge, this is the first end-to-end SSE scheme that effectively suppresses system-wide leakage while maintaining practical efficiency.

Reducing Paging and Exit Overheads in Intel SGX for Oblivious Conjunctive Keyword Search

Paging and exit overheads have been proven to be the performance bottlenecks when adopting Searchable Symmetric Encryption (SSE) with trusted hardware such as Intel SGX for keyword search. This problem becomes more serious when incorporating ORAM and SGX to design oblivious SSE schemes such as POSUP [1] and Oblidb [2] which can defend against inference attacks. The main reason comes from high round communication complexity of ORAM and constrained trusted memory created by SGX. To overcome this performance bottleneck, we propose a set of novel SSE constructions with realistic security/performance trade-offs. Our core idea is to encode the keyword-identifier pairs into a bloom filter to reduce the number of ORAM operations during the search procedure. Specifically, Construction 1 loads the bloom filter into the enclave sequentially, which outperforms about <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$1.7\times$</tex-math></inline-formula> when the dataset is large compared with the performance of the baseline that directly combines ORAM and SGX. To further improve the performance of Construction 1, Construction 2 classifies keywords into groups and stores these groups in different bloom filters. By additionally leaking the keywords in search token belonging to which groups, Construction 2 outperforms Construction 1 by <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$16.5\sim 36.8\times$</tex-math></inline-formula> and provides an improvement of at least one order over state-of-the-art oblivious protocols.

MI3SE: A Multi-User Index-Based Searchable Symmetric Encryption Scheme for Improving Security of Data in Connected Electronic Devices

MI3SE: A Multi-User Index-Based Searchable Symmetric Encryption Scheme for Improving Security of Data in Connected Electronic Devices

Dynamic Searchable Symmetric Encryption With Strong Security and Robustness

Dynamic Searchable Symmetric Encryption With Strong Security and Robustness

Features of software implementing the prefix search method in cryptographically protected databases

The article addresses the specific considerations associated with the development of software implementing the prefix search method in cryptographically protected databases. This method is a variant of symmetric searchable encryption, which allows search among the encrypted data. The prefix search method allows searching for prefixes among encrypted data without the need for decryption. Such an approach resolves the issue of maintaining data confidentiality stored on remote or cloud servers. However, its usage introduces a set of issues that must be considered during the development of the corresponding software. The paper analyzes the requirements for software that implements the prefix search method, defines the software architecture, and justifies the choice of technologies and tools for software implementation, including ASP.NET, Java, JavaScript, PHP, Python programming languages, MongoDB database management system, and the FastAPI framework. A description of the deployment process of the corresponding software is provided. To assess the performance of the developed software, the well-known Apache JMeter tool for conducting load testing was utilized. The obtained performance evaluations of the proposed solution indicate acceptable time delays in processing relevant data search queries.

Efficient and Expressive Search Scheme over Encrypted Electronic Medical Records

In recent years, there has been rapid development in computer technology, leading to an increasing number of medical systems utilizing electronic medical records (EMRs) to store their clinical data. Because EMRs are very private, healthcare institutions usually encrypt these data before transferring them to cloud servers. A technique known as searchable encryption (SE) can be used by healthcare institutions to encrypt EMR data. This technique enables searching within the encrypted data without the need for decryption. However, most existing SE schemes only support keyword or range searches, which are highly inadequate for EMR data as they contain both textual and digital content. To address this issue, we have developed a novel searchable symmetric encryption scheme called SSE-RK, which is specifically designed to support both range and keyword searches, and it is easily applicable to EMR data. We accomplish this by creating a conversion technique that turns keywords and ranges into vectors. These vectors are then used to construct index tree building and search algorithms that enable simultaneous range and keyword searches. We encrypt the index tree using a secure K-Nearest Neighbor technique, which results in an effective SSE-RK approach with a search complexity that is quicker than a linear approach. Theoretical and experimental study further demonstrates that our proposed scheme surpasses previous similar schemes in terms of efficiency. Formal security analysis demonstrates that SSE-RK protects privacy for both data and queries during the search process. Consequently, it holds significant potential for a wide range of applications in EMR data. Overall, our SSE-RK scheme, which offers improved functionality and efficiency while protecting the privacy of EMR data, generally solves the shortcomings of the current SE schemes.

A Survey on Searchable Symmetric Encryption

Outsourcing data to the cloud has become prevalent, so Searchable Symmetric Encryption (SSE), one of the methods for protecting outsourced data, has arisen widespread interest. Moreover, many novel technologies and theories have emerged, especially for the attacks on SSE and privacy-preserving. But most surveys related to SSE concentrate on one aspect (e.g., single keyword search, fuzzy keyword search) or lack in-depth analysis. Therefore, we revisit the existing work and conduct a comprehensive analysis and summary. We provide an overview of state-of-the-art in SSE and focus on the privacy it can protect. Generally, (1) we study the work of the past few decades and classify SSE based on query expressiveness. Meanwhile, we summarize the existing schemes and analyze their performance on efficiency, storage space, index structures, and so on.; (2) we complement the gap in the privacy of SSE and introduce in detail the attacks and the related defenses; (3) we discuss the open issues and challenges in existing schemes and future research directions. We desire that our work will help novices to grasp and understand SSE comprehensively. We expect it can inspire the SSE community to discover more crucial leakages and design more efficient and secure constructions.