A Secure Searchable Encryption Framework For Privacy-critical Cloud Storage Services

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage Services

Abstract:

Searchable encryption has received a significant attention from the research community with various constructions being proposed, each achieving asymptotically optimal complexity for specific metrics e.g., searches, and update. Despite their elegance, the recent attacks and deployment efforts have shown that the optimal asymptotic complexity might not always imply sensible performance, especially if the application demands a high privacy. In this article, we introduce a novel Dynamic Searchable symmetric Encryption (DSSE) framework called Incidence Matrix (IM)-DSSE, which achieves a high level of privacy, efficient search/update, and low client storage with actual deployments on real cloud settings. We harness an incidence matrix along with two hash tables to create an encrypted index, on which both search and update operations can be performed effectively with minimal information leakage. This simple set of data structures surprisingly offers a high level of DSSE security while achieving practical performance. Specifically, IM-DSSE achieves forward-privacy, backward-privacy and size-obliviousness simultaneously. We also create several DSSE variants, each offering different trade-offs that are suitable for different cloud applications and infrastructures. We totally enforced our framework and evaluated its performance on a real cloud system. We have released IM-DSSE as an open-source library for wide development and adaptation.