Dynamic Searchable M. Naveed, Encryption via Blind M. Prabhakaran, - - PowerPoint PPT Presentation

dynamic searchable
SMART_READER_LITE
LIVE PREVIEW

Dynamic Searchable M. Naveed, Encryption via Blind M. Prabhakaran, - - PowerPoint PPT Presentation

Sep 26, 2022 103 likes •355 views

Dynamic Searchable M. Naveed, Encryption via Blind M. Prabhakaran, C.A. Gunter Storage Presented by: Keegan Sherman and Pardeep Banwait Searchable Symmetric Encryption Allows a user to store a collection of encrypted documents and

slide-1
SLIDE 1

Dynamic Searchable Encryption via Blind Storage

  • M. Naveed,
  • M. Prabhakaran,

C.A. Gunter Presented by: Keegan Sherman and Pardeep Banwait

slide-2
SLIDE 2

Searchable Symmetric Encryption

  • Allows a user to store a collection of encrypted

documents and perform keyword searches on those documents.

  • The server storing the documents is required to not learn

any information from interactions with the stored documents except for certain patterns.

  • Our Dynamic SSE allows for adding and removing

documents throughout the life-time of the system in the face of an honest-but curious server.

slide-3
SLIDE 3

Previous SSE Research

  • Basic Approach by R. Curtmola, et.al. from NJIT.
  • Keep index files that map keywords to lists of

documents that contain it. Store index files as encrypted linked lists. Randomly sort the nodes for each list.

  • Approach by S. Kamara, et.al. from Microsoft.
  • Dynamic SSE based off inverted index approach with

server side computation.

slide-4
SLIDE 4

Blind Storage

  • Allows a server to store a set of encrypted files in such a

way that the server does not know how many files are being stored nor the lengths of the files.

  • Server learns about the existence of a file when it is

being retrieved but the file’s name and contents are kept hidden.

slide-5
SLIDE 5

Blind Storage Parameters

  • - Upper bound on storage slack ratio
  • - Ratio between the number of blocks in a file and the

number of blocks downloaded/uploaded when a given file is accessed.

  • - The minimum number of blocks that can be downloaded/

uploaded from the server.

  • We use CRHF, a PRF, a FD-PRF, PRG, and a PRP all relying on

an AES block-cipher .

  • KSSE = (Kd, Kid, KID).

γ

α κ

slide-6
SLIDE 6

Blind Storage

1 2 3 4 5 6 7 8 9 10 11 12

Free Occupied

id data

Generate seed for PRG: s = FD-PRF (id)

Kid

1

10 3 4 2

Check that needed number of blocks are free. If so choose the shortest subset, S, containing size free blocks.

3

size = 4 blocks

6 10 3 1 4 9 2 8

Generate indexes for a pseudorandom subset of size max( size, ) from PRG(s).

2

α∗

κ

slide-7
SLIDE 7

Blind Storage

vi H(id) dataj vi H(id)

size

data0

4

Create blocks with necessary information.

5

Store blocks into S

10 3 4 2

}

Encrypt blocks using PRF

Kd

vi Ej

6

}

slide-8
SLIDE 8

Blind Storage Update

1 2 3 4 5 6 7 8 9 10 11 12

Free Occupied Generate seed for PRG: s = FD-PRF (id)

Kid

1

6 10 3 1

Generate indexes for a pseudorandom subset of size from PRG(s).

2

κ

Find first block with our id using decryption.

3

vi E0 H(id)

size

data0

Our file

slide-9
SLIDE 9

Blind Storage Update

4 Output size to client and accept size’ as the size of the file after update. 5 Determine if < max(size, size’). If so calculate, download and decrypt

remaining pseudorandom blocks.

κ

α∗

6 10 3 1 4 9 2 8

6

10 3 4 2

Determine blocks with our id’s and output them.

7

Accept data’ as updated document

8

If size < size’ download more pseudorandom blocks and store.

slide-10
SLIDE 10

Clear Storage

  • Similar to blind storage except there is no encryption.
  • Uses a separate file system that stores header files

indexing the last block of the pseudorandom subset

  • ccupied by a file.

vi H(id) dataj vi H(id)

size

data0

}

10 3 4 2

Store blocks into S

… … H(id) 2 … …

Header File System Interface

slide-11
SLIDE 11

Overview of BSTORE-SSE

  • All index files are stored in either blind storage or clear

storage.

  • No server-side computation.
  • Architecture independent.
  • Highly parallelizable computation.
slide-12
SLIDE 12

Operations of BSTORE-SSE

  • SSE.keygen: Generate keys
  • SSE.indexgen: Generates index files for each keyword that is in at

least one document. Proceeds to fill the blind storage array with index files. Uploads array and encrypted documents.

  • SSE.remove: Removes a document from the system using a lazy

delete strategy.

  • SSE.add: Adds a document to the system. Generates/updates

keyword index files.

  • SSE.search: Search documents in BSTORE-SSE system for a given

keyword.

slide-13
SLIDE 13

Initialization

  • Operation of SSE.indexgen. Takes a set of (idf, dataf) tuples

and KSSE.

  • Generate a document ID: E(idf) = PRP (idf).
  • For each keyword present generate an index file that

contains the E(idf) of the documents that contain that keyword.

  • Store index files in blind storage system.
  • Store encrypted documents outside of blind storage system.

KID

slide-14
SLIDE 14

Removing Files

  • Operation of SSE.remove
  • Takes document idf
  • Compute document E(idf), identical to how we did

during initialization.

  • Check if document with E(idf) exist in system. If so

delete it and move E(idf) to removed list.

  • Keyword index files are not updated until a subsequent

search operation. (lazy-delete)

slide-15
SLIDE 15

Adding Files

  • Operation of SSE.add
  • Takes tuple (idf, dataf)
  • Compute document E(idf), identical to how we did

during initialization.

  • Generate random tag t for the document.
  • Encrypt then prefix t to the document.
  • Upload document to server using label E(idf).
slide-16
SLIDE 16

Adding Files

  • For each keyword that is present in a document append

a tuple (E(idf), t) to the index file in the clear storage system for that keyword.

  • Upload index files to the clear storage system.
slide-17
SLIDE 17

Searching for Files

  • Operation of SSE.search
  • Takes keyword w.
  • Retrieves index files for w from both blind storage and clear

storage using the first six stages of their update operations.

  • Search index files for E(idf)’s that are also in the remove list.
  • If found remove E(idf) and finish update process.
  • User now has all idf’s and can request the document they

are looking for.

slide-18
SLIDE 18

Security Analysis

  • During update we leak (op, vi, size).
  • For clear store the server learns all encrypted

documents containing a specific encrypted keyword.

  • During addition and removal of a document the

updated remove list is revealed to the server.

  • During a search the server learns how many times a

keyword has been searched.

slide-19
SLIDE 19

Experimental Results

Decreased per pair initialization time

slide-20
SLIDE 20

Experimental Results

Average time for initialization.

slide-21
SLIDE 21

Experimental Results

Time to search for a keyword excluding final decryption.

slide-22
SLIDE 22

Future Research

  • Multiple client searches on single data-owner (shared)

cloud storage.

  • Security against actively corrupt servers.
  • Multiple keyword searches.
slide-23
SLIDE 23

Related Works

  • R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky,

“Searchable symmetric encryption: improved definitions and efficient constructions,” in CCS, 2006,

  • pp. 79–88.
  • S. Kamara, C. Papamanthou, and T. Roeder, “Dynamic

searchable symmetric encryption,” in CCS, 2012, pp. 965–976.

slide-24
SLIDE 24

Questions?