Accelerating Forward and Backward Private Searchable Encryption Using Trusted Execution
Authors: 
Viet Vo, Shangqi Lai, Xingliang Yuan, Shi-Feng Sun, Surya Nepal, Joseph K. LiuAuthors Info & Claims
Pages 83 - 103
Abstract
Searchable encryption (SE) is one of the key enablers for building encrypted databases. It allows a cloud server to search over encrypted data without decryption. Dynamic SE additionally includes data addition and deletion operations to enrich the functions of encrypted databases. Recent attacks exploiting the leakage in dynamic operations drive the rapid development of SE schemes revealing less information while performing updates; they are also known as forward and backward private SE. Newly added data is no longer linkable to queries issued before, and deleted data is no longer searchable in queries issued later. However, those advanced SE schemes reduce the efficiency of SE, especially in the communication cost between the client and server. In this paper, we resort to the hardware-assisted solution, aka Intel SGX, to ease the above bottleneck. Our key idea is to leverage SGX to take over most tasks of the client, i.e., tracking keyword states along with data addition and caching deleted data. However, handling large datasets is non-trivial due to the I/O and memory constraints of SGX. We further develop batch data processing and state compression techniques to reduce the communication overhead between the SGX and untrusted server and minimise the memory footprint within the enclave. We conduct a comprehensive set of evaluations on both synthetic and real-world datasets, which confirm that our designs outperform the prior art.
References
[1]
Amjad, G., Kamara, S., Moataz, T.: Forward and backward private searchable encryption with SGX. In: EuroSec 2019 (2019)
[2]
Bindschaedler V, Grubbs P, Cash D, Ristenpart T, and Shmatikov V The tao of inference in privacy-protected databases Proc. VLDB Endow. 2018 11 1715-1728
[3]
Borges, G., Domingos, H., Ferreira, B., Leitão, J., Oliveira, T., Portela, B.: BISEN: efficient Boolean searchable symmetric encryption with verifiability and minimal leakage. In: SRDS 2019 (2019)
[4]
Bost, R.: Sophos - forward secure searchable encryption. In: ACM CCS 2016 (2016)
[5]
Bost, R., Minaud, B., Ohrimenko, O.: Forward and backward private searchable encryption from constrained cryptographic primitives. In: ACM CCS 2017 (2017)
[6]
Brasser, F., Capkun, S., Dmitrienko, A., Frassetto, T., Kostiainen, K., Sadeghi, A.R.: DR.SGX: automated and adjustable side-channel protection for SGX using data location randomization. In: ACSAC 2019 (2019)
[7]
Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: ACM CCS 2015 (2015)
[8]
Cash, D., Jaeger, J., Jarecki, S., Jutla, C.: Dynamic searchable encryption in very large databases: data structures and implementation. In: NDSS 2014 (2014)
[9]
Christian, P., Kapil, V., Manuel, C.: EnclaveDB: a secure database using SGX. In: IEEE S&P 2018 (2018)
[10]
Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM CCS 2006 (2006)
[11]
Duan, H., Wang, C., Yuan, X., Zhou, Y., Wang, Q., Ren, K.: LightBox: full-stack protected stateful middlebox at lightning speed. In: ACM CCS 2019 (2019)
[12]
Fuhry B, Bahmani R, Brasser F, Hahn F, Kerschbaum F, and Sadeghi A-R Livraga G and Zhu S HardIDX: practical and secure index with SGX Data and Applications Security and Privacy XXXI 2017 Cham Springer 386-408
[13]
Ghareh Chamani, J., Papadopoulos, D., Papamanthou, C., Jalili, R.: New constructions for forward and backward private symmetric searchable encryption. In: ACM CCS 2018 (2018)
[14]
Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: ACM CCS 2012 (2012)
[15]
Lai, S., Patranabis, S., Sakzad, A., Liu, J.K., Mukhopadhyay, D., Steinfeld, R., et al.: Result pattern hiding searchable encryption for conjunctive queries. In: ACM CCS 2018 (2018)
[16]
Mishra, P., Poddar, R., Chen, J., Chiesa, A., Popa, R.A.: Oblix: an efficient oblivious search index. In: IEEE S&P 2018 (2018)
[17]
Orenbach, M., Lifshits, P., Minkin, M., Silberstein, M.: Eleos: exitless OS services for SGX enclaves. In: EuroSys 2017 (2017)
[18]
Ren, K., et al.: Hybridx: new hybrid index for volume-hiding range queries in data outsourcing services. In: ICDCS 2020 (2020)
[19]
Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing page faults from telling your secrets. In: ACM AsiaCCS 2016 (2016)
[20]
Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE S&P 2000 (2000)
[21]
Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable symmetric encryption with small leakage. In: NDSS 2014 (2014)
[22]
Sun, S.F., et al.: Practical backward-secure searchable encryption from symmetric puncturable encryption. In: ACM CCS 2018 (2018)
[23]
Vo, V., Lai, S., Yuan, X., Sun, S.F., Nepal, S., Liu, J.K.: Accelerating forward and backward private searchable encryption using trusted execution (2020). http://arxiv.org/abs/2001.03743
[24]
Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security 2014 (2014)
[25]
Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: USENIX Security 2016 (2016)
[26]
Zuo C, Sun S-F, Liu JK, Shao J, and Pieprzyk J Sako K, Schneider S, and Ryan PYA Dynamic searchable symmetric encryption with forward and stronger backward privacy Computer Security – ESORICS 2019 2019 Cham Springer 283-303
[27]
Zuo C, Sun S-F, Liu JK, Shao J, and Pieprzyk J Lopez J, Zhou J, and Soriano M Dynamic searchable symmetric encryption schemes supporting range queries with forward (and backward) security Computer Security 2018 Cham Springer 228-246
Index Terms
- Accelerating Forward and Backward Private Searchable Encryption Using Trusted Execution
Index terms have been assigned to the content through auto-classification.
Recommendations
Forward and Backward Private Searchable Encryption with SGX
EuroSec '19: Proceedings of the 12th European Workshop on Systems SecuritySymmetric Searchable Encryption (SSE) schemes enable users to search over encrypted data hosted on an untrusted server. Recently, there has been a lot of interest in forward and backward private SSE. The notion of forward privacy guarantees that updates ...
Deniable Searchable Symmetric Encryption
In the recent years, Searchable Symmetric Encryption (SSE) has become one of the hottest topic in cloud-computing area because of its availability and flexibility, and there are a series of SSE schemes were proposed. The adversary considered in these ...
Decryptable searchable encryption
ProvSec'07: Proceedings of the 1st international conference on Provable securityAs such, public-key encryption with keyword search (a.k.a PEKS or searchable encryption) does not allow the recipient to decrypt keywords i.e. encryption is not invertible. This paper introduces searchable encryption schemes which enable decryption. An ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Oct 2020
488 pages
ISBN:978-3-030-57877-0
DOI:10.1007/978-3-030-57878-7
© Springer Nature Switzerland AG 2020.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 19 October 2020
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Feb 2025