Annual Computer Security Applications Conference (ACSAC) 2016
 OpenConf Peer Review & Conference Management System

Full Program »

Practical and Secure Dynamic Searchable Encryption via Oblivious Access on Distributed Data Structure

Dynamic Symmetric Searchable Encryption (DSSE) allows a client to perform keyword searches over encrypted files via an encrypted data structure. Despite its merits, DSSE leaks search and update patterns when the client accesses the encrypted data structure. These leakages may create severe privacy problems as already shown, for example, in recent statistical attacks on DSSE. While Oblivious Random Access Memory (ORAM) can hide such access patterns, it incurs significant communication overhead, and therefore, is not yet fully practical for cloud computing systems. Hence, there is a critical need to develop private access schemes over the encrypted data structure that can seal the leakages of DSSE while achieving practical search/update operations.
In this paper, we propose a new oblivious access scheme over the encrypted data structure for searchable encryption purposes, that we call as Distributed Oblivious Data structure DSSE (DOD-DSSE). The main idea is to create a distributed encrypted incidence matrix on two non-colluding servers such that no arbitrary queries on these servers can be linked to each other. This strategy prevents not only recent statistical attacks on the encrypted data structure but also other potential threats exploiting the query linkability. Our security analysis proves that DOD-DSSE ensures the unlinkability of queries and, therefore, offers much higher security than traditional DSSE. At the same time, our performance evaluation demonstrates that DOD-DSSE is two orders of magnitude faster than ORAM-based techniques (e.g., Path ORAM), since it only incurs a small-constant number of communication overhead. That is, we deployed DOD-DSSE on geographically distributed Amazon EC2 servers, and showed that, a search/update operation takes around only one second on a very large dataset with DOD-DSSE, while it takes 3 to 13 minutes with Path ORAM-based methods.

Author(s):

Thang Hoang    
Oregon State University
United States

Attila Yavuz    
Oregon State University
United States

Jorge Guajardo    
Robert Bosch Research and Technology Center
United States

 

Powered by OpenConf®
Copyright©2002-2016 Zakon Group LLC