Making Cloud Storages Secure and Efficient

Abstract

Over the years, searchable symmetric encryption (SSE) schemes have emerged as a promising tool for enabling efficient query processing over encrypted data stored in untrusted cloud servers. This thesis mainly focuses on efficiency and security enhancements of dynamic searchable symmetric encryption (DSSE) schemes, which support various query types and are secure against several adversarial conditions. For any SSE scheme, its query processing, storage, and communication costs are directly related to the size of the encrypted index stored on the server. A reduction of the index size naturally leads to enhanced search efficiency and reduced storage and communication costs. We are unaware of any previous attempts to reduce the index size of SSE schemes. We introduce a novel technique to directly reduce the index size of any SSE. Our proposed method generically transforms any secure single keyword SSE into an equivalently functional and secure version with reduced storage requirements, resulting in faster search and reduced communication overhead. Our technique involves arranging the set of document identifiers db(w) related to a keyword w in the leaf nodes of a complete binary tree, eventually obtaining a succinct representation of the set db(w). This compact representation leads to smaller index sizes. We conduct extensive theoretical analysis to prove the correctness of our scheme. Additionally, our experiments on real and synthetic data validate the effectiveness of our approach and demonstrate its practical applicability. Among the few SSE schemes available in the literature which support complex query types like conjunctive queries, the oblivious cross tag (OXT) scheme from Crypto’13 is the most efficient one. OXT has the limitation that it only works for static databases. In NDSS’20, an extension of OXT called the oblivious dynamic cross tag (ODXT) was proposed. ODTX supports conjunctive queries with dynamic updates. However, ODXT is not forward private. We propose a generic framework for designing conjunctive dynamic SSE (CDSSE) schemes, supporting conjunctive queries that allow dynamic updates while being both forward and backward private simultaneously. To the best of our knowledge such a scheme does not exist till date. Our scheme assumes a restricted update model where a document with its associated keywords can be dynamically added to or deleted from the database as a whole, but the set of keywords for a document is not modified once uploaded. We define forward and backward privacy for this new setting of updates and extend the OXT scheme to make it dynamic in the new setting. We prove the security of our construction against adaptive adversaries and analyse the precise leakages to the adversarial server. Experiments show that our schemes are very efficient. Another less studied aspect of SSE schemes is verifiability. In an SSE scheme, the server may be dishonest and may not respond to a client’s queries following the prescribed protocol. A verifiable SSE can detect such anomalous behaviour of a server. To defend against such malicious adversaries, previous approaches employ authenticated encryption (AE) to furnish a “proof” for each update. We propose a new construction where we convert any forward and backward private adaptively secure SSE scheme into a verifiable SSE. Our construction uses a new class of message authentication codes (MAC), which we call updatable message authentication codes (UdMAC). A UdMAC allows the verification tag for a message to be updated with each modification to the message without recomputing the entire MAC, ensuring efficiency. We establish security requirements for such a MAC and introduce two constructions, ConCatU and XoRU, which work with two different types of message updates, namely, concatenation and exclusive-or (XOR), respectively. Furthermore, we present the first generic construction for a forward and backward private faulttolerant verifiable DSSE using a UdMAC construction and prove its security. Our construction converts any generic forward and backward secure SSE secure in an honest-but-curious adversarial model into an equivalently secure DSSE secure in a malicious adversarial model with faulty updates.