1 / 21

Keyword search on encrypted data

Keyword search on encrypted data. Keyword search problem. Linux utility: grep Information retrieval Basic operation Advanced operations – relevance analysis and ranking Search engines highly complicated problem. New settings. Search data in the cloud Filter encrypted emails

clive
Download Presentation

Keyword search on encrypted data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Keyword search on encrypted data

  2. Keyword search problem • Linux utility: grep • Information retrieval • Basic operation • Advanced operations – relevance analysis and ranking • Search engines • highly complicated problem

  3. New settings • Search data in the cloud • Filter encrypted emails • Privacy preserving log retrieval

  4. Basic techniques • Symmetric encryption • Public key encryption • Simple keyword matching • A little bit relevance evaluation

  5. Secure keyword search with symmetric encryption • Paper: Song 2000 • Seed is random, different for • each Wi • Key idea: Li and Ri are self- • verifiable • Advantage of XOR

  6. How to set K?

  7. Setting of ki • Ki = Fk’(Wi), k’ is secret • User publishes W and k = Fk’(W) • Server checks CiW  whether <Li, Fk(Li)> == CiW It reveals nothing if Ci is not the ciphertext for W. And Li is random for different Wi – server cannot find any information from Li.

  8. Hidden search • In previous schemes, W is revealed • Weakness: each search will have to release k for W • Easy to collect information • Solution: encrypt Wi with an private key, then xor with <Li, Fk(Li)> • Still weaknesses • Wi encryption should be deterministic • Access pattern is leaked • Linear scan over the whole doc collection

  9. Typical method for speedy keyword based search • Using the “inverted index” Word -> doc1:pos, doc2:pos,… Or simply word -> doc1, doc2, … However, inverted index reveals the word frequency

  10. Recent developments • Reza 2006 • “Searchable symmetric encryption: improved definitions and efficient constructions” • Completely solved this problem, with a solution indistinguishability under chosen ciphertext attack (IND-CCA) • Allow inverted index • Hide word frequency

  11. setup • D – the set of documents {D1,…,Dn} • max - the maximum number of distinct words in a document • Li – the list of document IDs that contain the keyword w_i , plus some dummy entries to reach max • A – array contains all elements in Li (max * |D|) • T – table that contains the <wi, address of Li’s first node>)

  12. Symmetric encryption function, encrypt words and document ids • id(Dj) for wi entry is encoded as enc(wi||j) to make indistinguishable • Pseudo-random function f • Two pseudo-random permutation functions •  : for mapping word to table entry • : for mapping index to next node of Li to the index of array A

  13. Building the index table T 1. The key used to encrypt the node Ni,1 2. to random values of the same size of the existing entries

  14. Generating Li with Ki,0, We can decrypt all nodes in the list For the remaining max – |D(wi)| dummy nodes, store the doc id that Already appears in the first |D(wi)| entries. This can be done with the help of a look-up table I

  15. Search • Generate the trapdoor • Search

  16. Property • Each keyword search returns the same number of encrypted document ids – the attacker cannot distinguish word frequency

  17. Search public-key encrypted data • Users who encrypt the data (with public key) can be different from the owner of the private key

  18. Cyclic group • For example, if G = { g0, g1, g2, g3, g4, g5 } mod p is a group, then g6 = g0, and G is cyclic. • p is the order • g is the generator

  19. Bilinear-map construction • Two groups G1 G2 of prime order p • A bilinear map : G1 X G1 -> G2 • Properties:

More Related