The rapid development of information and communication technology has enabled more people to outsource and store their data on the networked databases. However, it brings challenges related to the data privacy and security. Our research focuses on the privacy in which the party who requests for a service discloses the minimum amount of personal information, whereas the party that offers data is able to ensure that only the requested data are revealed. Particularly, we focus on the mechanism searching for keywords on encrypted data. There are numbers of techniques that can be applied in the keyword search, such as public encryption with keyword search (PEKS), oblivious transfer (OT), private information retrieval (PIR), symmetric key encryption and homomorphic encryption. In this work, we consider PEKS, symmetric key encryptions and OT to perform oblivious keyword search. Our work can be summarized as follows. • Keyword search in designated senders. Most of current keyword search schemes only consider the keyword stored in the email gateway or database service providers. Hence, an off-line keyword guessing attack was developed to perform brute force attacks on a limited keyword space. An efficient solution is providing another element, for example, the sender’s identity, in the cipher-text in order to improve the security of encrypted keywords. This allows us to achieve a new cryptography primitive namely keyword search with designated signers. • Symmetric key encryption that provides a better security level than the other ones. The underlying principle of a symmetric key encryption is that the sender and the receiver must share the same secret key. We propose a construction based on the public key infrastructure that allows the sender and the receiver to exchange their public keys and construct a secret key. This scheme is based on a computable assumption that is more secure than the one based on decisional assumption. • Oblivious keyword search. The idea of oblivious keyword search is from the oblivious transfer (OT). The security of OT requires that both sender’s and receiver’s privacy are preserved. Therefore, from the privacy point of view, OT is suitable for enabling privacy of outsourced data. • Public key encryption with oblivious keyword search. Combining the notions of PEKS and OT, we propose an oblivious keyword search scheme. The new scheme achieves the properties of both PEKS and OT. We note that the combination is done in a non-trivial manner in order to ensure the security of the system.
History
Year
2013
Thesis type
Masters thesis
Faculty/School
School of Computer Science and Software Engineering
Language
English
Disclaimer
Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.