Year

2021

Degree Name

Doctor of Philosophy

Department

School of Computing and Information Technology

Abstract

The vast development in information and communication technologies has spawned many new computing and storage architectures in the last two decades. Famous for its powerful computation ability and massive storage capacity, cloud services, including storage and computing, replace personal computers and software systems in many industrial applications. Another famous and influential computing and storage architecture is the distributed system, which refers to an array of machines or components geographically dispersed but jointly contributes to a common task, bringing premium scalability, reliability, and efficiency. Recently, the distributed cloud concept has also been proposed to benefit both cloud and distributed computing. Despite the benefits of these new technologies, data security and privacy are among the main concerns that hinder the wide adoption of these attractive architectures since data and computation are not under the control of the end-users in such systems. The traditional security mechanisms, e.g., encryption, cannot fit these new architectures since they would disable the fast access and retrieval of remote storage servers. Thus, an urgent question turns to be how to enable refined and efficient data retrieval on encrypted data among numerous records (i.e., searchable encryption) in the cloud and distributed systems, which forms the topic of this thesis.

Searchable encryption technologies can be divided into Searchable Symmetric Encryption (SSE) and Public-key Encryption with Keyword Search (PEKS). The intrinsical symmetric key hinders data sharing since it is problematic and insecure to reveal one’s key to others. However, SSE outperforms PEKS due to its premium efficiency and is thus is prefered in a number of keyword search applications. Then multi-user SSE with rigorous and fine access control undoubtedly renders a satisfactory solution of both efficiency and security, which is the first problem worthy of our much attention. Second, functions and versatility play an essential role in a cloud storage application but it is still tricky to realize keyword search and deduplication in the cloud simultaneously. Large-scale data usually renders significant data redundancy and saving cloud storage resources turns to be inevitable. Existing schemes only facilitate data retrieval due to keywords but rarely consider other demands like deduplication. To be noted, trivially and hastily affiliating a separate deduplication scheme to the searchable encryption leads to disordered system architecture and security threats. Therefore, attention should be paid to versatile solutions supporting both keyword search and deduplication in the cloud. The third problem to be addressed is implementing multi-reader access for PEKS. As we know, PEKS was born to support multi-writers but enabling multi-readers in PEKS is challenging. Repeatedly encrypting the same keyword with different readers’ keys is not an elegant solution. In addition to keyword privacy, user anonymity coming with a multi-reader setting should also be formulated and preserved. Last but not least, existing schemes targeting centralized storage have not taken full advantage of distributed computation, which is considerable efficiency and fast response. Specifically, all testing tasks between searchable ciphertexts and trapdoor/token are fully undertaken by the only centralized cloud server, resulting in a busy system and slow response. With the help of distributed techniques, we may now look forward to a new turnaround, i.e., multiple servers jointly work to perform the testing with better efficiency and scalability. Then the intractable multi-writer/multi-reader mode supporting multi-keyword queries may also come true as a by-product.

This thesis investigates searchable encryption technologies in cloud storage and distributed systems and spares effort to address the problems mentioned above. Our first work can be classified into SSE. We formulate the Multi-user Verifiable Searchable Symmetric Encryption (MVSSE) and propose a concrete scheme for multi-user access. It not only offers multi-user access and verifiability but also supports extension on updates as well as a non-single keyword index. Moreover, revocable access control is obtained that the search authority is validated each time a query is launched, different from existing mechanisms that once the search authority is granted, users can search forever. We give simulation-based proof, demonstrating our proposal possesses Universally Composable (UC)-security. Second, we come up with a redundancy elimination solution on top of searchable encryption. Following the keyword comparison approach of SSE, we formulate a hybrid primitive called Message-Locked Searchable Encryption (MLSE) derived in the way of SSE’s keyword search supporting keyword search and deduplication and present a concrete construction that enables multi-keyword query and negative keyword query as well as deduplication at a considerable small cost, i.e., the tokens are used for both search and deduplication. And it can further support Proof of Storage (PoS), testifying the content integrity in cloud storage. The semantic security is proved in Random Oracle Model using the game-based methodology. Third, as the branch of PEKS, the Broadcast Authenticated Encryption with Keyword Search (BAEKS) is proposed to bridge the gap of multi-reader access for PEKS, followed by a scheme. It not only resists Keyword Guessing Attacks (KGA) but also fills in the blank of anonymity. The scheme is proved secure under Decisional Bilinear Diffie-Hellman (DBDH) assumption in the Random Oracle Model.

For distributed systems, we present a Searchable Encryption based on Efficient Privacy-preserving Outsourced calculation framework with Multiple keys (SE-EPOM) enjoying desirable features, which can be classified into PEKS. Instead of merely deploying a single server, multiple servers are employed to execute the test algorithm in our scheme jointly. The refined search, i.e., multi-keyword query, data confidentiality, and search pattern hiding, are realized. Besides, the multi-writer/multi-reader mode comes true. It is shown that under the distributed circumstance, much efficiency can be substantially achieved by our construction. With simulation-based proof, the security of our scheme is elaborated.

All constructions proposed in this thesis are formally proven according to their corresponding security definitions and requirements. In addition, for each cryptographic primitive designed in this thesis, concrete schemes are initiated to demonstrate the availability and practicality of our proposal.

FoR codes (2008)

080402 Data Encryption

Share

COinS
 

Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.