SPEKS: Forward Private SGX-Based Public Key Encryption with Keyword Search
Abstract
:1. Introduction
- We propose a forward secure public key encryption with keyword search using Intel SGX, the first SGX-based PEKS scheme that achieves forward privacy in multi-user settings.
- The communication cost is significantly reduced as a single query is sufficient to search over multiple encrypted data, while prior works require numerous queries in proportional to the number of encrypted data.
- We define a security model of SGX-based forward private PEKS, and formally prove the security of our scheme.
- We implement our scheme using SGX, and evaluate the performance of our scheme and the previous schemes. According to the experiment with implementations, our scheme is significantly more efficient then the previous schemes without security degradation.
2. Background
2.1. Intel Software Guard Extensions (SGX)
2.2. Public Key Encryption with Keyword Search (PEKS)
3. SPEKS Overview and Definitions
3.1. Overview
3.2. Algorithms and Security Definitions
- : It takes the security parameter as input for generating a key pair for private key and public key , and takes λ as input for generating symmetric key .
- : It takes the symmetric key , keyword w, and search counter as input. It then outputs encrypted search token .
- : It takes the public key , keyword w, user index u, and a set of data F as input. It then outputs a record .
- : It takes the private key , record , and search token as input. It then outputs F if there is a match; otherwise, ⊥.
- : The data receiver runs and generates a key pair and symmetric key K. outputs a search counter of user, . The data sender calculates and passes to . The data receiver returns search token to after calculating . can use and the returned tokens at any time to make a query to the trusted hardware. The trusted hardware answers the query by running . If the query matches, then the search counter is incremented and returns a bit as a result of the experiment.
- : The adversary outputs search counter to the data sender. Using , the data sender creates and sends it to . The simulator creates search token and passes it to . can use and search token to make queries to , who simulates the trusted hardware. Next, with the given , returns the search result. At last, the adversary returns an output bit of the experiment.
4. Construction
4.1. Cryptographic Primitive
4.2. Provisioning
4.3. Algorithms
Algorithm 1: |
DR: |
Symmetric key |
Provision Private Key |
and Symmetric to |
Algorithm 2: |
DS: |
Request the search counter of u from the CS |
CS: |
Return to DS |
DS: |
for to do |
← Enc(,()) |
← ∪ |
end for |
Transfer to CS |
CS: |
for to do |
← ∪ |
end for |
Algorithm 3: |
DR: |
Transfer to |
Algorithm 4: |
CS: |
Enclave: |
for i=1 to sc’ do |
if then |
return |
end if |
end for |
Return F to DR if match; else, ⊥ |
5. Analysis
5.1. Security Analysis
- Setup: creates a new random keys and stores them.
- Simulating: gets and receives search counter . Furthermore, creates (the size of data set) encryption of keyword using . All encrypted value is given a distinct index value . outputs . Since the value of search counter and the size of the record are included in the leakage, the operations above are possible. The simulation of has the same size with the output of . In addition, the simulation result is indistinguishable from the output of due to IND-CPA-security of public key encryption scheme.
- Simulating: The simulator creates value and encrypts it as . outputs search token . Since is IND-CPA secure, the simulated is indistinguishable from the output of .
- Simulating secure hardware: At a given time t, receives search token and . uses to simulate the access pattern. begins with the first record of and follows the indices given by . The leakage determines the specific point of the record with index . □
5.2. Performance Analysis
6. Related Work
6.1. Searchable Encryption
6.2. TEE Based Implementations
7. Conclusions
Author Contributions
Funding
Conflicts of Interest
Abbreviations
PEKS | Public Key encryption with keyword search |
FS-PEKS | Forward Secure PEKS |
SE | Searchable encryption |
TEE | Trusted Execution Environment |
SGX | Software Guard Extension |
IND-CPA | Indistinguishable under chosen-plaintext attack |
PKE | Public key encryption |
SKE | Symmetric key encryption |
CS | Cloud server |
DS | Data sender |
DR | Data receiver |
References
- Boneh, D.; Di Crescenzo, G.; Ostrovsky, R.; Persiano, G. Public key encryption with keyword search. In International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberg, Germany, 2004; pp. 506–522. [Google Scholar]
- Zhang, Y.; Katz, J.; Papamanthou, C. All your queries are belong to us: The power of file-injection attacks on searchable encryption. In Proceedings of the 25th {USENIX} Security Symposium ({USENIX} Security 16), Austin, TX, USA, 10–12 August 2016; pp. 707–720. [Google Scholar]
- Bost, R. Σ oφoς: Forward secure searchable encryption. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016; pp. 1143–1154. [Google Scholar]
- Zhang, X.; Xu, C.; Wang, H.; Zhang, Y.; Wang, S. FS-PEKS: Lattice-based forward secure public-key encryption with keyword search for cloud-assisted industrial Internet of Things. IEEE Trans. Depend. Secur. Comput. 2019. [Google Scholar] [CrossRef]
- Zeng, M.; Qian, H.F.; Chen, J.; Zhang, K. Forward Secure Public Key Encryption with Keyword Search for Outsourced Cloud Storage. IEEE Trans. Cloud Comput. 2019. [Google Scholar] [CrossRef]
- Anati, I.; Gueron, S.; Johnson, S.; Scarlata, V. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel, 23–24 June 2013; Volume 13, p. 7. [Google Scholar]
- Costan, V.; Devadas, S. Intel SGX Explained. IACR Cryptol. EPrint Arch. 2016, 2016, 1–118. [Google Scholar]
- Hoekstra, M.; Lal, R.; Pappachan, P.; Phegade, V.; Del Cuvillo, J. Using innovative instructions to create trustworthy software solutions. HASP@ ISCA 2013, 11, 2487726–2488370. [Google Scholar]
- Intel, I. Software Guard Extensions Programming Reference, Revision 2. 2014. Available online: https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf (accessed on 15 September 2020).
- Intel, R. Software Guard Extensions (Intel R SGX). 2018. Available online: https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html (accessed on 15 September 2020).
- Amjad, G.; Kamara, S.; Moataz, T. Forward and backward private searchable encryption with SGX. In Proceedings of the 12th European Workshop on Systems Security, Dresden, Germany, 2–5 March 2019; pp. 1–6. [Google Scholar]
- Hyeongseob Kim, C.H.; Hur, J. Forward Secure Public Key Encryption with Keyword Search for Cloud-assisted IoT. In Proceedings of the 2020 IEEE International Conference on Cloud Computing, Beijing, China, 18–24 October 2020. [Google Scholar]
- Fuhry, B.; Bahmani, R.; Brasser, F.; Hahn, F.; Kerschbaum, F.; Sadeghi, A.R. HardIDX: Practical and secure index with SGX. In IFIP Annual Conference on Data and Applications Security and Privacy; Springer: Berlin/Heidelberg, Germany, 2017; pp. 386–408. [Google Scholar]
- Johnson, S.; Scarlata, V.; Rozas, C.; Brickell, E.; Mckeen, F. Intel® software guard extensions: Epid provisioning and attestation services. White Pap. 2016, 1, 119. [Google Scholar]
- Abdalla, M.; Bellare, M.; Catalano, D.; Kiltz, E.; Kohno, T.; Lange, T.; Malone-Lee, J.; Neven, G.; Paillier, P.; Shi, H. Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions. In Annual International Cryptology Conference; Springer: Berlin/Heidelberg, Germany, 2005; pp. 205–222. [Google Scholar]
- Stefanov, E.; Papamanthou, C.; Shi, E. Practical Dynamic Searchable Encryption with Small Leakage. NDSS 2014, 71, 72–75. [Google Scholar]
- Guide, P. Intel® 64 and ia-32 Architectures Software Developer’s Manual. Volume 3B: System Programming Guide Part. 2011, Volume 2, p. 11. Available online: file:///C:/Users/MDPI/AppData/Local/Temp/253669-sdm-vol-3b.pdf (accessed on 15 September 2020).
- Song, D.X.; Wagner, D.; Perrig, A. Practical techniques for searches on encrypted data. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (S&P 2000), Berkeley, CA, USA, 14–17 May 2000; IEEE: Piscataway, NJ, USA, 2000; pp. 44–55. [Google Scholar]
- Curtmola, R.; Garay, J.; Kamara, S.; Ostrovsky, R. Searchable symmetric encryption: Improved definitions and efficient constructions. J. Comput. Secur. 2011, 19, 895–934. [Google Scholar] [CrossRef] [Green Version]
- Islam, M.S.; Kuzu, M.; Kantarcioglu, M. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. Ndss 2012, 20, 12. [Google Scholar]
- Cash, D.; Jarecki, S.; Jutla, C.; Krawczyk, H.; Roşu, M.C.; Steiner, M. Highly-scalable searchable symmetric encryption with support for boolean queries. In Annual Cryptology Conference; Springer: Berlin/Heidelberg, Germany, 2013; pp. 353–373. [Google Scholar]
- Xu, P.; Jin, H.; Wu, Q.; Wang, W. Public-key encryption with fuzzy keyword search: A provably secure scheme under keyword guessing attack. IEEE Trans. Comput. 2012, 62, 2266–2277. [Google Scholar] [CrossRef]
- Bösch, C.; Hartel, P.; Jonker, W.; Peter, A. A survey of provably secure searchable encryption. ACM Comput. Surv. (CSUR) 2014, 47, 1–51. [Google Scholar] [CrossRef]
- Fisch, B.; Vinayagamurthy, D.; Boneh, D.; Gorbunov, S. Iron: Functional encryption using Intel SGX. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA, 30 October–3 November 2017; pp. 765–782. [Google Scholar]
- Sasy, S.; Gorbunov, S.; Fletcher, C.W. ZeroTrace: Oblivious Memory Primitives from Intel SGX. IACR Cryptol. EPrint Arch. 2017, 2017, 549. [Google Scholar]
- Mishra, P.; Poddar, R.; Chen, J.; Chiesa, A.; Popa, R.A. Oblix: An efficient oblivious search index. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 21–23 May 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 279–296. [Google Scholar]
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Yoon, H.; Moon, S.; Kim, Y.; Hahn, C.; Lee, W.; Hur, J. SPEKS: Forward Private SGX-Based Public Key Encryption with Keyword Search. Appl. Sci. 2020, 10, 7842. https://doi.org/10.3390/app10217842
Yoon H, Moon S, Kim Y, Hahn C, Lee W, Hur J. SPEKS: Forward Private SGX-Based Public Key Encryption with Keyword Search. Applied Sciences. 2020; 10(21):7842. https://doi.org/10.3390/app10217842
Chicago/Turabian StyleYoon, Hyundo, Soojung Moon, Youngki Kim, Changhee Hahn, Wonjun Lee, and Junbeom Hur. 2020. "SPEKS: Forward Private SGX-Based Public Key Encryption with Keyword Search" Applied Sciences 10, no. 21: 7842. https://doi.org/10.3390/app10217842
APA StyleYoon, H., Moon, S., Kim, Y., Hahn, C., Lee, W., & Hur, J. (2020). SPEKS: Forward Private SGX-Based Public Key Encryption with Keyword Search. Applied Sciences, 10(21), 7842. https://doi.org/10.3390/app10217842