VMKDO: Verifiable multi-keyword search over encrypted cloud data for dynamic data-owner

The advantages of cloud computing encourage individuals and enterprises to outsource their local data storage and computation to cloud server, however, data security and privacy concerns seriously hinder the practicability of cloud storage. Although searchable encryption (SE) technique enables cloud server to provide fundamental encrypted data retrieval services for data-owners, equipping with a result verification mechanism is still of prime importance in practice as semi-trusted cloud server may return incorrect search results. Besides, single keyword search inevitably incurs many irrelevant results which result in waste of bandwidth and computation resources. In this paper, we are among the first to tackle the problems of data-owner updating and result verification simultaneously. To this end, we devise an efficient cryptographic primitive called as verifiable multi-keyword search over encrypted cloud data for dynamic data-owner scheme to protect both data confidentiality and integrity. Rigorous security analysis proves that our scheme is secure against keyword guessing attack (KGA) in standard model. As a further contribution, the empirical experiments over real-world dataset show that our scheme is efficient and feasible in practical applications.     

Efficient multi-keyword ranked query over encrypted data in cloud computing

Cloud computing infrastructure is a promising new technology and greatly accelerates the development of large scale data storage, processing and distribution. However, security and privacy become major concerns when data owners outsource their private data onto public cloud servers that are not within their trusted management domains. To avoid information leakage, sensitive data have to be encrypted before uploading onto the cloud servers, which makes it a big challenge to support efficient keyword-based queries and rank the matching results on the encrypted data. Most current works only consider single keyword queries without appropriate ranking schemes. In the current multi-keyword ranked search approach, the keyword dictionary is static and cannot be extended easily when the number of keywords increases. Furthermore, it does not take the user behavior and keyword access frequency into account. For the query matching result which contains a large number of documents, the out-of-order ranking problem may occur. This makes it hard for the data consumer to find the subset that is most likely satisfying its requirements. In this paper, we propose a flexible multi-keyword query scheme, called MKQE to address the aforementioned drawbacks. MKQE greatly reduces the maintenance overhead during the keyword dictionary expansion. It takes keyword weights and user access history into consideration when generating the query result. Therefore, the documents that have higher access frequencies and that match closer to the users’ access history get higher rankings in the matching result set. Our experiments show that MKQE presents superior performance over the current solutions.     

支持语义扩展的动态多关键词密文排序检索

针对云存储环境下已有的动态多关键词密文排序检索方案不支持关键词语义扩展、不具备前向安全和后向安全的问题，提出一种支持语义检索且具备前向安全和后向安全的动态多关键词密文排序检索方案。该方案通过构建语义关系图实现查询关键词的语义扩展；使用树索引结构实现数据的检索和动态更新；利用向量空间模型实现多关键词排序搜索；基于安全K近邻算法对维度扩展后的索引和查询向量进行加密。安全性分析表明，该方案在已知密文模型下是安全的且具有动态更新时的前向安全和后向安全。效率分析及仿真实验结果表明，该方案在服务器检索效率方面优于目前同类型具有相同安全性或相同功能的方案。     

加密云数据下的关键词模糊搜索方案

对于加密云数据的搜索,传统的关键词模糊搜索方案虽然能搜索到相关文档,但是搜索的结果并不令人满意。在用户输入正确的情况下,无法完成近似搜索,当用户出现拼写错误时,返回的结果中包含大量无关关键词文档,严重浪费了带宽资源。针对目前在加密云数据下关键词模糊搜索的缺陷,提出了一种新型的关键词模糊搜索方案,通过对关键词计算相关度分数并对文档根据相关度分数进行排序,将top-k（即相关度最高的k个文档）个文档返回给搜索用户,减少了不必要的带宽浪费和用户寻找有效文档的时间消耗,提供了更加有效的搜索结果,并且通过引入虚假陷门集,增大了云服务器对文档关键词的分析难度,增加了系统的隐私性保护。     

基于区块链的公平可验证的多关键词密文排序检索

针对区块链环境下已有的可搜索加密方案实现结果验证和公平支付的成本过高、检索功能局限的问题,提出基于区块链的支持验证与公平支付的多关键词排序检索方案。该方案通过云服务器（CSP）存储加密索引树和执行搜索操作,并且构建了包含验证证明的查找表来辅助智能合约完成检索结果的验证以及公平支付,从而降低智能合约执行操作的复杂性,节约时间和费用成本。此外,结合向量空间模型与词频逆文档频率（TF-IDF）技术构建平衡二叉树结构的索引,并使用安全K邻近对索引和查询向量进行加密,从而实现支持动态更新的多关键词排序检索。安全性和性能分析表明,所提方案在区块链环境下和已知密文模型下是安全可行的;仿真实验结果表明,所提方案能够以可接受的开销实现结果验证与公平支付。     

一种基于BloomFilter的改进型加密文本模糊搜索机制研究

随着云计算的日益普及,为实现共享计算资源、节约经济成本等目的,越来越多的重要数据被从本地外包迁移至云端.出于对保护云端数据安全和用户隐私等方面的考虑,数据所用者一般倾向对敏感数据进行加密处理,在此基础上,如何能够对数据开展有效检索处理成为关注的重点.为此,提出一种改进的密文数据多关键字检索机制,一方面,基于BloomFilter数据结构设计一种新的关键字转换方法,能够在保持模糊搜索功能及识别率的同时,有效降低数据索引规模;另一方面,基于动态混淆参数调节的思路改进相似度评估算法,以提高数据的加密强度,并且能很好地反映用户的检索偏好.实验结果验证了所提机制是可行和高效的.     

Split keyword fuzzy and synonym search over encrypted cloud data

Multimedia Tools and Applications - A substitute solution for various organizations of data owners to store their data in the cloud using storage as a service(SaaS). The outsourced sensitive data...     

云计算中加密数据的模糊关键字搜索方法

传统的可搜索加密方案仅支持精确匹配的搜索,在效率和性能上都不能适应云计算环境。用支持多种字符串相似性操作的R+树构建索引,实现了云计算中对加密数据的模糊关键字搜索;用编辑距离来量化关键字的相似度,提出了一种可以返回与关键字更接近的文件检索方法。通过字符串聚类提高了模糊关键字搜索的效率。     

Resolving privacy-preserving relationships over outsourced encrypted data storages

Due to the numerous advantages in terms of cost reduction, usability, and flexibility, today we are witnessing the adoption of solutions where individuals and enterprises prefer to outsource (part of) their private information or assets for processing to third parties. Yet, such adoption will not become a complete success unless outsourced data storages reliably guarantee the privacy of sensitive information. With this aim in mind, some data storage providers offer the possibility of encrypting assets, achieving a remarkable degree of privacy, but at the expense of usability. At best, advanced cryptographic primitives can be directly implemented over the encrypted data to allow its owners to perform certain operations, such as keyword-based searches, on the side of the data storages. The paper at hand proposes a novel approach based on fully homomorphic encryption to correlate encrypted pieces of data in outsourced data storages. The goal was to enrich searchable encryption solutions by transparently adding related keywords to a given query, yet preventing the data storages to know the outsourced information, the received query, the resulting response, or the relationship between queries and responses. The conducted experiments show that nowadays, the main bottleneck resides in the inefficiency of the existing fully homomorphic encryption algorithms. Nevertheless, our proposal is not tied to any particular algorithm, thereby allowing users to select the most efficient in terms of computing time.     

Preferred search over encrypted data

Cloud computing provides elastic data storage and processing services. Although existing research has proposed preferred search on the plaintext files and encrypted search, no method has been proposed that integrates the two techniques to efficiently conduct preferred and privacy-preserving search over large datasets in the cloud.In this paper, we propose a scheme for preferred search over encrypted data (PSED) that can take users’ search preferences into the search over encrypted data. In the search process, we ensure the confidentiality of not only keywords but also quantified preferences associated with them. PSED constructs its encrypted search index using Lagrange coefficients and employs secure inner-product calculation for both search and relevance measurement. The dynamic and scalable property of cloud computing is also considered in PSED. A series of experiments have been conducted to demonstrate the efficiency of the proposed scheme when deploying it in real-world scenarios.     

Efficient privacy-preserving frequent itemset query over semantically secure encrypted cloud database

World Wide Web - In recent years, more users tend to use data mining as a service (DMaaS) provided by cloud service providers. However, while enjoying the convenient pay-per-use mode and powerful...     

A privacy-preserving multi-keyword ranked retrieval scheme in cloud computing

ABSTRACT

Big data and cloud computing could bring security problems. In order to ensure data security and user privacy, people would choose to store data in the cloud with ciphertext. How to search data efficiently and comprehensively without decryption has become the focus of this paper. In this paper, we propose an efficient privacy protection scheme. In this scheme, Elliptic Curve Cryptography (ECC) is adopted to encrypt the data. It can reduce the computing cost of encryption and decryption uploading the encrypted files and indexes to the cloud server. Then it can authorize users to generate trap door using hash conflict function, and send it to Cloud Service Provider (CSP) for searching for matched ciphertext. The CSP uses the Apriori algorithm to extend keywords and search index to match the ciphertext. In this paper, we will use the Apriori algorithm to extend the keywords’ semantics, match the index list based on these keywords, and return the requested file-set which is more consistent with the user’s search. Experiments show that compared with traditional methods, files can be encrypted, decrypted, and recovered more quickly when we use this method. It can also ensure the privacy of data and reduce the communication overhead.     

Efficient wildcard search over encrypted data

Searchable encryption is an important technique that allows the data owners to store their encrypted data in the cloud. It also maintains the ability to search a keyword over encrypted data. In practice, searchable encryption scheme supporting wildcard search is very important and widely used. In this paper, we propose a new wildcard search technique to use one wildcard to represent any number of characters. Based on Bloom filter with a novel specified characters position technique, we construct a new searchable symmetric scheme to support wildcard search over encrypted data. This scheme is more efficient than prior schemes, and it can be strengthened to be secure against an adaptive attacker (CKA-2 security). Moreover, this scheme can be dynamic to support file addition and deletion. Our wildcard search technique is of independent interest.     

Multi-Keyword search over encrypted data with scoring and search pattern obfuscation

Search over encrypted data recently became a critical operation that raised a considerable amount of interest in both academia and industry. Especially, as outsourcing, sensitive data to cloud prove to be a strong trend to benefit from the unmatched storage and computing capacities thereof. Indeed, privacy-preserving search over encrypted data, an apt term to address privacy-related issues concomitant in outsourcing sensitive data, have been widely investigated in the literature under different models and assumptions. In this work, we propose an efficient scheme that allows privacy-preserving search over encrypted data using queries with multiple keywords. Most important contributions of this work are as follows. Firstly, using a property referred as \(\delta \)-mean query obfuscation, the proposed scheme hides the search patterns, which are allowed to leak in many works in the literature including our preliminary work on the subject Orencik et al. (2013) [1]. Secondly, a two-server setting is employed to eliminate the correlation between the queries and matching documents sent to the user under the assumption that the two servers are not colluding. Thirdly, we propose a novel compression scheme that reduces both the communication cost between the two servers and the computation cost of the search operation more than 55 times compared to the standard approach. And finally, the proposed scheme also provides an effective scoring and ranking capability that is based on term frequency–inverse document frequency (tf-idf) weights of keyword–document pairs. Our analyses demonstrate that the proposed scheme is privacy-preserving, efficient and effective.     

基于区块链的属性基多关键词排序搜索方案

对云数据进行访问控制能够限制非法访问、提高数据隐私安全,属性基可搜索加密是实现数据细粒度访问控制的关键技术之一。针对云数据访问中单一授权性能瓶颈、搜索功能局限等问题,提出一种基于区块链的属性基多关键词排序搜索方案。该方案采用多授权机制降低了系统计算负担,同时将属性基可搜索加密技术与区块链技术相结合,实现了云数据的细粒度访问控制与公平搜索;此外,引入向量空间模型和TF-IDF加权技术实现了多关键词搜索结果排序,提高了搜索效率。安全性分析、性能分析表明,该方案能够抵抗选择明文攻击和关键词猜测攻击,并具备较低的通信和计算开销。     

面向属性加密数据的可验证细粒度关键字密文搜索

为实现加密数据的细粒度密文搜索,并确保第三方服务器诚实可靠地执行搜索过程,同时尽可能降低用户端的计算和通信代价,提出支持密文搜索可验证的属性基可搜索加密方案。通过引入对称密钥加密体制,承诺方案和强一次性消息认证码,以经典的属性加密方案为基础构造算法,实现密文关键字的细粒度搜索以及搜索过程的可验证性,并证明方案具有选择性的数据安全性和搜索索引安全性,以及验证可靠性。与同类方案相比,该方案在达到同等安全性要求的情况下,进一步提高了终端用户的计算和通信效率。     

Semantic and secure search over encrypted outsourcing cloud based on BERT

Searchable encryption provides an effective way for data security and privacy in cloud storage. Users can retrieve encrypted data in the cloud under the premise of protecting their own data security and privacy. However, most of the current content-based retrieval schemes do not contain enough semantic information of the article and cannot fully reflect the semantic information of the text. In this paper, we propose two secure and semantic retrieval schemes based on BERT (bidirectional encoder representations from transformers) named SSRB-1, SSRB-2. By training the documents with BERT, the keyword vector is generated to contain more semantic information of the documents, which improves the accuracy of retrieval and makes the retrieval result more consistent with the user’s intention. Finally, through testing on real data sets, it is shown that both of our solutions are feasible and effective.     

Achieving fully privacy-preserving private range queries over outsourced cloud data

With the prevalence of cloud computing, data owners are motivated to outsource their databases to the cloud server. However, to preserve data privacy, sensitive private data have to be encrypted before outsourcing, which makes data utilization a very challenging task. Existing work either focus on keyword searches and single-dimensional range query, or suffer from inadequate security guarantees and inefficiency. In this paper, we consider the problem of multidimensional private range queries over encrypted cloud data. To solve the problem, we systematically establish a set of privacy requirements for multidimensional private range queries, and propose a multidimensional private range query (MPRQ) framework based on private block retrieval (PBR), in which data owners keep the query private from the cloud server. To achieve both efficiency and privacy goals, we present an efficient and fully privacy-preserving private range query (PPRQ) protocol by using batch codes and multiplication avoiding technique. To our best knowledge, PPRQ is the first to protect the query, access pattern and single-dimensional privacy simultaneously while achieving efficient range queries. Moreover, PPRQ is secure in the sense of cryptography against semi-honest adversaries. Experiments on real-world datasets show that the computation and communication overhead of PPRQ is modest.     

基于Simhash的安全密文排序检索方案

针对密文检索中存在的计算量大、检索效率不高的问题，提出一种基于Simhash的安全密文排序检索方案。该方案基于Simhash的降维思想构建安全多关键词密文排序检索索引（SMRI），将文档处理成指纹和向量，利用分段指纹和加密向量构建B+树，并采用"过滤-精化"策略进行检索和排序，首先通过分段指纹的匹配进行快速检索，得到候选结果集；然后通过计算候选结果集与查询陷门的汉明距离和向量内积进行排序，带密钥的Simhash算法和安全k近邻（SkNN）算法保证了检索过程的安全性。实验结果表明，与基于向量空间模型（VSM）的方案相比，基于SMRI的排序检索方案计算量小，能节约时间和空间成本，检索效率高，适用于海量加密数据的快速安全检索。     

Approaches and challenges of privacy preserving search over encrypted data

More and more data owners are encouraged to outsource their data onto cloud servers for reducing infrastructure, maintenance cost and also to get ubiquitous access to their stored data. However, security is one issue that discourages data owners from adopting cloud servers for data storage. Searchable Encryption (SE) is one of the few ways of assuring privacy and confidentiality of such data by storing them in encrypted form at the cloud servers. SE enables the data owners and users to search over encrypted data through trapdoors. Most of the user information requirements are fulfilled either through Boolean or Ranked search approaches. This paper aims at understanding how the confidentiality and privacy of information can be guaranteed while processing single and multi-keyword queries over encrypted data using Boolean and Ranked search approaches. This paper presents all possible leakages that happen in SE and also specifies which privacy preserving approach to be adopted in SE schemes to prevent those leakages to help the practitioners and researchers to design and implement secure searchable encryption systems. It also highlights various application scenarios where SE could be utilized. This paper also explores the research challenges and open problems that need to be focused in future.