Secure cloud storage is considered one of the most important issues that both businesses and end-users consider before moving private data to the cloud. Searchable symmetric encryption (SSE) allows a party to privately outsource the storage of data to another party, while maintaining the ability to selectively search through it. When deployed in the cloud, Searchable Symmetric Encryption allows one to query encrypted data without the risk of data leakage.
The Dilemma of Data Encryption Within Cloud Storage
The proliferation of digital transformation across all industry sectors has resulted in many benefits such as increased productivity, reduced operational costs, enhanced monitoring and sensing of critical performance indicators. Nevertheless, it has also created many challenges. For example, smart systems and IoT connected devices can become the source of large volumes of data. The divergence in structure, type, and generation rate of this big data introduces challenges on how to integrate, store and manage the data.
Outsourcing data storage to the cloud can be an effective solution with advantages in scalability, performance and interoperability. Cloud platforms provide an acceptable level of security and privacy when the data owners operate private cloud servers and/or when the cloud service is considered completely trustworthy. However, this is not always the case. For various reasons, spanning from cost-effectiveness to lack of resources to run private cloud services, businesses elect to outsource their data storage to third-party public cloud service providers (CSP). In these scenarios, the data stored in the cloud can become untrusted and there are also privacy concerns.
We have witnessed many data breaches happening within the cloud due to weak data protection controls, compromised credentials and phishing attacks. In fact, it is generally accepted that responsibility for the security and privacy of data in the cloud falls solely on the data owner.
One straightforward approach to strengthen the security and privacy of the data stored in the cloud is to encrypt the data before uploading to the cloud. While encryption provides confidentiality to the data, it also sacrifices the functionalities of processing the data, and one of the most critical functions of processing data stored in the cloud is searching.
The problem with searching encrypted data in a privacy-enhanced manner concerns many sectors, including electric grid utilities and smart meters data, law enforcement and international cooperation for fighting criminality, and healthcare databases for vaccine certifications.
What is Searchable Symmetric Encryption?
With the development of privacy-preserving technology, Searchable Symmetric Encryption (SSE) was proposed to address the above problem. SSE is technology that enables users to store documents in ciphertext form while maintaining the functionality to search keywords in their documents. Searchable encryption has been identified by DARPA as one of the technical advances that can balance the need for both privacy and national security in information aggregation systems.
SSE was first introduced by Song, Wagner and Perrig. SSE aims to achieve the best of all worlds. It is as efficient as the most effective encrypted search solutions (e.g., deterministic encryption), yet it provides far more security. In their work, they note that SSE can be achieved in its full generality and with optimal security using the work of Ostrovsky and Goldreich on oblivious RAMs.
TLS Machine Identity Management for Dummies
Security of Searchable Symmetric Encryption
Researchers Reza Curtmola, Seny Kamara, Juan Garay, and Rafail Ostrovsky have highlighted that the initial work on SSE had two primary issues: (1) the definitions were (implicitly) restricting the adversary's power; and (2) they didn't explicitly capture the fact that the constructions were leaking information.
The first problem was that in these definitions, the adversary’s behavior was being implicitly restricted to making non-adaptive queries to its search oracle. To address this problem, the researchers provided a stronger security definition, called adaptive security, where the adversary was allowed to generate its queries as a function of the encrypted database, the tokens and previous search results. The new definition also treated the problem with the leakage of search patterns that revealed whether a search query was being repeated.
Finally, while initial work on searchable encryption only considered the single-user setting, the research also considered the multi-user setting in which a user owns the data, but an arbitrary group of users can submit queries to search their document collection. The owner can control search access by granting and revoking searching privileges to other users.
Conclusion
The importance of privacy-enhanced technology in our data-driven world is crucial to safeguard the confidentiality and integrity of sensitive, personal data. Researchers are exploring encryption implementations, such as Homomorphic Encryption and Searchable Symmetric Encryption, that will allow the searching and processing of encrypted stored data without compromising data privacy. The research completed so far is promising, although several computational overheads must be surpassed for a fully efficient implementation of these schemes.
The importance of privacy-enhanced technology in our data-driven world is crucial to safeguard the confidentiality and integrity of sensitive, personal data. Researchers are exploring encryption implementations, such as Homomorphic Encryption and Searchable Symmetric Encryption, that will allow the searching and processing of encrypted stored data without compromising data privacy. The research completed so far is promising, although several computational overheads must be surpassed for a fully efficient implementation of these schemes.
To learn more about Searchable Symmetric Encryption, the following articles and research are available to you for free:
- How to Search on Encrypted Data: Searchable Symmetric Encryption, by Seny Kamara.
- Practical Techniques for Searches on Encrypted Data, by Song, Wagner, and Perrig
- Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions, by Curtmola, Kamara, Garay, and Ostrovsky.
Get a 30 Day Free Trial of TLS Protect Cloud, Automated Certificate Management.
Related Posts