TY - GEN
T1 - BISEN: Efficient boolean searchable symmetric encryption with verifiability and minimal leakage
AU - Ferreira, Bernardo
AU - Portela, Bernardo
AU - Oliveira, Tiago
AU - Borges, Guilherme
AU - Domingos, Henrique
AU - Leitão, João
N1 - info:eu-repo/grantAgreement/FCT/5876/147279/PT#
info:eu-repo/grantAgreement/EC/H2020/732505/EU#
FCT/MCTES through project HADES (PTDC/CCI-INF/31698/2017)
PY - 2019/10
Y1 - 2019/10
N2 - The prevalence and availability of cloud infrastructures has made them the de facto solution for storing and archiving data, both for organizations and individual users. Nonetheless, the cloud's wide spread adoption is still hindered by dependability and security concerns, particularly in applications with large data collections where efficient search and retrieval services are also major requirements. This leads to an increased tension between security, efficiency, and search expressiveness, which current state of the art solutions try to balance through complex cryptographic protocols that tradeoff efficiency and expressiveness for near optimal security. In this paper we tackle this tension by proposing BISEN, a new provably-secure boolean searchable symmetric encryption scheme that improves these three complementary dimensions by exploring the design space of isolation guarantees offered by novel commodity hardware such as Intel SGX, abstracted as Isolated Execution Environments (IEEs). BISEN is the first scheme to enable highly expressive and arbitrarily complex boolean queries, with minimal information leakage regarding performed queries and accessed data, and verifiability regarding fully malicious adversaries. Furthermore, by exploiting trusted hardware and the IEE abstraction, BISEN reduces communication costs between the client and the cloud, boosting query execution performance. Experimental validation and comparison with the state of art shows that BISEN provides better performance with enriched search semantics and security properties.
AB - The prevalence and availability of cloud infrastructures has made them the de facto solution for storing and archiving data, both for organizations and individual users. Nonetheless, the cloud's wide spread adoption is still hindered by dependability and security concerns, particularly in applications with large data collections where efficient search and retrieval services are also major requirements. This leads to an increased tension between security, efficiency, and search expressiveness, which current state of the art solutions try to balance through complex cryptographic protocols that tradeoff efficiency and expressiveness for near optimal security. In this paper we tackle this tension by proposing BISEN, a new provably-secure boolean searchable symmetric encryption scheme that improves these three complementary dimensions by exploring the design space of isolation guarantees offered by novel commodity hardware such as Intel SGX, abstracted as Isolated Execution Environments (IEEs). BISEN is the first scheme to enable highly expressive and arbitrarily complex boolean queries, with minimal information leakage regarding performed queries and accessed data, and verifiability regarding fully malicious adversaries. Furthermore, by exploiting trusted hardware and the IEE abstraction, BISEN reduces communication costs between the client and the cloud, boosting query execution performance. Experimental validation and comparison with the state of art shows that BISEN provides better performance with enriched search semantics and security properties.
KW - Cloud computing
KW - Searchable encryption
KW - Trusted hardware
UR - http://www.scopus.com/inward/record.url?scp=85084140506&partnerID=8YFLogxK
U2 - 10.1109/SRDS47363.2019.00021
DO - 10.1109/SRDS47363.2019.00021
M3 - Conference contribution
AN - SCOPUS:85084140506
T3 - Proceedings of the IEEE Symposium on Reliable Distributed Systems
SP - 103
EP - 112
BT - Proceedings - 2019 IEEE 38th International Symposium on Reliable Distributed Systems, SRDS 2019
PB - IEEE Computer Society
T2 - 38th IEEE International Symposium on Reliable Distributed Systems, SRDS 2019
Y2 - 1 October 2019 through 4 October 2019
ER -