TY - JOUR
T1 - Boolean Searchable Symmetric Encryption with Filters on Trusted Hardware
AU - Ferreira, Bernardo
AU - Portela, Bernardo
AU - Oliveira, Tiago
AU - Borges, Guilherme
AU - Domingos, Henrique
AU - Leitão, João
N1 - info:eu-repo/grantAgreement/FCT/6817 - DCRRNI ID/UIDB%2F04516%2F2020/PT#
info:eu-repo/grantAgreement/FCT/6817 - DCRRNI ID/UIDB%2F00408%2F2020/PT#
info:eu-repo/grantAgreement/FCT/6817 - DCRRNI ID/UIDP%2F00408%2F2020/PT#
This work was supported in part by FCT/MCTES through project HADES (PTDC/CCI INF/31698/2017) and in part by the EU through project LightKone (grant agreement no 732505).
Publisher Copyright:
© 2004-2012 IEEE.
PY - 2022/3/14
Y1 - 2022/3/14
N2 - The prevalence and availability of cloud infrastructures has made them the de facto solution for storing and archiving data, both for organizations and individual users. Nonetheless, the cloud's wide spread adoption is still hindered by dependability and security concerns, particularly in applications with large data collections where efficient search and retrieval services are also major requirements. This leads to an increased tension between security, efficiency, and search expressiveness. In this article we tackle this tension by proposing BISEN, a new provably-secure boolean searchable symmetric encryption scheme that improves these three complementary dimensions by exploring the design space of isolation guarantees offered by novel commodity hardware such as Intel SGX, abstracted as Isolated Execution Environments (IEEs). BISEN is the first scheme to support multiple users and enable highly expressive and arbitrarily complex boolean queries, with minimal information leakage regarding performed queries and accessed data, and verifiability regarding fully malicious adversaries. Furthermore, BISEN extends the traditional SSE model to support filter functions on search results based on generic metadata created by the users. Experimental validation and comparison with the state of art shows that BISEN provides better performance with enriched search semantics and security properties.
AB - The prevalence and availability of cloud infrastructures has made them the de facto solution for storing and archiving data, both for organizations and individual users. Nonetheless, the cloud's wide spread adoption is still hindered by dependability and security concerns, particularly in applications with large data collections where efficient search and retrieval services are also major requirements. This leads to an increased tension between security, efficiency, and search expressiveness. In this article we tackle this tension by proposing BISEN, a new provably-secure boolean searchable symmetric encryption scheme that improves these three complementary dimensions by exploring the design space of isolation guarantees offered by novel commodity hardware such as Intel SGX, abstracted as Isolated Execution Environments (IEEs). BISEN is the first scheme to support multiple users and enable highly expressive and arbitrarily complex boolean queries, with minimal information leakage regarding performed queries and accessed data, and verifiability regarding fully malicious adversaries. Furthermore, BISEN extends the traditional SSE model to support filter functions on search results based on generic metadata created by the users. Experimental validation and comparison with the state of art shows that BISEN provides better performance with enriched search semantics and security properties.
KW - distributed systems
KW - Intel SGX
KW - provable security
KW - Searchable encryption
KW - secure databases
UR - http://www.scopus.com/inward/record.url?scp=85127886501&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2020.3012100
DO - 10.1109/TDSC.2020.3012100
M3 - Article
AN - SCOPUS:85127886501
SN - 1545-5971
VL - 19
SP - 1307
EP - 1319
JO - Ieee Transactions On Dependable And Secure Computing
JF - Ieee Transactions On Dependable And Secure Computing
IS - 2
ER -