Boolean Searchable Symmetric Encryption with Filters on Trusted Hardware

Bernardo Ferreira, Bernardo Portela, Tiago Oliveira, Guilherme Borges, Henrique Domingos, João Leitão

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

The prevalence and availability of cloud infrastructures has made them the de facto solution for storing and archiving data, both for organizations and individual users. Nonetheless, the cloud's wide spread adoption is still hindered by dependability and security concerns, particularly in applications with large data collections where efficient search and retrieval services are also major requirements. This leads to an increased tension between security, efficiency, and search expressiveness. In this article we tackle this tension by proposing BISEN, a new provably-secure boolean searchable symmetric encryption scheme that improves these three complementary dimensions by exploring the design space of isolation guarantees offered by novel commodity hardware such as Intel SGX, abstracted as Isolated Execution Environments (IEEs). BISEN is the first scheme to support multiple users and enable highly expressive and arbitrarily complex boolean queries, with minimal information leakage regarding performed queries and accessed data, and verifiability regarding fully malicious adversaries. Furthermore, BISEN extends the traditional SSE model to support filter functions on search results based on generic metadata created by the users. Experimental validation and comparison with the state of art shows that BISEN provides better performance with enriched search semantics and security properties.

Original languageEnglish
Pages (from-to)1307-1319
Number of pages13
JournalIeee Transactions On Dependable And Secure Computing
Volume19
Issue number2
DOIs
Publication statusPublished - 14 Mar 2022

Keywords

  • distributed systems
  • Intel SGX
  • provable security
  • Searchable encryption
  • secure databases

Fingerprint

Dive into the research topics of 'Boolean Searchable Symmetric Encryption with Filters on Trusted Hardware'. Together they form a unique fingerprint.

Cite this