TY - GEN
T1 - A security proxy to cloud storage backends based on an efficient wildcard searchable encryption
AU - Chung, Shen Ming
AU - Shieh, Ming Der
AU - Chiueh, Tzi Cker
N1 - Publisher Copyright:
© 2018 IEEE.
Copyright:
Copyright 2019 Elsevier B.V., All rights reserved.
PY - 2018/12/6
Y1 - 2018/12/6
N2 - Cloud storage backends such as Amazon S3 are a potential storage solution to enterprises. However, to couple enterprises with these backends, at least two problems must be solved: First, how to make these semi-trusted backends as secure as on-premises storage; and second, how to selectively retrieve files as easy as on-premises storage. A security proxy can address both the problems by building a local index from keywords in files before encrypting and uploading files to these backends. But, if the local index is built in plaintext, file content is still vulnerable to local malicious staff. Searchable Encryption (SE) can get rid of this vulnerability by making index into ciphertext; however, its known constructions often require modifications to index database, and, to support wildcard queries, they are not efficient at all. In this paper, we present a security proxy that, based on our wildcard SE construction, can securely and efficiently couple enterprises with these backends. In particular, since our SE construction can work directly with existing database systems, it incurs only a little overhead, and when needed, permits the security proxy to run with constantly small storage footprint by readily out-sourcing all built indices to existing cloud databases.
AB - Cloud storage backends such as Amazon S3 are a potential storage solution to enterprises. However, to couple enterprises with these backends, at least two problems must be solved: First, how to make these semi-trusted backends as secure as on-premises storage; and second, how to selectively retrieve files as easy as on-premises storage. A security proxy can address both the problems by building a local index from keywords in files before encrypting and uploading files to these backends. But, if the local index is built in plaintext, file content is still vulnerable to local malicious staff. Searchable Encryption (SE) can get rid of this vulnerability by making index into ciphertext; however, its known constructions often require modifications to index database, and, to support wildcard queries, they are not efficient at all. In this paper, we present a security proxy that, based on our wildcard SE construction, can securely and efficiently couple enterprises with these backends. In particular, since our SE construction can work directly with existing database systems, it incurs only a little overhead, and when needed, permits the security proxy to run with constantly small storage footprint by readily out-sourcing all built indices to existing cloud databases.
UR - http://www.scopus.com/inward/record.url?scp=85060239640&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85060239640&partnerID=8YFLogxK
U2 - 10.1109/SC2.2018.00026
DO - 10.1109/SC2.2018.00026
M3 - Conference contribution
AN - SCOPUS:85060239640
T3 - Proceedings - 8th IEEE International Symposium on Cloud and Services Computing, SC2 2018
SP - 127
EP - 130
BT - Proceedings - 8th IEEE International Symposium on Cloud and Services Computing, SC2 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th IEEE International Symposium on Cloud and Services Computing, SC2 2018
Y2 - 19 November 2018 through 22 November 2018
ER -