Cloud-Native and Unified Searchable Encryption for Privacy-Preserving within Cloud Repository

  • 鍾 勝民

Student thesis: Doctoral Thesis

Abstract

Searchable Encryption (SE) is considered important in the era of cloud as it provides both confidentiality and searchability for the data stored in semi-trusted environments such as cloud Unfortunately even after two-decade long development it is still rarely deployed in cloud because most SE schemes cannot natively work with cloud services as modifications to the underlying software infrastructure is inevitable To advocate SE deployment in cloud for protecting user privacy a cloud-native SE scheme called FETCH (Frequency-Eliminated Trapdoor-Character-Hopping) is presented in this dissertation Based on novel common-conditioned-subsequence-preserving (CCSP) techniques FETCH is able to natively work with off-the-shelf databases to support wildcard-based pattern search on encrypted data With the CCSP techniques the problem of wildcard SE searching can be transformed into a problem of subsequence matching that is well-supported in most databases and thus fits well with cloud services in general Though in our security analysis CCSP removes the possibility of obtaining theoretical indistinguishability between indexed items we show that FETCH nevertheless provide adequate confidentiality protection in the commonly-adopted 3-tier cloud structure and fares much better than other existing wildcard SE schemes in terms of query performance storage overhead and deployment complexity In particular FETCH is able to efficiently handle datasets whose size is multiple orders of magnitude larger than those that existing schemes can comfortably support Interestingly we found FETCH able to be extended to cover even encrypted numerical data in addition to textual data We call the extended one ``unified' FETCH or uFETCH in short As encrypted-search techniques such as SE schemes were devised for homogeneous data type i e textual or numerical uFETCH breaks a nature presumption that multiple techniques have to be intertwined to make database management system (DBMS) privacy-preserving Such a presumption actually has led to popular but more complex designs such as CryptDB putting efforts on heterogeneous integration Different from such designs uFETCH is able to build unified SE indexes for both the types while enabling fast encrypted search even if the SE indexes built for texts and numbers are mingled Since uFETCH also transforms the problem of encrypted search into a simple problem of subsequence matching for cloud-native it requires only sub-linear search time w r t the volume of indexed items and is secure in the widely-adopted 3-tier cloud structure to help cloud service providers ease regulation compliance with out-sourced repository Besides algorithmic derivation and theoretical analysis two major cloud use cases i e cloud storage and cloud DBMS are also studied and evaluated with cloud storage studied for pure textual data and cloud DBMS for data mixed with texts and numbers More specifically as cloud storage is often used to store unstructured data in files FETCH is utilized to address the challenge of full-content textual search As for structured data mixed with textual and numerical data uFETCH is set up to bring forth simpler design of a security agent that demonstrates how cloud DBMS can be easily augmented to preserve privacy
Date of Award2020
Original languageEnglish
SupervisorMing-Der Shieh (Supervisor)

Cite this

'