Title
DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay
Author
Zheng, Yubo (Huazhong University of Science and Technology)
Xu, Peng (Huazhong University of Science and Technology)
Wang, Wei (Huazhong University of Science and Technology)
Chen, Tianyang (Huazhong University of Science and Technology)
Susilo, Willy (University of Wollongong)
Liang, K. (TU Delft Cyber Security)
Jin, Hai (Huazhong University of Science and Technology)
Contributor
Atluri, Vijayalakshmi (editor)
Di Pietro, Roberto (editor)
Jensen, Christian D. (editor)
Meng, Weizhi (editor)
Date
2022
Abstract
Many practical secure systems have been designed to prevent real-world attacks via maximizing the attacking cost so as to reduce attack intentions. Inspired by this philosophy, we propose a new concept named delay encryption with keyword search (DEKS) to resist the notorious keyword guessing attack (KGA), in the context of secure cloud-based searchable services. Avoiding the use of complex (and unreasonable) assumptions, as compared to existing works, DEKS optionally leverages a catalyst that enables one (e.g., a valid data user) to easily execute encryption; without the catalyst, any unauthenticated system insiders and outsiders take severe time consumption on encryption. By this, DEKS can overwhelm a KGA attacker in the encryption stage before it obtains any advantage. We leverage the repeated squaring function, which is the core building block of our design, to construct the first DEKS instance. The experimental results show that DEKS is practical in thwarting KGA for both small and large-scale datasets. For example, in the Wikipedia, a KGA attacker averagely takes 7.23 years to break DEKS when the delay parameter T= 2 24. The parameter T can be flexibly adjusted based on practical needs, and theoretically, its upper bound is infinite.
Subject
Delay encryption with keyword search
Keyword guessing attack
Privacy
Security
To reference this document use:
http://resolver.tudelft.nl/uuid:b051a5b8-e734-48b4-afc7-fbc9184396d0
DOI
https://doi.org/10.1007/978-3-031-17146-8_5
Publisher
Springer
Embargo date
2023-07-01
ISBN
9783031171451
Source
Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings
Event
27th European Symposium on Research in Computer Security, ESORICS 2022, 2022-09-26 → 2022-09-30, Virtual, Online
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 0302-9743, 13555 LNCS
Bibliographical note
Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Part of collection
Institutional Repository
Document type
conference paper
Rights
© 2022 Yubo Zheng, Peng Xu, Wei Wang, Tianyang Chen, Willy Susilo, K. Liang, Hai Jin