140 likes | 277 Views
Common Secure Index for Conjunctive Keyword-Based Retrieval over Encrypted Data. Peishun Wang, Huaxiong Wang, and Josef Pieprzyk : SDM 2007. LNCS, vol. 4721, pp. 108–123. 報告者:廖俊威 日 期: 2009/7/30. Problem definition.
E N D
Common Secure Index for Conjunctive Keyword-Based Retrieval over Encrypted Data Peishun Wang, Huaxiong Wang, and Josef Pieprzyk: SDM 2007. LNCS, vol. 4721, pp. 108–123. 報告者:廖俊威 日 期:2009/7/30
Problem definition • Members in a dynamic group retrieve their encrypted data from an untrusted server based on keywords and without any loss of data confidentiality and member’s privacy.
Introduction • In 2005, Park et al. proposed privacy preserving keyword-based retrieval protocols for dynamic groups. To the best of our knowledge, it is the first work on searchable encryption in the multi-user setting. • Shortcomings • Their protocols use the same group session key as their authentication codes for all group members, so it cannot provide user privacy against insider. • Their protocols use Goh’s single-user protocol to build common secure indices and trapdoors, and use the group encryption and decryption keys to process the data. This means every user knows the same collection of keys. There is no facility to ensure privacy amongst the users. • After the q-th session in their protocols, a user must make q trapdoors for a list of keywords, thus, when the q is big enough, their protocols become much inefficient. • In Park et al’s protocols, if an Leaving Member (LM) reveals the group decryption key to an Server Administrator (SA), the SA can decrypt all the documents encrypted previously, as a user can know all of the previous group encryption keys by hashing the current group encryption key repeatedly
CSI-CKR model (Common Secure Indices for Conjunctive Keyword-Based Retrieval) • CSI-CKR has three parties • A trusted group manager (GM) • Members in the dynamic group • A server • First, GM setups the system and distributes an authentication code to every member. • A member encrypts her data, generates the corresponding secure indices, and stores them on the server. • When a member wants to retrieve the documents containing some keywords, she makes the searchable information for the keywords, and sends it along with her authentication code to the server. • Then, for the legitimate member, the server tests all secure indices to find the matched data, and returns them to the member. • Finally, the member interacts with GM to get the plaintext data.
Security requirement of CSI-CKR • Data privacy • The server is not able to extract any information about the encrypted data, common secure indices, queries and searches. • Any leaving member is not able to search and retrieve data after her revocation. • Member privacy • Prevent any body (excluding the group manager) to impersonate a legitimate member to query the data. • Although a member interacts with the group manager, member privacy guarantees that the group manager knows nothing about the data the member retrieves.
Definition of CSI-CKR • SystemSetup • Initiates the scheme • AuthCodGen • generates members’ PIN numbers, • their secure codes • and a secure test code • DataGen • builds searchable encrypted data • DataQurey • retrieves the matched data • DataDcrypt • decrypts the encrypted data
Conclusion • Our protocol is based on a new idea different from any previous single-user protocols, and only uses public keys to generate authentication codes, build common secure indices and trapdoors, and encrypt the data. • The size of trapdoor in our protocol is fixed to 2n + logm. So our protocol is more practical. • In our protocol, the members do not have the decryption key, so our protocol avoids the attack that LM reveal group decryption key.