DOI QR코드

DOI QR Code

Analysis of Data Encryption Mechanisms for Searchable Encryption

검색가능 암호시스템을 위한 데이터 암호기법의 문제점 분석

  • Son, Junggab (Dept. of Computer Science and Engineering, Hanyang University) ;
  • Yang, Yu-Jin (School of Computer Science and Engineering, Korea University of Technology and Education) ;
  • Oh, Heekuck (Dept. of Computer Science and Engineering, Hanyang University) ;
  • Kim, Sangjin (School of Computer Science and Engineering, Korea University of Technology and Education)
  • 손정갑 (한양대학교 컴퓨터공학과) ;
  • 양유진 (한국기술교육대학교 컴퓨터공학부) ;
  • 오희국 (한양대학교 컴퓨터공학과) ;
  • 김상진 (한국기술교육대학교 컴퓨터공학부)
  • Received : 2013.07.09
  • Accepted : 2013.08.19
  • Published : 2013.09.30

Abstract

Recently, the need for outsourcing sensitive data has grown due to the wide spreading of cost-effective and flexible cloud service. However, there is a fundamental concern in using such service since users have to trust external servers. Therefore, searchable encryption can be a very valuable tool to meet the security requirements of data outsourcing. However, most of work on searchable encryption focus only on privacy preserving search function and relatively lacks research on encryption mechanism used to actually encrypt data. Without a suitable latter mechanism, searchable encryption cannot be deployed in real world cloud services. In this paper, we analyze previously used and possible data encryption mechanisms for multi-user searchable encryption system and discuss their pros and cons. Our results show that readily available tools such as broadcast encryption, attribute-based encryption, and proxy re-encryption do not provide suitable solutions. The main problem with existing tools is that they may require separate fully trusted servers and the difficulty in preventing collusion attacks between outsiders and semi-trusted servers.

클라우드 컴퓨팅의 보급으로 최근 데이터 아웃소싱에 대한 요구가 매우 높아지고 있다. 하지만 클라우드 컴퓨팅의 근본적인 걱정인 외부 서버 신뢰 문제에 대한 만족할만한 수준의 해결책이 아직 제시되고 있지 못하다. 이 때문에 검색가능 암호화에 대한 연구가 최근에 다시 활발해지고 있다. 하지만 검색 기능에 대한 연구에만 집중되어 중요한 요소 중 하나인 데이터 암호메커니즘에 대한 연구는 상대적으로 소홀히 되고 있다. 적절한 암호메커니즘의 적용 없이는 검색가능 암호화를 실제 서버에 적용하는 것이 불가능하다. 이 논문에서는 다중 사용자가 이용하는 검색가능 암호시스템에서 지금까지 제안된 데이터 암호메커니즘과 사용 가능한 메커니즘들을 분석하여 그들의 장단점을 논한다. 분석 결과 논문에서 고려한 브로드캐스트 암호 기법, 속성기반 암호 기법, 프록시 재암호화 기법은 모두 적절한 해결책이 되지 못한다. 현존하는 기법들의 가장 큰 문제는 별도의 완전히 신뢰할 수 있는 서버가 필요하다는 것과 외부 사용자와 완전히 신뢰하지 못하는 서버 간 공모 공격을 방지할 수 없다는 것이다.

Keywords

References

  1. D. Song, D. Wagner, and A. Perrig, "Practical techniques for searches on encrypted data," Proc. IEEE Symp. on Security and Privacy, pp. 41-55, May 2000.
  2. D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano, "Public key encryption with keyword search," Advances in Cryptology, Eurocrypt 2004, LNCS 3027, pp. 506-522, Springer, May 2004.
  3. J. Baek, R. Safav-Naini, and W. Susilo, "On the integration of public key data encryption and public key encryption with keyword search," Proc. Information Security Conference (ISC 2006), LNCS 4176, pp. 217-232, Springer, September 2006.
  4. Y.H. Hwang and P.J. Lee, "Public key encryption with conjunctive keyword search and its extension to a multi-user system," Proc. Pairing 2007, LNCS 4575, pp. 2-22, Springer, July 2007.
  5. C.K. Wong, M. Goulda, and S.S. Lam, "Secure group communications using key graphs," IEEE/ACM Trans. on Networking, Vol. 8, No. 1, pp. 16-30, Feb. 2000. https://doi.org/10.1109/90.836475
  6. J. Bethencourt, A. Sahai, and B. Waters, "Ciphertextpolicy attribute-based encryption," Proc. of the IEEE Symp. on Security and Privacy, pp. 321-334, May 2007.
  7. G. Ateniese, K. Fu, M. Green, and S. Hohenberger, "Improved proxy re-encryption schemes with applications to secure distributed storage," ACM Trans. on Information and System Security, Vol. 9, No. 1, pp. 1-30, Feburary 2006. https://doi.org/10.1145/1127345.1127346
  8. F. Bao, R.H. Deng, X. Ding, and Y. Yang, "Private query on encrypted data in multi-user setting," Proc. Information Security Practice and Experience (ISPEC 2008), LNCS 4991, pp. 71-85, Springer, April 2008.
  9. R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, "Searchable symmetric encryption: Improved definitions and efficient constructions," Proc. ACM Conf. on Computer and Communications Security (CCS '06), pp. 79-88, Oct. 2006.
  10. J. Shao, Z. Cao, X. Liang, and H. Lin, "Proxy re-encryption with keyword search," Information Sciences, Vol. 180, No. 13, pp. 2566-2587, July 2010.
  11. C. Dong, G. Russello, and N. Dulay, "Shared and searchable encrypted data for untrusted servers," Proc. Conf. Data and Applications Security (DAS 2008), LNCS 5094, pp. 127-143, Springer, July 2008.
  12. D. Naor, M. Naor, and J. Lotspiech, "Revocation and tracing schemes for stateless receivers," Advances in Cryptology, Crypto 2001, LNCS 2139, pp. 41-62, Springer, August 2001.
  13. J.H. Park, H.J. Kim, M.H. Sung, and D.H. Lee, "Public key broadcast encryption scheme with shorter transmissions," IEEE Trans. on Broadcasting, Vol. 54, No. 3, pp. 401-411, September 2008. https://doi.org/10.1109/TBC.2008.919940
  14. A. Lewko, A. Sahai, and B. Walters, "Revocation systems with very small private keys," Proc. IEEE Symp. Security and Privacy, pp. 273-285, May 2010.
  15. J. Hur and D. Noh, "Attribute-based access control with efficient revocation in data outsourcing systems," IEEE Trans. on Parallel and Distributed Systems, Vol. 22, No. 7, pp. 1214-1221, July 2011. https://doi.org/10.1109/TPDS.2010.203
  16. J. Weng, Y. Yang, Q. Tang, R.H. Deng, and F. Bao, "Efficient conditional proxy re-encryption with chosen-ciphertext security," Proc. Information Security Conf. (ISC 2009), LNCS 5735, pp. 151-166, Springer, September 2009.
  17. J. Zhao, D. Feng, and Z. Zhang, "Attribute-based conditional proxy re-encryption with chosen-ciphertext security," Proc. Global Telecommunication Conf. (GLOBECOM 2010), pp. 1-6, December 2010.