Multi-Key Similar Data Search on Encrypted Storage With Secure Pay-Per-Query

Changhee Hahn; Hyundo Yoon; Junbeom Hur

doi:10.1109/TIFS.2023.3236178

Multi-Key Similar Data Search on Encrypted Storage With Secure Pay-Per-Query

Changhee Hahn, Hyundo Yoon, Junbeom Hur

Department of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

3 Citations (Scopus)

Abstract

Many commercial cloud service providers (CSPs) adopt pay-per-query pricing models, in which data owners are charged based on the amount of data scanned by each query. In such a data sharing model, not only the privacy preservation for the data and queries but also the trustworthiness of the underlying billing system is of the utmost importance. In this paper, we revisit multi-key searchable encryption (MKSE), an efficient and secure data search algorithm allowing a data owner to grant users the ability to retrieve data of interest over the outsourced, encrypted datasets. We first investigate which factor in existing MKSE schemes renders authorized users over-privileged such that, without risking their credits (e.g., leaking the private keys and/or the passwords for their accounts associated with a project where the shared data resides), they can allow unauthorized users to make valid queries. Unfortunately, this concern may be devastating because the queries made by unauthorized users would incur unexpected financial damage to the owner in practical pay-per-query models. We then propose a novel multi-key data search scheme that is resilient to unauthorized queries. The proposed scheme features a novel user authorization mechanism that carefully limits user privilege such that even an authorized user cannot illegally invite unauthorized users to query unless he entirely leaks his credit. We demonstrate the proposed scheme is comparable to prior work in terms of performance while achieving a higher level of security.

Original language	English
Pages (from-to)	1169-1181
Number of pages	13
Journal	IEEE Transactions on Information Forensics and Security
Volume	18
DOIs	https://doi.org/10.1109/TIFS.2023.3236178
Publication status	Published - 2023

Bibliographical note

Funding Information:
This work was supported in part by the National Research Foundation of Korea (NRF) funded by the Korean Government [Ministry of Science and ICT (MSIT)] under Grant 2021R1F1A1061420; in part by the Institute for Information & communication Technology Planning & evaluation (IITP) funded by the Korean Government (MSIT) under Grant 2022-0-00411, Grant IITP-2022-2020-0-01819, and Grant IITP-2022-2021- 0-01810; and in part by the Basic Science Research Program through NRF of Korea funded by the Ministry of Education under Grant NRF- 2021R1A6A1A13044830.

Publisher Copyright:
© 2005-2012 IEEE.

Keywords

Encrypted data search
cloud computing
data sharing
privacy
security

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Computer Networks and Communications

Access to Document

10.1109/TIFS.2023.3236178

Cite this

@article{3bff208c4e274a329a8a02a2eb5f9002,

title = "Multi-Key Similar Data Search on Encrypted Storage With Secure Pay-Per-Query",

abstract = "Many commercial cloud service providers (CSPs) adopt pay-per-query pricing models, in which data owners are charged based on the amount of data scanned by each query. In such a data sharing model, not only the privacy preservation for the data and queries but also the trustworthiness of the underlying billing system is of the utmost importance. In this paper, we revisit multi-key searchable encryption (MKSE), an efficient and secure data search algorithm allowing a data owner to grant users the ability to retrieve data of interest over the outsourced, encrypted datasets. We first investigate which factor in existing MKSE schemes renders authorized users over-privileged such that, without risking their credits (e.g., leaking the private keys and/or the passwords for their accounts associated with a project where the shared data resides), they can allow unauthorized users to make valid queries. Unfortunately, this concern may be devastating because the queries made by unauthorized users would incur unexpected financial damage to the owner in practical pay-per-query models. We then propose a novel multi-key data search scheme that is resilient to unauthorized queries. The proposed scheme features a novel user authorization mechanism that carefully limits user privilege such that even an authorized user cannot illegally invite unauthorized users to query unless he entirely leaks his credit. We demonstrate the proposed scheme is comparable to prior work in terms of performance while achieving a higher level of security.",

keywords = "Encrypted data search, cloud computing, data sharing, privacy, security",

author = "Changhee Hahn and Hyundo Yoon and Junbeom Hur",

note = "Funding Information: This work was supported in part by the National Research Foundation of Korea (NRF) funded by the Korean Government [Ministry of Science and ICT (MSIT)] under Grant 2021R1F1A1061420; in part by the Institute for Information & communication Technology Planning & evaluation (IITP) funded by the Korean Government (MSIT) under Grant 2022-0-00411, Grant IITP-2022-2020-0-01819, and Grant IITP-2022-2021- 0-01810; and in part by the Basic Science Research Program through NRF of Korea funded by the Ministry of Education under Grant NRF- 2021R1A6A1A13044830. Publisher Copyright: {\textcopyright} 2005-2012 IEEE.",

year = "2023",

doi = "10.1109/TIFS.2023.3236178",

language = "English",

volume = "18",

pages = "1169--1181",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Multi-Key Similar Data Search on Encrypted Storage With Secure Pay-Per-Query

AU - Hahn, Changhee

AU - Yoon, Hyundo

AU - Hur, Junbeom

N1 - Funding Information: This work was supported in part by the National Research Foundation of Korea (NRF) funded by the Korean Government [Ministry of Science and ICT (MSIT)] under Grant 2021R1F1A1061420; in part by the Institute for Information & communication Technology Planning & evaluation (IITP) funded by the Korean Government (MSIT) under Grant 2022-0-00411, Grant IITP-2022-2020-0-01819, and Grant IITP-2022-2021- 0-01810; and in part by the Basic Science Research Program through NRF of Korea funded by the Ministry of Education under Grant NRF- 2021R1A6A1A13044830. Publisher Copyright: © 2005-2012 IEEE.

PY - 2023

Y1 - 2023

N2 - Many commercial cloud service providers (CSPs) adopt pay-per-query pricing models, in which data owners are charged based on the amount of data scanned by each query. In such a data sharing model, not only the privacy preservation for the data and queries but also the trustworthiness of the underlying billing system is of the utmost importance. In this paper, we revisit multi-key searchable encryption (MKSE), an efficient and secure data search algorithm allowing a data owner to grant users the ability to retrieve data of interest over the outsourced, encrypted datasets. We first investigate which factor in existing MKSE schemes renders authorized users over-privileged such that, without risking their credits (e.g., leaking the private keys and/or the passwords for their accounts associated with a project where the shared data resides), they can allow unauthorized users to make valid queries. Unfortunately, this concern may be devastating because the queries made by unauthorized users would incur unexpected financial damage to the owner in practical pay-per-query models. We then propose a novel multi-key data search scheme that is resilient to unauthorized queries. The proposed scheme features a novel user authorization mechanism that carefully limits user privilege such that even an authorized user cannot illegally invite unauthorized users to query unless he entirely leaks his credit. We demonstrate the proposed scheme is comparable to prior work in terms of performance while achieving a higher level of security.

AB - Many commercial cloud service providers (CSPs) adopt pay-per-query pricing models, in which data owners are charged based on the amount of data scanned by each query. In such a data sharing model, not only the privacy preservation for the data and queries but also the trustworthiness of the underlying billing system is of the utmost importance. In this paper, we revisit multi-key searchable encryption (MKSE), an efficient and secure data search algorithm allowing a data owner to grant users the ability to retrieve data of interest over the outsourced, encrypted datasets. We first investigate which factor in existing MKSE schemes renders authorized users over-privileged such that, without risking their credits (e.g., leaking the private keys and/or the passwords for their accounts associated with a project where the shared data resides), they can allow unauthorized users to make valid queries. Unfortunately, this concern may be devastating because the queries made by unauthorized users would incur unexpected financial damage to the owner in practical pay-per-query models. We then propose a novel multi-key data search scheme that is resilient to unauthorized queries. The proposed scheme features a novel user authorization mechanism that carefully limits user privilege such that even an authorized user cannot illegally invite unauthorized users to query unless he entirely leaks his credit. We demonstrate the proposed scheme is comparable to prior work in terms of performance while achieving a higher level of security.

KW - Encrypted data search

KW - cloud computing

KW - data sharing

KW - privacy

KW - security

UR - http://www.scopus.com/inward/record.url?scp=85147272573&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2023.3236178

DO - 10.1109/TIFS.2023.3236178

M3 - Article

AN - SCOPUS:85147272573

SN - 1556-6013

VL - 18

SP - 1169

EP - 1181

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

ER -

Multi-Key Similar Data Search on Encrypted Storage With Secure Pay-Per-Query

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this