09-02-2013, 11:35 AM
Authorized Private Keyword Search over Encrypted Data in Cloud Computing
Authorized Private Keyword .pdf (Size: 424.23 KB / Downloads: 60)
Abstract
In cloud computing, clients usually outsource their
data to the cloud storage servers to reduce the management costs.
While those data may contain sensitive personal information,
the cloud servers cannot be fully trusted in protecting them.
Encryption is a promising way to protect the confidentiality of
the outsourced data, but it also introduces much difficulty to
performing effective searches over encrypted information. Most
existing works do not support efficient searches with complex
query conditions, and care needs to be taken when using them
because of the potential privacy leakages about the data owners
to the data users or the cloud server. In this paper, using online
Personal Health Record (PHR) as a case study, we first show
the necessity of search capability authorization that reduces the
privacy exposure resulting from the search results, and establish
a scalable framework for Authorized Private Keyword Search
(APKS) over encrypted cloud data. We then propose two novel
solutions for APKS based on a recent cryptographic primitive,
Hierarchical Predicate Encryption (HPE).
INTRODUCTION
In recent years, cloud computing is gaining much momentum
in the IT industry. Especially, we have seen the
dramatic growth of public clouds, in which the computing
resources can be accessed by the general public. One of the
biggest advantages of a public cloud is its virtually unlimited
data storage capabilities and elastic resource provisioning [3].
Many IT enterprizes and individuals are outsourcing their
databases to the cloud servers, in order to enjoy the much
lower data management cost than maintaining their own data
centers. It has never been easier than now that a variety of
users/clients could access or share information stored in the
cloud, independent of their locations.
PROBLEM FORMULATION
System Model
We consider a cloud computing environment that hosts an
outsourced database, based on which data sharing applications
can be built. For illustration purposes, we will use an online
PHR service (e.g., GoogleHealth [1]) as case study in this
paper. The entities in the system are: data owners/users,
trusted authorities, and the cloud server. In this paper, data
owner refers someone who owns the information, e.g., a
patient who encrypts her PHR data and wants them to be
stored in the cloud server while preserving her privacy. The
cloud server stores the encrypted data contributed by multiple
owners in a database and performs search for the users. The
“users” generally refer to those who can perform searches
over the encrypted database. They could originate from various
avenues, and usually need to search and access the data due
to their professional responsibilities. We assume that the data
contents are protected using separate, existing data encryption
schemes [26], which is not the focus of this paper.
Solution Overview
To thwart the dictionary attack, one need to prevent the
adversary from generating valid ciphertexts based on