Multi-client Secure and Efficient DPF-based Keyword Search for Cloud Storage

In this paper, we propose a multi-client secure and efficient keyword search scheme for cloud storage, which is built upon distributed point function (DPF). Specifically, outsourced keyword indexes are encoded by using garbled bloom filter and cuckoo filter, instead of bloom filter adopted by most o...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on dependable and secure computing 2024-01, Vol.21 (1), p.1-18
Hauptverfasser: Huang, Cheng, Liu, Dongxiao, Yang, Anjia, Lu, Rongxing, Shen, Xuemin
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we propose a multi-client secure and efficient keyword search scheme for cloud storage, which is built upon distributed point function (DPF). Specifically, outsourced keyword indexes are encoded by using garbled bloom filter and cuckoo filter, instead of bloom filter adopted by most of the state-of-the-art DPF-based schemes. In this way, clients can apply cuckoo hashing into DPF and utilize a segmentation method to interact with cloud servers for keyword search, and servers can obliviously aggregate DPF evaluation results to perform the search. Accordingly, the computational complexity at server side can be significantly reduced. Furthermore, the proposed scheme preserves constant downlink overheads, which is more communication-efficient for multi-keyword conjunctive search. To achieve privacy preservation and access control for multiple clients, we propose a double encryption method to encrypt outsourced indexes and correspondingly put forward an authorization algorithm from set-constrained pseudorandom functions by which fine-grained search-authorized keys can be generated, and collusion attacks among clients are addressed by integrating Wegman-Carter message authentication codes and cover-free systems. Since our scheme is designed under both semi-honest and malicious models (i.e., malicious servers may return incorrect query results), we use a simulation-based proof to formally demonstrate its security properties. Finally, we develop a proof-of-concept prototype and perform extensive experiments to show our scheme's practicality and efficiency in terms of computation, communication, and storage overheads.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2023.3253786