Litcius/Paper detail

SR-PEKS: Subversion-Resistant Public Key Encryption With Keyword Search

Changsong Jiang, Chunxiang Xu, Zhao Zhang, Kefei Chen

2023IEEE Transactions on Cloud Computing34 citationsDOI

Abstract

Public key encryption with keyword search (PEKS) provides secure searchable data encryption in cloud storage. Users can outsource encrypted data and keywords to a cloud server, and search target one without disclosing sensitive information. To achieve resistance against off-line keyword guessing attacks, existing practical PEKS schemes employ independent key server(s) to assist users in producing keywords to be encrypted (called server-derived keywords) in an online manner. In this article, we analyze server-aided PEKS schemes and reveal a potential threat: vulnerability against subversion attacks, where algorithms in server-aided PEKS might be maliciously implemented to undermine security. In a subverted encryption implementation, a subliminal channel is established to control randomness generation such that biased ciphertexts covertly leak plaintext information. We further present a specific subversion attack against generation of server-derived keywords to violate keywords’ confidentiality. To address these issues, we propose SR-PEKS, a subversion-resistant PEKS scheme based on cryptographic reverse firewalls (CRF). In SR-PEKS, CRF sanitizes messages transmitted in server-derived keyword generation to resist the presented subversion attack. CRF also participates in a collaborative randomness generation protocol to yield unbiased randomness for encryption, thereby eliminating the subliminal channel. Provable security and high efficiency of SR-PEKS are demonstrated by comprehensive analyses and performance evaluations.

Topics & Concepts

Computer scienceEncryptionComputer securityCloud computingPublic-key cryptographyKey (lock)Computer networkOperating systemCryptography and Data SecurityCryptographic Implementations and SecurityInternet Traffic Analysis and Secure E-voting