Study On Secure Search Over Encrypted Data In The Cloud

Cloud computing is a new model of enterprise IT infrastructure that enables on-demand computing resource configuration, ubiquitous and flexible access, considerable capital expenditure savings, etc. Due to the centralized management of elastic resources, all players in this emerging X-as-a-service(Xaa S) model, including the cloud service provider(CSP), application developers, and end-users, can reap benefits. Especially, for the end users, they can outsource large volumes of data and workloads to the cloud and enjoy the virtually unlimited computing resources in a pay-per-use manner. Indeed, many companies, organizations, and individual users have adopted the cloud platform to facilitate their business operations, research, or everyday needs.Despite the tremendous business and technical advantages, security concern is still the major inhibitor of cloud adoption for many large companies, organizations and individuals, especially if their sensitive data are to be outsourced to and computed in the cloud. Examples may include financial and medical records, emails, photos and social network profiles. CSPs usually enforce users’ data security through mechanisms like firewalls and virtualization. However, these mechanisms do not protect users’ privacy from the CSP itself since the CSP possesses full control of the system hardware and lower levels of software stack. There may exist disgruntled, profiteered, or curious employees that can access users’ sensitive information for unauthorized purposes. Although encryption before data outsourcing, can preserve data privacy against the CSP, it also makes the effective data utilization, such as search over encrypted data, a very challenging task. Without being able to extract useful information from the outsourced data in a secure and private manner, the cloud will merely be a remote storage which provides limited value to all parties.In this dissertation, we study the problem of secure search over encrypted cloud data and propose schemes to protect the critical search privacy while enabling rich search functionalities and efficiency in practice. We summarize the contributions of our work as follows.By incorporating the state-of-the-art information retrieval techniques, we first propose aprivacy-preserving multi-keyword text search scheme supporting similarity-based ranking, which enjoys the same flexibility and search result accuracy as the state-of-theart multi-keyword search over plaintext. We also propose a randomization approach to prevent sensitive frequency information leakage thus achieving better privacy of keywords. We show that with the proposed methods, user can balance between search precision and privacy. In addition, we investigated various index building methods to speed up the search of common cases. The results demonstrate much improved search efficiency compared with existing work. Upon the proposed index tree structure, we present a mechanism to help users ensure the authenticity of the returned search results in the multi-keyword ranked encrypted text search scenario.We design a novel and scalable authorized keyword search over encrypted data scheme supporting multiple data users and multiple data contributors. Compared with existing works, our scheme supports fine-grained owner-enforced search authorization at the file level with better scalability for large scale system in that the search complexity is linear to the number of attributes in the system, instead of the number of authorized users. Data owner can delegate most of computationally intensive tasks to the server, which makes the user revocation process efficient and is more suitable for cloud outsourcing model. We formally prove our proposed scheme selectively secure against chosen-keyword attack. We also propose a scheme to enable authenticity check over the returned search result in this multi-user multi-data-contributor search scenario.