Password-authenticated searchable encryption
- PDF / 1,036,103 Bytes
- 19 Pages / 595.276 x 790.866 pts Page_size
- 69 Downloads / 248 Views
REGULAR CONTRIBUTION
Password-authenticated searchable encryption Liqun Chen1 · Kaibin Huang1 · Mark Manulis1
· Venkkatesh Sekar1
© The Author(s) 2020
Abstract We introduce Password Authenticated Searchable Encryption (PASE), a novel searchable encryption scheme where a single human-memorizable password can be used to outsource (encrypted) data with associated keywords to a group of servers and later retrieve this data through the encrypted keyword search procedure. PASE ensures that only the legitimate user who knows the initially registered password can perform these operations. In particular, PASE guarantees that no single server can mount an offline attack on the user’s password or learn any information about the encrypted keywords. The concept behind PASE protocols extends previous concepts behind searchable encryption by removing the requirement on the client to store high-entropy keys, thus making the protocol device-agnostic on the user side. In this paper, we model the functionality of PASE along with two security requirements (indistinguishability against chosen keyword attacks and authentication) and propose an efficient direct construction in a two-server setting those security we prove in the standard model under the Decisional Diffie–Hellman assumption. Our constructions support outsourcing and retrieval procedures based on multiple keywords and allow users to change their passwords without any need for the re-encryption of the outsourced data. Our theoretical efficiency comparisons and experimental performance and scalability measurements show that the proposed scheme is practical and offers high performance in relation to computations and communications on the user side. The practicality of our PASE scheme is further demonstrated through its implementation within a JavaScript-based web application that can readily be executed on any (mobile) browser and remains practical for commodity user devices such as laptops and smartphones. Keywords Searchable encryption · Distributed password authentication
1 Introduction 1.1 Searchable encryption Using protocols for Searchable Encryption [2,10,20,29] clients with limited computing and storage resources can outsource encrypted data to a server or a collection of servers, perform search over the encrypted data (typically using encrypted keywords) and eventually retrieve searched data while preserving its privacy against the servers. Existing searchable encryption schemes can be broadly split into those where the keyword search procedure requires either high-entropy shared keys such as Symmetric Searchable Encryption (SSE) schemes or a private-public key pair such as Public Key Encryption with Keyword Search (PEKS) schemes on the user side.
B 1
Mark Manulis [email protected] Surrey Centre for Cyber Security, University of Surrey, Guildford, United Kingdom
In practice, the requirement to maintain high-entropy keys on the user side results in less flexibility when it comes to the use of multiple, different devices for outsourcing and retrieval of data. The
Data Loading...
