BISEN: Efficient Boolean Searchable Symmetric Encryption with Verifiability and Minimal Leakage
01 Oct 2019
The prevalence and availability of cloud infrastructures has made them the de facto solution for storing and archiving data, both for organizations and individual users.
Nonetheless, the cloud’s wide spread adoption is still hindered by
dependability and security concerns, particularly in applications
with large data collections where efficient search and retrieval
services are also major requirements. This leads to an increased
tension between security, efficiency, and search expressiveness,
which current state of the art solutions try to balance through
complex cryptographic protocols that tradeoff efficiency and
expressiveness for near optimal security.
In this paper we tackle this tension by proposing BISEN, a
new provably-secure boolean searchable symmetric encryption
scheme that improves these three complementary dimensions by
exploring the design space of isolation guarantees offered by novel
commodity hardware such as Intel SGX, abstracted as Isolated
Execution Environments (IEEs). BISEN is the first scheme to
enable highly expressive and arbitrarily complex boolean queries,
with minimal information leakage regarding performed queries
and accessed data, and verifiability regarding fully malicious
adversaries. Furthermore, by exploiting trusted hardware and the
IEE abstraction, BISEN reduces communication costs between
the client and the cloud, boosting query execution performance.
Experimental validation and comparison with the state of art
shows that BISEN provides better performance with enriched
search semantics and security properties.
Proc. of the Symposium on Reliable Distributed Systems