PKIS: practical keyword index search on cloud datacenter
Hyun-A Park
0
Jae Hyun Park
1
Dong Hoon Lee
0
0
Graduate School of Information and Security, Korea University
, 5-Ka, Anam- dong, Sungbuk-ku, Seoul 136-701,
Korea
1
Department of Information Systems, Weatherhead School of Management, Case Western Reserve University
, 10900 Euclid Avenue, Cleveland,
OH 44106, USA
This paper highlights the importance of the interoperability of the encrypted DB in terms of the characteristics of DB and efficient schemes. Although most prior researches have developed efficient algorithms under the provable security, they do not focus on the interoperability of the encrypted DB. In order to address this lack of practical aspects, we conduct two practical approaches-efficiency and group search in cloud datacenter. The process of this paper is as follows: first, we create two schemes of efficiency and group search-practical keyword index search-I and II; second, we define and analyze group search secrecy and keyword index search privacy in our schemes; third, we experiment on efficient performances over our proposed encrypted DB. As the result, we summarize two major results: (1)our proposed schemes can support a secure group search without re-encrypting all documents under the group-key update and (2)our experiments represent that our scheme is approximately 935 times faster than Golle's scheme and about 16 times faster than Song's scheme for 10,000 documents. Based on our experiments and results, this paper has the following contributions: (1) in the current cloud computing environments, our schemes provide practical, realistic, and secure solutions over the encrypted DB and (2) this paper identifies the importance of interoperability with database management system for designing efficient schemes.
1.1 Problem identification
In DB encryption, previous researchers have conducted
the keyword index search over encrypted documents
with various scenarios; however, the keyword index
search scheme is inefficient and impractical aspects in a
real world. The keyword index search enables a
legitimate queries to search the encrypted documents with
an encrypted keyword over the encrypted indexes
without revealing any information on the query and
documents, even to the server.
In most prior research, we find that the indexes of
each data are stored by a row, not by a field (column)
as another inefficient respect. The keyword index search
schemes require at least a verifying test for every row of
each data, so that the computational complexity of the
previous schemes requires at least O(n) if the total
number of stored data is n. The computation or scanning
over many fields within one row is not fast, while the
computation or scanning within one field is relatively
faster than in one row. Moreover, encryption algorithm
needs many random factors, which makes it hard to
apply efficient DB schemaa to encrypted databases.
Our schemes are in the line of the keyword index
search area, and this paper focuses on more practical
approaches over the encrypted database to resolve the
problemsthe efficiency and group search of the
encrypted database in the cloud datacenter service.
In this paper, we extend the search scope from
between a server and a single user to the search
between a server and group members (multiple users) in
the cloud datacenter services, because current changing
cloud computing technologies call for a variety of
collaborations and cooperation among users in a certain
social networking environment. These changing social
networking environments require multiple users
information sharing in a certain organization; therefore, we
propose the group key search of database encryption,
when a group member shares his or her sensitive
information among multiple users. Especially, sharing
sensitive information should be encrypted by a group key in
group search of database encryption. On the other hand,
a group key has some problems to be used as a search
key, because the group key has a dynamic property, i.e.,
a person may join or leave from the group. When a
member leaves from a group, all data accessible to the
group should not be accessible any more. It could be
resolved by updating a group key, and the leaving
member must not compute a new group key. On the other
hand, when a member joins a group, he or she should
obtain all of the previous group keys in order to access
all of the group data. This problem, a member joins a
group, makes design much harder. A naive solution is
to decrypt all documents of the group and re-encrypt
the documents by the new group key according to every
membership change. Yet this solution entails a large
amount of computational overheads.
In prior research, most schemes have not considered
practical usages, while [3,4] worked on the search
schemes of dynamic group membership changes without
re-encrypting documents. Park et al.s scheme [3] is
relatively faster than that of Wang et al. [4]. Wang et al.s is
based on bilinear, while Park et al. utilized the r (...truncated)