ACHIEVING SECURE, UNIVERSAL, AND FINE-GRAINED QUERY RESULTS VERIFICATION FOR SECURE SEARCH SCHEME OVER ENCRYPTED CLOUD DATA
Secure search techniques over encrypted cloud data allow an authorized user to query data files of interest by submittingencrypted query keywords to the cloud server in a privacy-preserving manner. However, in practice, the returned query results maybe incorrect or incomplete in the dishonest cloud environment. For example, the cloud server may intentionally omit some qualifiedresults to save computational resources and communication overhead. Thus, a well-functioning secure query system should provide aquery results verification mechanism that allows the data user to verify results. In this paper, we design a secure, easily integrated, andfine-grained query results verification mechanism, by which, given an encrypted query results set, the query user not only can verifythe correctness of each data file in the set but also can further check how many or which qualified data files are not returned if the set isincomplete before decryption. The verification scheme is loose-coupling to concrete secure search techniques and can be very easilyintegrated into any secure query scheme. We achieve the goal by constructing secure verification object for encrypted cloud data.Furthermore, a short signature technique with extremely small storage cost is proposed to guarantee the authenticity of verificationobject and a verification object request technique is presented to allow the query user to securely obtain the desired verification object.Performance evaluation shows that the proposed schemes are practical and efficient.
In this paper, we extend and reinforce our work in to make it more applicable in the cloud environment andmore secure to against dishonest cloud server. The maincontributions of this paper are summarized as follows:1) We formally propose the verifiable secure searchsystem model and threat model and design a finegrainedquery results verification scheme for securekeyword search over encrypted cloud data.2) We propose a short signature technique based oncertificateless public-key cryptography to guaranteethe authenticity of the verification objects themselves.3) We design a novel verification object request techniquebased on Paillier Encryption, where thecloud server knows nothing about what the datauser is requesting for and which verification objectsare returned to the user.4) We provide the formal security definition and proofand conduct extensive performance experiments toevaluate the accuracy and efficiency of our proposedscheme.
Essentially, the secure search is thus a technique thatallows an authorized data user to search over the dataowner’s encrypted data by submitting encrypted querykeywords in a privacy-preserving manner and is aneffective extension of traditional searchable encryptionto adapt for the cloud computing environment. Motivatedby the effective information retrieve on encryptedoutsourced cloud data, Wang et al. first proposed akeyword-based secure search scheme and later thesecure keyword search issues in cloud computing havebeen adequately researched, which aim to continually improve searchefficiency, reduce communication and computation cost,and enrich the category of search function with bettersecurity and privacy protection. A common basicassumption of all these schemes is that the cloud isconsidered to be an ”honest-but-curious” entity as wellas always keeps robust and secure software/hardwareenvironments. As a result, under the ideal assumption,the correct and complete query results always be unexceptionallyreturned from the cloud server when a queryends every time.
In this paper, we propose a secure, easily integrated,and fine-grained query results verification scheme forsecure search over encrypted cloud data. Different fromprevious works, our scheme can verify the correctnessof each encrypted query result or further accuratelyfind out how many or which qualified data files arereturned by the dishonest cloud server. A short signaturetechnique is designed to guarantee the authenticity ofverification object itself. Moreover, we design a secureverification object request technique, by which the cloudserver knows nothing about which verification objectis requested by the data user and actually returned bythe cloud server. Performance and accuracy experimentsdemonstrate the validity and efficiency of our proposedscheme
 P. Mell and T. Grance, “The nist definition of cloud computing,”http://dx.doi.org/10.602/NIST.SP.800-145.
 K. Ren, C. Wang, and Q. Wang, “Security challenges for the publiccloud,” IEEE Internet Computing, vol. 16, no. 1, pp. 69–73, 2012.
 S. Kamara and K. Lauter, “Cryptographic cloud storage,” inSpringer RLCPS, January 2010.
 D. Song, D. Wagner, and A. Perrig, “Practical techniques forsearches on encrypted data,” in IEEE Symposiumon Security andPrivacy, vol. 8, 2000, pp. 44–55.
 E.-J.Goh, “Secure indexes,” IACR ePrint Cryptography Archive,http://eprint.iacr.org/2003/216, Tech. Rep., 2003.
 D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano,“Public-key encryption with keyword search,” in EUROCRYPR,2004, pp. 506–522.
 R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, “Searchablesymmetric encryption: improved deinitions and efficient constructions,”in ACM CCS, vol. 19, 2006, pp. 79–88.
 M. Bellare, A. Boldyreva, and A. O’Neill, “Deterministic andefficiently searchable encryption,” in Springer CRYPTO, 2007.
 K. Kurosawa and Y. Ohtaki, “Uc-secure searchable symmetricencryption,” Lecture Notes in Computer Science, vol. 7397, pp. 258–274, 2012.
 P. Xu, H. Jin, Q. Wu, and W. Wang, “Public-key encryption withfuzzy keyword search: A provably secure scheme under keywordguessing attack,” IEEE Transactions on Computers, vol. 62, no. 11,pp. 2266–2277, 2013.