Password-authenticated searchable encryption

We introduce Password Authenticated Searchable Encryption (PASE) , a novel searchable encryption scheme where a single human-memorizable password can be used to outsource (encrypted) data with associated keywords to a group of servers and later retrieve this data through the encrypted keyword search...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:International journal of information security Ročník 20; číslo 5; s. 675 - 693
Hlavní autoři: Chen, Liqun, Huang, Kaibin, Manulis, Mark, Sekar, Venkkatesh
Médium: Journal Article
Jazyk:angličtina
Vydáno: Berlin/Heidelberg Springer Berlin Heidelberg 01.10.2021
Springer Nature B.V
Témata:
Agnosticism
Applications programs
Authentication
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptography
Cryptology
Data
Data encryption
Encryption
Entropy
Keywords
Management of Computing and Information Systems
Networks
Operating Systems
Outsourcing
Passwords
Regular Contribution
Retrieval
Security
Servers
Smartphones
Software
Distributed password authentication
Searchable encryption
ISSN:1615-5262, 1615-5270
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:We introduce Password Authenticated Searchable Encryption (PASE) , a novel searchable encryption scheme where a single human-memorizable password can be used to outsource (encrypted) data with associated keywords to a group of servers and later retrieve this data through the encrypted keyword search procedure. PASE ensures that only the legitimate user who knows the initially registered password can perform these operations. In particular, PASE guarantees that no single server can mount an offline attack on the user’s password or learn any information about the encrypted keywords. The concept behind PASE protocols extends previous concepts behind searchable encryption by removing the requirement on the client to store high-entropy keys, thus making the protocol device-agnostic on the user side. In this paper, we model the functionality of PASE along with two security requirements (indistinguishability against chosen keyword attacks and authentication) and propose an efficient direct construction in a two-server setting those security we prove in the standard model under the Decisional Diffie–Hellman assumption. Our constructions support outsourcing and retrieval procedures based on multiple keywords and allow users to change their passwords without any need for the re-encryption of the outsourced data. Our theoretical efficiency comparisons and experimental performance and scalability measurements show that the proposed scheme is practical and offers high performance in relation to computations and communications on the user side. The practicality of our PASE scheme is further demonstrated through its implementation within a JavaScript-based web application that can readily be executed on any (mobile) browser and remains practical for commodity user devices such as laptops and smartphones.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-020-00524-5