In today's IT industry, Internet services have entered the mainstream, and after being raised from the concept of cloud computing in 2009, various network services have been born. The easiest cloud computing technologies of Internet services have been ubiquitous, for example, search engines and Web mail. In these cases, by entering simple keywords, users can obtain a great deal of information. In recent years, as a result of fiber-optic networks, cloud computing has expanded quickly along with the emergence of low-cost, high-capacity storage systems, which have allowed the use of cloud storage in everyday life. Cloud storage can be said to be a successor to USB storage, which is a conventional file transfer system without email capability.
The most common type of USB is a flash drive; however, flash drives are easily lost and susceptible to computer viruses, among other shortcomings, making cloud storage a viable gradual replacement.
Thus, when a user decides whether to adopt a cloud service or not, the most important issues should be related to information security. Although cloud computing brings about many advantages, and the cost is relatively cheap, one question remains: Are users exposing their important data to risk?
For a current network environment, information security has been of
10
considerable emphasis on the user's part. Although the introduction of cloud storage may allow most information safety issues to be placed with the cloud server, this does not mean that the user's data will be perfectly safe. Once users start using a cloud service, all temporary, or even permanent, data will be stored on the cloud; in addition, a cloud user’s behavior and preferences in regard to all operations will also be recorded by the cloud service providers. If the data are not encrypted in advance, then the cloud service provider or a malicious attacker can obtain important and private user information.
However, if a cloud user simply encrypts the data onto the cloud server, and does not produce a relatively complete set of search mechanisms, the user will not be able to reach the data they want through a keyword search. Therefore, an extension of the concept of Keyword Searchable Encryption is required [2].
1.2 Research Motivation
Cloud storage allows people to easily access their personal data at any time and any location. However, even when cloud storage service providers claim that they can protect their customers' information from leaking, are such providers trustworthy?
The easiest solution to this problem of trustworthiness is to use one’s own private key to encrypt data on the cloud, rather than using the key selected by the cloud storage service provider. As a result, when the users want to search for files that contain certain keywords, the cloud storage servers must have the ability to search for an encrypted ciphertext.
Therefore, to simultaneously achieve both confidentiality and search capability, having an effective search ciphertext technique on a cloud storage service is very important. This technique, known as searchable encryption [1], is an encryption technology that provides cloud data confidentiality, and allows a ciphertext search capability of the cloud storage server without the need for decryption. In other words,
11
during storage, searching, and retrieval, the cloud storage server will not know the plaintext data. In addition, to further protect the privacy of the user's searches, user searching patterns referred to the server must also be unlinkable. Currently, unlinkable ciphertext searches are mainly dependent on public-key cryptography, and are less efficient.
This research presents a symmetric key cipher text searching mechanism that uses expansion and substitution technologies, and submits additional redundancy search patterns to the server, which replies with the corresponding search results. This paper presents a mechanism for the search time, storage space, communication burden, and efficient client computations, for dynamic maintenance and unproblematic conjunctive keyword searches; in addition, the search pattern and ciphertext reply require no connectivity and provide users with a high degree of search privacy.
1.3 Research Purpose and Contribution
In 2013, Lin et al. proposed a solution based on the SSE[37], and no matter time, and execution performance; this scheme is better than an ASE-based
This research describes an improved scheme that, in addition to improvements in its security weaknesses, also retains the advantages of the original scheme. Moreover, the improvements proposed in this paper also greatly reduce the search time and number of tables required on a cloud server.
12
1.4 Research Scope
In the keyword searchable scheme proposed by Boneh et al. [11], there are three entities involved: the data sender, receiver, and server. This relationship is illustrated in Figure 1. The data sender owns the documents and wishes to share them with the receiver. The data sender gives each document some keywords, encrypts them, and then appends the encrypted keywords into the documents and stores them in the server. When the receiver wants to search for encrypted data the receiver has the right to download, the receiver sends a trapdoor containing a specific keyword W to the server. The server provides the storage space for storing the documents, executes a specific algorithm to find the corresponding encrypted documents that the receiver has queried, and sends the documents to the receiver.
Figure 1. The relationship among the data sender, receiver, and server
1.5 Organization
This research is broken into six chapters, the contents of which are as follows:
Chapter 1: We introduce the research background, research motivation, purpose, and research scope of this paper.
Chapter 2: We introduce background knowledge, for example, illustrating what a client-server architecture is, and compare it with a P2P architecture. Furthermore, we introduce the idea of searchable encryption, and finally, describe various
13
types of searchable encryption such as Symmetric Searchable Encryption (SSE), Asymmetric Searchable Encryption (ASE), Efficient ASE (ESE), and Multi-user SSE (MSSE).
Chapter 3: We introduce previous related literature, as well as an SSE-based solution proposed by domestic scholars in 2013.
Chapter 4: We propose a new improved scheme based on the related literature, which is the core contribution of this paper.
Chapter 5: We conduct security and efficiency analyses of the proposed scheme.
Chapter 6: We offer some concluding remarks and directions for future work. In addition, we provide a complete summary of the paper, propose some partial improvements, and discuss a new scheme for future research.
14
Chapter 2 Background Introduction