Abstract
Dynamic searchable encryption (DSE) is important to enable dynamic updates (addition/deletion) on an encrypted database maintained by an untrusted server hosted on the cloud. It is desired that such updates should reveal as less as possible the information revealed to the server. As a result, advanced security notions of forward and backward privacy have been proposed to categorise the leakage by via addition and historical deletion, respectively. However, recent backward-(forward)-private schemes are not efficient enough to support very large databases. In this paper, we resort to the trusted execution environment, i.e., Intel SGX, to ease the above bottleneck. In detail, we proposed Magnus that guarantees Type I\(^{-}\) backward privacy. Our key idea is to leverage a compressed Bloom filter within the Intel SGX’s enclave to verify the deletion documents with the search keyword. This optimisation minimises the communication overhead between the SGX and untrusted memory. Then, to reduce the enclave’s memory, Magnus further relies on a position map-free oblivious data structure maintained by the untrusted server. This improvement is to avoid paging effect in the enclave.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Amjad, G., Kamara, S., Moataz, T.: Forward and backward private searchable encryption with SGX. In: EuroSec 2019 (2019)
Borges, G., Domingos, H., Ferreira, B., Leitão, J., Oliveira, T., Portela, B.: BISEN: efficient boolean searchable symmetric encryption with verifiability and minimal leakage. In: IEEE SRDS 2019 (2019)
Bost, R.: \(\varSigma \; o\varphi \)o\(\varsigma \) - forward secure searchable encryption. In: ACM CCS 2016 (2016)
Bost, R., Fouque, P.A.: Thwarting leakage abuse attacks against searchable encryption - a formal approach and applications to database padding. Cryptology ePrint Archive, Report 2017/1060 (2017). https://eprint.iacr.org/2017/1060
Bost, R., Minaud, B., Ohrimenko, O.: Forward and backward private searchable encryption from constrained cryptographic primitives. In: ACM CCS 2017 (2017)
Brasser, F., Capkun, S., Dmitrienko, A., Frassetto, T., Kostiainen, K., Sadeghi, A.R.: DR.SGX: automated and adjustable side-channel protection for SGX using data location randomization. In: ACSAC 2019 (2019)
Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: WOOT 2017 (2017)
Christian, P., Kapil, V., Manuel, C.: EnclaveDB: a secure database using SGX. In: IEEE S&P 2018 (2018)
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptol. ePrint Archive (2016)
Costan, V., Lebedev, I., Devadas, S.: Sanctum: minimal hardware extensions for strong software isolation. In: USENIX Security 2016 (2016)
Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM CCS 2016 (2016)
Duan, H., Wang, C., Yuan, X., Zhou, Y., Wang, Q., Ren, K.: LightBox: full-stack protected stateful middlebox at lightning speed. In: ACM CCS 2019 (2019)
Eskandarian, S., Zaharia, M.: ObliDB: oblivious query processing for secure databases. In: Proceedings of the VLDB Endowment (2019)
Fuhry, B., Bahmani, R., Brasser, F., Hahn, F., Kerschbaum, F., Sadeghi, A.-R.: HardIDX: practical and secure index with SGX. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 386–408. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61176-1_22
Ghareh Chamani, J., Papadopoulos, D., Papamanthou, C., Jalili, R.: New constructions for forward and backward private symmetric searchable encryption. In: ACM CCS 2018 (2018)
Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., Costa, M.: Strong and efficient cache side-channel protection using hardware transactional memory. In: USENIX Security 2017 (2017)
Hoang, T., Ozmen, M.O., Jang, Y., Yavuz, A.A.: Hardware-supported ORAM in effect: practical oblivious search and update on very large dataset. In: PET 2019 (2019)
Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: ACM CCS 2012 (2012)
Mishra, P., Poddar, R., Chen, J., Chiesa, A., Popa, R.A.: Oblix: an efficient oblivious search index. In: IEEE S&P 2018 (2018)
Oleksenko, O., Trach, B., Krahn, R., Martin, A., et al.: Varys: protecting SGX enclaves from practical side-channel attacks. In: USENIX ATC 2018 (2018)
Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing page faults from telling your secrets. In: ACM AsiaCCS 2016 (2016)
Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE S&P 2000 (2000)
Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable symmetric encryption with small leakage. In: NDSS 2014 (2014)
Sun, S.F., Yuan, X., Liu, J., Steinfeld, R., Sakzad, A., Vo, V., et al.: Practical backward-secure searchable encryption from symmetric puncturable encryption. In: ACM CCS 2018 (2018)
Vo, V., Lai, S., Yuan, X., Nepal, S., Liu, J.K.: Towards efficient and strong backward private searchable encryption with secure enclaves. In: Sako, K., Tippenhauer, N.O. (eds.) ACNS 2021. LNCS, vol. 12726, pp. 50–75. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78372-3_3
Vo, V., Lai, S., Yuan, X., Sun, S.-F., Nepal, S., Liu, J.K.: Accelerating forward and backward private searchable encryption using trusted execution. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020. LNCS, vol. 12147, pp. 83–103. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57878-7_5
Wang, X.S., et al.: Oblivious data structures. In: CCS 2014 (2014)
Wu, S., Li, Q., Li, G., Yuan, D., Yuan, X., Wang, C.: ServeDB: secure, verifiable, and efficient range queries on outsourced database. In: IEEE ICDE 2019 (2019)
Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security 2014 (2014)
Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: USENIX Security 2016 (2016)
Zuo, C., Sun, S.-F., Liu, J.K., Shao, J., Pieprzyk, J.: Dynamic searchable symmetric encryption schemes supporting range queries with forward (and backward) security. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 228–246. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_12
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Vo, V. (2021). Memory-Efficient Encrypted Search Using Trusted Execution Environment. In: Yuan, X., Bao, W., Yi, X., Tran, N.H. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Systems. QShine 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 402. Springer, Cham. https://doi.org/10.1007/978-3-030-91424-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-91424-0_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91423-3
Online ISBN: 978-3-030-91424-0
eBook Packages: Computer ScienceComputer Science (R0)