Searching over an Encrypted Collection of Documents Using Attribute-Based Encryption

Description

There are many situations in which storage of sensitive documents data is outsourced to

third parties on the Internet. To prevent the data from information leakage, the data owner

can directly encrypt all documents stored on the untrusted server. However, there are two

drawbacks of this method: a data user is not able to search over the whole set of encrypted

data without downloading and decrypting all documents, and the data owner cannot perform

fine-grained access control over data.

In this thesis, we build a document searching system by combining the techniques from

secure indexes scheme designed by Goh [1] and the key-policy attribute-based encryption

scheme proposed by Lewko et al. [2]. The document system allows data users to perform

secure searches on an untrusted server over encrypted data without revealing document

contents, as well as allows the data owner of documents to apply fine-grained access control

by encrypting documents with attributes and giving data users private keys with different

access structures. We present the structure, functions and other details of the system, and

show that our system is able to meet the functional and non-functional requirements.

Motivation

The search over encrypted data is an important technique in the area of cloud computing. Fully homomorphic encryption (FHE) is able to provide full computation over encrypted data, but lacks in efficiency and is not applicable for very large data sets until now. Searchable encryption (SE) on the other hand aims at finding the best tradeoff between efficiency and data privacy. Various searchable encryption schemes exist, but a lot of them are restricted to conjunctive queries. In order to raise the query expressiveness, a new approach will be taken (and tested for efficiency) in this master thesis, by applying a key-policy attribute based encryption scheme (KP-ABE) to an encrypted search protocol. In a KP-ABE scheme a ciphertext is created using a set of attributes and a user key contains an access policy. It is possible to decrypt, if the access policy in a user key matches the attributes of a ciphertext.

Topic

The goal of this thesis is to develop an encrypted search protocol, based on a given KP-ABE scheme. In order to apply a KP-ABE scheme to an encrypted search protocol, various steps have to be completed. The scheme has to be adopted to the requirements of the encrypted search protocol. After adopting the scheme, an index structure has to be created and encrypted. After the creation of the index, a user should be able to search through the data, based on the desired queries. If a query matches an entry in the index, it will be returned to the user. The user should now able to decrypt the result, if the attributes in the ciphertext and the attributes in the query match. Finally we will test the efficiency of the scheme.

Topic Description

• adopt a KP-ABE scheme to the encrypted search setting (implementations for KP-ABE can be

provided in Java or Python)

• implement a searchable index structure (for example an inverted index or a tree)

• implement the encrypted search protocol

• evaluate the result regarding efficiency

Requirements

• Good general programming skills (Java or Python)

• Interest in Cryptography

• Ability to work self-directed and systematically

The thesis can be written in English or German.