O Cryptography, derived from Greek words

krptos- secret and graphy- writing

O It is the science of using mathematics to hide

information.

O With the help of Cryptography we can store

sensitive information, or transmit it over insecure

networks (such as the internet) so that it can only

be read by the intended recipient.

O Cryptography is the study or science of secret

communication, while encryption is simply a

component of that science. Encryption is the

process of hiding information, through the use of

ciphers, from everybody except for the one who

has the key.

O Encryption is a direct application of cryptography

O In today's digital world, there are two major types

of ciphers--one based on symmetric and one

based on asymmetric key algorithms.

O Plaintext: message to be sent, in readable

form

O Ciphertext: message in coded form,

unreadable without special information such

as a key

O cryptanalysis: cracking a code - attempting

to decrypt without the required special

information

O Key: A key in cryptography is a long

sequence of bits used by encryption and

decryption algorithms.

O Encryption is the process of converting

readable data (called the plaintext) into a

form which hides its content, called the

ciphertext.

O Decryption is the reverse process, with a

ciphertext converted back into the

corresponding plaintext.

O A given encryption algorithm takes the

plaintext , and a key, and alters the original

message mathematically based on the key's

bits to create a new encrypted message.

O Likewise, a decryption algorithm takes an

encrypted message and restores it to its

original form using one or more keys

O When a user encodes a file, another user

cannot decode and read the file without the

decryption key

O To decode cipher, a user must possess the appropriate decryption key.

O A decryption key consists of a random string of numbers, from 40 through 2,000 bits in length. The key imposes a decryption algorithm onto the data.

O This decryption algorithm reverses the encryption algorithm, returning the data to plaintext.

O The longer the encryption key is, the more difficult it is to decode. For a 40-bit encryption key, over one trillion possible decryption keys exist.

O SYMMETRIC ENCRYPTION: This is the most common type of encryption and uses the same key for encoding and decoding data. This key is known as a session key.

O ASYMMETRIC ENCRYPTION(Public-key encryption): uses two different keys, a public key and a private key. One key encodes the message and the other decodes it. The public key is widely distributed while the private key is secret.

O Searchable encryption is a cryptography primitive

that enables users to search through outsourced

encrypted data without exposing keywords to the

untrusted server [song et al[2]]

O Having the ability of secure search through

outsourced encrypted data should be the core

feature of any searchable encryption

O Secure search through outsourced encrypted data

means authorized user is the only one can search

for any keywords within outsourced data and

unauthorized parties should not learn anything

during search procedure.

O The immediate application for searchable

encryption is cloud storage where the client

outsources its storage, but encrypts its files for

confidentiality beforehand and retains the key.

O The advantage compared to standard encryption

is that the cloud can perform the search operation

without the key and only return a matching subset

for a query.

O Hence, the client does not have to download the

entire data set and search himself.

O In many cases this is an enormous efficiency gain.

O SE consists of three operations.

O ENCRYPTION: Encryption transforms a keyword/file pair using a secret key into a ciphertext.

O TOKEN GENERATION: Using the secret key one can generate a search token for a specific keyword. Using this token,

O SEARCH: one can then search in a set of ciphertexts for those that match the keyword. Hence, one can encrypt, but still search without decryption.

O searchable encryption is composed of two steps

O Storing a special encryption of data on the untrusted third party (Store phase),

O Make an encrypted search query to retrieve the desired information (Search phase).

O Searchable encryption can be categorized in

two fields according to number of involved

key:

O Symmetric searchable encryption (SSE)

O Asymmetric searchable encryption (ASE)

O The main feature of this model of private search is that the user, who encrypts data, is the only user who can perform a search or an update.

O This fact is due to the use of a private key that belongs only to the user and who cannot share with others.

O The symmetric scheme was introduced by GOLDREICH AND R. OSTROVSKY [1] and supposes that the user encrypts his data with a secret key, stores it in the untrusted server, can retrieve his encrypted data then decrypts it with the same key.

O The first searchable symmetric encryption

scheme proposed by Song et al[2]. In the

Song’s scheme, all the words within every

document have to be encrypted in a double

layer ciphertext form called inner layer and

outer layer.

O Server strips the outer layer by using the

trapdoor and checks the inner layer. In order

to make the same verifiable inner layer

structure trapdoor and ciphertext have to be

generated by using the same keyword.

O The first index-based SSE proposed by Goh [3]. Goh’s scheme is based on making a secure index of all the words in a document, which uses multiple different hash functions.

O The method of making that index and searching within that is called bloom filter, which is used in spread spectrum of applications in various areas.

O Then Curtmola [8] proposed another two inverted index-based SSEs, where its search time cost is O(1).

O SSE Consists of four (4) algorithms:

1. Keygen (k): This algorithm takes a security

parameter k and generates a secret key K.

2. BuildIndex (K, D): The index I is produced by

using the secret key K and the document

collection D.

3. Trapdoor(K, w): The trapdoor Tw of the word

w is produced from w and the secret key K.

4. Search(I, T w): Search documents in the

collection D that contain the keyword w

using the trapdoor Tw.

1. Fuzzy Keyword Search over Encrypted Data in Cloud Computing (FKSEDCC) proposed by Jin Li. et al. [7]

2. Phrase Search over Encrypted Data with Symmetric Encryption Scheme proposed by Tang et al.[9]

O The multiuser search allows the owner of the

encrypted data to share with other users the

right to search over these encrypted data.

O In the M-SSE, the data owner can grant or revoke a user from the group of privileged users.

O To add a user, the owner has to give him a key Ku

O The server manages the user revocation by checking for each search queries whether the user has his privilege or not.

O Indeed, each time the owner adds or deletes a user, he generates a new value R, and then he sends it to the server. Using this information, the server may verify the permission of the user.

the group of revoked users changes dynamically, and thus even if a user has a key he cannot retrieve the documents using his trapdoor.

O ASE is a scheme that enables other parties besides the data owner to make queries to the server, as long as having access to the owner’s public key

O Public key Encryption with Keyword Search (PEKS) is a primitive with such functionality that provides delegation of exact-match searches. Boneh et al. in 2004 and Baek et al

O ASE schemes are appropriate in an setting where the party searching over the data is different from the party that generates it.

O ASE allows searches to be carried over cipher-texts, through delegation, and by means of trapdoors issued by the owner of the data.

O As it is important that cipher-texts preserve data privacy, it is also important that trapdoors do not expose the user's search criteria.

O The main advantage of ASE is functionality while the main disadvantages are inefficiency and weaker security guarantees.

O ESE schemes are appropriate in any setting where the

party that searches over the data is different from the

party that generates it and where the keywords are

hard to guess

O The main advantage of efficient ASE is that search is

more efficient than (plain) ASE.

O The main disadvantage, however,is that ESE schemes

are also vulnerable to dictionary attacks.

O mSSE schemes are appropriate in any setting where

many parties wish to search over data that is

generated

O In a mSSE scheme, in addition to being able to

encrypt indexes and generate tokens, the owner of the

data can also add and revoke users’ search privileges

over his data.

O The concept of a PEKS scheme was proposed by

Boneh et al.[10] and Baek et al[11]. who extended

PEKS scheme into a secure channel free PEKS

scheme (SCF-PEKS) which removes the assumption,

a secure channel between users and a server.

O Public Key Encryption with Keyword Search (PEKS in

short) scheme, which is also name searchable public-

key encryption scheme, enables one to search

encrypted documents on the untrusted server without

revealing any information.

O To construct a secure PEKS or SCF-PEKS scheme with

privacy protection, there are some security

requirements needed to achieve as follows:

O Trapdoor indistinguishability

O Ciphertext indistinguishability

O Authorized identity protection (Anonymity)

O User authentication

O Each user may have access to a different set of

documents stored on the server; this can be achieved

by ensuring that each document is encrypted with a

separate per-document key, and arranging for each

user’s client machine to have access to the keys of

the documents that the corresponding user has

access to. Popa et al [15]

O Many applications, such as document sharing, chat,

forums, and calendars, support search over

documents shared by different users.

O This cryptographic scheme that allows a client to

provide a single search token to the server, but still

allows the server to search for that token’s word in

documents encrypted with different keys

O The scheme hides the content of the document and

the words one searches for, and the only information

the server learns is whether some word being

searched for matches a word in a document.

1. O. Goldreich and R. Ostrovsky. Software protection and simulation on Oblivious RAMs.Journal of the ACM, 43(3):431–473, May 1996.

2. D. Song, D. Wagner and A. Perrig. Practical Techniques for Searches on Encrypted Data, IEEE Symposium on Security and Privacy (S&P), 2000, pp.44-55

3. Eu–Jin Goh. Secure indexes. In the Cryptology ePrint Archive, Report 2003/216, March 2004.

4. Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky. Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions, 2006.

5. Y. C. Chang and M. Mitzenmacher. Privacy preserving keyword searches on remote encrypted data. In Applied Cryptography and Network Security Conference (ACNS), 2005.

6. P. Golle, J. Staddon, and B. Waters. Secure conjunctive keyword search over encrypted data. In M. Jakobsson,M. Yung, and J. Zhou, editors, Applied Cryptography and Network Security Conference (ACNS), volume 3089 of LNCS, pages 31–45. Springer-Verlag, 2004.

7. Li, H.,Wang, C., Cao, N., Ren, K., and Lou, W. (2010), “Fuzzy Keyword search over encrypted data in cloud computing”in Proceedings of IEEE INFOCOM 10 Mini-Conference, pp 1-5,doi:10.1109/INFCOM. 2010.5462196

8. R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. "Searchable symmetric encryption: improved definitions and efficient constructions," in Proceedings of the 13th ACM conference on Computer and communications security, pp. 79-88.

9. Y. Tang, D. Gu, N. Ding, and H. Lu. "Phrase Search

over Encrypted Data with Symmetric Encryption

Scheme," in Distributed Computing Systems

Workshops (ICDCSW), 2012 32nd International

Conference on, pp. 471-480.

10. D. Boneh, G. D. Crescenzom, R. Ostrovsky, and G.

Rersiano, “Public key encryption with keyword

search,” in Advances in Cryptology – EUROCRYPT

2004, Lecture Notes in Computer Science, vol.

3027,pp. 506{522, Interlaken, Switzerland,

2004. Springer Berlin/Heidelberg.

11. J. Baek, R. Safavi-Naini, and W. Susilo, “Public key encryption with keyword search revisited,” in ICCSA 2008, vol. 5072 of Lecture Notes in Computer Science, pp. 1249{1259, Perugia, Italy, 2008 Springer Berlin/Heidelberg.

12. Karilyn Lao, Richman Lo, & Robert Mastronardi “ENCRYPTION”. Presentation

13. Bellare, M., Boldyreva, A., O’Neill, A.:Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552.Springer, Heidelberg (2007)

14. Moataz Tarik.”Searcheable Encryption”, Alcatel-Lucent Bell Labs (2012)

15. R. Popa and N. Zeldovich, “Multi-Key Searchable

Encryption”. MIT CSAIL