IITKGP Team develops controlled access technology to unlock specific encrypted data
Are you worried while sending out messages or uploading data on your cloud server? Of course you know encryption would be there. But such encryption could reduce the overall performance of your server. Now Researchers at IIT Kharagpur have developed a technological solution to access encrypted data on cloud server with keywords, without the need for decryption nor compromising the security of the system.
Cloud computing has introduced various solutions with efficient ubiquitous sharing and agile independent access to large volumes of data. These solutions are being used across corporations, governments and individuals alike. However, security issues run high too with possible leakages of sensitive data such as customer transactions, search histories, credit card numbers, corporation and government policies, and personally identifiable information. Data encryption which is used as solution to data security often makes data searching and data mining operations difficult. The trivial solution involving sending data back to the owner for decryption and returning the same client, is time-consuming with high costs as it requires heavy bandwidth and storage capabilities. It also under-utilizes the computational ability of the cloud, which is usually much greater than that of individual devices. Cloud Computing being crucial in today’s professional world, such gap cannot go unaddressed.
The solution by the Secured Embedded Architecture Lab (SEAL) at IIT Kharagpur is pragmatic in the sense that it allows analytics on the encrypted data itself. This eliminates the need to decrypt the data or compromise system security. “We need cryptosystems that allow searchable encryption, or more simply, keyword search over encrypted document collections and databases” said researcher Sikhar Patranabis at SEAL.
The research has lead to Controlled Access Searchable Encryption (CASE), a new public-key searchable encryption. “CASE allows a data owner to generate a controlled-search access that can restrict the search capabilities of a data user to a specific subset of documents in the collection. This prevents the vulnerability of the full data set. CASE also preserves the privacy of the underlying plaintext data under well-known cryptographic assumptions” explained Prof. Debdeep Mukhopadhyay, lead researcher of the project and Director of incubation at Embedded Security and Privacy Pvt Ltd. (ESP), STEP-IIT Kharagpur.
CASE is the first public key searchable encryption scheme achieves performance and security at par with the most efficient symmetric key searchable encryption constructions with inherent access control and security guarantees. Also CASE hardware offers the advantage of massively parallel architectures to speed up searching on encrypted data.
“While all existing schemes produce access that grow linearly with the size of the document collection, CASE access window remains constant independent of the document collection size. CASE is secure under well-defined cryptographic assumptions, and requires optimal network communication between the server and the data owners/data users. Additionally, CASE is also efficient and scalable with respect to data updates, making it ideal for use in dynamic cloud-based search applications” added Prof. Mukhopadhyay.
“We are expecting to have a full-fledged prototype implementation of our controlled-access searchable encryption set-up by the end of 2017. We are excited about the prospect of some new and highly motivated PhD candidates joining us in the coming semester, and together we hope to convert the present work from a prototype implementation to a usable system. We will then look to expand into potential technology transfer avenues to bring the work to a successful fruition” said Sikhar
The current prototype implementation requires an estimated 172 FPGAs (cost: around 10,000 USD) to support a full-fledged encrypted search engine with 100 documents over a dictionary of 1000 keywords. “We are currently working on massive area and power optimizations of the prototype for resource-constrained devices such as mobile phones. Fortunately, many of the primitives, such as elliptic curve cores, used by our technology are already present in modern gadgets for security. We intend to leverage these in order to reduce the overall blow-up of the device cost. In addition, it is also possible to host our service online, and access the same from one’s own device via a simple login, with minimal processing requirements in the device itself” explained Prof. Mukhopadhyay.
The innovation has been published in several journals of repute such as IEEE Transactions on Computers (TC), and conferences such as Indocrypt.