Symmetric Searchable Encryption (SSE) is a relatively modern cryptographic technique with remarkable capabilities. More precisely, SSE allows users who hold a decryption key to search directly on encrypted data that are stored online and hence, eliminates the need for constant downloads. However, convenience is not the only advantage of SSE as it also offers stronger security guarantees. In an SSE scheme a user encrypts her data locally before outsourcing them to a cloud service provider (CSP). This way the data are protected against both internal and external attacks.
SSE is an essential component within the ASCLEPIOS framework, as it allows the online storage of medical files in a way that any authorized party can access them. This is achieved with the use of search tokens that correlate to specific keywords. The search tokens are generated locally and are then forwarded to the CSP. Based on this token, the CSP can locate all files that contain the searched keyword and return them to the user. What is fascinating about SSE, is that the described procedure can be achieved in a way that the CSP learns neither the contents of the search token, not the content of the files!
How does it work?
For the needs of ASCLEPIOS, we designed a new SSE scheme that is not only a perfect fit with the proposed architecture, but also satisfies stronger security notions. More specifically, the functionalities offered by the Trusted Execution Environments (TEE), allowed us to design an SSE scheme that is both forward and backward private.