Symmetric Searchable Encryption (SSE)
Symmetric Searchable Encryption - SSE
Why we need it?

Symmetric Searchable Encryption (SSE) is a relatively modern cryptographic technique with remarkable capabilities. More precisely, SSE allows users who hold a decryption key to search directly on encrypted data that are stored online and hence, eliminates the need for constant downloads. However, convenience is not the only advantage of SSE as it also offers stronger security guarantees. In an SSE scheme a user encrypts her data locally before outsourcing them to a cloud service provider (CSP). This way the data are protected against both internal and external attacks. 

SSE is an essential component within the ASCLEPIOS framework, as it allows the online storage of medical files in a way that any authorized party can access them. This is achieved with the use of search tokens that correlate to specific keywords. The search tokens are generated locally and are then forwarded to the CSP. Based on this token, the CSP can locate all files that contain the searched keyword and return them to the user. What is fascinating about SSE, is that the described procedure can be achieved in a way that the CSP learns neither the contents of the search token, not the content of the files!

How does it work?

For the needs of ASCLEPIOS, we designed a new SSE scheme that is not only a perfect fit with the proposed architecture, but also satisfies stronger security notions. More specifically, the functionalities offered by the Trusted Execution Environments (TEE), allowed us to design an SSE scheme that is both forward and backward private.

Informally, an SSE scheme is said to be forward private if newly added files do not leak any information about past queries. On the other hand, a scheme is backward private if file deletions do not leak information about future queries.  These are two extremely important properties that guarantee that the scheme does not fall prey to the recently proposed file-injection attacks. As a result, the proposed scheme guarantees that the leaked information will not contain any sensitive data, but it will revolve around trivial knowledge such as the size of the database. Furthermore, it achieves optimal computational costs and at the same time, no local storage is required by the users. The proposed SSE scheme has been implemented as a Javascript library at the client side, and web services at the server side. The web servers can be easily deployed, and the Javascript library can be invoked by any web application which wishes to use the SSE functionalities.