Question

what is the difference between FEATHER lightweight protocol and Searchable symmetric encryption?

explain and give the answer in terms of mobile cloud computing

Answer 1

FEATHER lightweight protocol

With the growth of cloud computing, the need arises for Private Set Intersection (PSI) protocols that can operate on outsourced data and delegate computation to cloud servers. One limitation of existing delegated PSI protocols is that they are all designed for static data and do not allow efficient update on outsourced data. Another limitation is that they cannot efficiently support PSI among multiple clients, which is often needed in practice.

FEATHER is the first delegated PSI protocol that supports efficient data updates and scalable multi-party PSI computation on outsourced datasets. The clients can independently prepare and upload their private data to the cloud once, then delegate the computation an unlimited number of times. The update operation has O(1) communication and computation complexity, and this is achieved without sacrificing PSI efficiency and security. Feather does not use public key cryptography, that makes it more scalable. We have implemented a prototype and compared the concrete performance against the state of the art. The evaluation indicates that Feather does achieve better performance in both update and PSI computation.

To enhance the security of the protocol, the server never has access to the unencrypted data. The data are encrypted by the client using a modified version of the key stream, and this modification is unknown to the server.

FEATHER communication protocol enables mobile devices with limited computational resources to share encrypted files with the help of an external server that has greater computing, storage, and bandwidth resources. The protocol uses two communication channels. The first channel is assumed to be insecure, such as the Internet using HTTP to transport messages between the mobile devices and the external server. The second channel carrying “out-of-band” messages is assumed to be secure and could be implemented using SMS messages to mobile devices, or possibly email. The first channel allows mobile devices to initiate six actions by sending a message to the external server and receiving a response. The second out-of-band channel is used tosend andreceive three kinds of secret information.

A one-time-pad, which could use a more secure parameterinstead of justification.

•A file id.

•A token id (and some additional parameter

Searchable symmetric enryption

Searchable encryption is a technique that allows a client to store documents on a server in encrypted form. ... In the symmetric searchable encryption domain, the storage and the retrieval are performed by the same client. Most conventional searchable encryption schemes suffer from two disadvantages.

It supports conjunctive search and general Boolean queries on outsourced symmetrically-encrypted data and that scales to very large databases and arbitrarilystructured data including free text search. Searchable symmetric encryption (SSE) is a cryptographic primitive addressing encrypted search. To securely store and search a database with an SSE scheme, a client first uses a special encryption algorithm which produces an encrypted version of the database, including encrypted metadata, that is then stored on an external server. Later, the client can interact with the server to carry out a search on the database and obtain the results.

Ensuring the cloud data security is a major concern for corporate cloud subscribers and in some cases for the private cloud users. Confidentiality of the stored data can be managed by encrypting the data at the client side before outsourcing it to the remote cloud storage server. However, once the data is encrypted, it will limit server’s capability for keyword search since the data is encrypted and server simply cannot make a plaintext keyword search on encrypted data. But again we need the keyword search functionality for efficient retrieval of data.

To provide a secure and efficient retrieval of data, one needs to ensure that the user can perform a search over the encrypted data without revealing the contents and the searched keyword to the server. The cryptographic primitive that provides this feature is widely known as searchable encryption (SE).

Searchable encryption (SE) enables the users to generate a search token from the searched keyword in such way that given a token, the cloud server can retrieve the encrypted contents containing the searched keyword. Basically, the search token represents an encrypted query over the encrypted data and can be generated only by users with the appropriate secret key. Figure 1 shows the basic architecture and working principle of a searchable encryption scheme. The architecture comprises mainly four entities: data owner, data user, cloud service provider and key generator.

1. Data owner: The data owner is the entity which generates and encrypts the data and uploads them to the cloud server. It can be either an organization or an individual. To use the service, the data owner uses its application which consists of a data processor for uploading new contents to the cloud. It encrypts the data and metadata with a cryptographic scheme [1] that enables searching capability.

2. B.

   Data user: This entity is also a subscriber to the cloud storage which sends encrypted queries to the cloud service provider to search for a specific encrypted data. There may be more than one data user in the system and in some scenario, the data owner and the data user might be the same entity.

3. C.

   Cloud service provider: This entity provides the data storage and retrieval service to the subscribers. The cloud service provider consists of cloud data server and cloud service manager. The first entity is used to store the outsourced encrypted data whereas the latter one is used for data management in the cloud. Upon receiving the encrypted search queries from the data user, the cloud service provider tests on the encrypted queries and encrypted metadata in the cloud storage. The encrypted data that satisfies the search criteria is retrieved and sent back to the data owner upon completion of the test. The cloud service provider should not learn any information from the operation.

4. D.

   Key generator: This entity is considered to be a trusted third party which is responsible for the generation and management of the encryption/ decryption keys. User specific keys are generated and distributed during the setup of the system.

Searchable encryption: security requirements

In general, the following requirements should be satisfied when constructing a searchable encryption scheme.

• Retrieved data: Server should not be able to distinguish between documents and determine search contents.

• Search query: Server should not learn anything about the keyword being searched for. Given a token, the server can retrieve nothing other than pointers to the encrypted content that contains the keyword.

• Query generation: Server should not be able to generate a coded query. The query can be generated by only those users with the relevant secret key.

• Search query outcome: Server should not learn anything about the contents of the search outcome.

• Access patterns: Server should not learn about the sequences and frequency of documents accessed by the user.

• Query patterns: Server should not learn whether two tokens were intended for the same query.