IJCS_2016_0302016.pdf

8/16/2019 IJCS_2016_0302016.pdf

1/5

153 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

International Journal of Computer Systems (ISSN: 2394-1065), Volume 03 – Issue 02, February, 2016

Available at http://www.ijcsonline.com/

Multi Keyword Ranked Search Enabled Encryption on Cloud Data

Vishnuprasad T., Ajith Kumar K. and Abhiram C. M.

Department of CSE, Nehru College of Engineering and Research Centre, Pampady, Thrissur, India

Abstract

Since the growth of internet technology become explosive, so does the growth of cloud technology. Virtually the cloud

technology is improving every day in these days. Along with this rapid improvement, cloud computing is also having

great flexibility and cost effectiveness. These features of cloud lure every data owners to share and upload the data and

information into a cloud network. But for privacy and security needs, they encrypt it before uploading. Hence searching

for the encrypted data in the cloud is necessary in these days. There exist techniques for searching encrypted data,namely single keyword and Boolean keyword search. But as there is large number of data in the cloud and the number of

users using it is also large, these techniques for searching and retrieving encrypted clou d data aren’t sufficient. Because

the result obtained through these techniques can’t satisfy a hungry user. For these reasons the need of introducing new

searching scheme called multi keyword ranked searching is necessary. The multi keyword searching scheme establishes

a set of strict privacy requirement for a secure cloud data utilization system. It also ensures that the proposed scheme surely bring in reduced overhead on communication as well as in computation.

Keywords: Multi keyword search, ranked search, cloud computing, searchable encryption, ranked search

I. I NTRODUCTION

One of the most innovative internet technology in thetwenty first century is cloud computing. This is because ofthe reason that it realizes the vision of computing as autility. It allows customers to stores the data in the cloud soas to enjoy the on-demand high quality applications from a

shared pool of configurable virtualized resources. Thedriving force for both individuals and enterprises tooutsource their local complex data management systeminto the cloud is because of its flexibility and economicsaving feature. All organisations have the responsibility to

provide security to its user‟s data, and for privacy they willhave to block unsolicited accesses to the cloud. For this thesensitive data have to be encrypted by data owners beforeoutsourcing to the commercial public cloud. This, however,obsoletes the traditional data utilization service based on

plaintext keyword search. Downloading all data anddecrypting locally is a trivial solution and is highlyimpractical. All these reasons sum up the want for ascheme that allow multi keyword search on encrypted

cloud data along with essential data secrecy features.

Since the user‟s requirement is to get the data that theyrequest as fast as possible and as accurately as possible, itdemands the cloud server to perform result relevanceranking, instead of returning undifferentiated results [2]. Itnot only retrieves the data that user desires quickly but canalso eliminate unnecessary network traffic. This becausethe cloud is based on the concept of „pay as you use‟ andhence nobody wants to waste the money unnecessarily. Forthe ranking of result to be effective, it solidifies the needfor multi keyword searching schemes. However, how toapply it in the encrypted cloud data search system remainsa very challenging task because of inherent security and

privacy obstacles, including various strict requirements likethe data privacy, the index privacy, the keyword privacy,and many others.

For encrypted data in cloud, searchable encryption is ahelpful technique that treats encrypted data as documents.This allows a user to easily and securely search by using asingle keyword and retrieve documents of interest [3].Butsince they are developed as cryptoprimitives and cannotaccommodate high service-level requirements like systemusability, efficient user searching experience and easy

information retrieval. To improve the search flexibility,some recent designs have been proposed to supportBoolean keyword search [4]. But they are still not enoughto provide users with acceptable result rankingfunctionality. Having said all this, the new scheme of multikeyword searching on an encrypted data is still a majorchallenge.

In this paper, the scheme named multi keyword rankedsearch (MKRS) enabled encryption on cloud data isspecified and resolved. In the several semantics availablefor multi keyword searching “co-ordinate matching” isused here. When the index construction is carried out, eachdocument is associated with a binary vector as a sub-index

where each bit represents whether corresponding keywordis contained in the document. The search query is alsodescribed as a binary vector where each bit means whethercorresponding keyword appears in this search request, sothe similarity could be exactly measured by the inner

product of the query vector with the data vector. Butoutsourcing of the data vector or the query vector directlywill violate the index privacy or the search privacy. Fortaking on challenges of supporting such multikeywordsemantic without privacy breaches, a basic idea for theMKRS using secure inner product computation isconsidered. This is adapted from secure k-nearestneighbour (kNN) technique [5].

8/16/2019 IJCS_2016_0302016.pdf

2/5

Vishnuprasad T, Ajith Kumar K, Abhiram C M Multi Keyword Ranked Search Enabled Encryption on Cloud Data


Fig 1: Encrypted cloud data search architecture

II. PROBLEM STATEMENT

A. The System Model

The system model can be considered as a cloud data

hosting service involving three different entities which isillustrated in Fig 1.these entities are named as the dataowner, the data user, and the cloud server. This means thesystem design uses the three-tier architecture. 'Three-tier' isa client-server architecture in which the user interfaces,functional process logic ("business rules"), computer datastorage and data access are developed and maintained asindependent modules, most often on separate platforms.The three-tier model is considered to be softwarearchitecture and a software design pattern.

The data owner has a set of data documents F to beuploaded to the cloud server in the encrypted form C. Toenable the searching efficiency over C for adequate data

utilization, the data owner will first build an encryptedsearchable index I from F, and then outsource both theindex I and the encrypted document collection C to thecloud server. To search the document collection for t givenkeywords, an authorized user acquires a correspondingtrapdoor T through search control mechanisms. Uponreceiving T from a data user, the cloud server is obliged tosearch the index I and return the corresponding set ofencrypted documents. To improve the document retrievalaccuracy, the search result should be ranked by the cloudserver according to any available ranking criteria.

B. Threat Models

We consider an “honest-but-curious” server in our

model, which is consistent with most of the previoussearchable encryption schemes [ ]. In most realisticscenario the cloud server will act in “honest” manner. Itwill also follow the designated protocols specifiedcorrectly. But the concern for a semi-trusted server like thisis that, the server is always “curious” to infer and analyzethe message flow received during the protocol so as tolearn additional information. Specifically, the server, by nomeans, has any willful intention to actively modify themessage flow or disrupt any other kind of services. Bythese conclusions we have the following attacking models.

Known cipher text model. In this model, the cloudserver is supposed to only know encrypted data set C andsearchable index I, both of which are outsourced from thedata owner.

Chosen-cipher text model. By this model it means that,as the cloud server knows encrypted data set C and index I,the cloud server because of its “curious” nature can choosearbitrary cipher text and have access to plaintext decryptedfrom it.

Known background model . In this stronger model, thecloud server is supposed to possess more knowledge thanwhat can be accessed in the known cipher text model. Suchinformation may include the correlation relationship ofgiven search requests (trapdoors), as well as the data setrelated statistical information.

C. Design Goals

To enable ranked searchable symmetric encryption foreffective utilization of outsourced cloud data under theaforementioned model, the design is intended to achievedata secrecy and improved data retrieval. The goals are asfollows.

Multi-keyword ranked search. To design schemes

which allow multi-keyword query and provideresult similarity ranking for effective data retrieval,instead of returning undifferentiated results.

Data secrecy. To keep the server from exposingsupplementary information from the data set and theindex, and to meet privacy requirements.

Performance. The precedent design goals areexpected to be achieved without diminishing the

performance of the system.

III. LITERATURE SURVEY

Because of the large number of data users and

documents in the cloud, it has become a necessary to allowmultiple keywords in the search request and returndocuments in the order of their relevance to thesekeywords. The problem of multi keyword ranked searchover encrypted cloud data is explored, and then the

proposed system establishes a set of strict privacyrequirements for such a secure cloud data utilizationsystem. Experiments on the real-world data set furthershows that multi keyword ranked schemes indeed introducelow overhead on computation and communication.

A. Towards a Cloud Definition,

Cloud Computing is associated with a new paradigmfor the provision of computing infrastructure [6]. This

paradigm shifts the location of this infrastructure to thenetwork to reduce the costs associated with themanagement of hardware and software resources.Depending on the type of provided capability, there arethree scenarios where Clouds are used: Infrastructure as aService (IaaS), Platform as a Service (PaaS) and Softwareas a Service (SaaS).

Internet Providers manage a large set of computingresources, such as storing and processing capacity.Through virtualization, they are able to split, assign anddynamically resize these resources to build ad-hoc systemsas demanded by customers, the SPs. This is theInfrastructure as a Service scenario. Cloud systems canoffer an additional abstraction level: instead of supplying avirtualized infrastructure, they can provide the software

platform where systems run on. The sizing of the hardwareresources demanded by the execution of the services is

8/16/2019 IJCS_2016_0302016.pdf

3/5



made in a transparent manner. This is denoted as Platformas a Service. There are services of potential interest to awide variety of users hosted in Cloud systems. This is analternative to locally run applications. This scenario iscalled Software as a Service.

Taking these features into account an encompassingdefinition of the Cloud can be stated as follows: Clouds area large pool of easily usable and accessible virtualizedresources (such as hardware, development platforms and/orservices). These resources can be dynamically reconfiguredto adjust to a variable load (scale), allowing also for anoptimum resource utilization. This pool of resources istypically exploited by a pay per-use model in whichguarantees are offered by the Infrastructure Provider bymeans of customized SLAs (Service-Level Agreement).

B. Cryptographic Cloud Storage

Cloud infrastructures can be roughly categorized aseither private or public. [7] In a private cloud, the

infrastructure is managed and owned by the customer andlocated on-premise. In particular, this means that access tocustomer data is under its control and is only granted to

parties it trusts. In a public cloud the infrastructure isowned and managed by a cloud service provider and islocated off-premise. This means that customer data isoutside its control and could potentially be granted tountrusted parties. By moving their data to the cloudcustomers can avoid the costs of building and maintaininga private storage infrastructure, opting instead to pay aservice provider as a function of its needs. For mostcustomers, this provides several benefits includingavailability and reliability at a relatively low cost. Whilethe benefits of using a public cloud infrastructure are clear,

it introduces significant security and privacy risks. In fact,it seems that the biggest hurdle to the adoption of cloudcomputing, in general, is the concern over theconfidentiality and integrity of data. Thus, unless the issuesof confidentiality and integrity are addressed, many

potential customers will be reluctant to make the move.

The core components of a cryptographic storage servicecan be implemented using a variety of techniques, some ofwhich were developed specifically for cloud storage. When

preparing data for storage in the cloud, the data processor begins by indexing it and encrypting it with a symmetricencryption scheme under a unique key. It then encrypts theindex using a searchable encryption scheme and encrypts

the unique key with an attribute-based encryption schemeunder an appropriate policy. Finally, it encodes theencrypted data and index in such a way that the dataverifier can later verify their integrity using a proof ofstorage. A proof of storage is a protocol executed betweena client and a server with which the server can prove to theclient that it did not tamper with its data. Proofs of storagecan be either privately or publicly verifiable. Privatelyverifiable proofs of storage only allow the client (i.e., the

party that encoded the file) to verify the integrity of thedata. With a publicly verifiable proof of storage, on theother hand, anyone that possesses the client‟s public keycan verify the data‟s integrity.

C.

Modern Information Retrieval

With the advent of computers, it became possible tostore large amounts of information [8]; and finding usefulinformation from such collections became a necessity. The

need to store and retrieve written information becameincreasingly important over the years and thus many modesof data retrievals thus emerged. Various models for doingdocument retrieval were developed and advances weremade along all dimensions of the retrieval process.However, due to lack of availability of large text

collections, the question whether these models andtechniques would scale to larger corpora remainedunanswered. This changed with the inception of TextRetrieval Conference, or TREC. With large text collectionsavailable under TREC, many old techniques weremodified, and many new techniques were developed to doeffective retrieval over large collections. The algorithmsdeveloped in IR were the first ones to be employed forsearching the World Wide Web.

Early IR systems were boolean systems which allowedusers to specify their information need using a complexcombination of boolean ANDs, ORs and NOTs. Booleansystems have several shortcomings and it is very hard for a

user to form a good search request using such techniques.Most everyday users of IR systems expect IR systems to doranked retrieval. Thus IR systems rank documents by theirestimation of the usefulness of a document for a user query.Most IR systems assign a numeric score to every documentand rank documents by this score. Several models have

been proposed for this process. The three most used modelsin IR research are the vector space model, the probabilisticmodels, and the inference network model.

IR systems are based on the inverted list data structure.This enables fast access to a list of documents that containa term along with other information. Inverted lists exploitthe fact that given a user query, most IR systems are only

interested in scoring a small number of documents thatcontain some query term. This allows the system to onlyscore documents that will have a non-zero numeric score.Most systems maintain the scores for documents in a heap(or another similar data structure) and at the end of

processing return the top scoring documents for a query.The two desired properties for the measurement of searcheffectiveness are recall: the proportion of relevantdocuments retrieved by the system; and precision: the

proportion of retrieved documents that are relevant.

The most critical piece of information needed fordocument ranking in all models is a terms weight in adocument. The three main factors come into play in the

final term weighting formulation are term frequency,document frequency and document length. A large body ofwork has gone into proper estimation of these weights indifferent models. Another technique that has been shown to

be effective in improving document ranking is querymodification via relevance feedback. Many othertechniques have been developed over the years and havemet with varying success. Cluster hypothesis states thatdocuments that cluster together will have a similarrelevance profile for a given query. Natural LanguageProcessing (NLP) has also been proposed as a tool toenhance retrieval effectiveness, but has had very limitedsuccess. Techniques developed in the field have been usedin many other areas and have yielded many new

technologies which are used by people on an everyday basis, e.g., web search engines, junk-email filters, newsclipping services. With exponential growth in the amount

8/16/2019 IJCS_2016_0302016.pdf

4/5



of information available, information retrieval will play anincreasingly important role in future.

D. Secure Ranked Keyword Search

A ranked searchable encryption scheme consists of fouralgorithms (KeyGen, BuildIndex, TrapdoorGen,

SearchIndex) [9]. A ranked searchable symmetricencryption system can be constructed from these fouralgorithms in two phases - Setup and Retrieval.

Setup: The data owner initializes the public and secret parameters of the system by executing KeyGen, and pre- processes the data file collection C by using BuildIndex togenerate the searchable index from the unique wordsextracted from C. The owner then encrypts the data filecollection C, and publishes the index including thekeyword frequency based relevance scores in someencrypted form, together with the encrypted collection C tothe Cloud.

Retrieval: The user uses TrapdoorGen to generate asecure trapdoor corresponding to his interested keyword,and submits it to the cloud server. Upon receiving thetrapdoor, the cloud server will derive a list of matched fileIDs and their corresponding encrypted relevance scores bysearching the index via SearchIndex. The matched filesshould be sent back in a ranked sequence based on therelevance scores. However, the server should learn nothingor little beyond the order of the relevance scores. Thus,search results can be accurately ranked based only on theterm frequency and file length information containedwithin the single file.

E. Fuzzy Keyword Search

Although traditional searchable encryption schemesallow a user to securely search over encrypted data throughkeywords and selectively retrieve files of interest, thesetechniques support only exact keyword search. This iswhen an effective fuzzy keyword search over encryptedcloud data can be used.

The fuzzy keyword search scheme returns the searchresults according to the following rules: 1) if the user‟ssearching input exactly matches the pre-set keyword, theserver is expected to return the files containing thekeyword. 2) if there exist typos and/or formatinconsistencies in the searching input, the server will returnthe closest possible results based on pre-specified similarity

semantics. There are several methods to quantitativelymeasure the string similarity. The three primitiveoperations used here are 1) Substitution: changing onecharacter to another in a word. 2) Deletion: deleting onecharacter from a word. 3) Insertion: inserting a singlecharacter into a word.

Fuzzy keyword search greatly enhances systemusability by returning the matching files when userssearching inputs exactly match the predefined keywords orthe closest possible matching files based on keywordsimilarity semantics, when exact match fails [10]. Here thetechnique of edit distance is used, in which keywordsimilarity is quantified and an advanced technique on

constructing fuzzy keyword sets is developed, whichgreatly reduces the storage and representation overheads.

F. Secure kNN Computation on Encrypted Database

Traditional encryption methods that aim at providing“unbreakable” protection are often not adequate becausethey do not support the execution of applications such asdatabase queries on the encrypted data. However, the

problem should be studied with respect to various securityrequirements, considering different attacker capabilities.Here the focus is on k-nearest neighbour (kNN) queries,and shows how various encryption schemes are designed tosupport secure kNN query processing under differentattacker capabilities. The kNN query is an importantdatabase analysis operation, used as a standalone query oras a core module of common data mining tasks.

The general problem of secure computation on anencrypted database is discussed and a model namedSCONEDB (Secure Computation ON an EncryptedDatabase) is proposed in this literature. The SCONEDBmodel captures the execution and security requirements.Here the main focus is on kNN queries. How an encryptionscheme (which includes the above five components) can bedeveloped to securely support kNN applications under theSCONEDB model is also illustrated here. A kNN querysearches for k points in a database that are the nearest to agiven query point q. One approach to securely supportkNN is to use distance-preserving transformation (DPT) toencrypt data points. Given this property, kNN can becomputed on the encrypted database. Unfortunately, suchtransformation is shown to be not secure in practice. If anattacker can access the DPT-encrypted database and knowsa few points in the plain database DB, he can recover DBentirely.

The weakness of DPT comes from the fact that the

attacker is able to recover distance information from theencrypted database. These distances allow the attacker tocompute signatures and thus to apply the signature linkingattack. Unfortunately, a scalar-product-preservingencryption is also distance-recoverable and hence is notsecure against level-2 attacks. To resist level-2 attacks, weneed an encryption function that does not reveal distanceinformation. For kNN search, exact distance computation isnot necessary. Rather, only a distance comparisonoperation is needed. The requirement that needed here isthat the distance recovery of an encrypted database mustnot be possible. The experiments show that a scalar product

preserving encryption is also distance recoverable and

hence is not secure against level-2 attacks (Level-2 attackexample : if the attacker observes the encrypted database ofa bank and some of his sources are customers of the bank,he then knows the values of several tuples in the plaindatabase.)

There are three types of scalar products: (type-1) scalar product of a database point with itself; (type2) scalar product of a database point with the query point; (type-3)scalar product of two different database points p1 and p2.Here an encryption that preserves type-2 but not type-1 ortype-3 scalar products is needed and Asymmetric ScalarProduct preserving Encryption (ASPE) is such a scheme[11]. This justifies the need of non-distance-recoverable

encryption schemes for secure kNN computation. Thus,there is a tradeoff between Scheme 2 and Scheme 1.

8/16/2019 IJCS_2016_0302016.pdf

5/5



G. Zerber: r-Confidential Indexing for Distributed

Documents

In larger enterprises employers often need to share datausers need an indexing facility that can quickly locaterelevant documents they are allowed to access, without

(1) Leaking information about the remainingdocuments

(2) Imposing a large management burden as users,groups, and documents evolve

(3) Requiring users to agree on a central completelytrusted authority.

To address these problems, r-confidentiality is proposed. It is a measure of the degree of information thatcan leak from an index about inaccessible documents,given an adversary‟s background knowledge of the corpusor language statistics. Then an r-confidential globalinverted index for sensitive documents, known as Zerber, is

introduced [12].

Zerber relies on a centralized set of largely untrustedindex servers that hold posting list elements encrypted witha k out of n secret sharing scheme, which providescomplete resistance against inappropriate informationdisclosure regarding pre-existing documents even if k-1index servers are compromised. To provide tunableresistance to statistical attacks, Zerber employs a novelterm merging scheme that has minimal impact on indexlookup costs. Zerber guarantees freshness of shareddocuments at low cost, makes economical use of network

bandwidth, requires no key management, and answers mostof the queries almost as fast as an ordinary inverted index.

Currently, Zerber returns all answers to a query, andranking is performed on the client side. A challengingextension is to support top-K processing on the server side,while maintaining the confidentiality properties. Returningonly top-K query answers will significantly reduce thenetwork bandwidth and processing costs at user peers.Another interesting question is how to support queryconfidentiality, even when one server has beencompromised and the adversary can view the incomingstream of requests for posting lists. BFM leaks probabilisticinformation in this situation, while the other mergingheuristics are more robust.

IV.

CONCLUSIONIt is obvious that as the days go by the internet

technology will improve. Along with that the data that will be uploaded in the cloud will also be greater. So in thisdocument, for the primary occasion we term and crack the

problem of multi-keyword ranked search in excess ofencrypted cloud data, and institute a assortment of privacynecessities. in the midst of various multi-keywordsemantics, we choose the efficient similarity measure of“coordinate matching,” i.e., as many matches as possible,to effectively capture the relevance of outsourceddocuments to the query keywords, and use “internal

product similarity” to quantitatively evaluate suchsimilarity measure. For meeting the challenge of supportingmulti-keyword semantic without privacy breaches, we

propose a basic idea of MKRS using secure inner productcomputation. Then, we give two improved MKRS schemes

to achieve various severe privacy requirements in differentthreat models.

ACKNOWLEDGMENT

The work was completed with support of our guidesProf. Vinit K. and Prof. Hafzal Rahman M. J. They are the

force behind the completion of this paper. So we wouldlike to express our thanks to them for their highlyappreciable support and encouragement. We would alsolike to convey our gratitude to all who supported to make it

possible.

R EFERENCES

[1] N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, “Privacy-PreservingMulti-Keyword Ranked Search over Encrypted Cloud Data,” IEEEComputer Society, vol.25, Issue No.01 – January 2014, pp. 222-233,

[2] A. Singhal, “Modern information retrieval: A brief overview,”IEEE Data Engineering Bulletin, vol. 24, no. 4, 2001, pp. 35 – 43.

[3] D. Song, D. Wagner, and A. Perrig, “Practical techniques for

searches on encrypted data,” in Proc. of S&P, 2000. [4] J. Katz, A. Sahai, and B. Waters, “Predicate encryption supporting

disjunctions, polynomial equations, and inner products,” in Proc. ofEUROCRYPT, 2008.

[5] W. K. Wong, D. W. Cheung, B. Kao, and N. Mamoulis, “Secureknn computation on encrypted databases,” in Proceedings of the35th SIGMOD international conference on Management of data,2009, pp. 139 – 152.

[6] L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, “A break in the clouds: towards a cloud definition,” ACM SIGCOMMComput. Commun. Rev., vol. 39, no. 1, 2009, pp. 50 – 55.

[7] S. Kamara and K. Lauter, “Cryptographic cloud storage,” inRLCPS, January 2010, LNCS. Springer, Heidelberg.

[8] A. Singhal, “Modern information retrieval: A brief overview,”IEEE Data Engineering Bulletin, vol. 24, no. 4, 2001, pp. 35 – 43.

[9]

C. Wang, N. Cao, J. Li, K. Ren, and W. Lou, “Secure rankedkeyword search over encrypted cloud data,” in Proc. of ICDCS‟10,2010.

[10] J. Li, Q. Wang, C. Wang, N. Cao, K. Ren, and W. Lou, “Fuzzykeyword search over encrypted data in cloud computing,” in Proc.of IEEE INFOCOM‟10 Mini-Conference, March 2010, San Diego,CA, USA.

[11] W. K. Wong, D. W. Cheung, B. Kao, and N. Mamoulis, “Secureknn computation on encrypted databases,” in Proceedings of the35th SIGMOD international conference on Management of data,2009, pp. 139 – 152.

[12] S. Zerr, E. Demidova, D. Olmedilla, W. Nejdl, M. Winslett, and S.Mitra, “Zerber: r -confidential indexing for distributed documents,”in Proc. Of EDBT, 2008, pp. 287 – 298.