Skip to main content
banner image
venafi logo

What is Searchable Symmetric Encryption?

What is Searchable Symmetric Encryption?

what-is-searchable-symmetric-encryption
February 22, 2021 | Anastasios Arampatzis

Secure cloud storage is considered one of the most important issues that both businesses and end-users consider before moving private data to the cloud. Searchable symmetric encryption (SSE) allows a party to privately outsource the storage of data to another party, while maintaining the ability to selectively search through it. When deployed in the cloud, Searchable Symmetric Encryption allows one to query encrypted data without the risk of data leakage.

The Dilemma of Data Encryption Within Cloud Storage

The proliferation of digital transformation across all industry sectors has resulted in many benefits such as increased productivity, reduced operational costs, enhanced monitoring and sensing of critical performance indicators. Nevertheless, it has also created many challenges. For example, smart systems and IoT connected devices can become the source of large volumes of data. The divergence in structure, type, and generation rate of this big data introduces challenges on how to integrate, store and manage the data.

Outsourcing data storage to the cloud can be an effective solution with advantages in scalability, performance and interoperability. Cloud platforms provide an acceptable level of security and privacy when the data owners operate private cloud servers and/or when the cloud service is considered completely trustworthy. However, this is not always the case. For various reasons, spanning from cost-effectiveness to lack of resources to run private cloud services, businesses elect to outsource their data storage to third-party public cloud service providers (CSP). In these scenarios, the data stored in the cloud can become untrusted and there are also privacy concerns.

We have witnessed many data breaches happening within the cloud due to weak data protection controls, compromised credentials and phishing attacks. In fact, it is generally accepted that responsibility for the security and privacy of data in the cloud falls solely on the data owner.

One straightforward approach to strengthen the security and privacy of the data stored in the cloud is to encrypt the data before uploading to the cloud. While encryption provides confidentiality to the data, it also sacrifices the functionalities of processing the data, and one of the most critical functions of processing data stored in the cloud is searching.

The problem with searching encrypted data in a privacy-enhanced manner concerns many sectors, including electric grid utilities and smart meters data, law enforcement and international cooperation for fighting criminality, and healthcare databases for vaccine certifications.

What is Searchable Symmetric Encryption?

With the development of privacy-preserving technology, Searchable Symmetric Encryption (SSE) was proposed to address the above problem. SSE is technology that enables users to store documents in ciphertext form while maintaining the functionality to search keywords in their documents. Searchable encryption has been identified by DARPA as one of the technical advances that can balance the need for both privacy and national security in information aggregation systems.

SSE was first introduced by Song, Wagner and Perrig. SSE aims to achieve the best of all worlds. It is as efficient as the most effective encrypted search solutions (e.g., deterministic encryption), yet it provides far more security. In their work, they note that SSE can be achieved in its full generality and with optimal security using the work of Ostrovsky and Goldreich on oblivious RAMs.

Security of Searchable Symmetric Encryption

Researchers Reza Curtmola, Seny Kamara, Juan Garay, and Rafail Ostrovsky have highlighted that the initial work on SSE had two primary issues: (1) the definitions were (implicitly) restricting the adversary's power; and (2) they didn't explicitly capture the fact that the constructions were leaking information.

The first problem was that in these definitions, the adversary’s behavior was being implicitly restricted to making non-adaptive queries to its search oracle. To address this problem, the researchers provided a stronger security definition, called adaptive security, where the adversary was allowed to generate its queries as a function of the encrypted database, the tokens and previous search results. The new definition also treated the problem with the leakage of search patterns that revealed whether a search query was being repeated.

Finally, while initial work on searchable encryption only considered the single-user setting, the research also considered the multi-user setting in which a user owns the data, but an arbitrary group of users can submit queries to search their document collection. The owner can control search access by granting and revoking searching privileges to other users.

Conclusion

The importance of privacy-enhanced technology in our data-driven world is crucial to safeguard the confidentiality and integrity of sensitive, personal data. Researchers are exploring encryption implementations, such as Homomorphic Encryption and Searchable Symmetric Encryption, that will allow the searching and processing of encrypted stored data without compromising data privacy. The research completed so far is promising, although several computational overheads must be surpassed for a fully efficient implementation of these schemes.

The importance of privacy-enhanced technology in our data-driven world is crucial to safeguard the confidentiality and integrity of sensitive, personal data. Researchers are exploring encryption implementations, such as Homomorphic Encryption and Searchable Symmetric Encryption, that will allow the searching and processing of encrypted stored data without compromising data privacy. The research completed so far is promising, although several computational overheads must be surpassed for a fully efficient implementation of these schemes.

To learn more about Searchable Symmetric Encryption, the following articles and research are available to you for free:

Like this blog? We think you will love this.
encryption-key
Featured Blog

What Is Encryption Key Management?

Why Is Key Manag

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Anastasios Arampatzis
Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more