Verifiable Search Over Updatable Encrypted Data in Cloud Computing

With all the benefits from cloud computing, there are negative influences for the data trust and integrity since clients lose control over the outsourced data in clouds. We propose a verification scheme that supports keywords based search among the encrypted data which is updatable. During the verification process the outsourced cloud data are protected from being inferred by the cloud server. Additionally, if the cloud server returns wrong or incomplete search results the clients will be able to detect such failures. A novel concept in our scheme is the ability of clients to update their outsourced data and to ensure the data’s correctness. With our scheme, the data’s update efficiency is high and the client’s computational cost is low, which makes our scheme very suitable for resource constrained devices. Keywords—Cloud computing; verification; outsourced data; update; correctness; search results


I. INTRODUCTION
Cloud storage is one of the most significant cloud computing techniques which offer elastic storage services in a -Pay-Per-Use‖ mode.A lot more individuals and companies are outsourcing their data to storage providers such as iCloud, MediaMax, Dropdox and Strongspace to reduce storage cost and management.However, practical cloud storage usage [1] is still faced with privacy and security risks as a consequence of cloud users losing control over their data to the cloud.Encrypting data before outsourcing is the most effective way in guaranteeing confidentiality.Outsourced encrypted data also encounter challenges especially in terms of its searchability which severely has an effect on the retrievability of data.In addressing this concern, a cryptographic primitive known as Searchable Symmetric Encryption (SSE) is proposed.SSE permits a Cloud Storage provider (CSP) to return keyword based queries on the encrypted data without any data information as well as the keywords being learnt.Most SSE schemes [2]- [9] require data owners to build searchable indexes at the setup phase so as to make subsequent keyword queries executable in an efficient way.
Due to the mistrust of cloud server (CS), it is important to ensure that the contents of the outsourced database will not be tampered with as well as the operations performed on the database are correct.Additionally, a proof should be provided by the CS to protect the outsourced data's modification by unauthorized users.Furthermore, the malicious CS should not be able to update (add or delete) the data.Finally, the clients should be able to verify the returned search results.

A. Our Contribution
The focus of our paper is to ensure that outsourced data with updatable functionality is authentic.Our main contributions are as follows: 1) We propose a new verifiable scheme where cloud clients can verify every outsourced data's block.Thus, the client with the help from additional block information can verify the authenticity of the stored data in the database.
2) Our proposed scheme also supports data updating.Since our scheme is dynamic every data block can be updated by the cloud client without the data being revealed by the updating process.In furtherance, clients can also verify how many times data in block position in the database has been updated.

B. Our Paper's Organization
The paper's remaining sections are organized as follows: In Section 2, related works are explained and the related preliminaries are given in Section 3. The system model is presented in Section 4 and Section 5 introduces our proposed scheme.Evaluation of our scheme's security and performance analysis is elaborated in Section 6.We conclude our paper in Section 7.

II. RELATED WORKS
Data outsourcing has the advantage of shifting cloud clients' data management burden to CSPs which are honestbut-curious (HBC) so as to either save bandwidth resources or its computation.This problem from malicious CSPs paves way for security threats.In guaranteeing the privacy and integrity of data, various cryptographic protocols and primitives have attempted to fight this challenge.Cloud clients also have the ability to guarantee the correctness of search results and also detect fatal search operation.Lots of research has been done on outsourced database verification and determining the search result's correctness.Most of these works are based on techniques which are fully homomorphic encrypted such as [10], [11].These schemes however lacked practicality.Benabbas et al. [12] proposed a verifiable database scheme with update and retrieval queries based on composite order bilinear groups.A vector commitment was used by Catalano et al. [13] to generate a verifiable database with efficient update.The vector commitment is used as the scheme's response proof.Another scheme which is used to authenticate outsourced database's query results using signature with Merkles hash tree was proposed by Ma et al. www.ijacsa.thesai.org[14].However, schemes based on Merkles hash tree require much information in order to verify results.Zheng et al. [15] proposed a verifiable scheme by utilizing attribute based encryption but this scheme is not feasible and practical in large datasets.After this, Sun et al. [16], [17] proposed a verifiable conjunctive keywords search schemes foe static and dynamic database but the flaw with these schemes is their need for a secure channel form.

III. PRELIMINARIES
This section introduces some preliminaries that our scheme uses.We also provide our verifiable scheme's algorithms and finally describe the polynomials used.

A. Hash Function
A hash function is a compressive primitive algorithm that accepts arbitrary length inputs (block of data) and outputs a fixed size bit string.Hash function inputs are typically called messages and the outputs as message digests.A cryptographic hash function should be able to stand against the known cryptanalytic attacks.A cryptographic hash function has the following properties: 1) It is computationally infeasible to find two different messages and that share the same hash , such that , where is the hash key.
2) Given a hash value it should be computationally infeasible to find any message such that 3) Given an input , it should be computationally infeasible to find a different input such that .

Verifiable outsourced database algorithm A verifiable outsourced database is made up of the algorithms below:
a) Setup: Given security parameters, this algorithm outputs secret key for the cloud's client and for the database the public key .
b) Initialization: This enables clients to perform precomputation on cloud data and generates a plaintext encryption algorithm as well as updating operations verification algorithm.c) Query: Index i is inputted after being generated by an algorithm after which the CS returns the encrypted data, the information about verification, the updating times counter and the proof.d) Verify: Using SK the encrypted data and the number of updating times are verified by the client.
e) Update: After updating the encrypted data, the client verifies the CS generated verification information and then updates the proof.

B. Polynomial Computation of Our Scheme
Client wants to compute a high degree polynomial's value at some point a malicious powerful CS's help.It is assumed is an encoded input and is an encoded output, the polynomial is an encrypted function.The polynomial Where is a high degree polynomial that will be outsourced to the CS.The function on the value will be computed by the client.A transformed polynomial is constructed for the secure outsourcing and verification.

1) Client-Side Computation:
Client selects randomly and and computes: The transformed polynomial's coefficient is then generated as where 1 .will be outsourced to the CS.

Client then computes
where =1, 2, …...n and will be sent to the CS.Our system model considers a scenario where in order to guarantee outsourced data's authenticity, data will be encrypted before uploading to the CS.The cloud's client can query for their outsourced data anytime and in any location.Due to the CS being malicious and untrusted the returned query results needs to be verified for its correctness.Also, outsourced data can be updated anytime by clients and a proof information for the verification generated.

A. Security Model
In our scheme the Cloud Clients are fully trusted since they are the owners of the outsourced data.The CS is assumed to be malicious, thus, they may strictly follow predefined protocols but may infer on outsourced data.The CS will honestly provide the query results to meet the requirements of the security and should also obtain only encrypted data from the clients.

B. Design Objectives
Our proposed scheme has three (3) main objectives as follows: a) Privacy preserving: During the updating process, the data's plaintext will not be revealed since it's encrypted before outsourcing to the cloud.Information about stored data should not be obtained by the CS.b) Low computational cost: the cost of computation during the verification phase and the updating process should be low.
c) Verification: Clients should be able to verify the returned result's correctness from a query on stored cloud data.The client can also verify the correctness of the number of the times a stored data is updated.

V. OUR PROPOSED SCHEME
We introduce our verifiable scheme in details.It is made up of the following subsections: overview of our proposed scheme and our system's initialization.

A. The Model's Overview
The proposed scheme is based on the verifiable polynomial scheme which will be explained in the next subsection.Our scheme considers encrypted outsourced database (ciphertext) which are in the form , where is the index, is the ciphertext form of the data , counts the number of times that has been updated, is the verification information of which helps generate the .
When is queried by the client, the CS will return the tuple.This protocol's security will guarantee to the client the correctness of and .The client will also verify whether , and are correct.In updating the index , the client updates by setting .The verification information of is then verified by the client.If is valid, the updated data is stored with the new proof on the tuple ( ).Since data may be updated frequently the existing proof will become non-functional and non-usable by the CS.

B. The System's Initialization
The algorithms used in this section have been defined in the subsection 2.3 (Polynomial computation of our scheme) of the paper.

Initialization. Two polynomials
and are generated by the clients.is a high degree polynomial and is a simple polynomial, so that the client can efficiently compute.In protecting the original data in the database the client selects and hides the which is the original data as .The client randomly selects and , after that into . where The client then computes as the public key The secret key in this system is where is a generator of and the public key Ciphertext Generation.For each data in the database, the client masks the original data as , after the masking client uploads to the CS.When CS receives the masked data for the first time, it records the data's position index and sets the counter , and then computes

∏
The CS sends , and to the client.Client computes with .
The equation below is verified by the client to ascertain if it holds , Else, client outputs .Otherwise, client computes , and generates the proof where is a non-collision hash function and www.ijacsa.thesai.org Proof of Theorem 3. When queries are made for a data in position , the CS may replace the data in the position by the data in position .The ciphertext will be changed into .
The will pass the verification for the new ciphertext .The client will then obtain .When the client queries the index , the proof is ( ) the CS cannot obtain , where the client's secret key is used to generate and is also a secret.Due to the noncollision hash function property it is impossible for to generate .Hence, the conclusion that data in position cannot be substituted by data in position .

B. Performance Evaluation
We provide a detailed experimental evaluation of our proposed scheme.Our experiments are based on the Pairing based cryptography (PBC) [19] library.We performed 20 runs for each test and the average was taken.All experiments were performed on a computer with 16GB RAM, Intel i7-4600 2.7 GHz CPU with Linux Operating system.This specification of the computer will help to measure precisely both the cloud server and the client server's overhead precisely.We provide in our experiment the time cost simulation for our scheme when =50 and the related schemes [12], [18].The time cost in the query, verification and update phases are shown in Fig. 1(a), 1(b) and 1(c), respectively.
The CS on receiving query request from its client performs a search over the indexes and computes on the queried data.Fig. 1(a) shows our scheme's computational overhead and that of [12], [18] is significant and linearly grows with the computing counts.We however argue that the query's computational overhead is mainly performed by the CS rather than the resource constrained client.In a real world scenario, the result indicates that the time is acceptable.Data verification's efficiency comparison among the three schemes is shown in Fig. 1(b).It shows that our scheme can achieve data verification with nearly the computation overhead over the scheme [18].However, when compared with [12] our scheme shows an increase in computational overhead.Our claim is that our scheme can achieve both verifiability and updating functionalities.Notably, in our scheme the data verification's computational cost can be reduced by the client using the secret key.Simulation results shown in Fig. 1(c) show our scheme being more efficient than that of [12] in the update algorithms by the clients.All these make our scheme most suitable for real world applications.

VII. CONCLUSION AND FUTURE WORK
In this era of Big Data, end users are faced with many challenges.In dealing with these huge amounts of data, end users need high storage capacities and powerful devices which can perform complex computations.The insurgence of cloud computing has provided solutions to these problems.Cloud computing provides services which includes providing clients with huge storage space and also performing powerful computational operations on these stored data.Pertaining to this paper, we construct a new verifiable scheme which supports updated data on the cloud.During the updating process the original data will be protected from malicious adversaries which includes the CSPs.Our scheme's computational cost is low during the verification, update and query phases.
One disadvantage of the proposed scheme is that when clients continuously insert data into the same database index the number of the level in hierarchical commitment increases.The storage and computational overheads of the CS will linearly increase thereby reducing the verifiable scheme's efficiency.Future works should thence try to solve the problem of how to construct a verifiable scheme which is efficient and supports updatable operations regardless of the type of insertion.

If the client wants to compute the value
the equation holds, the client can get the final result by computing mod where ∑ www.ijacsa.thesai.orgIV.SYSTEM MODEL (a)Time cost in data query.(b)Time cost in data verification.(c) Time cost in data update.