Abstract:
Cloud computing is a successful paradigm offering companies and individuals unlimited data storage and computational power at attractive costs. Despite its benefits, cloud computing raises security concerns for sensitive data. Once the data is outsourced, it is directly exposed to careless or potentially malicious Cloud Service Providers (CSPs). Moreover, the data can be learned by intruders due to the possible compromise of the cloud platform. To protect the outsourced data, it is necessary to encrypt the data before uploading them to the CSP. However, standard cryptographic primitives do not allow the CSP to do any operation over the encrypted data, including search. The concept of Searchable Encryption (SE) provides a more promising solution to support searching over encrypted data while protecting outsourced data from unauthorised accesses by CSPs. In the literature, a plethora of SE schemes have been proposed. Unfortunately, a majority of them expose information about data and queries, called leakage, to the CSP. In recent years, a series of works illustrate that the CSP is potentially able to recover the content of data by analysing the leakage. This thesis presents three different SE schemes with minimised leakage, which not only ensure the confidentiality of the data, but also resist existing leakage-based attacks. Moreover, in multi-user settings, the proposed schemes do not need to up-date the key or re-encrypt the data when revoking compromised users. Meanwhile, the proposed SE schemes guarantee a practical user experience, where users only need to encrypt queries and decrypt results. The first proposed SE scheme is built on top of the hybrid cloud infrastructure, where a trusted private cloud platform is deployed between users and the public CSP. The second solution is designed for the organisations without private cloud platforms, which can be deployed across two public CSPs. The last solution combines SE with Intel Software Guard Ex-tension (SGX), a trusted hardware that can be embedded in the CSP. We present a theoretical security analysis for the three schemes. We also implemented prototypes and evaluated their performance. The results demonstrate that the proposed schemes can efficiently address the challenging problems in practice.