Searchable symmetric encryption (SSE) enables users to search over encrypted documents in untrusted clouds without leaking the search keywords to the clouds. Existing SSE schemes achieve high search efficiency at the expense of leaking access patterns and search patterns, where clouds can recover a large percentage of queried keywords using the leaked access patterns and search patterns. To prevent clouds from recovering users' keywords, researchers have proposed a number of solutions to protect either search patterns or access patterns. However, none of them can protect both access patterns and search patterns. Moreover, existing SSE schemes cannot work in the generic database setting that allows multiple users to write or read over encrypted documents. In this paper, we propose an efficient searchable symmetric encryption scheme, called SAP-SSE, which protects both access patterns and search patterns in the generic database setting. The main idea of protecting search patterns is to leverage re-encryption cryptosystems to shuffle index entries over multiple clouds. To protect access patterns, we distribute secure indexes to multiple clouds and then propose an index redistribution protocol that allows users to renew index entries in clouds. Furthermore, SAP-SSE provides a configurable security policy to balance security and efficiency. Formal security analysis and experimental evaluation show that SAP-SSE can prevent pattern leakage with low overhead.

中文翻译：

---

SAP-SSE：保护可搜索对称加密中的搜索模式和访问模式


可搜索对称加密（SSE）使用户能够在不受信任的云中搜索加密文档，而不会将搜索关键字泄露到云中。现有的SSE方案以泄漏访问模式和搜索模式为代价实现了高搜索效率，其中云可以利用泄漏的访问模式和搜索模式恢复很大比例的查询关键字。为了防止云恢复用户的关键字，研究人员提出了多种解决方案来保护搜索模式或访问模式。然而，它们都不能同时保护访问模式和搜索模式。此外，现有的 SSE 方案无法在允许多个用户写入或读取加密文档的通用数据库设置中工作。在本文中，我们提出了一种高效的可搜索对称加密方案，称为 SAP-SSE，它可以保护通用数据库设置中的访问模式和搜索模式。保护搜索模式的主要思想是利用重新加密密码系统在多个云上洗牌索引条目。为了保护访问模式，我们将安全索引分发到多个云，然后提出一种索引重新分发协议，允许用户更新云中的索引条目。此外，SAP-SSE还提供可配置的安全策略来平衡安全性和效率。正式的安全分析和实验评估表明，SAP-SSE 可以以较低的开销防止模式泄漏。