Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Trinity: A Scalable and Forward-Secure DSSE for Spatio-Temporal Range Query

Zhijun Li, Kuizhi Liu, Minghui Xu, Xiangyu Wang, Yinbin Miao, Jianfeng Ma, Xiuzhen Cheng

TL;DR

The paper tackles secure spatio-temporal DSSE for cloud-based LBS by introducing Trinity-I, a scalable, update-efficient scheme based on Hilbert curves, quotient filters, and SHVE, and Trinity-II, an enhanced forward-secure, verifiable version that reduces storage by up to 80% and enables rapid retrieval at the 1M-record scale. Trinity-I achieves IND-SCPA security and supports dynamic updates with adaptive index expansion, while Trinity-II adds salts and verification to mitigate leakage and false positives, at the cost of some latency. The authors provide formal leakage/security analyses and experimental validation on Yelp data, demonstrating superior storage efficiency, query speed, and update performance compared to state-of-the-art DSSE baselines. Overall, Trinity advances practical, secure spatio-temporal DSSE by balancing dynamic updates, security guarantees, and system scalability for large-scale outsourced LBS datasets.

Abstract

Cloud-based outsourced Location-based services have profound impacts on various aspects of people's lives but bring security concerns. Existing spatio-temporal data secure retrieval schemes have significant shortcomings regarding dynamic updates, either compromising privacy through leakage during updates (forward insecurity) or incurring excessively high update costs that hinder practical application. Under these circumstances, we first propose a basic filter-based spatio-temporal range query scheme \TrinityI that supports low-cost dynamic updates and automatic expansion. Furthermore, to improve security, reduce storage cost, and false positives, we propose a forward secure and verifiable scheme \TrinityII that simultaneously minimizes storage overhead. A formal security analysis proves that \TrinityI and \TrinityII are Indistinguishable under Selective Chosen-Plaintext Attack (IND-SCPA). Finally, extensive experiments demonstrate that our design \TrinityII significantly reduces storage requirements by 80\%, enables data retrieval at the 1 million-record level in just 0.01 seconds, and achieves 10 $\times$ update efficiency than state-of-art.

Trinity: A Scalable and Forward-Secure DSSE for Spatio-Temporal Range Query

TL;DR

The paper tackles secure spatio-temporal DSSE for cloud-based LBS by introducing Trinity-I, a scalable, update-efficient scheme based on Hilbert curves, quotient filters, and SHVE, and Trinity-II, an enhanced forward-secure, verifiable version that reduces storage by up to 80% and enables rapid retrieval at the 1M-record scale. Trinity-I achieves IND-SCPA security and supports dynamic updates with adaptive index expansion, while Trinity-II adds salts and verification to mitigate leakage and false positives, at the cost of some latency. The authors provide formal leakage/security analyses and experimental validation on Yelp data, demonstrating superior storage efficiency, query speed, and update performance compared to state-of-the-art DSSE baselines. Overall, Trinity advances practical, secure spatio-temporal DSSE by balancing dynamic updates, security guarantees, and system scalability for large-scale outsourced LBS datasets.

Abstract

Cloud-based outsourced Location-based services have profound impacts on various aspects of people's lives but bring security concerns. Existing spatio-temporal data secure retrieval schemes have significant shortcomings regarding dynamic updates, either compromising privacy through leakage during updates (forward insecurity) or incurring excessively high update costs that hinder practical application. Under these circumstances, we first propose a basic filter-based spatio-temporal range query scheme \TrinityI that supports low-cost dynamic updates and automatic expansion. Furthermore, to improve security, reduce storage cost, and false positives, we propose a forward secure and verifiable scheme \TrinityII that simultaneously minimizes storage overhead. A formal security analysis proves that \TrinityI and \TrinityII are Indistinguishable under Selective Chosen-Plaintext Attack (IND-SCPA). Finally, extensive experiments demonstrate that our design \TrinityII significantly reduces storage requirements by 80\%, enables data retrieval at the 1 million-record level in just 0.01 seconds, and achieves 10 update efficiency than state-of-art.

Paper Structure

This paper contains 26 sections, 2 theorems, 6 equations, 6 figures, 3 tables, 7 algorithms.

Table of Contents

  1. Introduction
  2. Challenges
  3. Related Work
  4. Preliminaries
  5. Hilbert Curve
  6. Quotient Filter
  7. Symmetric-key Hidden Vector Encryption
  8. Problem Formulation
  9. System Model
  10. Threat Model
  11. Design Goals
  12. Trinity Schemes
  13. Trinity-I: Basic Trinity Construction
  14. Technique Overview
  15. Details of Basic Trinity Construction
  16. ...and 11 more sections

Key Result

Theorem 1

Define the leakage function $\mathcal{L}_1$ of Trinity-I, if it can be described as following: Trinity-I is Indistinguishability under Selective Chosen-Plaintext Attack (IND-SCPA) secure if SHVE is IND-SCPA secure.

Figures (6)

  • Figure 1: An example of quotient filter
  • Figure 2: An example of encoded Hilbert curve with prefixes
  • Figure 3: An example of addition
  • Figure 4: Trinity-I vs Trinity-II,SKSE-II,GRS-II and $\mathsf {DSSE}_{\mathsf {SKQ}}$ setup performance
  • Figure 5: Trinity-I vs Trinity-II,SKSE-II,GRS-II and $\mathsf {DSSE}_{\mathsf {SKQ}}$ search performance
  • ...and 1 more figures

Theorems & Definitions (8)

  • Definition 1
  • Definition 2
  • Definition 3
  • Definition 4
  • Theorem 1
  • proof
  • Theorem 2
  • proof