Substring Position Search over Encrypted Cloud Data Supporting Efficient MultiUser Setup^{ †}
Abstract
:1. Introduction
 We present a Substring Position Searchable Symmetric Encryption (SSPSSE) scheme that allows a substring search over an encrypted document collection. The scheme is based on a position heap tree data structure recently proposed by Ehrenfeucht et al. [21].
 We formally define two leakage functions and security against the adaptive chosenquery attack of a treebased SSPSSE scheme. Apart from the traditional access and search patterns, we include the definition of the path pattern in the leakage functions of a treebased searchable encryption. We show that SSPSSE enjoys the strong notion of semantic security [6].
 We present a construction that is very efficient and does not require large ciphertext space. Our encryption takes $O(kn)$ time, and the ciphertext is of size $O(kn)$, where k is the security parameter and n is the size of stored data. The search protocol takes $O({m}^{2}+occ)$ time and three rounds of communication, where m is the length of the queried substring and $occ$ is the number of occurrences of the substring in the document collection. We perform a thorough experimental evaluation of our solution on a realworld genomic dataset.
 We consider a natural extension of the SSPSSE scheme, where an arbitrary group of data users can submit substring queries to search the encrypted collection. We design a scheme support distributed setup, where data users choose their own secret key rather than receive the key from a trusted authority. We formally define a MultiUser Substring Position Searchable Symmetric Encryption (MSSPSSE) and present an efficient construction.
2. Related Work
3. Background and Building Blocks
3.1. System and Threat Models
3.2. Preliminaries and Notations
 Given a key $K\in {\{0,1\}}^{k}$ and an input $X\in {\{0,1\}}^{n}$, there is an algorithm to compute ${F}_{K}(X)=F(X,K)$.
 For any ttime oracle algorithm A, we have:$$\begin{array}{c}\hfill P{r}_{K\leftarrow {\{0,1\}}^{k}}[{A}^{{f}_{K}}]P{r}_{f\in \mathrm{F}}[{A}^{f}]<\u03f5\end{array}$$
 $Gen({1}^{k}):$ a key generation algorithm that inputs a security parameter k and outputs a secret key K.
 $Enc(K,m):$ a probabilistic algorithm that inputs a secret key K and message m, and outputs a ciphertext c.
 $Dec(K,c):$ a deterministic algorithm that inputs a secret key K and ciphertext c, and outputs a message m or special symbol ⊥ (if decryption failed).
 Use secret parameter k to output the secret key $K\to Gen({1}^{k})$.
 The adversary A is given oracle access to $En{c}_{K}()$.
 The adversary A outputs a message m.
 Let ${c}_{0}\leftarrow En{c}_{K}(m)$ and ${c}_{1}\stackrel{R}{\leftarrow}C$. C denotes the set of all possible ciphertexts. A bit b is chosen at random, and ${c}_{b}$ is given to the adversary A.
 The adversary A is again given to the oracle access to $En{c}_{K}()$, and A runs the number of polynomial queries to output a bit ${b}^{\prime}$.
 The experiment outputs one if b = ${b}^{\prime}$, otherwise zero.
4. Substring Search Algorithms
4.1. Suffix Tree
 Each edge is labeled with a nonempty substring of t, named the edge label.
 Every internal node has at least two children.
 No two edges out of a node have edge labels starting with the same character.
 The tree has n leaves, labeled from 1 to n.
4.2. Suffix Array
4.3. Position Heap Tree
 Index into the position heap Λ to find the longest prefix p of χ that is a node of Λ. For each ancestor ${p}^{\prime}$ of p, lookup the position i stored in ${p}^{\prime}$. Here, position i is an occurrence of ${p}^{\prime}$. Determine if this occurrence is followed by $\chi {p}^{\prime}$. If yes, report i as an occurrence of χ.
 If $p=\chi $, also report all positions of the descendants of p.
4.4. Discussion
5. Substring Position Searchable Symmetric Encryption
5.1. Algorithm Definitions
 K←$KeyGen({1}^{k})$: a probabilistic key generation algorithm to setup the SSPSSE scheme. The algorithm takes a secret parameter k and outputs a set of secret keys K.
 $(\mathrm{\Lambda})$←$BuildTree(D)$: a deterministic algorithm to build a position heap tree Λ. The algorithm takes a document collection D = $({D}_{1},$$\dots ,$${D}_{l})$ and outputs a position heap tree Λ.
 $(I,C)$←$Encrypt(K,\mathrm{\Lambda},D)$: a probabilistic algorithm to encrypt a position heap tree Λ and document corpus D. The algorithm inputs a set of secret keys K, a position heap tree Λ and a documents corpus D. The output of algorithm is a searchable index I and encrypted collection C = $({C}_{1},$$\dots ,$${C}_{l})$.
 $[(Q)$←$ConstructQuery(K,\chi )]$↔$[(L)$←$Search(I,Q)]$: two deterministic algorithms that are executed interactively between the cloud user and the cloud provider. The ConstructQuery algorithm inputs a set of secret keys K, a substring χ, and it outputs a search query Q. The Search is an algorithm that inputs a searchable index I and a search query Q. The algorithm finds the set of matching encrypted document identifiers $L\in C$.
 $({D}_{i},po{s}_{{D}_{i}})$←$Decrypt(K,{C}_{i})$: a deterministic algorithm that takes a set of secret keys K and a ciphertext ${C}_{i}$ as input and outputs an original document ${D}_{i}$, $\forall i\in [1;n]$ and a set of χ’s positions $po{s}_{{D}_{i}}$ in ${D}_{i}$.
5.2. Security Model Definitions
 Leakage ${\mathbb{L}}_{1}(I,C)$. Given the encrypted collection C = $\{{C}_{1},$ $\dots ,$ ${C}_{l}\}$ and the searchable index I, the leakage consists of the following information: the number of encrypted documents, the size of encrypted documents and the identifier of each encrypted document.
 Leakage ${\mathbb{L}}_{2}(Q,I,C)$. Given the encrypted collection C = $\{{C}_{1},$ $\dots ,$ ${C}_{l}\}$, the searchable index I and the search query Q, the leakage function outputs the access pattern $\kappa (C,Q)$, search pattern $\gamma (C,Q)$ and path pattern $\delta (C,I,Q)$.
5.3. SSPSSE Construction
Algorithm 1: Notations. 

5.3.1. Setup Phase
Algorithm 2: SSPSSE setup phase. 
Let $SKE$ = $(Gen,$ $Enc,$ $Dec)$ be a PCPAsecure symmetrickey encryption scheme; let F: ${\{0,1\}}^{k}$ × ${\{0,1\}}^{*}$ → ${\{0,1\}}^{k}$ be a PRF; and let P:${\{0,1\}}^{k}$ × ${\{0,1\}}^{n}$ → ${\{0,1\}}^{n}$ be a PRP. SETUP PHASE. $\underset{\xaf}{\mathit{KeyGen}({1}^{k})}$: given the security parameter k, generate ${K}_{1}$, ${K}_{X}$, ${K}_{Y}$, ${K}_{V}$ ← $SKE.Gen({1}^{k})$ and ${K}_{Q}$, ${K}_{L}$, ${K}_{2}$, ${K}_{3}$ $\stackrel{\mathrm{R}}{\leftarrow}$ ${\{0,1\}}^{k}$. Output the key set K = $({K}_{1}$, ${K}_{X}$, ${K}_{Y}$, ${K}_{V}$, ${K}_{Q}$, ${K}_{L}$, ${K}_{2}$, ${K}_{3})$. BuildTree(D) : given the document collection D = $({D}_{1},$ $\dots ,$ ${D}_{l})$:
Encrypt(K, Λ, D) : given the secret key set K, position heap tree Λ and the set of documents D = $({D}_{1},$ $\dots ,$ ${D}_{l})$. Build encrypted tree:
Build encrypted arrays:
Encrypt document collection:
Output: index I = $(\overline{\mathrm{\Lambda}},$ $X,$ $Y)$ and encrypted document collection C = $({C}_{1},$ ${C}_{2},$ $\dots ,$ ${C}_{l})$. 
5.3.2. Search Phase
Algorithm 3: SSPSSE search phase. 
SEARCH PHASE. [(Q) ← ConstructQuery(K, χ)] ↔ [(L) ← Search(I,Q)] is an interactive protocol between the cloud user and the cloud provider. The cloud user keeps the key set K = $({K}_{1}$, ${K}_{X}$, ${K}_{Y}$, ${K}_{V}$, ${K}_{Q}$, ${K}_{L}$, ${K}_{2}$, ${K}_{3})$ and queries cloud provider for a substring χ. The cloud provider executes search on searchable index I = $(\overline{\mathrm{\Lambda}},$ $X,$ $Y)$ and returns results back to the cloud user.
$\underset{\xaf}{\mathit{Decrypt}({K}_{1},{K}_{2},{C}_{i})}$:

6. Security and Performance Analysis
6.1. Security
 $\mathbb{S}({1}^{k},{\mathbb{L}}_{1})$: The simulator $\mathbb{S}$ has a leakage ${\mathbb{L}}_{1}$, which gives the simulator information about the number and size of documents, as well as identifier of each encrypted document. The simulator $\mathbb{S}$ randomly generates a set of simulated ciphertexts $\tilde{C}$ and simulated searchable index $\tilde{I}$ as follows:
 –
 Simulator $\mathbb{S}$ outputs the set of ciphertexts $\tilde{C}=\{\tilde{{C}_{1}},\dots ,\tilde{{C}_{l}}\}$, where $\tilde{{C}_{i}}\stackrel{R}{\leftarrow}{\{0,1\}}^{{D}_{i}}$.
 –
 Simulator $\mathbb{S}$ sets the simulated encrypted position heap tree $\tilde{\mathrm{\Lambda}}$, where each node is set as $\tilde{V}(\nu [i])$ $\stackrel{R}{\leftarrow}$ ${\{0,1\}}^{k}$ and each path label of node $\nu [i]$ is set as $\tilde{L}(\nu [i])$ $\stackrel{R}{\leftarrow}$ ${\{0,1\}}^{k}$, where $i\in [1;n]$. The simulator outputs the encrypted position heap tree $\tilde{\mathrm{\Lambda}}$.
 –
 Simulator $\mathbb{S}$ then constructs simulated arrays $\tilde{X}$ and $\tilde{Y}$: $\tilde{X}[i]$ = ${\{0,1\}}^{k}$ and $\tilde{Y}[i]$ = ${\{0,1\}}^{k}$, where $i\in [1;n]$.
 –
 Simulator $\mathbb{S}$ outputs simulated searchable index $\tilde{I}$ = $(\tilde{\mathrm{\Lambda}},$ $\tilde{Y},$ $\tilde{X})$ and the set of simulated ciphertexts $\tilde{C}$.
 $\mathbb{S}({1}^{k},{\mathbb{L}}_{1},{\mathbb{L}}_{2})$: The adversary $\mathbb{A}$ sends a new query Q to the simulator $\mathbb{S}$. The simulator then starts collecting various dependencies between the incoming search query and the resulting output.
 –
 With given search query Q, simulator $\mathbb{S}$ traverses the simulated encrypted position heap tree $\tilde{\mathrm{\Lambda}}$ starting from the root node, following the simulated path labels to find the set of matching encrypted nodes in $\tilde{\mathrm{\Lambda}}$. The simulator outputs the set of simulated matching nodes: $\tilde{ancestors}$ and $\tilde{descendants}$.
 –
 With given search requests $({\tilde{y}}_{1},\dots ,{\tilde{y}}_{num})$, the simulator performs a search in simulated array $\tilde{Y}$ and returns matching elements $({\tilde{Y}}_{1},\dots ,{\tilde{Y}}_{num})$.
 –
 With given search requests $({\tilde{x}}_{1},\dots ,{\tilde{x}}_{h})$, the simulator performs a search in simulated array $\tilde{X}$ and returns matching elements $({\tilde{X}}_{1},\dots ,{\tilde{X}}_{h})$.
6.2. Performance
7. MultiUser Substring Position Searchable Symmetric Encryption
7.1. Preliminaries
 $Gen$: a probabilistic algorithm that inputs a security parameter λ and a circuit $R:$ $\mathbb{X}$ × $\mathbb{W}$ → $\{0,1\}$, and outputs a secret function key $fk$ and a public evaluation key $ek$.
 F: a deterministic algorithm that inputs the function key $fk$ and an input $x\in \mathbb{X}$ and outputs some output $y\in \mathbb{Y}$ for some set $\mathbb{Y}$.
 $Eval$: a deterministic algorithm that inputs the evaluation key $ek$, an input $x\in \mathbb{X}$ and a witness $w\in \mathbb{W}$ and that produces an output $y\in \mathbb{Y}$ or ⊥.
 $Publish(\lambda ,g)$: a probabilistic algorithm to output public and secret keys. The algorithm inputs the security parameter λ and the group order g. It computes $(fk,ek)\stackrel{R}{\leftarrow}Gen(\lambda ,{R}_{g})$. Next, it picks a random seed $sk$ $\stackrel{R}{\leftarrow}\mathbb{S}$ and computes z←$G(sk)$. It outputs a secret key $sk$ and public values $(z,ek)$, where $sk$ is kept secret and $(z,ek)$ are published to the bulletin board.
 $KeyGen({\{{z}_{i},e{k}_{i}\}}_{i\in [g]},sk)$: a deterministic algorithm that inputs group g and user’s secret $sk$. It outputs a group key k = $Eval(e{k}_{i},({z}_{1},\dots ,{z}_{g}),(sk,i))$.
 $Setup$: a probabilistic algorithm to setup the BENIKEWPRF scheme. The algorithm outputs a secret parameter λ and group order g.
 $Join(\lambda ,g)$: a probabilistic algorithm to join the scheme that is executed by each participant. The algorithm inputs a secret parameter λ and group order g. The algorithm invokes $\mathit{NIKE}\mathit{WPRF}.Publish(\lambda ,g)$ to output secret $sk$ and public values $(z,ek)$. The user makes $(z,ek)$ publicly available to other participants.
 $Enc({\{{z}_{i},e{k}_{i}\}}_{i\in [g]},sk,m)$: a probabilistic algorithm to encrypt message m under the shared key. The algorithm inputs the set of public values ${\{{z}_{i},e{k}_{i}\}}_{i\in [g]}$, secret key $sk$ and plaintext message m. The algorithm runs $\mathit{NIKE}\mathit{WPRF}.KeyGen({\{{z}_{i},e{k}_{i}\}}_{i\in [g]},sk)$ to derive the shared key k. The algorithm outputs a ciphertext c, which is the encryption of message m using the shared key k.
 $Dec({\{{z}_{i},e{k}_{i}\}}_{i\in [g]},sk,{c}_{m})$: a deterministic algorithm to decrypt ${c}_{m}$. The algorithm invokes $\mathit{NIKE}\mathit{WPRF}.KeyGen({\{{z}_{i},e{k}_{i}\}}_{i\in [g]},sk)$ to derive k. If $k\ne \perp $, then the algorithm decrypts ${c}_{m}$ using k and outputs the original message m.
7.2. Algorithm Definitions
 $(K,\lambda ,g)$ ← $KeyGen({1}^{k})$: a probabilistic key generation algorithm to setup the SSPSSE scheme. The algorithm takes a secret parameter k and outputs a set of secret keys K, secret parameter λ and group g.
 $(\mathrm{\Lambda})$ ← $BuildTree(D)$: a deterministic algorithm to build a position heap tree Λ. The algorithm takes a document collection D = $\{{D}_{1},$ $\dots ,$ ${D}_{l}\}$ and constructs a position heap tree Λ.
 $(I,C)$ ← $Encrypt(K,\mathrm{\Lambda},D)$: a probabilistic algorithm to encrypt a position heap tree and document corpus. The algorithm inputs a set of secret keys K, a position heap tree Λ and a documents corpus D. The output of algorithm is a searchable index I and encrypted collection C = $\{{C}_{1},$ $\dots ,$ ${C}_{l}\}$.
 $(sk,(z,ek))$ ← $Join(\lambda ,g)$: a probabilistic algorithm run by each data user to participate in the scheme. The algorithm invokes $\mathit{BE}\mathit{NIKE}\mathit{WPRF}.Join$ with an input of secret parameter λ and group order g. It outputs a pair $(sk,(z,ek))$.
 ${c}_{r}$ ← $GroupSetup({\{{z}_{i},e{k}_{i}\}}_{i\in [h]},sk)$: a probabilistic algorithm run by the group owner to establish the group $h\subseteq g$ of authorized data users. The algorithm runs $\mathit{BE}\mathit{NIKE}\mathit{WPRF}.Enc$ with an input of public values ${\{{z}_{i},e{k}_{i}\}}_{i\in [h]}$, group owner’s secret key $sk$ and a sampled secret r. The output is encrypted ciphertext ${c}_{r}$.
 ${c}_{r}$ ← $Remove({\{{z}_{i},e{k}_{i}\}}_{i\in [h\setminus o],},sk)$: a probabilistic algorithm run by the group owner to remove a user o from the set of authorized users. The algorithm invokes $\mathit{BE}\mathit{NIKE}\mathit{WPRF}.Enc$ that inputs the set of public values ${\{{z}_{i},e{k}_{i}\}}_{i\in [h\setminus o]}$, group owner’s secret key $sk$ and a new secret r. The output is encrypted ciphertext ${c}_{r}$.
 $[(Q)$ ← $ConstructQuery(K,\chi ,{c}_{r})]$ ↔ $[(L)$ ← $Search(I,Q,{c}_{r})]$: two deterministic algorithms that are executed interactively between the authorized cloud user and the cloud provider. The algorithm inputs a set of secret keys K, ciphertext ${c}_{r}$ and a substring χ, and it outputs a search query Q. The algorithm uses a query Q, searchable index I and ciphertext ${c}_{r}$. It outputs a sequence of identifiers $L\in C$.
 $({D}_{i},po{s}_{{D}_{i}})$ ← $Decrypt(K,{C}_{i})$: a deterministic algorithm that takes a set of secret keys K and a ciphertext ${C}_{i}$ as input, and it outputs an original document ${D}_{i}$, $\forall i\in [1;n]$, and a set of χ’s positions $po{s}_{{D}_{i}}$ in ${D}_{i}$.
 Given searchable index I and the set of encrypted documents C = $\{{C}_{1},$ $\dots ,$ ${C}_{l}\}$, the adversary should learn nothing about the original document collection D = $\{{D}_{1},$ $\dots ,$ ${D}_{l}\}$.
 Given the set of incoming search queries Q = $\{{Q}_{1},$ $\dots ,$ ${Q}_{m}\}$, access pattern, search pattern and path pattern, the adversary should learn nothing about the content of each search query ${Q}_{i}$ or the content of resulted documents.
 Once a user is removed from the set of authorized cloud users, he/she is no longer allowed to invoke a search over encrypted documents in the cloud. Thus, we require the revocation of the cloud users.
Algorithm 4: $Re{v}_{\mathit{MSSP}\mathit{SSE},\mathbb{A}}(k)$. 
$(s{t}_{A},D)$ ← ${\mathbb{A}}_{1}({1}^{k})$ $(s{k}_{A},({z}_{A},e{k}_{A}))$ ← $Join(\lambda ,g)$ ${c}_{r}$ ← $SetupGroup(({z}_{A},e{k}_{A}),sk)$ $(\mathrm{\Lambda})$ ← $BuildTree(D)$ $(I,C)$ ← $Encrypt(K,\mathrm{\Lambda},D)$ $s{t}_{A}$ ← ${\mathbb{A}}_{2}^{O(I,C,s{t}_{\mathbb{S}},\xb7)}(s{t}_{A},s{k}_{A},({z}_{A},e{k}_{A}),{c}_{r})$ ${c}_{r}^{\prime}$ ← $Remove(({z}_{A},e{k}_{A}),sk)$ Q ← ${\mathbb{A}}_{3}(s{t}_{A})$ L ← $Search(s{t}_{S},I,Q,{c}_{r}^{\prime})$ if L ≠ ⊥, output one, otherwise output zero 
7.3. MSSPSSE Construction
Algorithm 5: MSSPSSE construction. 
$\underset{\xaf}{\mathit{KeyGen}({1}^{k})}$:
BuildTree(D) : Given a document collection D = $\{{D}_{1},$ $\dots ,$ ${D}_{l}\}$, output Λ ← $\mathit{SSP}\mathit{SSE}.BuildTree(D)$. Encrypt(K, Λ, D) :
Output $(I,C)$. Join(λ, g) :
Keep $sk$ private; output $(z,ek)$ to the cloud server. $\underset{\xaf}{\mathit{GroupSetup}({\{{z}_{i},e{k}_{i}\}}_{i\in [h]},\mathit{sk})}$ :
$\underset{\xaf}{\mathit{Remove}({\{{z}_{i},e{k}_{i}\}}_{i\in [h\setminus o]},\mathit{sk})}$
Output new ${c}_{r}$ to the cloud server. $\underset{\xaf}{[(Q)\leftarrow \mathit{ConstructQuery}(K,\chi ,{c}_{r})]\leftrightarrow [(L)\leftarrow \mathit{Search}(I,Q,{c}_{r})]}$
$\underset{\xaf}{\mathit{Decrypt}(K,{C}_{i})}$ Output $({D}_{i},po{s}_{{D}_{i}})$ ← $\mathit{SSP}\mathit{SSE}.Decrypt(K,{C}_{i})$. 
8. Conclusions
Acknowledgments
Author Contributions
Conflicts of Interest
References
 Strizhov, M.; Ray, I. Substring Position Search over Encrypted Cloud Data Using TreeBased Index. In Proceedings of the 2015 IEEE International Conference on Cloud Engineering (IC2E), Tempe, AZ, USA, 9–13 March 2015.
 Song, D.X.; Wagner, D.; Perrig, A. Practical Techniques for Searches on Encrypted Data. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 14–17 May 2000.
 Goh, E.J. Secure Indexes. Cryptology ePrint Archive, Report 2003/216. 2003. Available online: http://eprint.iacr.org/2003/216/ (accessed on 10 January 2016).
 Moataz, T.; Shikfa, A. Boolean Symmetric Searchable Encryption. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, Hangzhou, China, 8–10 May 2013.
 Orencik, C.; Kantarcioglu, M.; Savas, E. A Practical and Secure Multikeyword Search Method over Encrypted Cloud Data. In Proceedings of the 6th IEE International Conference on Cloud Computing, Santa Clara, CA, USA, 28 June–3 July 2013.
 Curtmola, R.; Garay, J.; Kamara, S.; Ostrovsky, R. Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions. In Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 30 October–3 November 2006.
 Boneh, D.; Waters, B. Conjunctive, Subset, and Range Queries on Encrypted Data. In Proceedings of the 4th IACR Theory of Cryptography Conference, Amsterdam, The Netherlands, 21–24 February 2007.
 Boneh, D.; Crescenzo, G.D.; Ostrovsky, R.; Persiano, G. Public Key Encryption with Keyword Search. In Proceedings of the EUROCRYPT 2004, Jeju Island, Korea, 5–9 December 2004.
 Lai, J.; Zhou, X.; Deng, R.H.; Li, Y.; Chen, K. Expressive Search on Encrypted Data. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, Hangzhou, China, 8–10 May 2013.
 Cao, N.; Wang, C.; Li, M.; Ren, K.; Lou, W. PrivacyPreserving Multikeyword Ranked Search over Encrypted Cloud Data. In Proceedings of the 30th IEEE International Conference on Computer Communications, Shanghai, China, 31 July–2 August 2011.
 Cash, D.; Jarecki, S.; Jutla, C.; Krawczyk, H.; Rosu, M.C.; Steiner, M. HighlyScalable Searchable Symmetric Encryption with Support for Boolean Queries. In Proceedings of the 33rd Annual International Cryptology Conference CRYPTO 2013, Santa Barbara, CA, USA, 18–22 August 2013.
 Kamara, S.; Papamanthou, C.; Roeder, T. Dynamic Searchable Symmetric Encryption. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh, NC, USA, 16–18 October 2012.
 Chang, Y.C.; Mitzenmacher, M. Privacy Preserving Keyword Searches on Remote Encrypted Data. In Proceedings of the 3rd International Conference on Applied Cryptography and Network Security, New York, NY, USA, 7–10 June 2005.
 Shi, E.; Bethencourt, J.; Chan, T.H.H.; Song, D.; Perrig, A. MultiDimensional Range Query over Encrypted Data. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 20–23 May 2007.
 Agrawal, R.; Kiernan, J.; Srikant, R.; Xu, Y. OrderPreserving Encryption for Numeric Data. In Proceedings of the ACM SIGMOD International Conference on Management of Data, Paris, France, 13–18 June 2004.
 Blanton, M. Achieving Full Security in PrivacyPreserving Data Mining. In Proceedings of the 3rd IEEE International Conference on Privacy, Security, Risk and Trust, Boston, MA, USA, 9–11 October 2011.
 Li, J.; Wang, Q.; Wang, C.; Cao, N.; Ren, K.; Lou, W. Fuzzy Keyword Search over Encrypted Data in Cloud Computing. In Proceedings of the 29th Conference on Information Communications, London, UK, 7–9 September 2010.
 Wang, C.; Ren, K.; Yu, S.; Urs, K. Achieving Usable and Privacyassured Similarity Search over Outsourced Cloud Data. In Proceedings of the 31th Conference on Information Communications, Hertfordshire, UK, 29–31 October 2012.
 Boldyreva, A.; Chenette, N. Efficient Fuzzy Search on Encrypted Data. In Proceedings of the 21st International Workshop on Fast Software Encryption, London, UK, 3–5 March 2014.
 Strizhov, M.; Ray, I. Multikeyword Similarity Search over Encrypted Cloud Data. In Proceedings of the ICT Systems Security and Privacy Protection, Marrakech, Morocco, 2–4 June 2014.
 Ehrenfeucht, A.; McConnell, R.M.; Osheim, N.; Woo, S.W. Position Heaps: A Simple and Dynamic Text Indexing Data Structure. J. Discret. Algorithms 2011, 9, 100–121. [Google Scholar] [CrossRef]
 Bloom, B.H. Space/Time Tradeoffs in Hash Coding with Allowable Errors. Commun. ACM 1970, 13, 422–426. [Google Scholar] [CrossRef]
 Wang, C.; Cao, N.; Li, J.; Ren, K.; Lou, W. Secure Ranked Keyword Search over Encrypted Cloud Data. In Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems, Genoa, Italy, 21–25 June 2010.
 Moataz, T.; Justus, B.; Ray, I.; CuppensBoulahia, N.; Cuppens, F.; Ray, I. PrivacyPreserving Multiple Keyword Search on Outsourced Data in the Clouds. In Proceedings of the Data and Applications Security and Privacy XXVIII, Vienna, Austria, 14–16 July 2014.
 Crescenzo, G.D.; Saraswat, V. Public Key Encryption with Searchable Keywords Based on Jacobi Symbols. In Proceedings of the 8th International Conference on Cryptology in India, Chennai, India, 9–13 December 2007.
 Golle, P.; Staddon, J.; Waters, B. Secure Conjunctive Keyword Search over Encrypted Data. In Proceedings of the Applied Cryptography and Network Security 2004, Yellow Mountain, China, 8–11 June 2004.
 Hwang, Y.H.; Lee, P.J. Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multiuser System. In Proceedings of the First International Conference on PairingBased Cryptography, Tokyo, Japan, 2–4 July 2007.
 Weiner, P. Linear Pattern Matching Algorithms. In Proceedings of the 14th Annual Symposium on Switching and Automata Theory (Swat 1973), Washington, DC, USA, 15–17 October 1973; pp. 1–11.
 Manber, U.; Myers, G. Suffix Arrays: A New Method for OnLine String Searches. SIAM J. Comput. 1993, 22, 935–948. [Google Scholar] [CrossRef]
 Gusfield, D. Algorithms on Strings, Trees, and Sequences: Computer Science and Computational Biology; Cambridge University Press: New York, NY, USA, 1997. [Google Scholar]
 Ukkonen, E. Online Construction of Suffix Trees. Algorithmica 1995, 14, 249–260. [Google Scholar] [CrossRef]
 Gentry, C.; Goldman, K.; Halevi, S.; Julta, C.; Raykova, M.; Wichs, D. Optimizing ORAM and Using It Efficiently for Secure Computation. In Proceedings of the 13th Privacy Enhancing Technologies Symposium, Bloomington, IN, USA, 10–12 July 2013.
 LibTomCrypt. Cryptographic Toolkit. 2016. Available online: https://github.com/libtom/libtomcrypt (accessed on 10 May 2016).
 NCBI. Genome Database. 2016. Available online: http://www.ncbi.nlm.nih.gov/genome (accessed on 10 May 2016). [Google Scholar]
 Fiat, A.; Naor, M. Broadcast Encryption. In Proceedings of the 13th Annual International Cryptology Conference CRYPTO ’93, Santa Barbara, CA, USA, 22–26 August 1993.
 Zhandry, M. How to Avoid Obfuscation Using Witness PRFs. In Proceedings of the 13th International Conference on Theory of Cryptography TCC 2016, Tel Aviv, Israel, 10–13 January 2016.
 Morris, B.; Rogaway, P.; Stegers, T. How to Encipher Messages on a Small Domain. In Proceedings of the CRYPTO 2009, Santa Barbara, CA, USA, 16–20 August 2009.
Data Structure  Construction  Search  Cloud Storage 

Suffix Tree  $O(n)$  $O(m+occ)$  $O({n}^{2})$ 
Suffix Array  $O(n)$  $O(m+log(n))$  $O{({n}^{2})}^{1}$ 
Position Heap Tree  $O(n)$  $O({m}^{2}+occ)$  $O(n)$ 
Organism Name  Description  mRNA Size (MB)  Organism Name  Description  mRNA Size (MB) 

Dufourea novaeangliae  28  Papilio Polytes  41  
Bactrocera dorsalis  49  Fopius arisanus  60  
Halyomorpha halys  63  Tribolium castaneum  63  
Stomoxys calcitrans  70  Orussus abietinus  72  
Nasonia vitripennis  75  Linepithema humile  77 
© 2016 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CCBY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Strizhov, M.; Osman, Z.; Ray, I. Substring Position Search over Encrypted Cloud Data Supporting Efficient MultiUser Setup. Future Internet 2016, 8, 28. https://doi.org/10.3390/fi8030028
Strizhov M, Osman Z, Ray I. Substring Position Search over Encrypted Cloud Data Supporting Efficient MultiUser Setup. Future Internet. 2016; 8(3):28. https://doi.org/10.3390/fi8030028
Chicago/Turabian StyleStrizhov, Mikhail, Zachary Osman, and Indrajit Ray. 2016. "Substring Position Search over Encrypted Cloud Data Supporting Efficient MultiUser Setup" Future Internet 8, no. 3: 28. https://doi.org/10.3390/fi8030028