{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:01:36Z","timestamp":1777806096005,"version":"3.51.4"},"reference-count":46,"publisher":"SAGE Publications","issue":"6","license":[{"start":{"date-parts":[[2019,9,30]],"date-time":"2019-09-30T00:00:00Z","timestamp":1569801600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2019,10,11]]},"abstract":"<jats:p>Data privacy is one of the main concerns for data outsourcing on the cloud. Although standard encryption can provide confidentiality, it prevents the client from searching\/retrieving meaningful information on the outsourced data thereby, degrading the benefits of using cloud services. To address this data utilization versus privacy dilemma, Dynamic Searchable Symmetric Encryption (DSSE) has been proposed. DSSE enables encrypted search and update functionality over the encrypted data via a secure index. However, the state-of-the-art DSSE constructions leak information from the access pattern, making them vulnerable against various attacks. While generic Oblivious Random Access Machine (ORAM) can hide the access pattern, it incurs a heavy communication overhead, which was shown costly to be directly used in the DSSE setting. In this article, by exploiting the multi-cloud infrastructure, we develop a comprehensive Oblivious Distributed DSSE (ODSE) framework that allows oblivious search and updates on the encrypted index with high security and improved efficiency over the use of generic ORAM. Our framework contains a series of [Formula: see text] schemes each featuring different levels of performance and security required by various types of real-life applications. ODSE offers desirable security guarantees such as information-theoretic security and robustness in the presence of a malicious adversary. We fully implemented [Formula: see text] framework and evaluated its performance in a real cloud environment (Amazon EC2). Our experiments showed that ODSE schemes are [Formula: see text]-[Formula: see text] faster than using generic ORAMs on a DSSE encrypted index under real network settings.<\/jats:p>","DOI":"10.3233\/jcs-191300","type":"journal-article","created":{"date-parts":[[2019,10,1]],"date-time":"2019-10-01T14:12:37Z","timestamp":1569939157000},"page":"649-676","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":7,"title":["A multi-server oblivious dynamic searchable encryption framework"],"prefix":"10.1177","volume":"27","author":[{"given":"Thang","family":"Hoang","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, University of South Florida, Tampa, FL, USA. E-mails:\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Attila A.","family":"Yavuz","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University of South Florida, Tampa, FL, USA. E-mails:\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"F. Bet\u00fcl","family":"Durak","sequence":"additional","affiliation":[{"name":"Robert Bosch LLC, Research and Technology Center, Pittsburgh, PA, USA. E-mails:\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jorge","family":"Guajardo","sequence":"additional","affiliation":[{"name":"Robert Bosch LLC, Research and Technology Center, Pittsburgh, PA, USA. E-mails:\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2019,9,30]]},"reference":[{"key":"ref001","doi-asserted-by":"crossref","unstructured":"I.\u00a0Abraham, C.W.\u00a0Fletcher, K.\u00a0Nayak, B.\u00a0Pinkas and L.\u00a0Ren, Asymptotically tight bounds for composing ORAM with PIR, in: IACR Public Key Cryptography, Springer, 2017, pp.\u00a091\u2013120.","DOI":"10.1007\/978-3-662-54365-8_5"},{"key":"ref002","doi-asserted-by":"crossref","unstructured":"A.\u00a0Beimel and Y.\u00a0Stahl, Robust information-theoretic private information retrieval, in: International Conference on Security in Communication Networks, Springer, 2002, pp.\u00a0326\u2013341.","DOI":"10.1007\/3-540-36413-7_24"},{"key":"ref003","doi-asserted-by":"crossref","unstructured":"E.O.\u00a0Blass, T.\u00a0Mayberry, G.\u00a0Noubir and K.\u00a0Onarlioglu, Toward robust hidden volumes using write-only oblivious RAM, in: Proceedings of the 2014 ACM CCS, ACM, 2014, pp.\u00a0203\u2013214.","DOI":"10.1145\/2660267.2660313"},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"C.\u00a0B\u00f6sch, P.\u00a0Hartel, W.\u00a0Jonker and A.\u00a0Peter, A survey of provably secure searchable encryption, ACM Computing Surveys (CSUR) 47(2) (2015), 18.","DOI":"10.1145\/2636328"},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"C.\u00a0Bosch, A.\u00a0Peter, B.\u00a0Leenders, H.W.\u00a0Lim, Q.\u00a0Tang, H.\u00a0Wang, P.\u00a0Hartel and W.\u00a0Jonker, Distributed searchable symmetric encryption, in: Privacy, Security and Trust (PST), 12th International Conference on, IEEE, 2014, pp.\u00a0330\u2013337.","DOI":"10.1109\/PST.2014.6890956"},{"key":"ref006","doi-asserted-by":"crossref","unstructured":"R.\u00a0Bost, Sophos \u2013 forward secure searchable encryption, in: Proceedings of the 2016 ACM Conference on Computer and Communications Security, ACM, 2016.","DOI":"10.1145\/2976749.2978303"},{"key":"ref007","doi-asserted-by":"crossref","unstructured":"R.\u00a0Bost, B.\u00a0Minaud and O.\u00a0Ohrimenko, Forward and backward private searchable encryption from constrained cryptographic primitives, Technical Report, IACR Cryptology ePrint Archive 2017, 2017.","DOI":"10.1145\/3133956.3133980"},{"key":"ref008","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2013.45"},{"key":"ref009","doi-asserted-by":"crossref","unstructured":"D.\u00a0Cash, P.\u00a0Grubbs, J.\u00a0Perry and T.\u00a0Ristenpart, Leakage-abuse attacks against searchable encryption, in: Proceedings of the 22nd ACM CCS, 2015, pp.\u00a0668\u2013679.","DOI":"10.1145\/2810103.2813700"},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"D.\u00a0Cash, J.\u00a0Jaeger, S.\u00a0Jarecki, C.S.\u00a0Jutla, H.\u00a0Krawczyk, M.C.\u00a0Rosu and M.\u00a0Steiner, Dynamic searchable encryption in very-large databases: Data structures and implementation, IACR Cryptology ePrint Archive 2014 (2014), 853.","DOI":"10.14722\/ndss.2014.23264"},{"key":"ref011","doi-asserted-by":"crossref","unstructured":"B.\u00a0Chor, E.\u00a0Kushilevitz, O.\u00a0Goldreich and M.\u00a0Sudan, Private information retrieval, Journal of the ACM (JACM) (1998).","DOI":"10.1145\/293347.293350"},{"key":"ref012","doi-asserted-by":"crossref","unstructured":"R.\u00a0Curtmola, J.\u00a0Garay, S.\u00a0Kamara and R.\u00a0Ostrovsky, Searchable symmetric encryption: Improved definitions and efficient constructions, in: Proceedings of the 13th ACM CCS, ACM, 2006, pp.\u00a079\u201388.","DOI":"10.1145\/1180405.1180417"},{"key":"ref013","doi-asserted-by":"crossref","unstructured":"I.\u00a0Damg\u00e5rd, V.\u00a0Pastro, N.\u00a0Smart and S.\u00a0Zakarias, Multiparty computation from somewhat homomorphic encryption, in: Annual Cryptology Conference, Springer, 2012, pp.\u00a0643\u2013662.","DOI":"10.1007\/978-3-642-32009-5_38"},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"S.\u00a0Devadas, M.\u00a0van Dijk, C.W.\u00a0Fletcher, L.\u00a0Ren, E.\u00a0Shi and D.\u00a0Wichs, Onion oram: A constant bandwidth blowup oblivious ram, in: Theory of Cryptography Conference, Springer, 2016, pp.\u00a0145\u2013174. doi:10.1007\/978-3-662-49099-0_6.","DOI":"10.1007\/978-3-662-49099-0_6"},{"key":"ref015","doi-asserted-by":"crossref","unstructured":"S.\u00a0Garg, P.\u00a0Mohassel and C.\u00a0Papamanthou, TWORAM: Round-optimal oblivious RAM with applications to searchable encryption, IACR Cryptology ePrint Archive 2015 (2015), 1010.","DOI":"10.1007\/978-3-662-53015-3_20"},{"key":"ref016","doi-asserted-by":"crossref","unstructured":"I.\u00a0Goldberg, Improving the robustness of private information retrieval, in: IEEE Symposium on Security and Privacy, IEEE, 2007, pp.\u00a0131\u2013148.","DOI":"10.1109\/SP.2007.23"},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"M.D.\u00a0Green and I.\u00a0Miers, Forward secure asynchronous messaging from puncturable encryption, in: Security and Privacy (SP), 2015 IEEE Symposium on, IEEE, 2015, pp.\u00a0305\u2013320. doi:10.1109\/SP.2015.26.","DOI":"10.1109\/SP.2015.26"},{"key":"ref018","unstructured":"S.\u00a0Gueron, White paper: Intel Advanced Encryption Standard (AES) new instructions set, Document Revision 3.01, September 2012."},{"key":"ref019","doi-asserted-by":"crossref","unstructured":"V.\u00a0Guruswami and M.\u00a0Sudan, Improved decoding of Reed\u2013Solomon and algebraic-geometric codes, in: Foundations of Computer Science, 1998. Proceedings. 39th Annual Symposium on, IEEE, 1998, pp.\u00a028\u201337.","DOI":"10.1109\/SFCS.1998.743426"},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"F.\u00a0Hahn and F.\u00a0Kerschbaum, Searchable encryption with secure and efficient updates, in: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2014, pp.\u00a0310\u2013320.","DOI":"10.1145\/2660267.2660297"},{"key":"ref021","doi-asserted-by":"crossref","unstructured":"T.\u00a0Hoang, A.\u00a0Yavuz and J.\u00a0Guajardo, Practical and secure dynamic searchable encryption via oblivious access on distributed data structure, in: Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC), ACM, 2016.","DOI":"10.1145\/2991079.2991088"},{"key":"ref022","doi-asserted-by":"crossref","unstructured":"T.\u00a0Hoang, A.A.\u00a0Yavuz, F.B.\u00a0Durak and J.\u00a0Guajardo, Oblivious dynamic searchable encryption on distributed cloud systems, in: IFIP Annual Conference on Data and Applications Security and Privacy, Springer, 2018, pp.\u00a0113\u2013130.","DOI":"10.1007\/978-3-319-95729-6_8"},{"key":"ref023","unstructured":"M.S.\u00a0Islam, M.\u00a0Kuzu and M.\u00a0Kantarcioglu, Access pattern disclosure on searchable encryption: Ramification, attack and mitigation, in: NDSS, 2012."},{"key":"ref024","doi-asserted-by":"crossref","unstructured":"S.\u00a0Kamara and C.\u00a0Papamanthou, Parallel and dynamic searchable symmetric encryption, in: Financial Cryptography and Data Security, Springer, 2013, pp.\u00a0258\u2013274. doi:10.1007\/978-3-642-39884-1_22.","DOI":"10.1007\/978-3-642-39884-1_22"},{"key":"ref025","doi-asserted-by":"crossref","unstructured":"S.\u00a0Kamara, C.\u00a0Papamanthou and T.\u00a0Roeder, Dynamic searchable symmetric encryption, in: Proceedings of the 2012 ACM Conference on Computer and Communications Security, ACM, 2012, pp.\u00a0965\u2013976.","DOI":"10.1145\/2382196.2382298"},{"key":"ref026","doi-asserted-by":"crossref","unstructured":"J.\u00a0Katz and Y.\u00a0Lindell, Introduction to Modern Cryptography, CRC Press, 2014.","DOI":"10.1201\/b17668"},{"key":"ref027","doi-asserted-by":"crossref","unstructured":"C.\u00a0Liu, L.\u00a0Zhu, M.\u00a0Wang and Y.a.\u00a0Tan, Search pattern leakage in searchable encryption: Attacks and new construction, Information Sciences (2014).","DOI":"10.1016\/j.ins.2013.11.021"},{"key":"ref028","first-page":"1","author":"Moataz T.","year":"2018","journal-title":"Journal of Computer Security"},{"key":"ref029","unstructured":"M.\u00a0Naveed, The fallacy of composition of oblivious RAM and searchable encryption, in: Cryptology ePrint Archive, Report 2015\/668, 2015."},{"key":"ref030","doi-asserted-by":"crossref","unstructured":"P.\u00a0Paillier, Public-key cryptosystems based on composite degree residuosity classes, in: International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 1999, pp.\u00a0223\u2013238.","DOI":"10.1007\/3-540-48910-X_16"},{"key":"ref031","doi-asserted-by":"crossref","unstructured":"D.\u00a0Pouliot and C.V.\u00a0Wright, The shadow nemesis: Inference attacks on efficiently deployable, efficiently searchable encryption, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2016, pp.\u00a01341\u20131352.","DOI":"10.1145\/2976749.2978401"},{"key":"ref032","unstructured":"L.\u00a0Ren, C.W.\u00a0Fletcher, A.\u00a0Kwon, E.\u00a0Stefanov, E.\u00a0Shi, M.\u00a0van Dijk, S.\u00a0Devadas and O.R.A.M.\u00a0Ring, Closing the gap between small and large client storage oblivious RAM, IACR Cryptology ePrint Archive (2014)."},{"key":"ref033","doi-asserted-by":"crossref","unstructured":"A.\u00a0Shamir, How to share a secret, Communications of the ACM (1979).","DOI":"10.1145\/359168.359176"},{"key":"ref034","unstructured":"V.\u00a0Shoup, NTL: A library for doing number theory, 2016."},{"key":"ref035","unstructured":"D.X.\u00a0Song, D.\u00a0Wagner and A.\u00a0Perrig, Practical techniques for searches on encrypted data, in: Proceedings of the 2000 IEEE Symposium on Security and Privacy, IEEE Computer Society, 2000, pp.\u00a044\u201355."},{"key":"ref036","unstructured":"sparsehash: An extemely memory efficient hash_map implementation, February 2012."},{"key":"ref037","doi-asserted-by":"crossref","unstructured":"E.\u00a0Stefanov, C.\u00a0Papamanthou and E.\u00a0Shi, in: Practical Dynamic Searchable Encryption with Small Leakage, NDSS, San Diego, California, USA, 2014.","DOI":"10.14722\/ndss.2014.23298"},{"key":"ref038","doi-asserted-by":"crossref","unstructured":"E.\u00a0Stefanov, M.\u00a0Van Dijk, E.\u00a0Shi, C.\u00a0Fletcher, L.\u00a0Ren, X.\u00a0Yu and S.\u00a0Devadas, Path ORAM: An extremely simple oblivious RAM protocol, in: Proceedings of the 2013 ACM CCS, ACM, 2013, pp.\u00a0299\u2013310.","DOI":"10.1145\/2508859.2516660"},{"key":"ref039","doi-asserted-by":"crossref","unstructured":"W.\u00a0Sun, B.\u00a0Wang, N.\u00a0Cao, M.\u00a0Li, W.\u00a0Lou, Y.T.\u00a0Hou and H.\u00a0Li, Privacy-preserving multi-keyword text search in the cloud supporting similarity-based ranking, in: ACM SIGSAC AsiaCCS, ACM, 2013, pp.\u00a071\u201382.","DOI":"10.1145\/2484313.2484322"},{"key":"ref040","unstructured":"The Clusion Library."},{"key":"ref041","doi-asserted-by":"crossref","unstructured":"C.\u00a0Wang, N.\u00a0Cao, J.\u00a0Li, K.\u00a0Ren and W.\u00a0Lou, Secure ranked keyword search over encrypted cloud data, in: IEEE 30th International Conference on Distributed Computing Systems, IEEE, 2010, pp.\u00a0253\u2013262.","DOI":"10.1109\/ICDCS.2010.34"},{"key":"ref042","unstructured":"L.R.\u00a0Welch and E.R.\u00a0Berlekamp, Error correction for algebraic block codes, Google Patents, 1986, US Patent 4,633,470."},{"key":"ref043","unstructured":"ZeroMQ library, 2016."},{"key":"ref044","doi-asserted-by":"crossref","unstructured":"R.\u00a0Zhang, R.\u00a0Xue, T.\u00a0Yu and L.\u00a0Liu, Dynamic and efficient private keyword search over inverted index-based encrypted data, ACM Transactions on Internet Technology (TOIT) 16(3) (2016), 21. doi:10.1145\/2940328.","DOI":"10.1145\/2940328"},{"key":"ref045","unstructured":"Y.\u00a0Zhang, J.\u00a0Katz and C.\u00a0Papamanthou, All your queries are belong to us: The power of file-injection attacks on searchable encryption, in: 25th USENIX Security Symposium (USENIX Security, Vol.\u00a016, 2016, pp.\u00a0707\u2013720."},{"key":"ref046","doi-asserted-by":"crossref","unstructured":"F.\u00a0Zhou, Y.\u00a0Li, A.X.\u00a0Liu, M.\u00a0Lin and Z.\u00a0Xu, Integrity preserving multi-keyword searchable encryption for cloud computing, in: International Conference on Provable Security, Springer, 2016, pp.\u00a0153\u2013172.","DOI":"10.1007\/978-3-319-47422-9_9"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191300","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-191300","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191300","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:20Z","timestamp":1777495520000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-191300"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9,30]]},"references-count":46,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2019,10,11]]}},"alternative-id":["10.3233\/JCS-191300"],"URL":"https:\/\/doi.org\/10.3233\/jcs-191300","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,9,30]]}}}