IM-DSSE: A High-Security Searchable Encryption Framework for Privacy-Critical Cloud Storage Services
Basic implementation of IM-DSSE. The full paper is available on ePrint (https://eprint.iacr.org/2017/1237). This project is built on CodeLite IDE (link: http://codelite.org). It is recommended to install CodeLite to load the full IM-DSSE workspace.
-
ZeroMQ (download link: http://zeromq.org/intro:get-the-software)
-
Libtomcrypt (download link: https://github.com/libtom/libtomcrypt)
-
Google sparsehash (download link: https://github.com/sparsehash/sparsehash)
-
Intel AES-NI (optional) (download link: https://software.intel.com/en-us/articles/download-the-intel-aesni-sample-library)
IM-DSSE leverages Intel AES-NI to accelerate cryptographic operations. The Intel-AES-NI is available in Intel® Core™ i5, Intel® Core™ i7, Intel® Xeon® 5600 series and newer processor (see https://ark.intel.com/Search/FeatureFilter?productType=processors&AESTech=true for a complete list). This functionality can be disabled to test IM-DSSE with other CPU models (see the Configuration Section below). Here the brief instruction to install Intel-AES-NI:
- Extract the .zip file downloaded from https://software.intel.com/en-us/articles/download-the-intel-aesni-sample-library
- Open the Terminal and go to
Intel_AESNI_Sample_Library_v1.2/intel_aes_lib
- Run
./mk_lnx_libXX.sh
, which will generate the header and library files inintel_aes_lib/include/
andintel_aes_lib/lib/xXX/
directories, respectively, whereXX = 64
(if your OS is 64 bits) orXX = 86
(if your OS is 32 bits). - Add the
lib
prefix to the generated library file (intel_aesXX.a -> libintel_aesXX.a
). - Copy header files and library files to your local folders (e.g.,
/usr/local/include
and/usr/local/lib
).
All IM-DSSE configurations are located in IM-DSSE/config.h
.
#define INTEL_AES_NI -> If enabled, use Intel AES-NI library
#define VARIANT_I -> Set 1 of 4 options: VARIANT_MAIN, VARIANT_I, VARIANT_II, VARIANT_III
#define DISK_STORAGE_MODE -> If enabled, encrypted index will be stored on HDD (RAM if disabled)
#define SEND_SEARCH_FILE_INDEX -> If enabled, search result will contain specific file indexes
#define PEER_ADDRESS "tcp://localhost:5555" -> Server IP Address & Port
const std::string SERVER_PORT = "5555"; -> Server Port number
#define MAX_NUM_OF_FILES 1024 -> Maximum number of files (It MUST be the power of 2 and divisible by 8)
#define MAX_NUM_KEYWORDS 12000 -> Maximum number of keywords
The folder IM-DSSE/data
as well as its structure are required to store generated IM-DSSE data structures. The database is located in IM-DSSE/data/DB
. The implementation recognize DB as a set of document files so that you can copy your DB files to this location. The current DB contains a small subset of enron DB (link: https://www.cs.cmu.edu/~./enron/).
Goto folder IM-DSSE/
and execute
make
, which produces the binary executable file named IM-DSSE
in IM-DSSE/Debug/
.
- Access the AES-NI header file named
iaesni.h
, go to line 51, and comment that line as follows:
#ifndef bool
//#define bool BOOL -> line 51
#endif
-
Disable INTEL_AES_NI in
IM-DSSE/config.h
-
Remove the library linker
-lintel-aes64
in the make fileIM-DSSE/MakeFile
Run the binary executable file IM-DSSE
, which will ask for either Client or Server mode. The IM-DSSE implementation can be tested using either single machine or multiple machines with network:
- Set
PEER_ADDRESS
inIM-DSSE/config.h
to belocalhost
. - Choose
SERVER_PORT
identical with what indicated inPEER_ADDRESS
. - Compile the code with
make
in theIM-DSSE/
folder. - Go to
IM-DSSE/Debug
and run the compiledIM-DSSE
file with two different Terminals, each playing the client/server role.
- Set
PEER_ADDRESS
andSERVER_PORT
inIM-DSSE/config.h
with the corresponding server's IP address and port number. - Run
make
inIM-DSSE/
to compile and generate executable fileIM-DSSE
inIM-DSSE/Debug
folder. - Copy the file
IM-DSSE
inIM-DSSE/Debug
to different machines - Execute the file and follow the instruction on the screen.
(To be updated)
For any inquiries, bugs, and assistance on building and running the code, please contact Thang Hoang ([email protected]).