Towards Secure and Efficient Wildcard Search for Cloud Storage

We delve into the complexities surrounding the delegation of encrypted data to cloud services, which often introduce limitations on search functionalities. To overcome these challenges, the concept of fuzzy searchable encryption has emerged, empowering users to search for data that closely resemble, rather than precisely match, a given query. Notably, wildcard search has emerged as a prominent technique within fuzzy searchable encryption, allowing users to search for words or phrases conforming to specific patterns. However, existing wildcard search schemes require explicit specification of wildcard count and/or positions, thereby potentially introducing security vulnerabilities. Presently, a state-of-the-art security-enhanced wildcard searchable encryption scheme known as SPWSE has alleviated the need for explicit specification of wildcard count and positions in search queries. In this paper, we uncover a novel attack on SPWSE, enabling adversaries not only to discern the underlying keyword but also to determine the count and positions of wildcards utilized in the query. This information leakage stems from cryptographically loose coupling in the trapdoor generation process. To tackle this specific challenge, we propose a novel approach to enhance the security of wildcard searchable encryption. Our proposed scheme integrates additional cryptographic mechanisms to fortify its security posture while concurrently reducing the computational costs associated with data encryption, query generation, and search operations. We evaluate the effectiveness and security of our proposed approach through extensive experimentation, comparing its performance against existing methodologies in the field.