Dynamic Pattern Matching on Encrypted Data With Forward and Backward Security

Abstract

Pattern matching is widely used in applications such as genomic data query analysis, network intrusion detection, and deep packet inspection (DPI). Performing pattern matching on plaintext data is straightforward, but the need to protect the security of analyzed data and analyzed patterns can significantly complicate the process. Due to the privacy security issues of data and patterns, researchers begin to explore pattern matching on encrypted data. However, existing solutions are typically built on static pattern matching methods, lacking dynamism, namely, the inability to perform addition or deletion operations on the analyzed data. This lack of flexibility might hinder the adaptability and effectiveness of pattern matching on encrypted data in the real-world scenarios. In this paper, we design a dynamic pattern matching scheme on encrypted data with forward and backward security, which introduces much-needed dynamism. Our scheme is able to implement the addition operation and the deletion operation on the encrypted data without affecting the security of the original pattern matching scheme. Specifically, we design secure addition and deletion algorithms based on fragmentation data structures, which are compatible with the static pattern matching scheme. Moreover, we make significant improvements to the key generation algorithm, the encryption algorithm, and the match algorithm of the static scheme to ensure forward and backward security. Theoretical analysis proves that our scheme satisfies forward and backward security while ensuring the nonfalsifiability of encrypted data. The experimental results show that our scheme has a slight increase in time cost compared to the static pattern matching scheme, demonstrating its practicality and effectiveness in dynamic scenarios.