Outsourcing data to the cloud is often cheaper, more dependable, and more convenient than in-house solutions, but it also comes with risk. Standard encryption protects against some threats but is not effective in the face of total cloud compromise. Client-side encryption is a much more secure alternative; however, it breaks key business processes like search. Today’s services expect access to plaintext client data in order to work properly, and client-side encryption simply gets in the way. The service cannot find documents matching a query if it can’t decrypt them.
This document, written by Professor David Cash, University of Chicago, discusses practical techniques to enable server-side search on encrypted data without the pitfalls of other proposed partial solutions. We call this Ionic Encrypted Search, or IonES, which combines strong security with true practicality.