Lei Xu,Huayi Duan,Anxin Zhou,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/tifs.2021.3128823

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable symmetric encryption (SSE) enables users to make confidential queries over always encrypted data while confining information disclosure to pre-defined leakage profiles. Despite the well-understood performance and potentially broad applications of SSE, recent leakage-abuse attacks (LAAs) are questioning its real-world security implications. They show that a passive adversary with certain prior information of a database can recover queries by exploiting the legitimately admitted leakage. While several countermeasures have been proposed, they are insufficient for either security, i.e., handling only specific leakage like query volume, or efficiency, i.e., incurring large storage and bandwidth overhead. We aim to fill this gap by advancing the understanding of LAAs from a fundamental algebraic perspective. Our investigation starts by revealing that the index matrices of a plaintext database and its encrypted image can be linked by linear transformation. The invariant characteristics preserved under the transformation encompass and surpass the information exploited by previous LAAs. They allow one to unambiguously link encrypted queries with corresponding keywords, even with only partial knowledge of the database. Accordingly, we devise a new powerful attack and conduct a series of experiments to show its effectiveness. In response, we propose a new security notion to thwart LAAs in general, inspired by the principle of local differential privacy (LDP). Under the notion, we further develop a practical countermeasure with tunable privacy and efficiency guarantee. Experiment results on representative real-world datasets show that our countermeasure can reduce the query recovery rate of LAAs, including our own.

computer science, theory & methods,engineering, electrical & electronic

Simon Oya,Florian Kerschbaum

DOI: https://doi.org/10.48550/arXiv.2010.03465

2020-10-07

Cryptography and Security

Abstract:Recent Searchable Symmetric Encryption (SSE) schemes enable secure searching over an encrypted database stored in a server while limiting the information leaked to the server. These schemes focus on hiding the access pattern, which refers to the set of documents that match the client's queries. This provides protection against current attacks that largely depend on this leakage to succeed. However, most SSE constructions also leak whether or not two queries aim for the same keyword, also called the search pattern. In this work, we show that search pattern leakage can severely undermine current SSE defenses. We propose an attack that leverages both access and search pattern leakage, as well as some background and query distribution information, to recover the keywords of the queries performed by the client. Our attack follows a maximum likelihood estimation approach, and is easy to adapt against SSE defenses that obfuscate the access pattern. We empirically show that our attack is efficient, it outperforms other proposed attacks, and it completely thwarts two out of the three defenses we evaluate it against, even when these defenses are set to high privacy regimes. These findings highlight that hiding the search pattern, a feature that most constructions are lacking, is key towards providing practical privacy guarantees in SSE.

Yi Zhao,Jianting Ning,Kaitai Liang,Yanqi Zhao,Liqun Chen,Bo Yang

DOI: https://doi.org/10.1016/j.cose.2020.101836

2020-08-01

Abstract:<p>Searchable functionality is provided in many online services such as mail services or outsourced data storage. To protect users privacy, data in these services is usually stored after being encrypted using searchable encryption. This enables the data user to securely search encrypted data from a remote server without leaking data and query information. Public key encryption with keyword search is one of the research branches of searchable encryption; this provides privacy-preserving searchable functionality for applications such as encrypted email systems. However, it has an inherent vulnerability in that the information of a query may be leaked using a keyword guessing attack. Most of existing works aim to make the system resistant to offline keyword guessing, but this does not protect against online attacks on real world services. In this paper, we move a step forward to present a generic framework able to resist online keyword guessing attack using a server-assisted model. Specifically, we design a novel primitive C mirrored all-but-one lossy encryption, which can prevent a specific user from generating valid encryptions. This primitive can be seen as an access control on encryption ability. Combining searchable encryption technique with the new primitive makes online keyword guessing attack impossible for the specified user, even if the attack is launched online. We further give formal security analysis for the generic framework, and a concrete implementation with efficiency analysis to show that our design is practical.</p>

computer science, information systems

Kui Ren,Cong Wang

DOI: https://doi.org/10.1007/978-3-031-21377-9_5

2023-01-01

Abstract:In Chap. 3 , we discussed the security definitions of searchable encryption. In short, an SE scheme is said to achieve adaptively semantic security with a leakage function $$\mathcal {L}(\cdot )$$ if the information revealed during its operation is bounded by $$\mathcal {L}(\cdot )$$ . Typically, allowed leakages include the size of encrypted data collection, whether a search token (trapdoor) has been repeated, which encrypted documents have been accessed, etc. In the extreme case, we can claim that a trivial plaintext solution is secure with $$\mathcal {L}(\mathrm {DB}, w_1, \dots , w_t)=(\mathrm {DB}, w_1, \dots , w_t)$$ , i.e., it leaks all plaintext data, though this leakage function is meaningless since it obviously reveals confidential data to the untrusted server.

Marc Damie,Florian Hahn,Andreas Peter

DOI: https://doi.org/10.48550/arXiv.2306.15302

2023-06-27

Cryptography and Security

Abstract:Cloud data storage solutions offer customers cost-effective and reduced data management. While attractive, data security issues remain to be a core concern. Traditional encryption protects stored documents, but hinders simple functionalities such as keyword search. Therefore, searchable encryption schemes have been proposed to allow for the search on encrypted data. Efficient schemes leak at least the access pattern (the accessed documents per keyword search), which is known to be exploitable in query recovery attacks assuming the attacker has a significant amount of background knowledge on the stored documents. Existing attacks can only achieve decent results with strong adversary models (e.g. at least 20% of previously known documents or require additional knowledge such as on query frequencies) and they give no metric to evaluate the certainty of recovered queries. This hampers their practical utility and questions their relevance in the real-world. We propose a refined score attack which achieves query recovery rates of around 85% without requiring exact background knowledge on stored documents; a distributionally similar, but otherwise different (i.e., non-indexed), dataset suffices. The attack starts with very few known queries (around 10 known queries in our experiments over different datasets of varying size) and then iteratively recovers further queries with confidence scores by adding previously recovered queries that had high confidence scores to the set of known queries. Additional to high recovery rates, our approach yields interpretable results in terms of confidence scores.

Yunling Wang,Shi-Feng Sun,Jianfeng Wang,Joseph K. Liu,Xiaofeng Chen

DOI: https://doi.org/10.1109/tsc.2020.2973139

IF: 11.019

2022-03-01

IEEE Transactions on Services Computing

Abstract:Searchable Encryption (SE) enables a data owner to outsource encrypted data to an untrusted server while preserving the keyword search functionality. Typically, the server learns whether or not a query has been performed more than once, which is usually called the search pattern. However, such kind of information leakage might be leveraged to break query privacy. To further reduce such type of leakage and provide strong privacy guarantee, Wang et al. proposed a novel SE scheme based on the Paillier encryption scheme in INFOCOM'15. Unfortunately, their scheme cannot perform keyword search successfully, because the additive homomorphic property is not sufficient for their construction. In this article, we first show that why their scheme fails to return the correct search result, and then propose a new SE scheme by adopting a special additive homomorphic encryption scheme to achieve the multiplicative homomorphic property efficiently. Furthermore, we enhance the security on the user side. Specifically, we use random polynomials with an appropriate degree to guarantee that the user cannot learn anything other than the desired search result. Finally, we present a formal security analysis and implement our scheme on a real-world database, which demonstrates that our construction can achieve the desired security properties with good performance.

computer science, information systems, software engineering

Jin Li,Yanyu Huang,Yu Wei,Siyi Lv,Zheli Liu,Changyu Dong,Wenjing Lou

DOI: https://doi.org/10.1109/tdsc.2019.2894411

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Searchable symmetric encryption (SSE) has been widely applied in the encrypted database for queries in practice. Although SSE is powerful and feature-rich, it is always plagued by information leaks. Some recent attacks point out that forward privacy which disallows leakage from update operations, now becomes a basic requirement for any newly designed SSE schemes. However, the subsequent search operations can still leak a significant amount of information. To further strengthen security, we extend the definition of forward privacy and propose the notion of “forward search privacy”. Intuitively, it requires search operations over newly added documents do not leak any information about past queries. The enhanced security notion poses new challenges to the design of SSE. We address the challenges by developing the hidden pointer technique (HPT) and propose a new SSE scheme called Khons, which satisfies our security notion (with the original forward privacy notion) and is also efficient. We implemented Khons and our experiment results on large dataset (wikipedia) show that it is more efficient than existing SSE schemes with forward privacy.

computer science, information systems, software engineering, hardware & architecture

Marco Dijkslag,Marc Damie,Florian Hahn,Andreas Peter

DOI: https://doi.org/10.1007/978-3-031-09234-3_7

2023-07-04

Abstract:While storing documents on the cloud can be attractive, the question remains whether cloud providers can be trusted with storing private documents. Even if trusted, data breaches are ubiquitous. To prevent information leakage one can store documents encrypted. If encrypted under traditional schemes, one loses the ability to perform simple operations over the documents, such as searching through them. Searchable encryption schemes were proposed allowing some search functionality while documents remain encrypted. Orthogonally, research is done to find attacks that exploit search and access pattern leakage that most efficient schemes have. One type of such an attack is the ability to recover plaintext queries. Passive query-recovery attacks on single-keyword search schemes have been proposed in literature, however, conjunctive keyword search has not been considered, although keyword searches with two or three keywords appear more frequently in online searches. We introduce a generic extension strategy for existing passive query-recovery attacks against single-keyword search schemes and explore its applicability for the attack presented by Damie et al. (USENIX Security '21). While the original attack achieves up to a recovery rate of 85% against single-keyword search schemes for an attacker without exact background knowledge, our experiments show that the generic extension to conjunctive queries comes with a significant performance decrease achieving recovery rates of at most 32%. Assuming a stronger attacker with partial knowledge of the indexed document set boosts the recovery rate to 85% for conjunctive keyword queries with two keywords and achieves similar recovery rates as previous attacks by Cash et al. (CCS '15) and Islam et al. (NDSS '12) in the same setting for single-keyword search schemes.

Cryptography and Security

Yanping Li,Qiang Cao,Kai Zhang,Fang Ren

DOI: https://doi.org/10.1016/j.sysarc.2021.102006

IF: 5.836

2021-05-01

Journal of Systems Architecture

Abstract:<p>The keyword-based searchable encryption is a very promising technology in the cloud storage, which can supply data users with accurate search services over encrypted data based on queried keywords. An important security objective of this kind of schemes is to resist keyword privacy leakage because it may cause content leakage of to data itself and search preferences of data users. To protect keyword privacy, the existing methods mainly are implemented by keyword ciphertext indistinguishability and trapdoor indistinguishability. And there is few works to resist keyword privacy leakage from access pattern and search pattern simultaneously, which will inevitably affects the further application of this promising technology. In order to avoid keyword privacy leakage from above two patterns, we first construct a novel secure keyword index called the global index pair which is used to construct a k-nearest neighbour search, i.e., a data user can always receive the top-k encrypted files which are the most relevant to the search query. To effectively save computing costs and storage costs for DUs, a new order-preserving transformation is designed in our scheme to generate trapdoor without DUs computing the inverse of matrix. Secondly, our construction is independent of a specific searchable encryption scheme. Any kind of a keyword-based searchable encryption scheme can apply our method to resist the keyword privacy leakage both from access pattern and search pattern. Finally, the detailed security analyses are given to demonstrate that the advantage of any Level-3 attacker launching efficient inside attack from search pattern and access pattern is negligible, i.e., our construction can protect the keyword privacy against an inside attacker.</p>

computer science, software engineering, hardware & architecture

Shujie Cui,Xiangfu Song,Muhammad Rizwan Asghar,Steven D Galbraith,Giovanni Russello

DOI: https://doi.org/10.48550/arXiv.1909.11624

2019-09-25

Cryptography and Security

Abstract:Searchable Encryption (SE) is a technique that allows Cloud Service Providers (CSPs) to search over encrypted datasets without learning the content of queries and records. In recent years, many SE schemes have been proposed to protect outsourced data from CSPs. Unfortunately, most of them leak sensitive information, from which the CSPs could still infer the content of queries and records by mounting leakage-based inference attacks, such as the count attack and file injection attack. In this work, first we define the leakage in searchable encrypted databases and analyse how the leakage is leveraged in existing leakage-based attacks. Second, we propose a Privacy-preserving Multi-cloud based dynamic symmetric SE (SSE) scheme for relational Database (P-McDb). P-McDb has minimal leakage, which not only ensures confidentiality of queries and records, but also protects the search, access, and size patterns from CSPs. Moreover, P-McDb ensures both forward and backward privacy of the database. Thus, P-McDb could resist existing leakage-based attacks, e.g., active file/record-injection attacks. We give security definition and analysis to show how P-McDb hides the aforementioned patterns. Finally, we implemented a prototype of P-McDb and test it using the TPC-H benchmark dataset. Our evaluation results show the feasibility and practical efficiency of P-McDb.

Chuang Li,Chunxiang Xu,Shanshan Li,Kefei Chen,Yinbin Miao

DOI: https://doi.org/10.1109/tcc.2021.3071779

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:With cloud services, data users can retrieve encrypted data while preserving data confidentiality. However, this new paradigm suffers from many security concerns. A major concern is how to avoid insider Keyword-Guessing Attacks (KGA), which implies that the internal attackers can guess the candidate keywords successfully in an off-line manner. To address this issue, recently, two verifiable searchable encryption schemes (published in IEEE Transactions on Cloud Computing, doi: 10.1109/TCC.2020.2989296) in cloud storage were proposed which enjoys many desirable features. In this letter, we demonstrate that the schemes are insecure against insider keyword-guessing attack. Specifically, we show that the adversary can derive the keywords in an off-line manner.

computer science, information systems, theory & methods

Chang Xu,Ruijuan Wang,Liehuang Zhu,Chuan Zhang,Rongxing Lu,Kashif Sharif

DOI: https://doi.org/10.48550/arXiv.2203.13662

2022-03-25

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) supports keyword search over outsourced symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a variant of SSE, further enables data updating. Most DSSE works with conjunctive keyword search primarily consider forward and backward privacy. Ideally, the server should only learn the result sets involving all keywords in the conjunction. However, existing schemes suffer from keyword pair result pattern (KPRP) leakage, revealing the partial result sets containing two of query keywords. We propose the first DSSE scheme to address aforementioned concerns that achieves strong privacy-preserving conjunctive keyword search. Specifically, our scheme can maintain forward and backward privacy and eliminate KPRP leakage, offering a higher level of security. The search complexity scales with the number of documents stored in the database in several existing schemes. However, the complexity of our scheme scales with the update frequency of the least frequent keyword in the conjunction, which is much smaller than the size of the entire database. Besides, we devise a least frequent keyword acquisition protocol to reduce frequent interactions between clients. Finally, we analyze the security of our scheme and evaluate its performance theoretically and experimentally. The results show that our scheme has strong privacy preservation and efficiency.

Fateh Boucenna

DOI: https://doi.org/10.48550/arXiv.2002.10294

2020-02-24

Cryptography and Security

Abstract:Companies and individuals demand more and more storage space and computing power. For this purpose, several new technologies have been designed and implemented, such as the cloud computing. This technology provides its users with storage space and computing power according to their needs in a flexible and personalized way. However, the outsourced data such as emails, electronic health records, and company reports are sensitive and confidential. Therefore, It is primordial to protect the outsourced data against possible external attacks and the cloud server itself. That is why it is highly recommended to encrypt the sensitive data before being outsourced to a remote server. To perform searches over outsourced data, it is no longer possible to exploit traditional search engines given that these data are encrypted. Consequently, lots of searchable encryption (SE) schemes have been proposed in the literature. Three major research axes of searchable encryption area have been studied in the literature. The first axis consists in ensuring the security of the search approach. Indeed, the search process should be performed without decryption any data and without causing any sensitive information leakage. The second axis consists in studying the search performance. In fact, the encrypted indexes are less efficient than the plaintext indexes, which makes the searchable encryption schemes very slow in practice. More the approach is secure, less it is efficient, thus, the challenge consists in finding the best compromise between security and performance. Finally, the third research axis consists in the quality of the returned results in terms of relevance and recall. The problem is that the encryption of the index causes the degradation of the recall and the precision. Therefore, the goal is to propose a technique that is able to obtain almost the same result obtained in the traditional search.

Mingyue Wang,Zizhuo Chen,Yinbin Miao,Hejiao Huang,Cong Wang,Xiaohua Jia

DOI: https://doi.org/10.1109/tifs.2023.3333244

IF: 7.231

2023-12-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloud computing has been a research focus in both academic and industrial communities for decades. Along with this trend, Searchable Encryption (SE) technology emerged and developed as data privacy concerns increased. Many schemes are proposed to solve the privacy-preserving data-sharing problem in multi-user scenarios. Most existing solutions are based on the assumption that all users are trusted. However, there will be cross-user leakage when there are malicious or compromised ones. This is because of the inherent linkability of authorization information and the search result when multiple users request data from the same database. To this end, we propose a cross-user leakage mitigation scheme for authorized encrypted data sharing in a two-server model. We utilize a blinding factor to delink authorizations based on Symmetric Multi-Key Searchable Encryption (SMKSE). To break the linkability of query results, we combine the zero-sum garbled Bloom filter with the oblivious transfer technique, where each of the two servers can only know partial information. We devise a group-based Bloom filter structure in indices to improve efficiency. We perform formal security analysis and also demonstrate the efficiency through comparative experiments.

computer science, theory & methods,engineering, electrical & electronic

Hao Nie,Wei Wang,Peng Xu,Xianglong Zhang,Laurence T. Yang,Kaitai Liang

2024-03-02

Abstract:Searchable symmetric encryption schemes often unintentionally disclose certain sensitive information, such as access, volume, and search patterns. Attackers can exploit such leakages and other available knowledge related to the user's database to recover queries. We find that the effectiveness of query recovery attacks depends on the volume/frequency distribution of keywords. Queries containing keywords with high volumes/frequencies are more susceptible to recovery, even when countermeasures are implemented. Attackers can also effectively leverage these ``special'' queries to recover all others.

Cryptography and Security

Viet Vo,Shangqi Lai,Xingliang Yuan,Shi-Feng Sun,Surya Nepal,Joseph K. Liu

DOI: https://doi.org/10.48550/arXiv.2001.03743

2020-01-11

Cryptography and Security

Abstract:Searchable encryption (SE) is one of the key enablers for building encrypted databases. It allows a cloud server to search over encrypted data without decryption. Dynamic SE additionally includes data addition and deletion operations to enrich the functions of encrypted databases. Recent attacks exploiting the leakage in dynamic operations drive rapid development of new SE schemes revealing less information while performing updates; they are also known as forward and backward private SE. Newly added data is no longer linkable to queries issued before, and deleted data is no longer searchable in queries issued later. However, those advanced SE schemes reduce the efficiency of SE, especially in the communication cost between the client and server. In this paper, we resort to the hardware-assisted solution, aka Intel SGX, to ease the above bottleneck. Our key idea is to leverage SGX to take over the most tasks of the client, i.e., tracking keyword states along with data addition and caching deleted data. However, handling large datasets is non-trivial due to the I/O and memory constraints of the SGX enclave. We further develop batch data processing and state compression technique to reduce the communication overhead between the SGX and untrusted server, and minimise the memory footprint in the enclave. We conduct a comprehensive set of evaluations on both synthetic and real-world datasets, which confirm that our designs outperform the prior art.

Lixue Sun,Chunxiang Xu,Chuang Li,Yuhui Li

DOI: https://doi.org/10.1016/j.comcom.2020.09.018

IF: 5.047

2020-12-01

Computer Communications

Abstract:<p>Searchable encryption schemes allow users to search encrypted data containing some keyword without decrypting the data. It protects the data privacy of data owners, meanwhile facilitates efficient data access in secure cloud storage service. Most of the existing schemes only considered the single-user setting, in which a user uploads his encrypted data and later performs searches on it. However, the majority of databases in practice do not only serve one user; instead, they support write operations by multiple data owners and search operations by some authorized users. There exists the following issues in existing multi-user searchable encryption schemes. First, some schemes allow only one data owner to write to the encrypted database; second, a number of schemes may require the data owner to interact with the authorized users to distribute secret keys; third, some other schemes cannot efficiently support the search authorization revocation on users, and do not achieve the trapdoor unlinkability. In this paper, we address these issues by proposing a server-aided searchable encryption scheme in multi-user setting. In our scheme, the data owners only need to know the public key of an administration server to generate the searchable ciphertext, regardless of the number of authorized users. Furthermore, our scheme is shown to be semantically secure against outside keyword guessing attacks. Finally, the performance analyses and comparisons with some existing schemes demonstrate that our scheme achieves better performance.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Yandong Zheng,Rongxing Lu,Jun Shao,Fan Yin,Hui Zhu

DOI: https://doi.org/10.1109/tsc.2020.2992303

IF: 11.019

2020-01-01

IEEE Transactions on Services Computing

Abstract:Dynamic symmetric searchable encryption (SSE), which enables a data user to securely search and dynamically update the encrypted documents stored in a semi-trusted cloud server, has received considerable attention in recent years. However, the search and update operations in many previously reported SSE schemes will bring some additional privacy leakages, e.g., search pattern privacy, forward privacy and backward privacy. To the best of our knowledge, none of the existing dynamic SSE schemes preserves the search pattern privacy, and many backward private SSE schemes still leak some critical information, e.g., the identifiers containing a specific keyword currently in the database. Therefore, aiming at the above challenges, in this article, we design a practical SSE scheme, which not only supports the search pattern privacy but also enhances the backward privacy. Specifically, we first leverage the <span class="mjpage"><svg xmlns:xlink="http://www.w3.org/1999/xlink" width="1.211ex" height="2.176ex" style="vertical-align: -0.338ex;" viewBox="0 -791.3 521.5 936.9" role="img" focusable="false" xmlns="http://www.w3.org/2000/svg"><g stroke="currentColor" fill="currentColor" stroke-width="0" transform="matrix(1 0 0 -1 0 0)"> <use xlink:href="#MJMATHI-6B" x="0" y="0"></use></g></svg></span>k-anonymity and encryption to design an obfuscating technique. Then, based on the obfuscating technique, pseudorandom function and pseudorandom generator, we design a basic dynamic SSE scheme to support single keyword queries and simultaneously achieve search pattern privacy and enhanced backward privacy. Furthermore, we also extend our proposed scheme to support more efficient boolean queries. Security analysis demonstrates that our proposed scheme can achieve the desired privacy properties, and the extensive performance evaluations also show that our proposed scheme is indeed efficient in terms of communication overhead and computational cost.<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs id="MathJax_SVG_glyphs"><path stroke-width="1" id="MJMATHI-6B" d="M121 647Q121 657 125 670T137 683Q138 683 209 688T282 694Q294 694 294 686Q294 679 244 477Q194 279 194 272Q213 282 223 291Q247 309 292 354T362 415Q402 442 438 442Q468 442 485 423T503 369Q503 344 496 327T477 302T456 291T438 288Q418 288 406 299T394 328Q394 353 410 369T442 390L458 393Q446 405 434 405H430Q398 402 367 380T294 316T228 255Q230 254 243 252T267 246T293 238T320 224T342 206T359 180T365 147Q365 130 360 106T354 66Q354 26 381 26Q429 26 459 145Q461 153 479 153H483Q499 153 499 144Q499 139 496 130Q455 -11 378 -11Q333 -11 305 15T277 90Q277 108 280 121T283 145Q283 167 269 183T234 206T200 217T182 220H180Q168 178 159 139T145 81T136 44T129 20T122 7T111 -2Q98 -11 83 -11Q66 -11 57 -1T48 16Q48 26 85 176T158 471L195 616Q196 629 188 632T149 637H144Q134 637 131 637T124 640T121 647Z"></path></defs></svg>

computer science, information systems, software engineering

Zi-Yuan Liu,Raylin Tso

DOI: https://doi.org/10.48550/arXiv.2311.08813

2023-11-15

Cryptography and Security

Abstract:Recently, Yang et al. introduced an efficient searchable encryption scheme titled "Dynamic Consensus Committee-Based for Secure Data Sharing With Authorized Multi-Receiver Searchable Encryption (DCC-SE)," published in IEEE Transactions on Information Forensics and Security (DOI: 10.1109/TIFS.2023.3305183). According to the authors, DCC-SE meets various security requirements, especially the keyword trapdoor indistinguishability against chosen keyword attacks (KT-IND-CKA). In this letter, however, we reveal a significant vulnerability of DCC-SE: any users involved in the system can execute attacks against KT-IND-CKA security. This flaw potentially results in the unintended disclosure of sensitive keyword information related to the documents. We present a detailed cryptanalysis on DCC-SE. In addition, to address this vulnerability, we discuss the root cause and identify a flaw in the security proof of DCC-SE. Subsequently, we provide a solution that effectively addresses this concern without significantly increasing computational overhead.

Mohammad Etemad,Alptekin Küpçü,Charalampos Papamanthou,David Evans

DOI: https://doi.org/10.48550/arXiv.1710.00208

2017-09-30

Abstract:Searchable symmetric encryption (SSE) enables a client to perform searches over its outsourced encrypted files while preserving privacy of the files and queries. Dynamic schemes, where files can be added or removed, leak more information than static schemes. For dynamic schemes, forward privacy requires that a newly added file cannot be linked to previous searches. We present a new dynamic SSE scheme that achieves forward privacy by replacing the keys revealed to the server on each search. Our scheme is efficient and parallelizable and outperforms the best previous schemes providing forward privacy, and achieves competitive performance with dynamic schemes without forward privacy. We provide a full security proof in the random oracle model. In our experiments on the Wikipedia archive of about four million pages, the server takes one second to perform a search with 100,000 results.

Cryptography and Security