Jianting Ning,Jia Xu,Kaitai Liang,Fan Zhang,Ee-Chien Chang

DOI: https://doi.org/10.1109/tifs.2018.2866321

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption (SE) provides a privacy-preserving mechanism for data users to search over encrypted data stored on a remote server. Researchers have designed a number of SE schemes with high efficiency yet allowing some degree of leakage profile to the remote server. The leakage, however, should be further measured to allow us to understand what types of attacks an SE scheme would encounter. This paper considers passive attacks that make inferences based on prior knowledge and observations on queries issued by users. This is in contrast to previously studied active attacks that adaptively inject files and queries. We consider several assumptions on the types or prior knowledge the attacker possessed and propose a few passive attacks. In particular, under the "full-fledged" assumption, the keyword recovery rate of our attack is optimal in the sense that it is equal to the theoretical upper bound. We further present several enhanced attacks under other weaker assumptions on various levels of the prior knowledge that the attacker can obtain, in which the keyword recovery rates are optimal or nearly optimal (i.e., approaching the theoretical upper bound). In addition, we provide extensive experiments to show the "power" of our passive attacks. This paper highlights the importance of minimizing the prior knowledge of a server and the leakage of search queries. It also shows that simply distorting the frequency of the keyword to hold against our passive attacks may not scale well.

Guofeng Wang,Chuanyi Liu,Yingfei Dong,Hezhong Pan,Peiyi Han,Binxing Fang

DOI: https://doi.org/10.1007/978-3-319-78813-5_27

2018-01-01

Abstract:While Searchable Encryption (SE) is often used to support securely outsourcing sensitive data, many existing SE solutions usually expose certain information to facilitate better performance, which often leak sensitive information, e.g., search patterns are leaked due to observable query trapdoors. Several inference attacks have been designed to exploit such leakage, e.g., a query recovery attack can invert opaque query trapdoors to their corresponding keywords. However, most of these existing query recovery attacks assume that an adversary knows almost all plaintexts as prior knowledge in order to successfully map query trapdoors to plaintext keywords with a high probability. Such an assumption is usually impractical. In this paper, we propose new query recovery attacks in which an adversary only needs to have partial knowledge of the original plaintexts. We further develop a countermeasure to mitigate inference attacks on SE. Our experimental results demonstrate the feasibility and efficacy of our proposed scheme.

Steven Lambregts,Huanhuan Chen,Jianting Ning,Kaitai Liang

DOI: https://doi.org/10.1007/978-3-031-17140-6_32

2022-01-01

Abstract:Searchable Encryption schemes provide secure search over encrypted databases while allowing admitted information leakages. Generally, the leakages can be categorized into access and volume pattern. In most existing SE schemes, these leakages are caused by practical designs but are considered an acceptable price to achieve high search efficiency. Recent attacks have shown that such leakages could be easily exploited to retrieve the underlying keywords for search queries. Under the umbrella of attacking SE, we design a new Volume and Access Pattern Leakage-Abuse Attack (VAL-Attack) that improves the matching technique of LEAP (CCS '21) and exploits both the access and volume patterns. Our proposed attack only leverages leaked documents and the keywords present in those documents as auxiliary knowledge and can effectively retrieve document and keyword matches from leaked data. Furthermore, the recovery performs without false positives. We further compare VAL-Attack with two recent well-defined attacks on several real-world datasets to highlight the effectiveness of our attack and present the performance under popular countermeasures.

Lei Xu,Huayi Duan,Anxin Zhou,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/tifs.2021.3128823

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable symmetric encryption (SSE) enables users to make confidential queries over always encrypted data while confining information disclosure to pre-defined leakage profiles. Despite the well-understood performance and potentially broad applications of SSE, recent leakage-abuse attacks (LAAs) are questioning its real-world security implications. They show that a passive adversary with certain prior information of a database can recover queries by exploiting the legitimately admitted leakage. While several countermeasures have been proposed, they are insufficient for either security, i.e., handling only specific leakage like query volume, or efficiency, i.e., incurring large storage and bandwidth overhead. We aim to fill this gap by advancing the understanding of LAAs from a fundamental algebraic perspective. Our investigation starts by revealing that the index matrices of a plaintext database and its encrypted image can be linked by linear transformation. The invariant characteristics preserved under the transformation encompass and surpass the information exploited by previous LAAs. They allow one to unambiguously link encrypted queries with corresponding keywords, even with only partial knowledge of the database. Accordingly, we devise a new powerful attack and conduct a series of experiments to show its effectiveness. In response, we propose a new security notion to thwart LAAs in general, inspired by the principle of local differential privacy (LDP). Under the notion, we further develop a practical countermeasure with tunable privacy and efficiency guarantee. Experiment results on representative real-world datasets show that our countermeasure can reduce the query recovery rate of LAAs, including our own.

computer science, theory & methods,engineering, electrical & electronic

Guofeng Wang,Chuanyi Liu,Yingfei Dong,Kim-Kwang Raymond Choo,Peiyi Han,Hezhong Pan,Binxing Fang

DOI: https://doi.org/10.1109/access.2018.2800684

IF: 3.9

2018-01-01

IEEE Access

Abstract:Searchable encryption (SE) schemes, such as those deployed for cyber-physical social systems, may be vulnerable to inference attacks. In such attacks, attackers seek to learn sensitive information about the queries and data stored on the (cyber-physical social) systems. However, these attacks are often based on strong (impractical) assumptions (e.g., the complete knowledge of documents or known document injection) using access-pattern leakage. In this paper, we first identify different leakage models based on the leakage profiles of common SE schemes, and then design inference methods accordingly. In particular, based on the leakage models, we show that some information leakage allows a very powerful attack with little prior knowledge. We then propose new inference attacks in which an adversary only needs to have a partial knowledge of target documents. Unlike previous attacks, the proposed inference algorithms perform effective document-mapping attacks before query recovery attacks, in the sense that they are more efficient and scalable without requiring optimization overheads. We then use experiments to demonstrate their effectiveness.

Marc Damie,Florian Hahn,Andreas Peter

DOI: https://doi.org/10.48550/arXiv.2306.15302

2023-06-27

Cryptography and Security

Abstract:Cloud data storage solutions offer customers cost-effective and reduced data management. While attractive, data security issues remain to be a core concern. Traditional encryption protects stored documents, but hinders simple functionalities such as keyword search. Therefore, searchable encryption schemes have been proposed to allow for the search on encrypted data. Efficient schemes leak at least the access pattern (the accessed documents per keyword search), which is known to be exploitable in query recovery attacks assuming the attacker has a significant amount of background knowledge on the stored documents. Existing attacks can only achieve decent results with strong adversary models (e.g. at least 20% of previously known documents or require additional knowledge such as on query frequencies) and they give no metric to evaluate the certainty of recovered queries. This hampers their practical utility and questions their relevance in the real-world. We propose a refined score attack which achieves query recovery rates of around 85% without requiring exact background knowledge on stored documents; a distributionally similar, but otherwise different (i.e., non-indexed), dataset suffices. The attack starts with very few known queries (around 10 known queries in our experiments over different datasets of varying size) and then iteratively recovers further queries with confidence scores by adding previously recovered queries that had high confidence scores to the set of known queries. Additional to high recovery rates, our approach yields interpretable results in terms of confidence scores.

Simon Oya,Florian Kerschbaum

DOI: https://doi.org/10.48550/arXiv.2010.03465

2020-10-07

Cryptography and Security

Abstract:Recent Searchable Symmetric Encryption (SSE) schemes enable secure searching over an encrypted database stored in a server while limiting the information leaked to the server. These schemes focus on hiding the access pattern, which refers to the set of documents that match the client's queries. This provides protection against current attacks that largely depend on this leakage to succeed. However, most SSE constructions also leak whether or not two queries aim for the same keyword, also called the search pattern. In this work, we show that search pattern leakage can severely undermine current SSE defenses. We propose an attack that leverages both access and search pattern leakage, as well as some background and query distribution information, to recover the keywords of the queries performed by the client. Our attack follows a maximum likelihood estimation approach, and is easy to adapt against SSE defenses that obfuscate the access pattern. We empirically show that our attack is efficient, it outperforms other proposed attacks, and it completely thwarts two out of the three defenses we evaluate it against, even when these defenses are set to high privacy regimes. These findings highlight that hiding the search pattern, a feature that most constructions are lacking, is key towards providing practical privacy guarantees in SSE.

Dongli Liu,Wei Wang,Peng Xu,Laurence T. Yang,Bo Luo,Kaitai Liang

2024-03-02

Abstract:Dynamic Searchable Encryption (DSE) has emerged as a solution to efficiently handle and protect large-scale data storage in encrypted databases (EDBs). Volume leakage poses a significant threat, as it enables adversaries to reconstruct search queries and potentially compromise the security and privacy of data. Padding strategies are common countermeasures for the leakage, but they significantly increase storage and communication costs. In this work, we develop a new perspective to handle volume leakage. We start with distinct search and further explore a new concept called \textit{distinct} DSE (\textit{d}-DSE).

Cryptography and Security

Hao Nie,Wei Wang,Peng Xu,Xianglong Zhang,Laurence T. Yang,Kaitai Liang

2024-03-02

Abstract:Searchable symmetric encryption schemes often unintentionally disclose certain sensitive information, such as access, volume, and search patterns. Attackers can exploit such leakages and other available knowledge related to the user's database to recover queries. We find that the effectiveness of query recovery attacks depends on the volume/frequency distribution of keywords. Queries containing keywords with high volumes/frequencies are more susceptible to recovery, even when countermeasures are implemented. Attackers can also effectively leverage these ``special'' queries to recover all others.

Cryptography and Security

Jing Yao,Yifeng Zheng,Cong Wang,Xiaolin Gui

DOI: https://doi.org/10.1109/access.2018.2810297

IF: 3.9

2018-01-01

IEEE Access

Abstract:Searchable symmetric encryption (SSE) is a widely popular cryptographic technique that supports the search functionality over encrypted data on the cloud. Despite the usefulness, however, most of existing SSE schemes leak the search pattern, from which an adversary is able to tell whether two queries are for the same keyword. In recent years, it has been shown that the search pattern leakage can be exploited to launch attacks to compromise the confidentiality of the client's queried keywords. In this paper, we present a new SSE scheme which enables the client to search encrypted cloud data without disclosing the search pattern. Our scheme uniquely bridges together the advanced cryptographic techniques of chameleon hashing and indistinguishability obfuscation. In our scheme, the secure search tokens for plaintext keywords are generated in a randomized manner, so it is infeasible to tell whether the underlying plaintext keywords are the same given two secure search tokens. In this way, our scheme well avoids using deterministic secure search tokens, which is the root cause of the search pattern leakage. We provide rigorous security proofs to justify the security strengths of our scheme. In addition, we also conduct extensive experiments to demonstrate the performance. Although our scheme for the time being is not immediately applicable due to the current inefficiency of indistinguishability obfuscation, we are aware that research endeavors on making indistinguishability obfuscation practical is actively ongoing and the practical efficiency improvement of indistinguishability obfuscation will directly lead to the applicability of our scheme. Our paper is a new attempt that pushes forward the research on SSE with concealed search pattern.

Shujie Cui,Xiangfu Song,Muhammad Rizwan Asghar,Steven D Galbraith,Giovanni Russello

DOI: https://doi.org/10.48550/arXiv.1909.11624

2019-09-25

Cryptography and Security

Abstract:Searchable Encryption (SE) is a technique that allows Cloud Service Providers (CSPs) to search over encrypted datasets without learning the content of queries and records. In recent years, many SE schemes have been proposed to protect outsourced data from CSPs. Unfortunately, most of them leak sensitive information, from which the CSPs could still infer the content of queries and records by mounting leakage-based inference attacks, such as the count attack and file injection attack. In this work, first we define the leakage in searchable encrypted databases and analyse how the leakage is leveraged in existing leakage-based attacks. Second, we propose a Privacy-preserving Multi-cloud based dynamic symmetric SE (SSE) scheme for relational Database (P-McDb). P-McDb has minimal leakage, which not only ensures confidentiality of queries and records, but also protects the search, access, and size patterns from CSPs. Moreover, P-McDb ensures both forward and backward privacy of the database. Thus, P-McDb could resist existing leakage-based attacks, e.g., active file/record-injection attacks. We give security definition and analysis to show how P-McDb hides the aforementioned patterns. Finally, we implemented a prototype of P-McDb and test it using the TPC-H benchmark dataset. Our evaluation results show the feasibility and practical efficiency of P-McDb.

Jiaming Yuan,Yingjiu Li,Jianting Ning,Robert H. Deng

DOI: https://doi.org/10.1007/978-3-031-21280-2_34

2022-01-01

Abstract:Searchable encryption is an essential component of cryptography, which allows users to search for keywords and retrieve records from an encrypted database at cloud storage while ensuring the confidentiality of users' queries. While most existing research on searchable encryption focuses on the single domain setting, we propose the first Multi-Domain, Easily-Deployable, Efficiently-Searchable Encryption (M-EDESE) system that allows users to query keywords cross domains with high efficiency and preserved privacy without additional cooperation from the cloud storage. In the multi-domain setting, a user who belongs to a domain can query keywords from another domain under an inter-domain partnership. Any party can participate in the M-EDESE system as a domain without global coordination other than agreeing on an initial set of global reference parameters. Each domain maintains a set of users and acts as an individual multiple-user searchable encryption system while maintaining its own database. M-EDESE enables easy deployment without any requirement for cloud storage setup, thus it is compatible with the existing cloud storage platform. In addition, the M-EDESE system facilitates instant user revocation within each domain and instant partner revocation across domains. We provide a concrete construction of M-EDESE and security proofs on query privacy, unforgeability, and revocability. We also conduct a rigorous experimental evaluation of the performance of M-EDESE in a real-world setting, showing that M-EDESE is highly efficient for querying an open-sourced database.

Zi-Yuan Liu,Raylin Tso

DOI: https://doi.org/10.48550/arXiv.2311.08813

2023-11-15

Cryptography and Security

Abstract:Recently, Yang et al. introduced an efficient searchable encryption scheme titled "Dynamic Consensus Committee-Based for Secure Data Sharing With Authorized Multi-Receiver Searchable Encryption (DCC-SE)," published in IEEE Transactions on Information Forensics and Security (DOI: 10.1109/TIFS.2023.3305183). According to the authors, DCC-SE meets various security requirements, especially the keyword trapdoor indistinguishability against chosen keyword attacks (KT-IND-CKA). In this letter, however, we reveal a significant vulnerability of DCC-SE: any users involved in the system can execute attacks against KT-IND-CKA security. This flaw potentially results in the unintended disclosure of sensitive keyword information related to the documents. We present a detailed cryptanalysis on DCC-SE. In addition, to address this vulnerability, we discuss the root cause and identify a flaw in the security proof of DCC-SE. Subsequently, we provide a solution that effectively addresses this concern without significantly increasing computational overhead.

Viet Vo,Shangqi Lai,Xingliang Yuan,Shi-Feng Sun,Surya Nepal,Joseph K. Liu

DOI: https://doi.org/10.48550/arXiv.2001.03743

2020-01-11

Cryptography and Security

Abstract:Searchable encryption (SE) is one of the key enablers for building encrypted databases. It allows a cloud server to search over encrypted data without decryption. Dynamic SE additionally includes data addition and deletion operations to enrich the functions of encrypted databases. Recent attacks exploiting the leakage in dynamic operations drive rapid development of new SE schemes revealing less information while performing updates; they are also known as forward and backward private SE. Newly added data is no longer linkable to queries issued before, and deleted data is no longer searchable in queries issued later. However, those advanced SE schemes reduce the efficiency of SE, especially in the communication cost between the client and server. In this paper, we resort to the hardware-assisted solution, aka Intel SGX, to ease the above bottleneck. Our key idea is to leverage SGX to take over the most tasks of the client, i.e., tracking keyword states along with data addition and caching deleted data. However, handling large datasets is non-trivial due to the I/O and memory constraints of the SGX enclave. We further develop batch data processing and state compression technique to reduce the communication overhead between the SGX and untrusted server, and minimise the memory footprint in the enclave. We conduct a comprehensive set of evaluations on both synthetic and real-world datasets, which confirm that our designs outperform the prior art.

Peiyi Tu,Xingjun Wang

DOI: https://doi.org/10.1007/978-981-97-0945-8_22

2024-01-01

Abstract:In recent years, the Database-as-a-Service (DAS) model has become increasingly popular for cost-effective data outsourcing to cloud service providers. To ensure data security and functionality, Searchable Encryption (SE) has been introduced. However, many existing SE schemes unintentionally leak access patterns, posing significant privacy risks. While solutions like Oblivious RAM (ORAM) and Fully Homomorphic Encryption (FHE) can mitigate this, they are computationally intensive, limiting their practicality for large-scale databases. In this paper, we design a dynamic and efficient SE scheme called DPDSE that exploits differential privacy obfuscation of access patterns. Specifically, we obfuscate the ciphertext by deploying Laplace and Randomized Response mechanism. DPDSE strikes a balance between privacy and storage costs, while maintaining compatibility with any SE scheme. We give a formal mathematical proof of the security of DPDSE and conduct experiments on real datasets. The results show that DPDSE is significantly more secure than traditional SE schemes at a storage cost of up to 2.5%.

Tianyang Chen,Peng Xu,Stjepan Picek,Bo Luo,Willy Susilo,Hai Jin,Kaitai Liang

DOI: https://doi.org/10.14722/ndss.2023.24725

2024-03-22

Abstract:Dynamic searchable symmetric encryption (DSSE) enables users to delegate the keyword search over dynamically updated encrypted databases to an honest-but-curious server without losing keyword privacy. This paper studies a new and practical security risk to DSSE, namely, secret key compromise (e.g., a user's secret key is leaked or stolen), which threatens all the security guarantees offered by existing DSSE schemes. To address this open problem, we introduce the notion of searchable encryption with key-update (SEKU) that provides users with the option of non-interactive key updates. We further define the notion of post-compromise secure with respect to leakage functions to study whether DSSE schemes can still provide data security after the client's secret key is compromised. We demonstrate that post-compromise security is achievable with a proposed protocol called ``Bamboo". Interestingly, the leakage functions of Bamboo satisfy the requirements for both forward and backward security. We conduct a performance evaluation of Bamboo using a real-world dataset and compare its runtime efficiency with the existing forward-and-backward secure DSSE schemes. The result shows that Bamboo provides strong security with better or comparable performance.

Cryptography and Security

Kui Ren,Cong Wang

DOI: https://doi.org/10.1007/978-3-031-21377-9_5

2023-01-01

Abstract:In Chap. 3 , we discussed the security definitions of searchable encryption. In short, an SE scheme is said to achieve adaptively semantic security with a leakage function $$\mathcal {L}(\cdot )$$ if the information revealed during its operation is bounded by $$\mathcal {L}(\cdot )$$ . Typically, allowed leakages include the size of encrypted data collection, whether a search token (trapdoor) has been repeated, which encrypted documents have been accessed, etc. In the extreme case, we can claim that a trivial plaintext solution is secure with $$\mathcal {L}(\mathrm {DB}, w_1, \dots , w_t)=(\mathrm {DB}, w_1, \dots , w_t)$$ , i.e., it leaks all plaintext data, though this leakage function is meaningless since it obviously reveals confidential data to the untrusted server.

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zheli Liu,Yanyu Huang,Xiangfu Song,Bo Li,Jin Li,Yali Yuan,Changyu Dong

DOI: https://doi.org/10.1109/tdsc.2020.3043754

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:To achieve efficiently search and update on outsourced encrypted data, dynamic searchable symmetric encryption (DSSE) was proposed by just leaking some well-defined leakages. Though small, many recent works show that an attacker can exploit these leakages to undermine the security of existing DSSE schemes. In particular, an attacker can exploit even seemingly harmless size pattern to perform severe attacks. Many exiting schemes resort to oblivious RAM (ORAM) to hide search/access pattern; however, even such powerful cryptographic primitive cannot protect size pattern leakage. In this article, we first show that size pattern can lead to more information leakages, which is not well studied or protected by existing schemes. We then extend the existing privacy notion for DSSE to capture the size pattern leakage, achieving a strong forward and backward privacy definition. Following the definition, we propose a new DSSE scheme Eurus. Eurus can eliminate search/access pattern by relying on a multi-server ORAM scheme, meanwhile reducing size pattern with reasonable efficiency. We show that Eurus can reduce leakage significantly with better efficiency, compared with state-of-the-art leakage reduction schemes.

computer science, information systems, software engineering, hardware & architecture

Haijiang Wang,Jianting Ning,Xinyi Huang,Guiyi Wei,Geong Sen Poh,Ximeng Liu

DOI: https://doi.org/10.1109/tdsc.2019.2916569

2019-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:E-Healthcare systems are increasingly popular due to the introduction of wearable healthcare devices and sensors. Personal health records (PHRs) are collected by these devices and stored in a remote cloud. Due to privacy concern, these records should not be accessible by any unauthorized party, and the cloud providers should not be able to learn any information from the stored records. To address the above issues, one promising solution is to employ attribute based encryption (ABE) for fine-grained access control and searchable encryption for keyword search on encrypted data. However, most of existing ABE schemes leak the privacy of access policy which may also contain sensitive information. On the other hand, for users' devices with limited computing power and bandwidth, the mechanism should enable them to be able to search the PHRs efficiently. Unfortunately, most existing works on ABE do not support efficient keyword search on encrypted data. In this work, we propose an efficient hidden policy ABE scheme with keyword search. Our scheme enables efficient keyword search with constant computational overhead and constant storage overhead. Moreover, we enhance the recipient's privacy which hides the access policy. As of independent interest, we present a trapdoor malleability attack and demonstrate that some of previous schemes may suffer from such attack.