Hao Nie,Wei Wang,Peng Xu,Xianglong Zhang,Laurence T. Yang,Kaitai Liang

2024-03-02

Abstract:Searchable symmetric encryption schemes often unintentionally disclose certain sensitive information, such as access, volume, and search patterns. Attackers can exploit such leakages and other available knowledge related to the user's database to recover queries. We find that the effectiveness of query recovery attacks depends on the volume/frequency distribution of keywords. Queries containing keywords with high volumes/frequencies are more susceptible to recovery, even when countermeasures are implemented. Attackers can also effectively leverage these ``special'' queries to recover all others.

Cryptography and Security

Marc Damie,Florian Hahn,Andreas Peter

DOI: https://doi.org/10.48550/arXiv.2306.15302

2023-06-27

Cryptography and Security

Abstract:Cloud data storage solutions offer customers cost-effective and reduced data management. While attractive, data security issues remain to be a core concern. Traditional encryption protects stored documents, but hinders simple functionalities such as keyword search. Therefore, searchable encryption schemes have been proposed to allow for the search on encrypted data. Efficient schemes leak at least the access pattern (the accessed documents per keyword search), which is known to be exploitable in query recovery attacks assuming the attacker has a significant amount of background knowledge on the stored documents. Existing attacks can only achieve decent results with strong adversary models (e.g. at least 20% of previously known documents or require additional knowledge such as on query frequencies) and they give no metric to evaluate the certainty of recovered queries. This hampers their practical utility and questions their relevance in the real-world. We propose a refined score attack which achieves query recovery rates of around 85% without requiring exact background knowledge on stored documents; a distributionally similar, but otherwise different (i.e., non-indexed), dataset suffices. The attack starts with very few known queries (around 10 known queries in our experiments over different datasets of varying size) and then iteratively recovers further queries with confidence scores by adding previously recovered queries that had high confidence scores to the set of known queries. Additional to high recovery rates, our approach yields interpretable results in terms of confidence scores.

Jamie Cui,Chaochao Chen,Alex X. Liu,Li Wang

2021-01-01

Abstract:With the emerging popularity of cloud computing, the problem of how to query over cryptographically-protected data has been widely studied. However, most existing works focus on querying protected relational databases, few work has shown interests in graph databases. In this paper, we first investigate and summarize two single-instruction queries, namely Graph Pattern Matching (GPM) and Graph Navigation (GN). Then we follow their design intuitions and leverage secure Multi-Party Computation (MPC) to implement their functionalities in a privacy-preserving manner. Moreover, we propose a general framework for processing multi-instruction query on secret-shared graph databases and present a novel cryptographic primitive Oblivious Filter (OF) as a core building block. Nevertheless, we formalize the problem of OF and present its constructions using homomorphic encryption. Finally, we conduct an empirical study to evaluate the efficiency of our proposed OF protocol.

Lei Xu,Huayi Duan,Anxin Zhou,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/tifs.2021.3128823

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable symmetric encryption (SSE) enables users to make confidential queries over always encrypted data while confining information disclosure to pre-defined leakage profiles. Despite the well-understood performance and potentially broad applications of SSE, recent leakage-abuse attacks (LAAs) are questioning its real-world security implications. They show that a passive adversary with certain prior information of a database can recover queries by exploiting the legitimately admitted leakage. While several countermeasures have been proposed, they are insufficient for either security, i.e., handling only specific leakage like query volume, or efficiency, i.e., incurring large storage and bandwidth overhead. We aim to fill this gap by advancing the understanding of LAAs from a fundamental algebraic perspective. Our investigation starts by revealing that the index matrices of a plaintext database and its encrypted image can be linked by linear transformation. The invariant characteristics preserved under the transformation encompass and surpass the information exploited by previous LAAs. They allow one to unambiguously link encrypted queries with corresponding keywords, even with only partial knowledge of the database. Accordingly, we devise a new powerful attack and conduct a series of experiments to show its effectiveness. In response, we propose a new security notion to thwart LAAs in general, inspired by the principle of local differential privacy (LDP). Under the notion, we further develop a practical countermeasure with tunable privacy and efficiency guarantee. Experiment results on representative real-world datasets show that our countermeasure can reduce the query recovery rate of LAAs, including our own.

computer science, theory & methods,engineering, electrical & electronic

Jianting Ning,Jia Xu,Kaitai Liang,Fan Zhang,Ee-Chien Chang

DOI: https://doi.org/10.1109/tifs.2018.2866321

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption (SE) provides a privacy-preserving mechanism for data users to search over encrypted data stored on a remote server. Researchers have designed a number of SE schemes with high efficiency yet allowing some degree of leakage profile to the remote server. The leakage, however, should be further measured to allow us to understand what types of attacks an SE scheme would encounter. This paper considers passive attacks that make inferences based on prior knowledge and observations on queries issued by users. This is in contrast to previously studied active attacks that adaptively inject files and queries. We consider several assumptions on the types or prior knowledge the attacker possessed and propose a few passive attacks. In particular, under the "full-fledged" assumption, the keyword recovery rate of our attack is optimal in the sense that it is equal to the theoretical upper bound. We further present several enhanced attacks under other weaker assumptions on various levels of the prior knowledge that the attacker can obtain, in which the keyword recovery rates are optimal or nearly optimal (i.e., approaching the theoretical upper bound). In addition, we provide extensive experiments to show the "power" of our passive attacks. This paper highlights the importance of minimizing the prior knowledge of a server and the leakage of search queries. It also shows that simply distorting the frequency of the keyword to hold against our passive attacks may not scale well.

Guofeng Wang,Chuanyi Liu,Yingfei Dong,Hezhong Pan,Peiyi Han,Binxing Fang

DOI: https://doi.org/10.1007/978-3-319-78813-5_27

2018-01-01

Abstract:While Searchable Encryption (SE) is often used to support securely outsourcing sensitive data, many existing SE solutions usually expose certain information to facilitate better performance, which often leak sensitive information, e.g., search patterns are leaked due to observable query trapdoors. Several inference attacks have been designed to exploit such leakage, e.g., a query recovery attack can invert opaque query trapdoors to their corresponding keywords. However, most of these existing query recovery attacks assume that an adversary knows almost all plaintexts as prior knowledge in order to successfully map query trapdoors to plaintext keywords with a high probability. Such an assumption is usually impractical. In this paper, we propose new query recovery attacks in which an adversary only needs to have partial knowledge of the original plaintexts. We further develop a countermeasure to mitigate inference attacks on SE. Our experimental results demonstrate the feasibility and efficacy of our proposed scheme.

Simon Oya,Florian Kerschbaum

DOI: https://doi.org/10.48550/arXiv.2010.03465

2020-10-07

Cryptography and Security

Abstract:Recent Searchable Symmetric Encryption (SSE) schemes enable secure searching over an encrypted database stored in a server while limiting the information leaked to the server. These schemes focus on hiding the access pattern, which refers to the set of documents that match the client's queries. This provides protection against current attacks that largely depend on this leakage to succeed. However, most SSE constructions also leak whether or not two queries aim for the same keyword, also called the search pattern. In this work, we show that search pattern leakage can severely undermine current SSE defenses. We propose an attack that leverages both access and search pattern leakage, as well as some background and query distribution information, to recover the keywords of the queries performed by the client. Our attack follows a maximum likelihood estimation approach, and is easy to adapt against SSE defenses that obfuscate the access pattern. We empirically show that our attack is efficient, it outperforms other proposed attacks, and it completely thwarts two out of the three defenses we evaluate it against, even when these defenses are set to high privacy regimes. These findings highlight that hiding the search pattern, a feature that most constructions are lacking, is key towards providing practical privacy guarantees in SSE.

Jing Yao,Helei Cui,Xiaolin Gui

DOI: https://doi.org/10.1109/dsc47296.2019.8937632

2019-01-01

Abstract:Searchable symmetric encryption (SSE) is a practical technique that allows a client to outsource her encrypted files while maintaining an efficient and secure keyword search ability to authorized clients. To support multi-keyword or Boolean search capability, most of the existing SSE designs inevitably reveal the intermediate single keyword search result to the remote server. Such unintended leakage could be abused to infer the valuable information of the encrypted dataset. In order to hide this kind of intermediate search result (even in some private manners), two promising directions could be adopted, one is a hardware-assisted technology, e.g., Intel SGX, and the other is a software-based approach, e.g., indistinguishability obfuscation (iO). Here, we focus on the iO approach and devise a highly-scalable SSE design for supporting Boolean queries without revealing its single keyword search results. To show the advantages of our proposed design, we conduct a theoretical comparison between some related SSE protocols and ours in terms of storage and computation costs.

Marco Dijkslag,Marc Damie,Florian Hahn,Andreas Peter

DOI: https://doi.org/10.1007/978-3-031-09234-3_7

2023-07-04

Abstract:While storing documents on the cloud can be attractive, the question remains whether cloud providers can be trusted with storing private documents. Even if trusted, data breaches are ubiquitous. To prevent information leakage one can store documents encrypted. If encrypted under traditional schemes, one loses the ability to perform simple operations over the documents, such as searching through them. Searchable encryption schemes were proposed allowing some search functionality while documents remain encrypted. Orthogonally, research is done to find attacks that exploit search and access pattern leakage that most efficient schemes have. One type of such an attack is the ability to recover plaintext queries. Passive query-recovery attacks on single-keyword search schemes have been proposed in literature, however, conjunctive keyword search has not been considered, although keyword searches with two or three keywords appear more frequently in online searches. We introduce a generic extension strategy for existing passive query-recovery attacks against single-keyword search schemes and explore its applicability for the attack presented by Damie et al. (USENIX Security '21). While the original attack achieves up to a recovery rate of 85% against single-keyword search schemes for an attacker without exact background knowledge, our experiments show that the generic extension to conjunctive queries comes with a significant performance decrease achieving recovery rates of at most 32%. Assuming a stronger attacker with partial knowledge of the indexed document set boosts the recovery rate to 85% for conjunctive keyword queries with two keywords and achieves similar recovery rates as previous attacks by Cash et al. (CCS '15) and Islam et al. (NDSS '12) in the same setting for single-keyword search schemes.

Cryptography and Security

JiHye Yang,Kee Sung Kim

DOI: https://doi.org/10.1155/2024/2764345

IF: 1.968

2024-03-14

Security and Communication Networks

Abstract:Frequency-hiding order-preserving encryption (FH-OPE) has emerged as an important tool in data security, particularly in cloud computing, because of its unique ability to preserve the order of plaintexts in their corresponding ciphertexts and enable efficient range queries on encrypted data. Despite its strong security model, indistinguishability under frequency analyzing ordered chosen plaintext attack (IND-FA-OCPA), our research identifies a vulnerability in its design, particularly the impact of range queries. In our research, we quantify the frequency of data exposure resulting from these range queries and present potential inference attacks on the FH-OPE scheme. Our findings are substantiated through experiments on real-world datasets, with the goal of measuring the frequency of data exposure resulting from range queries on FH-OPE encrypted databases. These results quantify the level of risk in practical applications of FH-OPE and reveal the potential for additional inference attacks and the urgency of addressing these threats. Consequently, our research highlights the need for a more comprehensive security model that considers the potential risks associated with range queries and underscores the importance of developing new range-query methods that prevent exposing these vulnerabilities.

computer science, information systems,telecommunications

Rong Cheng,Jingbo Yan,Chaowen Guan,Fangguo Zhang,Kui Ren

DOI: https://doi.org/10.1145/2714576.2714623

2015-01-01

Abstract:ABSTRACTSearchable symmetric encryption (SSE) allows a client to encrypt his data in such a manner that the data can be efficiently searched. SSE has practical application in cloud storage, where a client outsources his encrypted data to a cloud server while maintaining the searchable ability over his data. Most of the current SSE schemes assume that the cloud server is honest-but-curious. However, the cloud may actively cheat on the search process to keep its cost low. In this paper, we focus on the malicious cloud model and propose a new verifiable searchable symmetric encryption scheme. Our scheme is built on the secure indistinguishability obfuscation (iO) and can be considered as the first step to apply iO in the SSE field. Moreover, our scheme can be easily extended to multiple functionalities, such as conjunctive and boolean queries. Furthermore, it can be extended to realize a publicly verifiable SSE. Thorough analysis shows that our scheme is secure and achieves a better performance.

Feng Liu,Kaiping Xue,Jinjiang Yang,Jing Zhang,Zixuan Huang,Jian Li,David S. L. Wei

DOI: https://doi.org/10.1109/tdsc.2023.3335304

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Searchable Symmetric Encryption (SSE) is a valuable cryptographic tool that allows a client to retrieve its outsourced data from an untrusted server via keyword search. Initially, SSE research primarily focused on the efficiency-security trade-off. However, in recent years, attention has shifted towards range queries instead of exact keyword searches, resulting in significant developments in the SSE field. Despite the advancements in SSE schemes supporting range queries, many are susceptible to leakage-abuse attacks due to volumetric profile leakage. Although several schemes exist to prevent volume leakage, these solutions prove inefficient when dealing with large-scale datasets. In this paper, we highlight the efficiency-security trade-off for range queries in SSE. Subsequently, we propose a volume-hiding range SSE scheme that ensures efficient operations on extensive datasets. Leveraging the order-weighted inverted index and bitmap structure, our scheme achieves high search efficiency while maintaining the confidentiality of the volumetric profile. To facilitate searching within large-scale datasets, we introduce a partitioning strategy that divides a broad range into disjoint partitions and stores the information in a local binary tree. Through an analysis of the leakage function, we demonstrate the security of our proposed scheme within the ideal/real model simulation paradigm. Our experimental results further validate the practicality of our scheme with real-life large-scale datasets.

Qin Jiang,Saiyu Qi,Xu Yang,Yong Qi,Jianfeng Wang,Youshui Lu,Bochao An,Ee-Chien Chang

DOI: https://doi.org/10.1109/TC.2023.3281857

IF: 3.183

2023-01-01

IEEE Transactions on Computers

Abstract:Paging and exit overheads have been proven to be the performance bottlenecks when adopting Searchable Symmetric Encryption (SSE) with trusted hardware such as Intel SGX for keyword search. This problem becomes more serious when incorporating ORAM and SGX to design oblivious SSE schemes such as POSUP [1] and Oblidb [2] which can defend against inference attacks. The main reason comes from high round communication complexity of ORAM and constrained trusted memory created by SGX. To overcome this performance bottleneck, we propose a set of novel SSE constructions with realistic security/performance trade-offs. Our core idea is to encode the keyword-identifier pairs into a bloom filter to reduce the number of ORAM operations during the search procedure. Specifically, Construction 1 loads the bloom filter into the enclave sequentially, which outperforms about <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$1.7\times$</tex-math></inline-formula> when the dataset is large compared with the performance of the baseline that directly combines ORAM and SGX. To further improve the performance of Construction 1, Construction 2 classifies keywords into groups and stores these groups in different bloom filters. By additionally leaking the keywords in search token belonging to which groups, Construction 2 outperforms Construction 1 by <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$16.5\sim 36.8\times$</tex-math></inline-formula> and provides an improvement of at least one order over state-of-the-art oblivious protocols.

Beibei Li,Ziqing Zhu,Linghao Zhang,Zhengwei Chang,Liang Zhao,Arun Kumar

DOI: https://doi.org/10.1016/j.future.2023.07.026

IF: 7.307

2023-07-27

Future Generation Computer Systems

Abstract:Outsourcing encrypted data and query services to clouds have been widely adopted by data owners, such as in the energy, healthcare, and transportation sectors, usually for economic considerations. However, this is usually prone to data privacy breaches. In smart grids, although many privacy-preserving data query solutions have been presented in the literature, they either suffer from low query efficiencies or limited capabilities of statistics queries (say the aggregation, variance, or extrema only). To mitigate this gap, in this paper we propose an e fficient and p rivacy- p reserving s tatistics q uery scheme over encrypted data in smart grids, coined EPPSQ, which can achieve diverse statistics queries in an efficient and privacy-preserving way. Specifically, we first develop a symmetric homomorphic encryption based secure data collection protocol for data owners. Then, we design a two-server model based privacy-preserving statistics query protocol for data requesters. In addition, four algorithms respectively for securely computing the statistics (i.e., max/min , variance , mean , and count ) over the encrypted data in smart grids are crafted. Security analysis shows that the proposed EPPSQ scheme can effectively guarantee data privacy while outsourcing the encrypted data and query services in smart grids. Further, extensive experiments demonstrate that the proposed EPPSQ scheme outperforms existing CKKS-based or BFV-based studies in terms of computational efficiency.

computer science, theory & methods

Jin Li,Yanyu Huang,Yu Wei,Siyi Lv,Zheli Liu,Changyu Dong,Wenjing Lou

DOI: https://doi.org/10.1109/tdsc.2019.2894411

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Searchable symmetric encryption (SSE) has been widely applied in the encrypted database for queries in practice. Although SSE is powerful and feature-rich, it is always plagued by information leaks. Some recent attacks point out that forward privacy which disallows leakage from update operations, now becomes a basic requirement for any newly designed SSE schemes. However, the subsequent search operations can still leak a significant amount of information. To further strengthen security, we extend the definition of forward privacy and propose the notion of “forward search privacy”. Intuitively, it requires search operations over newly added documents do not leak any information about past queries. The enhanced security notion poses new challenges to the design of SSE. We address the challenges by developing the hidden pointer technique (HPT) and propose a new SSE scheme called Khons, which satisfies our security notion (with the original forward privacy notion) and is also efficient. We implemented Khons and our experiment results on large dataset (wikipedia) show that it is more efficient than existing SSE schemes with forward privacy.

computer science, information systems, software engineering, hardware & architecture

Haotian Wu,Rui Song,Kai Lei,Bin Xiao

DOI: https://doi.org/10.1109/icdcs54860.2022.00118

2022-01-01

Abstract:Verifiable Searchable Symmetric Encryption (SSE) enables reliable search over encrypted, privacy-preserving data on untrusted clouds. Most existing SSE designs only focus on keyword-file search. However, a more difficult but useful search, range search over encrypted numerical values remains unsolved. Moreover, the fairness of search in the mutual distrusted scenario without public verification, where data users may maliciously deny the results after the local result verification, is not well addressed yet. In this paper, we take the first step to study the public verification problem atop the blockchain for encrypted numerical search. We design a novel verifiable SSE scheme named Slicer based on a Succinct Order-Revealing Encryption (SORE) scheme to achieve range search on numerical data. Our search results are verifiable, updated and privacy-preserving by SSE and maintaining the forward security. We illustrate the security and practicality of our design through rigorous analysis and extensive evaluations respectively.

Jianfeng Wang,Xiaofeng Chen,Shifeng Sun,Joseph K. Liu,Man Ho Au,Zhi-Hui Zhan

DOI: https://doi.org/10.1007/978-3-319-98989-1_5

2018-01-01

Abstract:Searchable Symmetric Encryption (SSE) enables a client to securely outsource large encrypted database to a server while supporting efficient keyword search. Most of the existing works are designed against the honest-but-curious server. That is, the server will be curious but execute the protocol in an honest manner. Recently, some researchers presented various verifiable SSE schemes that can resist to the malicious server, where the server may not honestly perform all the query operations. However, they either only considered single-keyword search or cannot handle very large database. To address this challenge, we propose a new verifiable conjunctive keyword search scheme by leveraging accumulator. Our proposed scheme can not only ensure verifiability of search result even if an empty set is returned but also support efficient conjunctive keyword search with sublinear overhead. Besides, the verification cost of our construction is independent of the size of search result. In addition, we introduce a sample check method for verifying the completeness of search result with a high probability, which can significantly reduce the computation cost on the client side. Security and efficiency evaluation demonstrate that the proposed scheme not only can achieve high security goals but also has a comparable performance.

Qingqing Gan,Joseph K. Liu,Xiaoming Wang,Xingliang Yuan,Shi-Feng Sun,Daxin Huang,Cong Zuo,Jianfeng Wang

DOI: https://doi.org/10.1007/s11704-021-0601-8

IF: 2.6688

2022-04-02

Frontiers of Computer Science

Abstract:Searchable symmetric encryption (SSE) has been introduced for secure outsourcing the encrypted database to cloud storage, while maintaining searchable features. Of various SSE schemes, most of them assume the server is honest but curious, while the server may be trustless in the real world. Considering a malicious server not honestly performing the queries, verifiable SSE (VSSE) schemes are constructed to ensure the verifiability of the search results. However, existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification. To address this challenge, we present an efficient VSSE scheme, built on OXT protocol (Cash et al., CRYPTO 2013), for conjunctive keyword queries with sublinear search overhead. The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator, by leveraging a well-established cryptographic primitive, Symmetric Hidden Vector Encryption (SHVE). Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations, thus greatly reducing the computational cost in the verification process. Besides, the proposed VSSE scheme can still provide a proof when the search result is empty. Finally, the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.

computer science, information systems, theory & methods, software engineering

Jiadi Yu,Peng Lu,Yanmin Zhu,Guangtao Xue,Minglu Li

DOI: https://doi.org/10.1109/TDSC.2013.9

2013-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud computing has emerging as a promising pattern for data outsourcing and high-quality data services. However, concerns of sensitive information on cloud potentially causes privacy problems. Data encryption protects data security to some extent, but at the cost of compromised efficiency. Searchable symmetric encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we focus on addressing data privacy issues using SSE. For the first time, we formulate the privacy issue from the aspect of similarity relevance and scheme robustness. We observe that server-side ranking based on order-preserving encryption (OPE) inevitably leaks data privacy. To eliminate the leakage, we propose a two-round searchable encryption (TRSE) scheme that supports top-k multikeyword retrieval. In TRSE, we employ a vector space model and homomorphic encryption. The vector space model helps to provide sufficient search accuracy, and the homomorphic encryption enables users to involve in the ranking while the majority of computing work is done on the server side by operations only on ciphertext. As a result, information leakage can be eliminated and data security is ensured. Thorough security and performance analysis show that the proposed scheme guarantees high security and practical efficiency.

Jianting Ning,Xinyi Huang,Geong Sen Poh,Jiaming Yuan,Yingjiu Li,Jian Weng,Robert H. Deng

DOI: https://doi.org/10.1145/3460120.3484540

2021-01-01

Abstract:Searchable Encryption (SE) enables private queries on encrypted documents. Most existing SE schemes focus on constructing industrial-ready, practical solutions at the expense of information leakages that are considered acceptable. In particular, ShadowCrypt utilizes a cryptographic approach named ''efficiently deployable, efficiently searchable encryption'' (EDESE) that reveals the encrypted dataset and the query tokens among other information. However, recent attacks showed that such leakages can be exploited to (partially) recover the underlying keywords of query tokens under certain assumptions on the attacker's background knowledge. We continue this line of work by presenting LEAP, a new leakage-abuse attack on EDESE schemes that can accurately recover the underlying keywords of query tokens based on partially known documents and the L2 leakage as per defined by Cash et al. (CCS '15). As an auxiliary function, our attack supports document recovery in the similar setting. To the best of our knowledge, this is the first attack on EDESE schemes that achieves keyword recovery and document recovery without error based on partially known documents and L2 leakage. We conduct extensive experiments to demonstrate the effectiveness of our attack by varying levels of attacker's background knowledge.