ABSTRACT
Schemes for secure outsourcing of client data with search capability are being increasingly marketed and deployed. In the literature, schemes for accomplishing this efficiently are called Searchable Encryption (SE). They achieve high efficiency with provable security by means of a quantifiable leakage profile. However, the degree to which SE leakage can be exploited by an adversary is not well understood.
To address this, we present a characterization of the leakage profiles of in-the-wild searchable encryption products and SE schemes in the literature, and present attack models based on an adversarial server's prior knowledge. Then we empirically investigate the security of searchable encryption by providing query recovery and plaintext recovery attacks that exploit these leakage profiles. We term these leakage-abuse attacks and demonstrate their effectiveness for varying leakage profiles and levels of server knowledge, for realistic scenarios. Amongst our contributions are realistic active attacks which have not been previously explored.
- Enron email dataset. https://www.cs.cmu.edu/~./enron/. Accessed: 2015-05--13.Google Scholar
- Bitglass. Security, Compliance, and Encryption. http://www.bitglass.com/solutions/salesforce-encryption.Google Scholar
- D. Cash, J. Jaeger, S. Jarecki, C. S. Jutla, H. Krawczyk, M.-C. Rosu, and M. Steiner. Dynamic searchable encryption in very-large databases: Data structures and implementation. In NDSS~2014, San Diego, California, USA, Feb. 23--26, 2014. The Internet Society.Google ScholarCross Ref
- D. Cash, S. Jarecki, C. S. Jutla, H. Krawczyk, M.-C. Rosu, and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In R. Canetti and J. A. Garay, editors, CRYPTO~2013, Part I, volume 8042 of LNCS, pages 353--373, Santa Barbara, CA, USA, Aug. 18--22, 2013. Springer, Berlin, Germany.Google Scholar
- CipherCloud. Cloud Data Encryption. http://www.ciphercloud.com/technologies/encryption/.Google Scholar
- R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. In A. Juels, R. N. Wright, and S. Vimercati, editors, ACM CCS 06, pages 79--88, Alexandria, Virginia, USA, Oct. 30~--~Nov. 3, 2006. ACM Press. Google ScholarDigital Library
- O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious RAMs. Journal of the ACM, 43(3):431--473, 1996. Google ScholarDigital Library
- W. He, D. Akhawe, S. Jain, E. Shi, and D. Song. Shadowcrypt: Encrypted web applications for everyone. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 1028--1039. ACM, 2014. Google ScholarDigital Library
- M. S. Islam, M. Kuzu, and M. Kantarcioglu. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In 19th Annual Network and Distributed System Security Symposium, NDSS 2012. The Internet Society, 2012.Google Scholar
- S. Kamara and C. Papamanthou. Parallel and dynamic searchable symmetric encryption. In A.-R. Sadeghi, editor, FC 2013, volume 7859 of LNCS, pages 258--274, Okinawa, Japan, Apr. 1--5, 2013. Springer, Berlin, Germany.Google ScholarCross Ref
- S. Kamara, C. Papamanthou, and T. Roeder. Dynamic searchable symmetric encryption. In T. Yu, G. Danezis, and V. D. Gligor, editors, ACM CCS 12, pages 965--976, Raleigh, NC, USA, Oct. 16--18, 2012. ACM Press. Google ScholarDigital Library
- K. Kurosawa. Garbled searchable symmetric encryption. In N. Christin and R. Safavi-Naini, editors, FC 2014, volume 8437 of LNCS, pages 234--251, Christ Church, Barbados, Mar. 3--7, 2014. Springer, Berlin, Germany.Google Scholar
- K. Kurosawa and Y. Ohtaki. How to update documents verifiably in searchable symmetric encryption. In M. Abdalla, C. Nita-Rotaru, and R. Dahab, editors, CANS 13, volume 8257 of LNCS, pages 309--328, Paraty, Brazil, Nov. 20--22, 2013. Springer, Berlin, Germany. Google ScholarDigital Library
- B. Lau, S. Chung, C. Song, Y. Jang, W. Lee, and A. Boldyreva. Mimesis aegis: A mimicry privacy shield--a systems approach to data privacy on public cloud. In Proceedings of the 23rd USENIX conference on Security Symposium, pages 33--48. USENIX Association, 2014. Google ScholarDigital Library
- M. Naveed, M. Prabhakaran, and C. A. Gunter. Dynamic searchable encryption via blind storage. In 2014 IEEE Symposium on Security and Privacy, pages 639--654, Berkeley, California, USA, May~18--21, 2014. IEEE Computer Society Press. Google ScholarDigital Library
- W. Ogata, K. Koiwa, A. Kanaoka, and S. Matsuo. Toward practical searchable symmetric encryption. In K. Sakiyama and M. Terada, editors, IWSEC 13, volume 8231 of LNCS, pages 151--167, Okinawa, Japan, 2013. Springer, Berlin, Germany.Google Scholar
- I. Skyhigh~Networks. Skyhigh for Salesforce. https://www.skyhighnetworks.com/product/salesforce-encryption/.Google Scholar
- D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In 2000 IEEE Symposium on Security and Privacy, Berkeley, California, USA, May 14--17, 2000, pages 44--55. IEEE Computer Society, 2000. Google ScholarDigital Library
- D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In 2000 IEEE Symposium on Security and Privacy, pages 44--55, Oakland, California, USA, May 2000. IEEE Computer Society Press. Google ScholarDigital Library
- E. Stefanov, C. Papamanthou, and E. Shi. Practical dynamic searchable encryption with small leakage. In NDSS~2014, San Diego, California, USA, Feb. 23--26, 2014. The Internet Society.Google ScholarCross Ref
Index Terms
Leakage-Abuse Attacks Against Searchable Encryption
Recommendations
Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester
Advanced Computer Mathematics based Cryptography and Security TechnologiesThe first searchable public key encryption scheme with designated testers dPEKS known to be secure against keyword guessing attacks was due to Rhee et al. [H.S. Rhee, W. Susilo, and H.J. Kim, Secure searchable public key encryption scheme against ...
Towards asymmetric searchable encryption with message recovery and flexible search authorization
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications securityWhen outsourcing data to third-party servers, searchable encryption is an important enabling technique which simultaneously allows the data owner to keep his data in encrypted form and the third-party servers to search in the ciphertexts. Motivated by ...
Mis-operation Resistant Searchable Homomorphic Encryption
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityLet us consider a scenario that a data holder (e.g., a hospital) encrypts a data (e.g., a medical record) which relates a keyword (e.g., a disease name), and sends its ciphertext to a server. We here suppose not only the data but also the keyword should ...
Comments