46 research outputs found
Leakage-Abuse Attacks Against Forward and Backward Private Searchable Symmetric Encryption
Dynamic searchable symmetric encryption (DSSE) enables a server to
efficiently search and update over encrypted files. To minimize the leakage
during updates, a security notion named forward and backward privacy is
expected for newly proposed DSSE schemes. Those schemes are generally
constructed in a way to break the linkability across search and update queries
to a given keyword. However, it remains underexplored whether forward and
backward private DSSE is resilient against practical leakage-abuse attacks
(LAAs), where an attacker attempts to recover query keywords from the leakage
passively collected during queries.
In this paper, we aim to be the first to answer this question firmly through
two non-trivial efforts. First, we revisit the spectrum of forward and backward
private DSSE schemes over the past few years, and unveil some inherent
constructional limitations in most schemes. Those limitations allow attackers
to exploit query equality and establish a guaranteed linkage among different
(refreshed) query tokens surjective to a candidate keyword. Second, we refine
volumetric leakage profiles of updates and queries by associating each with a
specific operation. By further exploiting update volume and query response
volume, we demonstrate that all forward and backward private DSSE schemes can
leak the same volumetric information (e.g., insertion volume, deletion volume)
as those without such security guarantees. To testify our findings, we realize
two generic LAAs, i.e., frequency matching attack and volumetric inference
attack, and we evaluate them over various experimental settings in the dynamic
context. Finally, we call for new efficient schemes to protect query equality
and volumetric information across search and update queries.Comment: A short version of this paper has been accepted to the 30th ACM
Conference on Computer and Communications Security (CCS'23
Efficient Strong Privacy-Preserving Conjunctive Keyword Search Over Encrypted Cloud Data
Searchable symmetric encryption (SSE) supports keyword search over outsourced
symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a
variant of SSE, further enables data updating. Most DSSE works with conjunctive
keyword search primarily consider forward and backward privacy. Ideally, the
server should only learn the result sets involving all keywords in the
conjunction. However, existing schemes suffer from keyword pair result pattern
(KPRP) leakage, revealing the partial result sets containing two of query
keywords. We propose the first DSSE scheme to address aforementioned concerns
that achieves strong privacy-preserving conjunctive keyword search.
Specifically, our scheme can maintain forward and backward privacy and
eliminate KPRP leakage, offering a higher level of security. The search
complexity scales with the number of documents stored in the database in
several existing schemes. However, the complexity of our scheme scales with the
update frequency of the least frequent keyword in the conjunction, which is
much smaller than the size of the entire database. Besides, we devise a least
frequent keyword acquisition protocol to reduce frequent interactions between
clients. Finally, we analyze the security of our scheme and evaluate its
performance theoretically and experimentally. The results show that our scheme
has strong privacy preservation and efficiency
FSPVDsse: A Forward Secure Publicly Verifiable Dynamic SSE scheme
A symmetric searchable encryption (SSE) scheme allows a client (data owner)
to search on encrypted data outsourced to an untrusted cloud server. The search
may either be a single keyword search or a complex query search like
conjunctive or Boolean keyword search. Information leakage is quite high for
dynamic SSE, where data might be updated. It has been proven that to avoid this
information leakage an SSE scheme with dynamic data must be forward private. A
dynamic SSE scheme is said to be forward private, if adding a keyword-document
pair does not reveal any information about the previous search result with that
keyword.
In SSE setting, the data owner has very low computation and storage power. In
this setting, though some schemes achieve forward privacy with
honest-but-curious cloud, it becomes difficult to achieve forward privacy when
the server is malicious, meaning that it can alter the data. Verifiable dynamic
SSE requires the server to give a proof of the result of the search query. The
data owner can verify this proof efficiently. In this paper, we have proposed a
generic publicly verifiable dynamic SSE (DSSE) scheme that makes any forward
private DSSE scheme verifiable without losing forward privacy. The proposed
scheme does not require any extra storage at owner-side and requires minimal
computational cost as well for the owner. Moreover, we have compared our scheme
with the existing results and show that our scheme is practical.Comment: 17 pages, Published in ProvSec 201
Power Range: Forward Private Multi-Client Symmetric Searchable Encryption with Range Queries Support
Symmetric Searchable Encryption (SSE) is an encryption technique that allows users to search directly over their outsourced encrypted data while preserving the privacy of both the files and the queries. In this paper, we present Power Range -- a dynamic SSE scheme (DSSE) that supports range queries in the multi-client model. We prove that our construction captures the very crucial notion of forward privacy in the sense that additions and deletions of files do not reveal any information about the content of past queries. Finally, to deal with the problem of synchronization in the multi-client model, we exploit the functionality offered by Trusted Execution Environments and Intel's SGX
An In-Depth Analysis on Efficiency and Vulnerabilities on a Cloud-Based Searchable Symmetric Encryption Solution
Searchable Symmetric Encryption (SSE) has come to be as an integral cryptographic approach in a world where digital privacy is essential. The capacity to search through encrypted data whilst maintaining its integrity meets the most important demand for security and confidentiality in a society that is increasingly dependent on cloud-based services and data storage. SSE offers efficient processing of queries over encrypted datasets, allowing entities to comply with data privacy rules while preserving database usability. Our research goes into this need, concentrating on the development and thorough testing of an SSE system based on Curtmola’s architecture and employing Advanced Encryption Standard (AES) in Cypher Block Chaining (CBC) mode. A primary goal of the research is to conduct a thorough evaluation of the security and performance of the system. In order to assess search performance, a variety of database settings were extensively tested, and the system's security was tested by simulating intricate threat scenarios such as count attacks and leakage abuse. The efficiency of operation and cryptographic robustness of the SSE system are critically examined by these reviews
Dynamic Searchable Symmetric Encryption with Forward and Stronger Backward Privacy
Dynamic Searchable Symmetric Encryption (DSSE) enables a client to perform updates and searches on encrypted data which makes it very useful in practice. To protect DSSE from the leakage of updates (leading to break query or data privacy), two new security notions, forward and backward privacy, have been proposed recently. Although extensive attention has been paid to forward privacy, this is not the case for backward privacy. Backward privacy, first formally introduced by Bost et al., is classified into three types from weak to strong, exactly Type-III to Type-I. To the best of our knowledge, however, no practical DSSE schemes without trusted hardware (e.g. SGX) have been proposed so far, in terms of the strong backward privacy and constant roundtrips between the client and the server.
In this work, we present a new DSSE scheme by leveraging simple symmetric encryption with homomorphic addition and bitmap index. The new scheme can achieve both forward and backward privacy with one roundtrip. In particular, the backward privacy we achieve in our scheme (denoted by Type-I) is somewhat stronger than Type-I. Moreover, our scheme is very practical as it involves only lightweight cryptographic operations. To make it scalable for supporting billions of files, we further extend it to a multi-block setting. Finally, we give the corresponding security proofs and experimental evaluation which demonstrate both security and practicality of our schemes, respectively
Forward and Backward Private Dynamic Searchable Symmetric Encryption for Conjunctive Queries
Recent research in Dynamic Searchable Symmetric Encryption (DSSE) focuses on efficient search over encrypted data while allowing updates. Unfortunately, as demonstrated by many attacks, updates can be a source of information leakage that can compromise DSSE privacy. To mitigate these attacks, forward and backward privacy of DSSE schemes have been introduced. A concerted effort of the research community has resulted in the publication of many DSSE schemes. To the best of our knowledge, however, there is no DSSE scheme supporting conjunctive queries, which achieves both
forward and backward privacy.
We give two DSSE schemes with forward and backward privacy, which support conjunctive queries, and they are suitable for different applications. In particular, we first introduce a new data structure termed the extended bitmap index. Then we describe our forward and backward private DSSE schemes, which support conjunctive queries. Our security analysis proves the claimed privacy characteristics, and experiments show that our schemes are practical. Compared to the state-of-the-art DSSE VBTree supporting conjunctive queries (but not backward privacy), our schemes offer search time that is a few orders of magnitude faster. Besides, our schemes claim better security (called Type-C backward privacy)
Forward and Backward-Secure Range-Searchable Symmetric Encryption
Dynamic searchable symmetric encryption (DSSE) allows a client to search or update over an outsourced encrypted database. Range query is commonly needed (AsiaCrypt\u2718) but order-preserving encryption approach is vulnerable to reconstruction attacks (SP\u2717). Previous range-searchable schemes (SIGMOD\u2716, ESORICS\u2718) require an ad-hoc instance of encrypted database to store the updates and/or suffer from other shortcomings, some brought by the usage of asymmetric primitives.
In this paper, with our encrypted index which enables queries for a sequence of contiguous keywords, we propose a generic upgrade of any DSSE to support range query (a.k.a. range DSSE), and a concrete construction which provides a new trade-off of reducing the client storage to reclaim the benefits of outsourcing.
Our schemes achieve forward security, an important property which mitigates file injection attacks. We identify a variant of file injection attack against a recent solution (ESORICS\u2718). We also extend the definition of backward security to range DSSE and show our schemes are compatible with a generic transformation for achieving backward security (CCS\u2717).
We comprehensively analyze the computation and communication overheads including some parts which were ignored in previous schemes, e.g., index-related operations in the client side. Our experiments demonstrate the high efficiency of our schemes