14,183 research outputs found
Full Database Reconstruction with Access and Search Pattern Leakage
The widespread use of cloud computing has enabled several database
providers to store their data on servers in the cloud and answer
queries from those servers. In order to protect the confidentiality
of data in the cloud, a database can be stored in
encrypted form and all queries can be executed on the
encrypted database. Recent research results suggest that a curious cloud provider may be able to decrypt some of the items in the database after seeing a large number of queries and their (encrypted) results.
In this paper, we focus on one-dimensional databases that support range queries and develop an attack that can achieve full database reconstruction, inferring the exact value of every element in the database.
We consider an encrypted database whose records have values from a given universe of consecutive integers.Our attack assumes access pattern and search pattern leakage. It succeeds after the attacker has seen each of the possible query results at least once, independent of their distribution.
If we assume that the client issues queries uniformly at random,
we can decrypt the entire database with high probability after observing
queries
Reconstructing with Less: Leakage Abuse Attacks in Two-Dimensions
Access and search pattern leakage from range queries are detrimental to the security of encrypted databases, as evidenced by a large body of work on efficient attacks that reconstruct one-dimensional databases. Recently, the first attack from 2D range queries showed that higher-dimensional databases are also in danger. This attack requires complete information for reconstruction. In this paper, we develop reconstructions that require less information. We present an order reconstruction attack that only depends on access pattern leakage, and empirically show that the order allows the attacker to infer the geometry of the underlying data. Notably, this attack also achieves full database reconstruction when the 1D horizontal and vertical projections of the points are dense.
We also give an approximate database reconstruction attack that is distribution-agnostic and works with any subset of the possible search pattern, given the order of the database. Finally, we show how knowledge of auxiliary information such as the centroid of a related dataset allows to improve the reconstruction. We support our results with formal analysis and experiments on real-world databases and queries drawn from various distributions
Privacy-Preserving Identification via Layered Sparse Code Design: Distributed Servers and Multiple Access Authorization
We propose a new computationally efficient privacy-preserving identification
framework based on layered sparse coding. The key idea of the proposed
framework is a sparsifying transform learning with ambiguization, which
consists of a trained linear map, a component-wise nonlinearity and a privacy
amplification. We introduce a practical identification framework, which
consists of two phases: public and private identification. The public untrusted
server provides the fast search service based on the sparse privacy protected
codebook stored at its side. The private trusted server or the local client
application performs the refined accurate similarity search using the results
of the public search and the layered sparse codebooks stored at its side. The
private search is performed in the decoded domain and also the accuracy of
private search is chosen based on the authorization level of the client. The
efficiency of the proposed method is in computational complexity of encoding,
decoding, "encryption" (ambiguization) and "decryption" (purification) as well
as storage complexity of the codebooks.Comment: EUSIPCO 201
Exploring Differential Obliviousness
In a recent paper, Chan et al. [SODA \u2719] proposed a relaxation of the notion of (full) memory obliviousness, which was introduced by Goldreich and Ostrovsky [J. ACM \u2796] and extensively researched by cryptographers. The new notion, differential obliviousness, requires that any two neighboring inputs exhibit similar memory access patterns, where the similarity requirement is that of differential privacy. Chan et al. demonstrated that differential obliviousness allows achieving improved efficiency for several algorithmic tasks, including sorting, merging of sorted lists, and range query data structures.
In this work, we continue the exploration of differential obliviousness, focusing on algorithms that do not necessarily examine all their input. This choice is motivated by the fact that the existence of logarithmic overhead ORAM protocols implies that differential obliviousness can yield at most a logarithmic improvement in efficiency for computations that need to examine all their input. In particular, we explore property testing, where we show that differential obliviousness yields an almost linear improvement in overhead in the dense graph model, and at most quadratic improvement in the bounded degree model. We also explore tasks where a non-oblivious algorithm would need to explore different portions of the input, where the latter would depend on the input itself, and where we show that such a behavior can be maintained under differential obliviousness, but not under full obliviousness. Our examples suggest that there would be benefits in further exploring which class of computational tasks are amenable to differential obliviousness
Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage
We analyse the security of database encryption schemes supporting range queries against persistent adversaries. The bulk of our work applies to a generic setting, where the adversary's view is limited to the set of records matched by each query (known as access pattern leakage). We also consider a more specific setting where certain rank information is also leaked. The latter is inherent to multiple recent encryption schemes supporting range queries, including Kerschbaum's FH-OPE scheme (CCS 2015), Lewi and Wu's order-revealing encryption scheme (CCS 2016), and the recently proposed Arx scheme of Poddar et al. (IACR eprint 2016/568, 2016/591). We provide three attacks.
First, we consider full reconstruction, which aims to recover the value of every record, fully negating encryption. We show that for dense datasets, full reconstruction is possible within an expected number of queries NlogN+O(N)NlogâĄN+O(N), where NN is the number of distinct plaintext values. This directly improves on a O(N2logN)O(N2logâĄN) bound in the same setting by Kellaris et al. (CCS 2016). We also provide very efficient, data-optimal algorithms that succeed with the minimum possible number of queries (in a strong, information theoretical sense), and prove a matching data lower bound for the number of queries required.
Second, we present an approximate reconstruction attack recovering all plaintext values in a dense dataset within a constant ratio of error (such as a 5% error), requiring the access pattern leakage of only O(N)O(N) queries. We also prove a matching lower bound.
Third, we devise an attack in the common setting where the adversary has access to an auxiliary distribution for the target dataset. This third attack proves highly effective on age data from real-world medical data sets. In our experiments, observing only 25 queries was sufficient to reconstruct a majority of records to within 5 years.
In combination, our attacks show that current approaches to enabling range queries offer little security when the threat model goes beyond snapshot attacks to include a persistent server-side adversary
Recommended from our members
TAO Conceptual Design Report: A Precision Measurement of the Reactor Antineutrino Spectrum with Sub-percent Energy Resolution
The Taishan Antineutrino Observatory (TAO, also known as JUNO-TAO) is a
satellite experiment of the Jiangmen Underground Neutrino Observatory (JUNO). A
ton-level liquid scintillator detector will be placed at about 30 m from a core
of the Taishan Nuclear Power Plant. The reactor antineutrino spectrum will be
measured with sub-percent energy resolution, to provide a reference spectrum
for future reactor neutrino experiments, and to provide a benchmark measurement
to test nuclear databases. A spherical acrylic vessel containing 2.8 ton
gadolinium-doped liquid scintillator will be viewed by 10 m^2 Silicon
Photomultipliers (SiPMs) of >50% photon detection efficiency with almost full
coverage. The photoelectron yield is about 4500 per MeV, an order higher than
any existing large-scale liquid scintillator detectors. The detector operates
at -50 degree C to lower the dark noise of SiPMs to an acceptable level. The
detector will measure about 2000 reactor antineutrinos per day, and is designed
to be well shielded from cosmogenic backgrounds and ambient radioactivities to
have about 10% background-to-signal ratio. The experiment is expected to start
operation in 2022
- âŠ