Revisiting Leakage Abuse Attacks

Blackstone, Laura; Kamara, Seny; Moataz, Tarik

doi:10.14722/ndss.2020.23103

Cited by 66 publications

(97 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Those attacks aim to improve plaintext recovery rate without pre-fixed query distribution. There are also recent attacks that purely exploit size pattern leakage [21], [22], [23], [24], [25]. In summary, forward and backward private SSE schemes are still vulnerable to many leakage-abuse attacks.…”

Section: Leakages and Attacks Of Dssementioning

confidence: 99%

“…The situation has changed recently as several new leakage-abuse attacks were proposed. In particular, Blackstone et al [21] proposed attacks that rely on much weaker assumptions by only exploiting document size information, which can be applied not only to SSE with standard leakage but also to ORAM. Similarly, several attacks [22], [23], [24], [25] to encrypted database that only exploit size pattern leakage were also proposed.…”

Section: Ignored Size Pattern Leakagementioning

confidence: 99%

See 1 more Smart Citation

Eurus: Towards an Efficient Searchable Symmetric Encryption With Size Pattern Protection

Liu

Huang

Song

et al. 2022

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

To achieve efficiently search and update on outsourced encrypted data, dynamic searchable symmetric encryption (DSSE) was proposed by just leaking some well-defined leakages. Though small, many recent works show that an attacker can exploit these leakages to undermine the security of existing DSSE schemes. In particular, an attacker can exploit even seemingly harmless size pattern to perform severe attacks. Many exiting schemes resort to oblivious RAM (ORAM) to hide search/access pattern; however, even such powerful cryptographic primitive cannot protect size pattern leakage. In this paper, we first show that size pattern can lead to more information leakages, which is not well studied or protected by existing schemes. We then extend the existing privacy notion for DSSE to capture the size pattern leakage, achieving a strong forward and backward privacy definition. Following the definition, we propose a new DSSE scheme Eurus. Eurus can eliminate search/access pattern by relying on a multi-server ORAM scheme, meanwhile reducing size pattern with reasonable efficiency. We show that Eurus can reduce leakage significantly with better efficiency, compared with state-of-the-art leakage reduction schemes.

show abstract

Section: Leakages and Attacks Of Dssementioning

confidence: 99%

Section: Ignored Size Pattern Leakagementioning

confidence: 99%

Eurus: Towards an Efficient Searchable Symmetric Encryption With Size Pattern Protection

Liu

Huang

Song

et al. 2022

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…Building the search index following (6) ensures that the only root in common between polynomials generated for different document is (w -1 ||0||0), which is only used for padding and never queried. This means that a token can only trigger at most one match.…”

Section: B Polynomial Generation (Genpoly)mentioning

confidence: 99%

“…The function genPoly takes as input a document D[i] and its label i, generates a polynomial based on its keywords as detailed in (6), and returns the vector of polynomial coefficients v i (which is straightforward to compute from the roots). Since we have S max + 1 roots, the vector of polynomial coefficients will be of size S max + 2.…”

Section: B Polynomial Generation (Genpoly)mentioning

confidence: 99%

“…The explanation for this high protection despite low differential privacy guarantees is that differential privacy assumes a worst-case scenario where the adversary either knows every single entry in the dataset except for one, or knows all of the user queries but one. Assuming this strong adversary is unrealistic in most cases and, besides that, there exist practical attacks [6], [8], [20], [27], [31] that do not require an adversary this powerful.…”

Section: B Comparison Of Differential Privacy Guarantees In Ssementioning

confidence: 99%

See 1 more Smart Citation

Obfuscated Access and Search Patterns in Searchable Encryption

Shang

Oya

Andreas

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Even though the content of the queries and the documents are encrypted, during this interaction the server learns which documents are accessed, i.e., the access pattern, and which queries are equal, i.e., the search pattern. Most existing SSE schemes [7], [9], [12], [21]-[23], [33] allow such leakage for performance considerations. However, recent studies [8], [20], [39] demonstrated that, with some prior knowledge of the outsourced database or a subset of the queries, an honest-butcurious server can recover the underlying keywords of queries with high accuracy, which violates the client's privacy. There are different techniques that allow enhancing the privacy properties of SSE schemes, but they incur an utility cost which is typically a combination of communication overhead, extra computational complexity, and local client storage requirements. Certain schemes, like those based on Oblivious RAM (ORAM) [19] or Private Information Retrieval (PIR) [11], can fully hide the access pattern when reading a document from a database. However, they incur a large communication and computation overhead, respectively, and are not specifically designed towards securely searching over an encrypted database (except for TWORAM [17]). A recent framework by Chen et al. [10] protects access-pattern leakage in SSE by obfuscating the index of the database before outsourcing it. This way, the server only learns obfuscated access patterns, making it harder to successfully carry out attacks on the client's privacy from such leakage. However, despite its efficiency, this framework cannot hide search patterns since the access pattern for each keyword is determined after outsourcing. This search pattern leakage allows different practical attacks [20], [27], [31] to perform remakably well regardless of the access pattern obfuscation (see Sect. IX). Motivated by this vulnerability of Chen et al.'s scheme [10], in this work we propose OSSE (Obfuscated SSE), a new SSE scheme that protects both the access and search patterns. The main idea behind OSSE is that it produces a fresh obfuscation per query, instead of just once when outsourcing the database, thus making it hard for the server to decide whether or not two queries are for the same keyword. Our scheme allows to perform queries on the encrypted database and receive the matched documents in the same communication round (TWORAM requires at least four rounds [17]). Under some reasonable assumptions on the query and database distribution, OSSE achieves a lower communication overhead than TWORAM (e.g., only a small constant when the keyword distribution is uniform). Our scheme relies on computationheavy cryptographic techniques and thus its computational cost is considerable (e.g., it can require 30 minutes to run a query Abstract-Searchable Symmetric Encryption (SSE) allows a data owner to securely outsource its encrypted data to a cloud server while maintaining the ability to search over it and retrieve matched documents. Most existing SSE schemes leak which documents are accessed per query...

show abstract

Encrypted Key-Value Stores

Agarwal

Kamara

2020

Progress in Cryptology – INDOCRYPT 2020

View full text Add to dashboard Cite

Revisiting Leakage Abuse Attacks

Cited by 66 publications

References 49 publications

Eurus: Towards an Efficient Searchable Symmetric Encryption With Size Pattern Protection

Eurus: Towards an Efficient Searchable Symmetric Encryption With Size Pattern Protection

Obfuscated Access and Search Patterns in Searchable Encryption

Encrypted Key-Value Stores

Contact Info

Product

Resources

About