Abstract
Searchable Encryption (SE) is a technique that allows Cloud Service Providers to search over encrypted datasets without learning the content of queries and records. In recent years, many SE schemes have been proposed to protect outsourced data. However, most of them leak sensitive information, from which attackers could still infer the content of queries and records by mounting leakage-based inference attacks, such as the count attack and file-injection attack.
In this work, first we define the leakage in searchable encrypted databases and analyse how the leakage is leveraged in existing leakage-based attacks. Second, we propose a <underline>P</underline>rivacy-preserving <underline>M</underline>ulti-<underline>c</underline>loud based dynamic symmetric SE scheme for relational <underline>D</underline>ata<underline>b</underline>ase (P-McDb). P-McDb has minimal leakage, which not only ensures confidentiality of queries and records but also protects the search, intersection, and size patterns. Moreover, P-McDb ensures both forward and backward privacy of the database. Thus, P-McDb could resist existing leakage-based attacks, e.g., active file/record-injection attacks. We give security definition and analysis to show how P-McDb hides the aforementioned patterns. Finally, we implemented a prototype of P-McDb and tested it using the TPC-H benchmark dataset. Our evaluation results show that users can get the required records in 2.16 s when searching over 4.1 million records.
- Mohamed Ahmed Abdelraheem, Tobias Andersson, and Christian Gehrmann. 2017. Inference and record-injection attacks on searchable encrypted relational databases. IACR Cryptol. ePrint Arch. (2017), 24.Google Scholar
- Mohamed Ahmed Abdelraheem, Tobias Andersson, and Christian Gehrmann. 2017. Searchable encrypted relational databases: Risks and countermeasures. In Data Privacy Management, Cryptocurrencies and Blockchain Technology. Springer, 70--85.Google Scholar
- Ghous Amjad, Seny Kamara, and Tarik Moataz. 2019. Forward and backward private searchable encryption with SGX. In EuroSec 2019. ACM, 4:1--4:6.Google Scholar
- Arvind Arasu, Spyros Blanas, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, and Ramarathnam Venkatesan. 2013. Orthogonal security with cipherbase. In CIDR.Google Scholar
- Muhammad Rizwan Asghar. 2013. Privacy Preserving Enforcement of Sensitive Policies in Outsourced and Distributed Environments. Ph.D. Dissertation. University of Trento.Google Scholar
- Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo. 2013. : Enforcing security policies in outsourced environments. Comput. Secur. (2013), 2--24.Google Scholar
- Muhammad Rizwan Asghar, Giovanni Russello, Bruno Crispo, and Mihaela Ion. 2013. Supporting complex queries and access policies for multi-user encrypted databases. In CCSW 2013. ACM, 77--88.Google Scholar
Digital Library
- Vincent Bindschaedler, Paul Grubbs, David Cash, Thomas Ristenpart, and Vitaly Shmatikov. 2018. The Tao of inference in privacy-protected databases. Proc. VLDB 11, 11 (2018), 1715--1728.Google Scholar
Digital Library
- Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky, and Giuseppe Persiano. 2004. Public key encryption with keyword search. In EUROCRYPT 2004. Springer, 506--522.Google Scholar
Cross Ref
- Christoph Bösch, Andreas Peter, Bram Leenders, Hoon Wei Lim, Qiang Tang, Huaxiong Wang, Pieter H. Hartel, and Willem Jonker. 2014. Distributed searchable symmetric encryption. In PST 2014. IEEE Computer Society, 330--337.Google Scholar
Cross Ref
- Raphael Bost. 2016. oo: Forward secure searchable encryption. In SIGSAC 2016. ACM, 1143--1154.Google Scholar
- Raphael Bost and Pierre-Alain Fouque. 2017. Thwarting leakage abuse attacks against searchable encryption - A formal approach and applications to database padding. IACR Cryptol. ePrint Arch. (2017), 1060.Google Scholar
- Raphael Bost, Pierre-Alain Fouque, and David Pointcheval. 2016. Verifiable dynamic symmetric searchable encryption: Optimality and forward security. IACR Cryptol. ePrint Arch. (2016), 62.Google Scholar
- Raphaël Bost, Brice Minaud, and Olga Ohrimenko. 2017. Forward and backward private searchable encryption from constrained cryptographic primitives. In CCS 2017. ACM, 1465--1482.Google Scholar
- Ning Cao, Cong Wang, Ming Li, Kui Ren, and Wenjing Lou. 2014. Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25, 1 (2014), 222--233.Google Scholar
Digital Library
- David Cash, Paul Grubbs, Jason Perry, and Thomas Ristenpart. 2015. Leakage-abuse attacks against searchable encryption. In SIGSAC 2015. ACM, 668--679.Google Scholar
Digital Library
- David Cash, Joseph Jaeger, Stanislaw Jarecki, Charanjit S. Jutla, Hugo Krawczyk, Marcel-Catalin Rosu, and Michael Steiner. 2014. Dynamic searchable encryption in very-large databases: Data structures and implementation. In NDSS 2014. The Internet Society.Google Scholar
Cross Ref
- Javad Ghareh Chamani, Dimitrios Papadopoulos, Charalampos Papamanthou, and Rasool Jalili. 2018. New constructions for forward and backward private symmetric searchable encryption. In CCS 2018. ACM, 1038--1055.Google Scholar
- Konstantinos Chatzikokolakis, Miguel E. Andrés, Nicolás Emilio Bordenabe, and Catuscia Palamidessi. 2013. Broadening the scope of differential privacy using metrics. In PETS 2013Lecture Notes in Computer Science, Vol. 7981. Springer, 82--102.Google Scholar
Cross Ref
- Guoxing Chen, Ten-Hwang Lai, Michael K. Reiter, and Yinqian Zhang. 2018. Differentially private access patterns for searchable symmetric encryption. In INFOCOM 2018. IEEE, 810--818.Google Scholar
Cross Ref
- Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. IACR Cryptol. ePrint Arch. 2016, 086 (2016), 1--118.Google Scholar
- Shujie Cui, Muhammad Rizwan Asghar, Steven D. Galbraith, and Giovanni Russello. 2017. P-McDb: Privacy-preserving search using multi-cloud encrypted databases. In CLOUD 2017. IEEE Computer Society, 334--341.Google Scholar
Cross Ref
- Reza Curtmola, Juan A. Garay, Seny Kamara, and Rafail Ostrovsky. 2006. Searchable symmetric encryption: Improved definitions and efficient constructions. In CCS 2006. ACM, 79--88.Google Scholar
- Ioannis Demertzis, Dimitrios Papadopoulos, Charalampos Papamanthou, and Saurabh Shintre. 2019. SEAL: Attack mitigation for encrypted databases via adjustable leakage. IACR Cryptol. ePrint Arch. 2019 (2019), 811.Google Scholar
- F. Betül Durak, Thomas M. DuBuisson, and David Cash. 2016. What else is revealed by order-revealing encryption? In SIGSAC 2016. ACM, 1155--1166.Google Scholar
Digital Library
- Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan. 2013. Trusted execution environments on mobile devices. In CCS 2013. 1497--1498.Google Scholar
- Enron Email. [n.d.]. Enron Email Dataset. Retrieved June 23, 2020 from http://www.enronemail.com.Google Scholar
- Ben A. Fisch, Binh Vo, Fernando Krell, Abishek Kumarasubramanian, Vladimir Kolesnikov, Tal Malkin, and Steven M. Bellovin. 2015. Malicious-client security in Blind Seer: A scalable private DBMS. In SP 2015. IEEE Computer Society, 395--410.Google Scholar
- Flexera. [n.d.]. Flexera 2020 State of the Cloud Report. Retrived June 23, 2020 from https://info.flexera.com/SLO-CM-REPORT-State-of-the-Cloud-2020.Google Scholar
- Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In STOC 2009. ACM, 169--178.Google Scholar
Digital Library
- Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. J. ACM (1996), 431--473.Google Scholar
- Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. 2018. Pump up the volume: Practical database reconstruction from volume leakage on range queries. In CCS 2018. ACM, 315--331.Google Scholar
- Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. 2019. Learning to reconstruct: Statistical learning theory and encrypted database attacks. In SP 2019. IEEE, 1067--1083.Google Scholar
- Paul Grubbs, Kevin Sekniqi, Vincent Bindschaedler, Muhammad Naveed, and Thomas Ristenpart. 2017. Leakage-abuse attacks against order-revealing encryption. In SP 2017. IEEE Computer Society, 655--672.Google Scholar
Cross Ref
- Haryadi S. Gunawi, Mingzhe Hao, Tanakorn Leesatapornwongsa, Tiratat Patana-anake, Thanh Do, Jeffry Adityatama, Kurnia J. Eliazar, Agung Laksono, Jeffrey F. Lukman, Vincentius Martin, and Anang D. Satria. 2014. What bugs live in the cloud? A study of 3000+ issues in cloud systems. In SoCC 2014. ACM, 7:1--7:14.Google Scholar
- Florian Hahn and Florian Kerschbaum. 2014. Searchable encryption with secure and efficient updates. In SIGSAC 2014. ACM, 310--320.Google Scholar
Digital Library
- Thang Hoang, Attila A. Yavuz, F. Betül Durak, and Jorge Guajardo. 2018. Oblivious dynamic searchable encryption on distributed cloud systems. In DBSec 2018, Lecture Notes in Computer Science, Vol. 10980. Springer, 113--130.Google Scholar
Cross Ref
- Thang Hoang, Attila Altay Yavuz, and Jorge Guajardo. 2016. Practical and secure dynamic searchable encryption via oblivious access on distributed data structure. In ACSAC 2016. ACM, 302--313.Google Scholar
Digital Library
- Yuval Ishai, Eyal Kushilevitz, Steve Lu, and Rafail Ostrovsky. 2016. Private large-scale databases with distributed searchable symmetric encryption. In CT-RSA 2016. Springer, 90--107.Google Scholar
Digital Library
- Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In NDSS 2012. The Internet Society.Google Scholar
- Seny Kamara, Charalampos Papamanthou, and Tom Roeder. 2012. Dynamic searchable symmetric encryption. In CCS 2012. ACM, 965--976.Google Scholar
- Georgios Kellaris, George Kollios, Kobbi Nissim, and Adam O’Neill. 2016. Generic attacks on secure outsourced databases. In SIGSAC 2016. ACM, 1329--1340.Google Scholar
Digital Library
- Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, and Woo-Hwan Kim. 2017. Forward secure dynamic searchable symmetric encryption with efficient updates. In CCS 2017. ACM, 1449--1463.Google Scholar
- Scott Kirkpatrick, D. Gelatt Jr., and Mario P. Vecchi. 1983. Optimization by simmulated annealing. Science 220, 4598 (1983), 671--680.Google Scholar
- Evgenios M. Kornaropoulos, Charalampos Papamanthou, and Roberto Tamassia. 2019. Data recovery on encrypted databases with k-nearest neighbor query leakage. In SP 2019. IEEE, 1033--1050.Google Scholar
Cross Ref
- Evgenios M. Kornaropoulos, Charalampos Papamanthou, and Roberto Tamassia. 2019. The state of the uniform: Attacks on encrypted databases beyond the uniform query distribution. IACR Cryptol. ePrint Arch. (2019), 441.Google Scholar
- Kaoru Kurosawa and Yasuhiro Ohtaki. 2013. How to update documents verifiably in searchable symmetric encryption. In CANS 2013, Lecture Notes in Computer Science, Vol. 8257. Springer, 309--328.Google Scholar
Digital Library
- Mehmet Kuzu, Mohammad Saiful Islam, and Murat Kantarcioglu. 2015. Distributed search over encrypted big data. In CODASPY 2015. ACM, 271--278.Google Scholar
Digital Library
- Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. 2018. Improved reconstruction attacks on encrypted data using range query leakage. In SP 2018. IEEE Computer Society, 297--314.Google Scholar
- Jin Li, Yanyu Huang, Yu Wei, Siyi Lv, Zheli Liu, Changyu Dong, and Wenjing Lou. 2019. Searchable symmetric encryption with forward search privacy. IEEE Trans. Depend. Sec. Comput. (2019).Google Scholar
Digital Library
- Evangelia Anna Markatou and Roberto Tamassia. 2019. Full database reconstruction with access and search pattern leakage. In ISC 2019, Lecture Notes in Computer Science, Vol. 11723. Springer, 25--43.Google Scholar
Cross Ref
- Muhammad Naveed, Seny Kamara, and Charles V. Wright. 2015. Inference attacks on property-preserving encrypted databases. In SIGSAC 2015. ACM, 644--655.Google Scholar
- Muhammad Naveed, Manoj Prabhakaran, and Carl A. Gunter. 2014. Dynamic searchable encryption via blind storage. In SP 2014. IEEE Computer Society, 639--654.Google Scholar
- Cengiz Örencik, Ayse Selcuk, Erkay Savas, and Murat Kantarcioglu. 2016. Multi-keyword search over encrypted data with scoring and search pattern obfuscation. Int. J. Inf. Sec. 15, 3 (2016), 251--269.Google Scholar
Digital Library
- Pascal Paillier. 1999. Public-key cryptosystems based on composite degree residuosity classes. In EUROCRYPT 1999. Springer, 223--238.Google Scholar
Digital Library
- Antonis Papadimitriou, Ranjita Bhagwan, Nishanth Chandran, Ramachandran Ramjee, Andreas Haeberlen, Harmeet Singh, Abhishek Modi, and Saikrishna Badrinarayanan. 2016. Big data analytics over encrypted datasets with Seabed. In OSDI 2016. USENIX Association.Google Scholar
- Vasilis Pappas, Fernando Krell, Binh Vo, Vladimir Kolesnikov, Tal Malkin, Seung Geol Choi, Wesley George, Angelos D. Keromytis, and Steve Bellovin. 2014. Blind Seer: A scalable private DBMS. In SP 2014. IEEE Computer Society, 359--374.Google Scholar
Digital Library
- Rishabh Poddar, Tobias Boelter, and Raluca Ada Popa. 2016. Arx: A strongly encrypted database system. IACR Cryptol. ePrint Arch. (2016), 591.Google Scholar
- Geong Sen Poh, Moesfa Soeheila Mohamad, and Ji-Jian Chin. 2018. Searchable symmetric encryption over multiple servers. Cryptogr. Commun. 10, 1 (2018), 139--158.Google Scholar
Digital Library
- Raluca A. Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2011. CryptDB: Protecting confidentiality with encrypted query processing. In SOSP 2011. ACM, 85--100.Google Scholar
Digital Library
- Panagiotis Rizomiliotis and Stefanos Gritzalis. 2015. ORAM based forward privacy preserving dynamic searchable symmetric encryption schemes. In CCSW 2015. ACM, 65--76.Google Scholar
Digital Library
- Bharath Kumar Samanthula, Wei Jiang, and Elisa Bertino. 2014. Privacy-preserving complex query evaluation over semantically secure encrypted data. In ESORICS 2014. Springer, 400--418.Google Scholar
Cross Ref
- Muhammad I. Sarfraz, Mohamed Nabeel, Jianneng Cao, and Elisa Bertino. 2015. DBMask: Fine-grained access control on encrypted relational databases. In CODASPY 2015. ACM, 1--11.Google Scholar
Digital Library
- Dawn Xiaodong Song, David Wagner, and Adrian Perrig. 2000. Practical techniques for searches on encrypted data. In S&P 2000. IEEE Computer Society, 44--55.Google Scholar
Digital Library
- Xiangfu Song, Changyu Dong, Dandan Yuan, Qiuliang Xu, and Minghao Zhao. 2018. Forward private searchable symmetric encryption with optimized I/O efficiency. IACR Cryptol. ePrint Arch. 2018 (2018), 497.Google Scholar
- Emil Stefanov, Charalampos Papamanthou, and Elaine Shi. 2014. Practical dynamic searchable encryption with small leakage. In NDSS 2013. 72--75.Google Scholar
Cross Ref
- Emil Stefanov and Elaine Shi. 2013. Multi-cloud oblivious storage. In SIGSAC 2013. ACM, 247--258.Google Scholar
Digital Library
- Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher W. Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: An extremely simple oblivious RAM protocol. In SIGSAC 2013. ACM, 299--310.Google Scholar
Digital Library
- Shifeng Sun, Xingliang Yuan, Joseph K. Liu, Ron Steinfeld, Amin Sakzad, Viet Vo, and Surya Nepal. 2018. Practical backward-secure searchable encryption from symmetric puncturable encryption. In CCS 2018. ACM, 763--780.Google Scholar
- Tech Republic. 2014. Dropbox and Box Leak Files in Security through Obscurity Nightmare. Retrieved June 23, 2020 from https://www.techrepublic.com/article/dropbox-and-box-leak-files-in-security-through-obscurity-nightmare.Google Scholar
- TPC. [n.d.]. TPC-H. Retrieved June 23, 2020 from http://www.tpc.org/tpch.Google Scholar
- Stephen Tu, M. Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich. 2013. Processing analytical queries over encrypted data. Proc. VLDB (2013), 289--300.Google Scholar
Digital Library
- Verrizon. 2020. 2020 Data Breach Investigations Report. Retrieved June 23, 2020 from https://enterprise.verizon.com/resources/reports/dbir.Google Scholar
- Bing Wang, Wei Song, Wenjing Lou, and Y. Thomas Hou. 2015. Inverted index based multi-keyword public-key searchable encryption with strong privacy guarantee. In INFOCOM 2015. IEEE, 2092--2100.Google Scholar
- Jiafan Wang and Sherman S. M. Chow. 2019. Forward and backward-secure range-searchable symmetric encryption. IACR Cryptol. ePrint Arch. 2019 (2019), 497.Google Scholar
- Liang Wang, Paul Grubbs, Jiahui Lu, Vincent Bindschaedler, David Cash, and Thomas Ristenpart. 2017. Side-channel attacks on shared search indexes. In SP 2017. IEEE Computer Society, 673--692.Google Scholar
Cross Ref
- Tianhao Wang and Yunlei Zhao. 2016. Secure dynamic SSE via access indistinguishable storage. In AsiaCCS 2016. ACM, 535--546.Google Scholar
Digital Library
- Yupeng Zhang, Jonathan Katz, and Charalampos Papamanthou. 2016. All your queries are belong to us: The power of file-injection attacks on searchable encryption. In USENIX Security 2016. USENIX Association, 707--720.Google Scholar
- Zhongjun Zhang, Jianfeng Wang, Yunling Wang, Yaping Su, and Xiaofeng Chen. 2019. Towards efficient verifiable forward secure searchable symmetric encryption. In ESORICS 2019Lecture Notes in Computer Science, Vol. 11736. Springer, 304--321.Google Scholar
Cross Ref
- Wenting Zheng, Ankur Dave, Jethro G. Beekman, Raluca Ada Popa, Joseph E. Gonzalez, and Ion Stoica. 2017. Opaque: An oblivious and encrypted distributed analytics platform. In USENIX 2017. USENIX Association, 283--298.Google Scholar
- Jie Zhu, Qi Li, Cong Wang, Xingliang Yuan, Qian Wang, and Kui Ren. 2018. Enabling generic, verifiable, and secure data search in cloud services. IEEE Trans. Parallel Distrib. Syst. 29, 8 (2018), 1721--1735.Google Scholar
Cross Ref
- Cong Zuo, Shifeng Sun, Joseph K. Liu, Jun Shao, and Josef Pieprzyk. 2018. Dynamic searchable symmetric encryption schemes supporting range queries with forward (and backward) security. In ESORICS 2018. Springer, 228--246.Google Scholar
Cross Ref
- Cong Zuo, Shifeng Sun, Joseph K. Liu, Jun Shao, and Josef Pieprzyk. 2019. Dynamic searchable symmetric encryption with forward and stronger backward privacy. In ESORICS 2019. Springer, 283--303.Google Scholar
Cross Ref
Index Terms
Privacy-preserving Dynamic Symmetric Searchable Encryption with Controllable Leakage
Recommendations
Research on Privacy Preserving of Searchable Encryption
HPCCT '18: Proceedings of the 2018 2nd High Performance Computing and Cluster Technologies ConferenceIn the cloud computing applications, the researchers proposed a new cryptographic primitive searchable encryption (SE) in order to ensure data security. Searchable encryption can make full use of cloud server computing capacity to search the ciphertext. ...
Symmetric Searchable Encryption for Database Applications
NBIS '11: Proceedings of the 2011 14th International Conference on Network-Based Information SystemsThis paper proposes an efficient symmetric searchable encryption to achieve indistinguishability of indexes and trapdoors. Previous symmetric searchable encryptions are either insecure because their trapdoor generation algorithms are not probabilistic ...
Dynamic Symmetric Searchable Encryption from Constrained Functional Encryption
Proceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 9610Searchable symmetric encryption allows a party to encrypt data while maintaining the ability to partially search for over it. We present a scheme that balances efficiency, privacy, and the set of admissible operations: Our scheme searches in time ...






Comments