论文信息 - Off-Line Keyword Guessing Attacks on Recent Keyword Search Schemes over Encrypted Data

Off-Line Keyword Guessing Attacks on Recent Keyword Search Schemes over Encrypted Data

A keyword search scheme over encrypted documents allows for remote keyword search of documents by a user in possession of a trapdoor (secret key). A data supplier first uploads encrypted documents on a storage system, and then a user of the storage system searches documents containing keywords while insider (such as administrators of the storage system) and outsider attackers do not learn anything else about the documents. In this paper, we firstly raise a serious vulnerability of recent keyword search schemes, which lies in the fact that keywords are chosen from much smaller space than passwords and users usually use well-known keywords for search of document. Hence this fact sufficiently gives rise to an off-line keyword guessing attack. Unfortunately, we observe that the recent public key-based keyword search schemes are susceptible to an off-line keyword guessing attack. We demonstrated that anyone (insider/outsider) can retrieve information of certain keyword from any captured query messages.

[1] Rafail Ostrovsky,et al. Universal service-providers for database private information retrieval (extended abstract) , 1998, PODC '98.

[2] Philip R. Zimmermann,et al. The official PGP user's guide , 1996 .

[3] Kihyun Kim,et al. Public Key Encryption with Conjunctive Field Keyword Search , 2004, WISA.

[4] Frederick C. Mish. Merriam Webster's Collegiate Dictionary , 1998 .

[5] Brent Waters,et al. Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[6] Michael Mitzenmacher,et al. Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[7] Mihir Bellare,et al. Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[8] Eyal Kushilevitz,et al. Private information retrieval , 1998, JACM.

[9] Mihir Bellare,et al. Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[10] Rafail Ostrovsky,et al. Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[11] Rafail Ostrovsky,et al. Private Searching on Streaming Data , 2005, CRYPTO.

[12] Kaoru Kurosawa,et al. Oblivious keyword search , 2004, J. Complex..

[13] Matthew K. Franklin,et al. Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[14] Dawn Xiaodong Song,et al. Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.