ShieldDB: An Encrypted Document Database With Padding Countermeasures

The security of our data stores is underestimated in current practice, which resulted in many large-scale data breaches. To change the status quo, this paper presents the design of ShieldDB, an encrypted document database. ShieldDB adapts the searchable encryption technique to preserve the search functionality over encrypted documents without having much impact on its scalability. However, merely realising such a theoretical primitive suffers from real-world threats, where a knowledgeable adversary can exploit the leakage (aka access pattern to the database) to break the claimed protection on data confidentiality. To address this challenge in practical deployment, ShieldDB is designed with tailored padding countermeasures. Unlike prior works, we target a more realistic adversarial model, where the database gets updated continuously, and the adversary can monitor it at an (or multiple) arbitrary time interval(s). ShieldDB's padding strategies ensure that the access pattern to the database is obfuscated all the time. Additionally, ShieldDB provides other advanced features, including forward privacy, re-encryption, and flushing, to further improve its security and efficiency. We present a full-fledged implementation of ShieldDB and conduct intensive evaluations on Azure Cloud.

[1]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[2]  Joseph K. Liu,et al.  Towards Efficient Verifiable Conjunctive Keyword Search for Large Encrypted Database , 2018, ESORICS.

[3]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[4]  Matei Zaharia,et al.  ObliDB: Oblivious Query Processing using Hardware Enclaves , 2017 .

[5]  Witold Pedrycz,et al.  NewMCOS: Towards a Practical Multi-Cloud Oblivious Storage Scheme , 2020, IEEE Transactions on Knowledge and Data Engineering.

[6]  Muhammad Naveed,et al.  The Fallacy of Composition of Oblivious RAM and Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[7]  Woo-Hwan Kim,et al.  Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates , 2017, CCS.

[8]  Yu Zhang,et al.  Streaming k-Means Clustering with Fast Queries , 2017, 2017 IEEE 33rd International Conference on Data Engineering (ICDE).

[9]  Ken Eguro,et al.  Azure SQL Database Always Encrypted , 2020, SIGMOD Conference.

[10]  Dongxi Liu,et al.  Result Pattern Hiding Searchable Encryption for Conjunctive Queries , 2018, CCS.

[11]  Seny Kamara,et al.  Computationally Volume-Hiding Structured Encryption , 2019, EUROCRYPT.

[12]  Yu Guo,et al.  EncKV: An Encrypted Key-value Store with Rich Queries , 2017, AsiaCCS.

[13]  Dawu Gu,et al.  Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy , 2021, NDSS.

[14]  George Kollios,et al.  Top-k Query Processing on Encrypted Databases with Strong Security Guarantees , 2015, 2018 IEEE 34th International Conference on Data Engineering (ICDE).

[15]  Hugo Krawczyk,et al.  Outsourced symmetric private information retrieval , 2013, IACR Cryptol. ePrint Arch..

[16]  Melissa Chase,et al.  Structured Encryption and Controlled Disclosure , 2010, IACR Cryptol. ePrint Arch..

[17]  Raphael Bost,et al.  ∑oφoς: Forward Secure Searchable Encryption , 2016, CCS.

[18]  Changyu Dong,et al.  Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency , 2017, IEEE Transactions on Dependable and Secure Computing.

[19]  Raphael Bost,et al.  Sophos - Forward Secure Searchable Encryption , 2016, IACR Cryptol. ePrint Arch..

[20]  Vitaly Shmatikov,et al.  The Tao of Inference in Privacy-Protected Databases , 2018, Proc. VLDB Endow..

[21]  Seny Kamara,et al.  Revisiting Leakage Abuse Attacks , 2019, IACR Cryptol. ePrint Arch..

[22]  Tsz Hon Yuen,et al.  An Efficient Non-interactive Multi-client Searchable Encryption with Support for Boolean Queries , 2016, ESORICS.

[23]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[24]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[25]  Seny Kamara,et al.  Boolean Searchable Symmetric Encryption with Worst-Case Sub-linear Complexity , 2017, EUROCRYPT.

[26]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[27]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[28]  Lei Zou,et al.  Privacy Preserving Subgraph Matching on Large Graphs in Cloud , 2016, SIGMOD Conference.

[29]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[30]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[31]  Cong Wang,et al.  Hardening Database Padding for Searchable Encryption , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[32]  João Gama,et al.  Machine learning for streaming data: state of the art, challenges, and opportunities , 2019, SKDD.

[33]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[34]  Christopher J. Novak,et al.  2009 Data Breach Investigations Report , 2009 .

[35]  Brice Minaud,et al.  Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives , 2017, CCS.

[36]  Ron Steinfeld,et al.  Practical Backward-Secure Searchable Encryption from Symmetric Puncturable Encryption , 2018, CCS.

[37]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[38]  Rishabh Poddar,et al.  Oblix: An Efficient Oblivious Search Index , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[39]  Moti Yung,et al.  Mitigating Leakage in Secure Cloud-Hosted Data Structures: Volume-Hiding for Multi-Maps via Hashing , 2019, CCS.

[40]  Vitaly Shmatikov,et al.  Why Your Encrypted Database Is Not Secure , 2017, HotOS.

[41]  Rishabh Poddar,et al.  Arx: A Strongly Encrypted Database System , 2016, IACR Cryptol. ePrint Arch..

[42]  Angelos D. Keromytis,et al.  Blind Seer: A Scalable Private DBMS , 2014, 2014 IEEE Symposium on Security and Privacy.

[43]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[44]  Andreas Haeberlen,et al.  Big Data Analytics over Encrypted Datasets with Seabed , 2016, OSDI.

[45]  Alptekin Küpçü,et al.  Efficient Dynamic Searchable Encryption with Forward Privacy , 2017, Proc. Priv. Enhancing Technol..

[46]  Jinjun Chen,et al.  Authorized Public Auditing of Dynamic Big Data Storage on Cloud with Efficient Verifiable Fine-Grained Updates , 2014, IEEE Transactions on Parallel and Distributed Systems.

[47]  Joseph K. Liu,et al.  Accelerating Forward and Backward Private Searchable Encryption Using Trusted Execution , 2020, ACNS.

[48]  Jianliang Xu,et al.  vABS: Towards Verifiable Attribute-Based Search Over Shared Cloud Data , 2019, 2019 IEEE 35th International Conference on Data Engineering (ICDE).

[49]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[50]  David Pointcheval,et al.  Verifiable Dynamic Symmetric Searchable Encryption: Optimality and Forward Security , 2016, IACR Cryptol. ePrint Arch..

[51]  Pierre-Alain Fouque,et al.  Thwarting Leakage Abuse Attacks against Searchable Encryption - A Formal Approach and Applications to Database Padding , 2017, IACR Cryptol. ePrint Arch..

[52]  Elisa Bertino,et al.  An Anomaly Detection System for the Protection of Relational Database Systems against Data Leakage by Application Programs , 2020, 2020 IEEE 36th International Conference on Data Engineering (ICDE).

[53]  Surya Nepal,et al.  Towards Efficient and Strong Backward Private Searchable Encryption with Secure Enclaves , 2021, ACNS.

[54]  Kimberly Keeton,et al.  Order-Preserving Key Compression for In-Memory Search Trees , 2020, SIGMOD Conference.

[55]  Elisa Bertino,et al.  Practical Approximate k Nearest Neighbor Queries with Location and Query Privacy , 2016, IEEE Transactions on Knowledge and Data Engineering.

[56]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[57]  Zhiyi Zhang,et al.  Statistical Implications of Turing's Formula , 2016 .

[58]  Rui Li,et al.  SecEQP: A Secure and Efficient Scheme for SkNN Query Problem Over Encrypted Geodata on Cloud , 2019, 2019 IEEE 35th International Conference on Data Engineering (ICDE).