Improved File-injection Attacks on Searchable Encryption Using Finite Set Theory

Searchable encryption (SE) allows the cloud server to search over the encrypted data and leak information as little as possible. Most existing efficient SE schemes assume that the leakage of search pattern and access pattern is acceptable. A series of work was proposed, instructing malicious users to use this leakage to come up with attacks. Especially, with a devastating attack proposed by Zhang et al., the cloud server can reveal the keywords queried by normal users by using some injected files. From the method of constructing uniform $(k,n)$-set of a finite set $A$ proposed by Cao, we put forward a new file-injection attack. In our attack, the server needs fewer injected files than the previous attack when the size of $T$ is larger than 9 and the size of keyword set is larger than $2T$, where $T$ is the threshold of the number of keywords in each injected file. Our attack is more practical and easier to implement in the real scenario.

[1]  Cao Zhenfu Finite set theory and its application to cryptology , 1996 .

[2]  Yunlei Zhao,et al.  Order-Revealing Encryption: File-Injection Attack and Forward Security , 2021, Journal of Computer Science and Technology.

[3]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[4]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[5]  Xiaolei Dong,et al.  Improved Fault-Tolerant Aggregate Signatures , 2019, Comput. J..

[6]  Woo-Hwan Kim,et al.  Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates , 2017, CCS.

[7]  Elaine Shi,et al.  ShadowCrypt: Encrypted Web Applications for Everyone , 2014, CCS.

[8]  Ee-Chien Chang,et al.  Passive Attacks Against Searchable Encryption , 2019, IEEE Transactions on Information Forensics and Security.

[9]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[10]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[11]  Liehuang Zhu,et al.  Search pattern leakage in searchable encryption: Attacks and new construction , 2014, Inf. Sci..

[12]  Ioannis Demertzis,et al.  Searchable Encryption with Optimal Locality: Achieving Sublogarithmic Read Efficiency , 2018, IACR Cryptol. ePrint Arch..

[13]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[14]  Charalampos Papamanthou,et al.  Parallel and Dynamic Searchable Symmetric Encryption , 2013, Financial Cryptography.

[15]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[16]  Rasool Jalili,et al.  New Constructions for Forward and Backward Private Symmetric Searchable Encryption , 2018, CCS.

[17]  Carl A. Gunter,et al.  Dynamic Searchable Encryption via Blind Storage , 2014, 2014 IEEE Symposium on Security and Privacy.

[18]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[19]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[20]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[21]  Brice Minaud,et al.  Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives , 2017, CCS.

[22]  Wenjing Lou,et al.  Searchable Symmetric Encryption with Forward Search Privacy , 2019, IEEE Transactions on Dependable and Secure Computing.

[23]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[24]  Muhammad Naveed,et al.  The Fallacy of Composition of Oblivious RAM and Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[25]  David Pointcheval,et al.  Verifiable Dynamic Symmetric Searchable Encryption: Optimality and Forward Security , 2016, IACR Cryptol. ePrint Arch..

[26]  Wenke Lee,et al.  Mimesis Aegis: A Mimicry Privacy Shield-A System's Approach to Data Privacy on Public Cloud , 2014, USENIX Security Symposium.

[27]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[28]  Changyu Dong,et al.  Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency , 2017, IEEE Transactions on Dependable and Secure Computing.