Randex: Mitigating Range Injection Attacks on Searchable Encryption

Searchable Encryption enables search functions over encrypted data on an untrusted server without the need of accessing data or queries in plaintext. To boost search time, most of the Searchable Encryption schemes leak access pattern. Unfortunately, by harnessing access pattern, a variation of a chosen-query attack, named range injection attack, can efficiently recover sensitive data in any encrypted tuple. The privacy leakage under a range injection attack is severe, and it is imperative to strengthen the privacy of searchable encrypted data. In this paper, we devise an efficient mechanism, referred to as Randex, to mitigate leakage on searchable encrypted data. Specifically, we apply pre-encryption obfuscation by deploying Randomized Response, which obfuscates access pattern. Randex renders minimal tradeoffs to the correctness of range queries, and is compatible with any Searchable Encryption scheme. We formally prove that Randex achieves ∊ -local differential privacy and rigorously analyze an adversary's guessing probability against range injection attacks. We implement Randex and conduct extensive experiments on a synthetic dataset with 1 million tuples and a real-world dataset with 299 thousand tuples. Our results suggest that, with only 4% false negatives and no false positives, Randex can suppress an adversary's guessing probability to 0.17, which is significantly lower than the guessing probability of 1 without the privacy protection offered by Randex.

[1]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[2]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[3]  Rishabh Poddar,et al.  Oblix: An Efficient Oblivious Search Index , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[4]  Muhammad Naveed,et al.  The Fallacy of Composition of Oblivious RAM and Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[5]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[6]  Thomas Ristenpart,et al.  Leakage-Abuse Attacks against Order-Revealing Encryption , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[7]  Ninghui Li,et al.  Locally Differentially Private Protocols for Frequency Estimation , 2017, USENIX Security Symposium.

[8]  Yanbin Lu,et al.  Privacy-preserving Logarithmic-time Search on Encrypted Data in Cloud , 2012, NDSS.

[9]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[10]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[11]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[12]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[13]  Michael K. Reiter,et al.  Differentially Private Access Patterns for Searchable Symmetric Encryption , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[14]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[15]  Nickolai Zeldovich,et al.  An Ideal-Security Protocol for Order-Preserving Encoding , 2013, 2013 IEEE Symposium on Security and Privacy.

[16]  K. Paterson,et al.  Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[17]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[18]  Robert K. Cunningham,et al.  SoK: Cryptographically Protected Database Search , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[19]  Ahmad-Reza Sadeghi,et al.  HardIDX: Practical and Secure Index with SGX , 2017, DBSec.

[20]  Boyang Wang,et al.  Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks , 2019, 2019 IEEE Conference on Communications and Network Security (CNS).