Leakage-Abuse Attacks Against Searchable Encryption

Schemes for secure outsourcing of client data with search capability are being increasingly marketed and deployed. In the literature, schemes for accomplishing this efficiently are called Searchable Encryption (SE). They achieve high efficiency with provable security by means of a quantifiable leakage profile. However, the degree to which SE leakage can be exploited by an adversary is not well understood. To address this, we present a characterization of the leakage profiles of in-the-wild searchable encryption products and SE schemes in the literature, and present attack models based on an adversarial server's prior knowledge. Then we empirically investigate the security of searchable encryption by providing query recovery and plaintext recovery attacks that exploit these leakage profiles. We term these leakage-abuse attacks and demonstrate their effectiveness for varying leakage profiles and levels of server knowledge, for realistic scenarios. Amongst our contributions are realistic active attacks which have not been previously explored.

[1]  Kaoru Kurosawa Garbled Searchable Symmetric Encryption , 2014, Financial Cryptography.

[2]  Wakaha Ogata,et al.  Toward Practical Searchable Symmetric Encryption , 2013, IWSEC.

[3]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[4]  Kaoru Kurosawa,et al.  How to Update Documents Verifiably in Searchable Symmetric Encryption , 2013, CANS.

[5]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[6]  Carl A. Gunter,et al.  Dynamic Searchable Encryption via Blind Storage , 2014, 2014 IEEE Symposium on Security and Privacy.

[7]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[8]  Elaine Shi,et al.  ShadowCrypt: Encrypted Web Applications for Everyone , 2014, CCS.

[9]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[10]  Wenke Lee,et al.  Mimesis Aegis: A Mimicry Privacy Shield , 2014 .

[11]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[12]  Charalampos Papamanthou,et al.  Parallel and Dynamic Searchable Symmetric Encryption , 2013, Financial Cryptography.

[13]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[14]  T. Landauer,et al.  Indexing by Latent Semantic Analysis , 1990 .

[15]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[16]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[17]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..