Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage

We analyse the security of database encryption schemes supporting range queries against persistent adversaries. The bulk of our work applies to a generic setting, where the adversary's view is limited to the set of records matched by each query (known as access pattern leakage). We also consider a more specific setting where rank information is also leaked, which is inherent inherent to multiple recent encryption schemes supporting range queries. We provide three attacks. First, we consider full reconstruction, which aims to recover the value of every record, fully negating encryption. We show that for dense datasets, full reconstruction is possible within an expected number of queries N log N + O(N), where N is the number of distinct plaintext values. This directly improves on a quadratic bound in the same setting by Kellaris et al. (CCS 2016). Second, we present an approximate reconstruction attack recovering all plaintext values in a dense dataset within a constant ratio of error, requiring the access pattern leakage of only O(N) queries. Third, we devise an attack in the common setting where the adversary has access to an auxiliary distribution for the target dataset. This third attack proves highly effective on age data from real-world medical data sets. In our experiments, observing only 25 queries was sufficient to reconstruct a majority of records to within 5 years. In combination, our attacks show that current approaches to enabling range queries offer little security when the threat model goes beyond snapshot attacks to include a persistent server-side adversary.

[1]  Hugo Krawczyk,et al.  Rich Queries on Encrypted Data: Beyond Exact Matches , 2015, ESORICS.

[2]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[3]  Mihir Bellare,et al.  A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost , 1997, EUROCRYPT.

[4]  Angelos D. Keromytis,et al.  Blind Seer: A Scalable Private DBMS , 2014, 2014 IEEE Symposium on Security and Privacy.

[5]  Mark Zhandry,et al.  Semantically Secure Order-Revealing Encryption: Multi-input Functional Encryption Without Obfuscation , 2015, EUROCRYPT.

[6]  Vitaly Shmatikov,et al.  Why Your Encrypted Database Is Not Secure , 2017, HotOS.

[7]  Florian Kerschbaum,et al.  Frequency-Hiding Order-Preserving Encryption , 2015, CCS.

[8]  Ken Eguro,et al.  Transaction processing on confidential data using cipherbase , 2015, 2015 IEEE 31st International Conference on Data Engineering.

[9]  Arkady Yerukhimovich,et al.  POPE: Partial Order Preserving Encoding , 2016, CCS.

[10]  Yu Guo,et al.  EncKV: An Encrypted Key-value Store with Rich Queries , 2017, AsiaCCS.

[11]  Rishabh Poddar,et al.  Arx: A Strongly Encrypted Database System , 2016, IACR Cryptol. ePrint Arch..

[12]  Thomas Ristenpart,et al.  Leakage-Abuse Attacks against Order-Revealing Encryption , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[13]  G. Edward Suh,et al.  Incremental Multiset Hash Functions and Their Application to Memory Integrity Checking , 2003, ASIACRYPT.

[14]  Rishabh Poddar,et al.  A Secure One-Roundtrip Index for Range Queries , 2016, IACR Cryptol. ePrint Arch..

[15]  Vitaly Shmatikov,et al.  Breaking Web Applications Built On Top of Encrypted Data , 2016, CCS.

[16]  David J. Wu,et al.  Practical Order-Revealing Encryption with Limited Leakage , 2016, FSE.

[17]  Yanbin Lu,et al.  Privacy-preserving Logarithmic-time Search on Encrypted Data in Cloud , 2012, NDSS.

[18]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[19]  David Cash,et al.  What Else is Revealed by Order-Revealing Encryption? , 2016, IACR Cryptol. ePrint Arch..

[20]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[21]  Charles V. Wright,et al.  The Shadow Nemesis: Inference Attacks on Efficiently Deployable, Efficiently Searchable Encryption , 2016, CCS.

[22]  Florian Kerschbaum,et al.  Poly-Logarithmic Range Queries on Encrypted Data with Small Leakage , 2016, CCSW.

[23]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[24]  Robert K. Cunningham,et al.  SoK: Cryptographically Protected Database Search , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[25]  David J. Wu,et al.  Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds , 2016, IACR Cryptol. ePrint Arch..

[26]  Mehdi Tibouchi,et al.  Elliptic Curve Multiset Hash , 2016, Comput. J..