Leakage Perturbation is Not Enough: Breaking Structured Encryption Using Simulated Annealing

Structured encryption (STE) is a form of database encryption that enables searching directly over symmetrically encrypted “structured databases”. STE is known to be vulnerable to leakage-abuse attacks that allow data/query reconstruction given only some auxiliary information about the original database. Many existing countermeasures against leakage-abuse attacks perturb the leakage from STE schemes so as to render the attacks infeasible in practice. We present the first leakage-abuse attacks that achieve practically efficient and highly scalable query reconstruction against state-of-the-art STE schemes with perturbed leakage profiles while relying only no noisy co-occurrence pattern leakage and without making strong assumptions on the auxiliary information available to the adversary. Our attacks subvert the query privacy guarantees of STE schemes with differentially private access patterns (Chen et al., INFOCOM’18) and STE schemes built in a naturally efficient manner from volume-hiding encrypted multi-maps (Kamara and Moataz, Eurocrypt’19 and Patel et al., CCS’19). Many existing leakage-abuse attacks only work in a strong known-data model where the auxiliary information available to the adversary is either an exact replica of or a “noise-free” subset of the target database. Our attacks are the first to work in a weaker and more realistic inference model where the auxiliary information available to the adversary is sampled independently from but statistically close to the target database. Compared to (a handful of) existing inference attacks, our attacks make significantly relaxed assumptions about the nature of auxiliary information available to the adversary. Technically, our attacks exploit insufficiencies in existing leakage-perturbation techniques as well as novel observations surrounding inevitable system-wide leakage from efficient realizations of STE. We model the attacks as optimization problems with carefully designed objective functions that are maximized via simulated annealing. We demonstrate the practical effectiveness of our attacks via extensive experimentation over real-world databases. Our attacks achieve up to 90% query reconstruction against STE implementations using recommended security parameters, with 5x greater scalability than any existing attack exploiting access pattern leakage.

[1]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[2]  Dongxi Liu,et al.  Result Pattern Hiding Searchable Encryption for Conjunctive Queries , 2018, CCS.

[3]  Marie-Sarah Lacharité,et al.  Frequency-smoothing encryption: preventing snapshot attacks on deterministically encrypted data , 2018, IACR Trans. Symmetric Cryptol..

[4]  Seny Kamara,et al.  Computationally Volume-Hiding Structured Encryption , 2019, EUROCRYPT.

[5]  Yannis Rouselakis,et al.  Property Preserving Symmetric Encryption , 2012, EUROCRYPT.

[6]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[7]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[8]  Moti Yung,et al.  Mitigating Leakage in Secure Cloud-Hosted Data Structures: Volume-Hiding for Multi-Maps via Hashing , 2019, CCS.

[9]  K. Paterson,et al.  Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[10]  Wenke Lee,et al.  Mimesis Aegis: A Mimicry Privacy Shield-A System's Approach to Data Privacy on Public Cloud , 2014, USENIX Security Symposium.

[11]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[12]  Seny Kamara,et al.  SQL on Structurally-Encrypted Databases , 2018, IACR Cryptol. ePrint Arch..

[13]  Sahar Mazloom,et al.  Secure Computation with Differentially Private Access Patterns , 2018, CCS.

[14]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[15]  Michael K. Reiter,et al.  Differentially Private Access Patterns for Searchable Symmetric Encryption , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[16]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[17]  Charles V. Wright,et al.  The Shadow Nemesis: Inference Attacks on Efficiently Deployable, Efficiently Searchable Encryption , 2016, CCS.

[18]  Rasmus Pagh,et al.  Cuckoo Hashing , 2001, Encyclopedia of Algorithms.

[19]  Florian Kerschbaum,et al.  Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption , 2020, USENIX Security Symposium.

[20]  Marie-Sarah Lacharité,et al.  Pump up the Volume: Practical Database Reconstruction from Volume Leakage on Range Queries , 2018, CCS.

[21]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[22]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[23]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[24]  Marie-Sarah Lacharité,et al.  Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[25]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[26]  Ioannis Demertzis,et al.  SEAL: Attack Mitigation for Encrypted Databases via Adjustable Leakage , 2019, IACR Cryptol. ePrint Arch..

[27]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[28]  Vitaly Shmatikov,et al.  The Tao of Inference in Privacy-Protected Databases , 2018, Proc. VLDB Endow..

[29]  Seny Kamara,et al.  Revisiting Leakage Abuse Attacks , 2019, IACR Cryptol. ePrint Arch..

[30]  Vitaly Shmatikov,et al.  Why Your Encrypted Database Is Not Secure , 2017, HotOS.

[31]  Andreas Peter,et al.  Obfuscated Access and Search Patterns in Searchable Encryption , 2021, NDSS.

[32]  N. Smirnov Table for Estimating the Goodness of Fit of Empirical Distributions , 1948 .

[33]  Brian Gough,et al.  GNU Scientific Library Reference Manual - Third Edition , 2003 .

[34]  Seny Kamara,et al.  Boolean Searchable Symmetric Encryption with Worst-Case Sub-linear Complexity , 2017, EUROCRYPT.

[35]  Elaine Shi,et al.  ShadowCrypt: Encrypted Web Applications for Everyone , 2014, CCS.

[36]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[37]  Kenneth G. Paterson,et al.  SWiSSSE: System-Wide Security for Searchable Symmetric Encryption , 2024, IACR Cryptol. ePrint Arch..

[38]  Seny Kamara,et al.  Breach-Resistant Structured Encryption , 2018, IACR Cryptol. ePrint Arch..

[39]  Thomas Ristenpart,et al.  Leakage-Abuse Attacks against Order-Revealing Encryption , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[40]  Melissa Chase,et al.  Structured Encryption and Controlled Disclosure , 2010, IACR Cryptol. ePrint Arch..

[41]  Bogdan Warinschi,et al.  Encrypted Databases: New Volume Attacks against Range Queries , 2019, IACR Cryptol. ePrint Arch..

[42]  Alexandros G. Dimakis,et al.  Network Coding for Distributed Storage Systems , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[43]  Martin F. Porter,et al.  An algorithm for suffix stripping , 1997, Program.

[44]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.

[45]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[46]  Lester Ingber,et al.  Adaptive Simulated Annealing , 2012 .

[47]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[48]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.