Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

d-DSE: Distinct Dynamic Searchable Encryption Resisting Volume Leakage in Encrypted Databases (2403.01182v1)

Published 2 Mar 2024 in cs.CR

Abstract: Dynamic Searchable Encryption (DSE) has emerged as a solution to efficiently handle and protect large-scale data storage in encrypted databases (EDBs). Volume leakage poses a significant threat, as it enables adversaries to reconstruct search queries and potentially compromise the security and privacy of data. Padding strategies are common countermeasures for the leakage, but they significantly increase storage and communication costs. In this work, we develop a new perspective to handle volume leakage. We start with distinct search and further explore a new concept called \textit{distinct} DSE (\textit{d}-DSE). We also define new security notions, in particular Distinct with Volume-Hiding security, as well as forward and backward privacy, for the new concept. Based on \textit{d}-DSE, we construct the \textit{d}-DSE designed EDB with related constructions for distinct keyword (d-KW-\textit{d}DSE), keyword (KW-\textit{d}DSE), and join queries (JOIN-\textit{d}DSE) and update queries in encrypted databases. We instantiate a concrete scheme \textsf{BF-SRE}, employing Symmetric Revocable Encryption. We conduct extensive experiments on real-world datasets, such as Crime, Wikipedia, and Enron, for performance evaluation. The results demonstrate that our scheme is practical in data search and with comparable computational performance to the SOTA DSE scheme (\textsf{MITRA}*, \textsf{AURA}) and padding strategies (\textsf{SEAL}, \textsf{ShieldDB}). Furthermore, our proposal sharply reduces the communication cost as compared to padding strategies, with roughly 6.36 to 53.14x advantage for search queries.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (67)
  1. Revisiting leakage abuse attacks. In NDSS, 2020.
  2. A simple unpredictable pseudo-random number generator. SIAM Journal on computing, 15(2):364–383, 1986.
  3. Raphael Bost. Sophos: Forward secure searchable encryption. In CCS, pages 1143–1154, 2016.
  4. Thwarting leakage abuse attacks against searchable encryption–a formal approach and applications to database padding. Cryptology ePrint Archive, 2017.
  5. Forward and backward private searchable encryption from constrained cryptographic primitives. In CCS, pages 1465–1482, 2017.
  6. Oblivious prf on committed vector inputs and application to deduplication of encrypted data. In FC, pages 337–356, 2019.
  7. Leakage-abuse attacks against searchable encryption. In CCS, pages 668–679, 2015.
  8. Dynamic searchable encryption in very-large databases: data structures and implementation. In NDSS, 2014.
  9. Highly-scalable searchable symmetric encryption with support for boolean queries. In CRYPTO, pages 353–373, 2013.
  10. Improved structured encryption for sql databases via hybrid indexing. In ACNS, pages 480–510, 2021.
  11. Dynamic searchable encryption with optimal search in the presence of deletions. In USENIX Security, pages 2425–2442, 2022.
  12. Towards practical oblivious join. In SIGMOD, pages 803–817, 2022.
  13. The power of bamboo: On the post-compromise security for searchable symmetric encryption. In NDSS, 2023.
  14. Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security, 19(5):895–934, 2011.
  15. Dynamic searchable encryption with small client storage. In NDSS, 2020.
  16. Seal: Attack mitigation for encrypted databases via adjustable leakage. In USENIX Security, pages 2433–2450, 2020.
  17. Efficient searchable encryption through compression. Proceedings of the VLDB Endowment, 11(11):1729–1741, 2018.
  18. Rich queries on encrypted data: Beyond exact matches. In ESORICS, pages 123–145, 2015.
  19. Sok: Cryptographically protected database search. In IEEE S&P, pages 172–191, 2017.
  20. Structured encryption and dynamic leakage suppression. In EUROCRYPT, pages 370–396, 2021.
  21. New constructions for forward and backward private symmetric searchable encryption. In CCS, pages 1038–1055, 2018.
  22. Pancake: Frequency smoothing for encrypted data stores. In USENIX Security, pages 2451–2468, 2020.
  23. Pump up the volume: Practical database reconstruction from volume leakage on range queries. In CCS, pages 315–331, 2018.
  24. Searchable encryption with secure and efficient updates. In CCS, pages 310–320, 2014.
  25. Joins over encrypted data with fine granular security. In IEEE ICDE, pages 674–685, 2019.
  26. Shuffle-based private set union: Faster and more secure. In USENIX Security, pages 2947–2964, 2022.
  27. Efficient searchable symmetric encryption for join queries. In ASIACRYPT, pages 304–333, 2022.
  28. Sql on structurally-encrypted databases. In ASIACRYPT, pages 149–180, 2018.
  29. Computationally volume-hiding structured encryption. In EUROCRYPT, pages 183–213, 2019.
  30. Structured encryption and leakage suppression. In CRYPTO, pages 339–370, 2018.
  31. Parallel and dynamic searchable symmetric encryption. In FC, pages 258–274, 2013.
  32. Dynamic searchable symmetric encryption. In CCS, pages 965–976, 2012.
  33. Generic attacks on secure outsourced databases. In CCS, pages 1329–1340, 2016.
  34. Forward secure dynamic searchable symmetric encryption with efficient updates. In CCS, pages 1449–1463, 2017.
  35. Function-hiding inner product encryption is practical. In SCN, pages 544–562, 2018.
  36. Efficient oblivious database joins. Proceedings of the VLDB Endowment, 13(12):2132–2145, 2020.
  37. Val: Volume and access pattern leakage-abuse attack with leaked documents. In ESORICS, pages 653–676, 2022.
  38. Secure deduplication of encrypted data without additional independent servers. In CCS, pages 874–885, 2015.
  39. Leap: leakage-abuse attack on efficiently deployable, efficiently searchable encryption with partially known dataset. In CCS, pages 2307–2320, 2021.
  40. Hiding the access pattern is not enough: Exploiting search pattern leakage in searchable encryption. In USENIX Security, pages 127–142, 2021.
  41. Ihop: Improved statistical query recovery against searchable symmetric encryption through quadratic optimization. In USENIX Security, pages 2407–2424, 2022.
  42. Mitigating leakage in secure cloud-hosted data structures: Volume-hiding for multi-maps via hashing. In CCS, pages 79–93, 2019.
  43. Forward and backward private conjunctive searchable symmetric encryption. In NDSS, 2021.
  44. Faster private set intersection based on ot extension. In USENIX Security, pages 797–812, 2014.
  45. Arx: An encrypted database using semantically secure encryption. Proceedings of the VLDB Endowment, 12(11):1664–1678, 2019.
  46. Cryptdb: protecting confidentiality with encrypted query processing. In SOSP, pages 85–100, 2011.
  47. Martin F. Porter. An algorithm for suffix stripping. Program, 14(3):130–137, 1980.
  48. Enclavedb: A secure database using sgx. In IEEE S&P, pages 264–278, 2018.
  49. Accelerating encrypted deduplication via sgx. In USENIX ATC, pages 957–971, 2021.
  50. Equi-joins over encrypted data for series of queries. In IEEE ICDE, pages 1635–1648, 2022.
  51. Practical techniques for searches on encrypted data. In IEEE S&P, pages 44–55, 2000.
  52. Practical dynamic searchable encryption with small leakage. In NDSS, 2014.
  53. Practical non-interactive searchable encryption with forward and backward privacy. In NDSS, 2021.
  54. Practical backward-secure searchable encryption from symmetric puncturable encryption. In CCS, pages 763–780, 2018.
  55. Shielddb: An encrypted document database with padding countermeasures. IEEE TKDE, 35(4):4236–4252, 2023.
  56. Jiafan Wang and Sherman S. M. Chow. Omnes pro uno: Practical Multi-Writer encrypted database. In USENIX Security, pages 2371–2388, 2022.
  57. Practical volume-hiding encrypted multi-maps with optimal overhead and beyond. In CCS, pages 2825–2839, 2022.
  58. Order-revealing encryption: file-injection attack and forward security. In ESORICS, pages 101–121, 2018.
  59. Obi: a multi-path oblivious ram for forward-and-backward-secure searchable encryption. In NDSS, 2023.
  60. Leakage-abuse attacks against forward and backward private searchable symmetric encryption. In CCS, pages 3003–3017, 2023.
  61. Searching encrypted data with size-locked indexes. In USENIX Security, pages 4025–4042, 2021.
  62. Rose: Robust searchable encryption with forward and backward security. IEEE TIFS, 17:1115–1130, 2022.
  63. Secure and lightweight deduplicated storage via shielded Deduplication-Before-Encryption. In USENIX ATC, pages 37–52, 2022.
  64. High recovery with fewer injections: Practical binary volumetric injection attacks against dynamic searchable encryption. In USENIX Security, pages 5953–5970, 2023.
  65. All your queries are belong to us: The power of file-injection attacks on searchable encryption. In USENIX Security, pages 707–720, 2016.
  66. Volume-hiding dynamic searchable symmetric encryption with forward and backward privacy. Cryptology ePrint Archive, Paper 2021/786, 2021.
  67. Dynamic searchable symmetric encryption schemes supporting range queries with forward (and backward) security. In ESORICS, pages 228–246, 2018.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now