Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
175 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption (2403.15052v1)

Published 22 Mar 2024 in cs.CR

Abstract: Dynamic searchable symmetric encryption (DSSE) enables users to delegate the keyword search over dynamically updated encrypted databases to an honest-but-curious server without losing keyword privacy. This paper studies a new and practical security risk to DSSE, namely, secret key compromise (e.g., a user's secret key is leaked or stolen), which threatens all the security guarantees offered by existing DSSE schemes. To address this open problem, we introduce the notion of searchable encryption with key-update (SEKU) that provides users with the option of non-interactive key updates. We further define the notion of post-compromise secure with respect to leakage functions to study whether DSSE schemes can still provide data security after the client's secret key is compromised. We demonstrate that post-compromise security is achievable with a proposed protocol called ``Bamboo". Interestingly, the leakage functions of Bamboo satisfy the requirements for both forward and backward security. We conduct a performance evaluation of Bamboo using a real-world dataset and compare its runtime efficiency with the existing forward-and-backward secure DSSE schemes. The result shows that Bamboo provides strong security with better or comparable performance.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (74)
  1. G. Amjad, S. Kamara, and T. Moataz, “Forward and backward private searchable encryption with SGX,” in EuroSys 2019.   ACM, 2019, pp. 4:1–4:6.
  2. D. F. Aranha, C. P. L. Gouvêa, T. Markmann, R. S. Wahby, and K. Liao, “RELIC is an Efficient LIbrary for Cryptography,” https://github.com/relic-toolkit/relic, 2020, accessed April 04, 2022.
  3. G. Attardi, “Wikiextractor,” https://github.com/attardi/wikiextractor, 2021, accessed April 04, 2022.
  4. E. Barker, “Recommendation for key management: Part 1 – general,” 2020, accessed: May 22, 2021.
  5. Bitglass, “Next-gen CASB searchable encryption,” 2022, accessed: April 04, 2022. [Online]. Available: https://www.bitglass.com/cloud-encryption
  6. L. Blackstone, S. Kamara, and T. Moataz, “Revisiting leakage abuse attacks,” in NDSS 2020.   The Internet Society, 2020.
  7. D. Boneh, “The decision diffie-hellman problem,” in ANTS 1998, J. Buhler, Ed., vol. 1423, 1998, pp. 48–63.
  8. D. Boneh, K. Lewi, H. W. Montgomery, and A. Raghunathan, “Key homomorphic prfs and their applications,” in CRYPTO 2013, vol. 8042, 2013, pp. 410–428.
  9. A. Bossuat, R. Bost, P. Fouque, B. Minaud, and M. Reichle, “SSE and SSD: page-efficient searchable symmetric encryption,” in CRYPTO 2021, vol. 12827, pp. 157–184.
  10. R. Bost, “∑\sum∑oφ𝜑\varphiitalic_φoς𝜍\varsigmaitalic_ς: Forward secure searchable encryption,” in CCS 2016, 2016, pp. 1143–1154.
  11. R. Bost, P. Fouque, and D. Pointcheval, “Verifiable dynamic symmetric searchable encryption: Optimality and forward security,” IACR Cryptol. ePrint Arch., p. 62, 2016. [Online]. Available: http://eprint.iacr.org/2016/062
  12. R. Bost, B. Minaud, and O. Ohrimenko, “Forward and backward private searchable encryption from constrained cryptographic primitives,” in CCS 2017, 2017, pp. 1465–1482.
  13. C. Boyd, G. T. Davies, K. Gjøsteen, and Y. Jiang, “Fast and secure updatable encryption,” in CRYPTO 2020, vol. 12170, 2020, pp. 464–493.
  14. D. Cash, P. Grubbs, J. Perry, and T. Ristenpart, “Leakage-abuse attacks against searchable encryption,” in ACM SIGSAC 2015, I. Ray, N. Li, and C. Kruegel, Eds., 2015, pp. 668–679.
  15. D. Cash, J. Jaeger, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner, “Dynamic searchable encryption in very-large databases: Data structures and implementation,” in NDSS 2014, 2014.
  16. D. Cash, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner, “Highly-scalable searchable symmetric encryption with support for boolean queries,” in CRYPTO 2013, vol. 8042, 2013, pp. 353–373.
  17. J. G. Chamani, D. Papadopoulos, M. Karbasforushan, and I. Demertzis, “Dynamic searchable encryption with optimal search in the presence of deletions,” in USENIX Security 2022, 2022, pp. 1–1. [Online]. Available: https://eprint.iacr.org/2022/648
  18. J. G. Chamani, D. Papadopoulos, C. Papamanthou, and R. Jalili, “New constructions for forward and backward private symmetric searchable encryption,” in CCS 2018, 2018, pp. 1038–1055.
  19. Y. Chang and M. Mitzenmacher, “Privacy preserving keyword searches on remote encrypted data,” in ACNS 2005, vol. 3531, 2005, pp. 442–455.
  20. M. Chase and S. Kamara, “Structured encryption and controlled disclosure,” in ASIACRYPT 2010, vol. 6477, 2010, pp. 577–594.
  21. T. Chen, P. Xu, W. Wang, Y. Zheng, W. Susilo, and H. Jin, “Bestie: Very practical searchable encryption with forward and backward security,” in ESORICS 2021, vol. 12973, 2021, pp. 3–23.
  22. P. S. S. Concil, “Requirements and security assessment procedures v3.2.1,” 2018, accessed: May 22, 2021. [Online]. Available: https://www.pcisecuritystandards.org/document\_library
  23. T. S. Consortium, “Sqlite home page,” https://www.sqlite.org/index.html, 2022, accessed April 04, 2022.
  24. R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky, “Searchable symmetric encryption: improved definitions and efficient constructions,” in ACM 2006, 2006, pp. 79–88.
  25. I. Demertzis, J. G. Chamani, D. Papadopoulos, and C. Papamanthou, “Dynamic searchable encryption with small client storage,” 2020.
  26. I. Demertzis, D. Papadopoulos, and C. Papamanthou, “Searchable encryption with optimal locality: Achieving sublogarithmic read efficiency,” in CRYPTO 2018, vol. 10991.   Springer, 2018, pp. 371–406.
  27. I. Demertzis, D. Papadopoulos, C. Papamanthou, and S. Shintre, “SEAL: attack mitigation for encrypted databases via adjustable leakage,” in USENIX Security 2020.   USENIX Association, 2020, pp. 2433–2450.
  28. W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans. Inf. Theory, vol. 22, no. 6, pp. 644–654, 1976.
  29. F. S. Foundation, “The gnu mp bignum library,” https://gmplib.org/, 2022, accessed April 04, 2022.
  30. O. S. Foundation, “Openssl,” https://www.openssl.org/, 2022, accessed April 04, 2022.
  31. W. Foundation, “Wikimedia downloads,” 2022, accessed April 04, 2022. [Online]. Available: https://dumps.wikimedia.org/enwiki/20220401/
  32. S. Garg, P. Mohassel, and C. Papamanthou, “TWORAM: efficient oblivious RAM in two rounds with applications to searchable encryption,” in CRYPTO 2016, vol. 9816, 2016, pp. 563–592.
  33. R. Gay, A. Jain, H. Lin, and A. Sahai, “Indistinguishability obfuscation from simple-to-state hard problems: New assumptions, new techniques, and simplification,” in EUROCRYPT 2021, A. Canteaut and F. Standaert, Eds., vol. 12698.   Springer, 2021, pp. 97–126.
  34. M. George, S. Kamara, and T. Moataz, “Structured encryption and dynamic leakage suppression,” in EUROCRYPT 2021, A. Canteaut and F. Standaert, Eds., vol. 12698, 2021, pp. 370–396.
  35. T. P. G. D. Group, “Postgresql: The world’s most advanced open source database,” https://www.postgresql.org/, 2022, accessed April 04, 2022.
  36. F. Hahn and F. Kerschbaum, “Searchable encryption with secure and efficient updates,” in ACM CCS 2014.   ACM, 2014, pp. 310–320.
  37. A. Hamlin, A. Shelat, M. Weiss, and D. Wichs, “Multi-key searchable encryption, revisited,” in PKC 2018, vol. 10769, 2018, pp. 95–124.
  38. K. He, J. Chen, Q. Zhou, R. Du, and Y. Xiang, “Secure dynamic searchable symmetric encryption with constant client storage cost,” IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 1538–1549, 2021.
  39. M. S. Islam, M. Kuzu, and M. Kantarcioglu, “Access pattern disclosure on searchable encryption: Ramification, attack and mitigation,” in NDSS 2012, 2012.
  40. A. Jain, H. Lin, and A. Sahai, “Indistinguishability obfuscation from well-founded assumptions,” in STOC 2021, S. Khuller and V. V. Williams, Eds.   ACM, 2021, pp. 60–73.
  41. Y. Jiang, “The direction of updatable encryption does not matter much,” in ASIACRYPT 2020, vol. 12493, 2020, pp. 529–558.
  42. S. Kamara and T. Moataz, “Computationally volume-hiding structured encryption,” in EUROCRYPT 2019, vol. 11477, 2019, pp. 183–213.
  43. S. Kamara, T. Moataz, and O. Ohrimenko, “Structured encryption and leakage suppression,” in CRYPTO 2018, H. Shacham and A. Boldyreva, Eds., vol. 10991, 2018, pp. 339–370.
  44. S. Kamara and C. Papamanthou, “Parallel and dynamic searchable symmetric encryption,” in FC 2013, vol. 7859, 2013, pp. 258–274.
  45. S. Kamara, C. Papamanthou, and T. Roeder, “Dynamic searchable symmetric encryption,” in CCS 2012, 2012, pp. 965–976.
  46. K. S. Kim, M. Kim, D. Lee, J. H. Park, and W. Kim, “Forward secure dynamic searchable symmetric encryption with efficient updates,” in CCS 2017, pp. 1449–1463.
  47. M. Klooß, A. Lehmann, and A. Rupp, “(R)CCA secure updatable encryption with integrity protection,” in EUROCRYPT 2019, vol. 11476, 2019, pp. 68–99.
  48. C. Labs, “Acra database security,” 2022, accessed: April 04, 2022. [Online]. Available: https://www.cossacklabs.com/acra/
  49. S. Lai, S. Patranabis, A. Sakzad, J. K. Liu, D. Mukhopadhyay, R. Steinfeld, S. Sun, D. Liu, and C. Zuo, “Result pattern hiding searchable encryption for conjunctive queries,” in CCS 2018, 2018, pp. 745–762.
  50. A. Lehmann and B. Tackmann, “Updatable encryption with post-compromise security,” in EUROCRYPT 2018, vol. 10822, 2018, pp. 685–716.
  51. J. Leyden, “23,000 https certs will be axed in next 24 hours after private keys leak,” 2018, accessed: April 04, 2022. [Online]. Available: https://www.theregister.com/2018/03/01/trustico\_digicert\_symantec\_spat/
  52. J. Li, Y. Huang, Y. Wei, S. Lv, Z. Liu, C. Dong, and W. Lou, “Searchable symmetric encryption with forward search privacy,” IEEE Trans. Dependable Secur. Comput., vol. 18, no. 1, pp. 460–474, 2021.
  53. Lookout, “Lookout casb,” 2021, accessed: April 04, 2022. [Online]. Available: https://www.lookout.com/documents/whitepapers/us/lookout-casb-platform-overview-wp-us.pdf
  54. McAfee, “MVISION cloud for salesforce security,” 2022, accessed: April 04, 2022. [Online]. Available: https://www.mcafee.com/enterprise/en-us/products/mvision-cloud/salesforce.html
  55. I. Miers and P. Mohassel, “IO-DSSE: scaling dynamic searchable encryption to millions of indexes by improving locality,” in NDSS 2017.   The Internet Society, 2017.
  56. P. Mishra, R. Poddar, J. Chen, A. Chiesa, and R. A. Popa, “Oblix: An efficient oblivious search index,” in 2018 IEEE S&P 2018.   IEEE Computer Society, 2018, pp. 279–296.
  57. P. Muncaster, “Stolen cloud api key to blame for imperva breach,” 2019, accessed: April 04, 2022. [Online]. Available: https://www.infosecurity-magazine.com/news/stolen-cloud-api-key-to-blame-for/
  58. J. Ning, X. Huang, G. S. Poh, J. Yuan, Y. Li, J. Weng, and R. H. Deng, “LEAP: leakage-abuse attack on efficiently deployable, efficiently searchable encryption with partially known dataset,” in CCS 2021, Y. Kim, J. Kim, G. Vigna, and E. Shi, Eds., 2021, pp. 2307–2320.
  59. S. Oya and F. Kerschbaum, “Hiding the access pattern is not enough: Exploiting search pattern leakage in searchable encryption,” in USENIX Security 2021, M. Bailey and R. Greenstadt, Eds., 2021, pp. 127–142.
  60. S. Patranabis and D. Mukhopadhyay, “Forward and backward private conjunctive searchable symmetric encryption,” in NDSS 2021, 2021.
  61. M. F. Porter, “An algorithm for suffix stripping,” Program, vol. 14, no. 3, pp. 130–137, 1980.
  62. X. Song, C. Dong, D. Yuan, Q. Xu, and M. Zhao, “Forward private searchable symmetric encryption with optimized I/O efficiency,” IEEE Trans. Dependable Secur. Comput., vol. 17, no. 5, pp. 912–927, 2020.
  63. E. Stefanov, C. Papamanthou, and E. Shi, “Practical dynamic searchable encryption with small leakage,” in NDSS 2014, 2014.
  64. S. Sun, J. K. Liu, A. Sakzad, R. Steinfeld, and T. H. Yuen, “An efficient non-interactive multi-client searchable encryption with support for boolean queries,” in ESORICS 2016, vol. 9878, pp. 154–172.
  65. S. Sun, R. Steinfeld, S. Lai, X. Yuan, A. Sakzad, J. K. Liu, S. Nepal, and D. Gu, “Practical non-interactive searchable encryption with forward and backward privacy,” in NDSS 2021, 2021.
  66. S. Sun, X. Yuan, J. K. Liu, R. Steinfeld, A. Sakzad, V. Vo, and S. Nepal, “Practical backward-secure searchable encryption from symmetric puncturable encryption,” in CCS 2018, 2018, pp. 763–780.
  67. J. Wang and S. S. M. Chow, “Omnes pro uno: Practical multi-writer encrypted database,” in USENIX 2022, 2022, pp. 2371–2388.
  68. X. S. Wang, K. Nayak, C. Liu, T. H. Chan, E. Shi, E. Stefanov, and Y. Huang, “Oblivious data structures,” in CCS 2014, 2014, pp. 215–226.
  69. Z. Wu and K. Li, “Vbtree: forward secure conjunctive queries over encrypted data for cloud computing,” VLDB J., vol. 28, no. 1, pp. 25–46, 2019.
  70. P. Xu, S. Liang, W. Wang, W. Susilo, Q. Wu, and H. Jin, “Dynamic searchable symmetric encryption with physical deletion and small leakage,” in ACISP 2017, vol. 10342, 2017, pp. 207–226.
  71. P. Xu, W. Susilo, W. Wang, T. Chen, Q. Wu, K. Liang, and H. Jin, “Rose: Robust searchable encryption with forward and backward security,” IEEE TIFS, vol. 17, pp. 1115–1130, 2022.
  72. Y. Zhang, J. Katz, and C. Papamanthou, “All your queries are belong to us: The power of file-injection attacks on searchable encryption,” in USENIX Security 2016, 2016, pp. 707–720.
  73. C. Zuo, S. Sun, J. K. Liu, J. Shao, and J. Pieprzyk, “Dynamic searchable symmetric encryption with forward and stronger backward privacy,” in ESORICS 2019, vol. 11736, 2019, pp. 283–303.
  74. C. Zuo, S. Sun, J. K. Liu, J. Shao, J. Pieprzyk, and G. Wei, “Forward and backward private dynamic searchable symmetric encryption for conjunctive queries,” IACR Cryptol. ePrint Arch., p. 1357, 2020.
Citations (11)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now