Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

Query Recovery Attacks on Searchable Encryption Based on Partial Knowledge

Download
285 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_27,
        author={Guofeng Wang and Chuanyi Liu and Yingfei Dong and Hezhong Pan and Peiyi Han and Binxing Fang},
        title={Query Recovery Attacks on Searchable Encryption Based on Partial Knowledge},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={Searchable encryption Inference attacks Query recovery attacks},
        doi={10.1007/978-3-319-78813-5_27}
    }
    
  • Guofeng Wang
    Chuanyi Liu
    Yingfei Dong
    Hezhong Pan
    Peiyi Han
    Binxing Fang
    Year: 2018
    Query Recovery Attacks on Searchable Encryption Based on Partial Knowledge
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_27
Guofeng Wang1,*, Chuanyi Liu2,*, Yingfei Dong3,*, Hezhong Pan1, Peiyi Han1,*, Binxing Fang2
  • 1: Beijing University of Posts and Telecommunications
  • 2: Harbin Institute of Technology (Shenzhen)
  • 3: University of Hawaii
*Contact email: wangguofeng@bupt.edu.cn, cy-liu04@mails.tsinghua.edu.cn, yingfei@hawaii.edu, hanpeiyi@bupt.edu.cn

Abstract

While Searchable Encryption (SE) is often used to support securely outsourcing sensitive data, many existing SE solutions usually expose certain information to facilitate better performance, which often leak sensitive information, e.g., search patterns are leaked due to observable query trapdoors. Several inference attacks have been designed to exploit such leakage, e.g., a query recovery attack can invert opaque query trapdoors to their corresponding keywords. However, most of these existing query recovery attacks assume that as prior knowledge in order to successfully map query trapdoors to plaintext keywords with a high probability. Such an assumption is usually impractical. In this paper, we propose new query recovery attacks in which an adversary only needs to have . We further develop a countermeasure to mitigate inference attacks on SE. Our experimental results demonstrate the feasibility and efficacy of our proposed scheme.