research-article

Don't fool yourself with Forward Privacy, Your queries STILL belong to us!

Authors:

Khosro Salmani,

Ken BarkerAuthors Info & Claims

CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy

Pages 131 - 142

https://doi.org/10.1145/3422337.3447838

Published: 26 April 2021 Publication History

Abstract

Dynamic Searchable Symmetric Encryption (DSSE) enables a user to perform encrypted search queries on encrypted data stored on a server. Recently, a notion of Forward Privacy (FP) was introduced to guarantee that a newly added document cannot be linked to previous queries, and to thwart relative attacks and lessen information leakage and its consequences. However, in this paper we show that the forward-private schemes have no advantage (in preventing the related attacks) compared to traditional approaches, and previous attacks are still applicable on FP schemes. In FP approaches, access pattern leakage is still possible and can be employed to uncover the search pattern which can be used by passive and adaptive attacks. To address this issue, we construct a new parallelizable DSSE approach to obfuscate the access and search pattern. Our cost-efficient scheme supports both updates and searches. Our security proof and performance analysis demonstrate the practicality, efficiency, and security of our approach.

Supplementary Material

MP4 File (Khosro Salmani.mp4)

In this video, we show the forward-private (FP) schemes have no advantage (in preventing the privacy/security attacks) compared to traditional approaches, and previous attacks are still applicable on FP schemes. In FP approaches, access pattern leakage is still possible and can be employed to uncover the search pattern which can be used by passive and adaptive attacks. To address this issue, we construct a new parallelizable DSSE approach to obfuscate the access and search pattern. Our cost-efficient scheme supports both updates and searches. Our security proof and performance analysis demonstrate the practicality, efficiency, and security of our approach.

Download
64.25 MB

References

[1]

Enron Dataset. https://www.cs.cmu.edu/./enron/. Accessed:2020-09

[2]

Raphael Bost. 2016. Forward Secure Searchable Encryption. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1143--1154.

Digital Library

[3]

Ning Cao, Cong Wang, Ming Li, Kui Ren, and Wenjing Lou. 2014. Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Transactions on parallel and distributed systems, Vol. 25, 1 (2014), 222--233.

Digital Library

[4]

David Cash, Paul Grubbs, Jason Perry, and Thomas Ristenpart. 2015. Leakage-abuse attacks against searchable encryption. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. ACM, 668--679.

Digital Library

[5]

Yan-Cheng Chang and Michael Mitzenmacher. 2005. Privacy preserving keyword searches on remote encrypted data. In International Conference on Applied Cryptography and Network Security. Springer, 442--455.

Digital Library

[6]

Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky. 2011. Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security, Vol. 19, 5 (2011), 895--934.

Digital Library

[7]

Mohammad Etemad, Alptekin Küpcc ü, Charalampos Papamanthou, and David Evans. 2018. Efficient dynamic searchable encryption with forward privacy. Proceedings on Privacy Enhancing Technologies, Vol. 2018, 1 (2018), 5--20.

[8]

Eu-Jin Goh et al. 2003. Secure indexes. IACR Cryptology ePrint Archive, Vol. 2003 (2003), 216.

[9]

Ziqing Guo, Hua Zhang, Caijun Sun, Qiaoyan Wen, and Wenmin Li. 2018. Secure multi-keyword ranked search over encrypted cloud data for multiple data owners. Journal of Systems and Software, Vol. 137 (2018), 380--395.

[10]

Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation. In Ndss, Vol., Vol. 20. Citeseer, 12.

[11]

Seny Kamara, Charalampos Papamanthou, and Tom Roeder. 2012. Dynamic Searchable Symmetric Encryption. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (Raleigh, North Carolina, USA) (CCS '12). ACM, New York, NY, USA, 965--976. https://doi.org/10.1145/2382196.2382298

Digital Library

[12]

Shabnam Kasra Kermanshahi, Joseph K Liu, Ron Steinfeld, and Surya Nepal. 2019. Generic Multi-keyword Ranked Search on Encrypted Cloud Data. In European Symposium on Research in Computer Security. Springer, 322--343.

[13]

Chang Liu, Liehuang Zhu, Mingzhong Wang, and Yu-An Tan. 2014. Search pattern leakage in searchable encryption: Attacks and new construction. Information Sciences, Vol. 265 (2014), 176--188.

Digital Library

[14]

Xueqiao Liu, Guomin Yang, Yi Mu, and Robert Deng. 2018. Multi-user verifiable searchable symmetric encryption for cloud storage. IEEE Transactions on Dependable and Secure Computing (2018).

[15]

Muhammad Naveed, Manoj Prabhakaran, and Carl~A. Gunter. 2014. Dynamic Searchable Encryption via Blind Storage. In 2014 IEEE Symposium on Security and Privacy. 639--654. https://doi.org/10.1109/SP.2014.47

Digital Library

[16]

Jianting Ning, Jia Xu, Kaitai Liang, Fan Zhang, and Ee-Chien Chang. 2018. Passive attacks against searchable encryption. IEEE Transactions on Information Forensics and Security, Vol. 14, 3 (2018), 789--802.

[17]

Khosro Salmani and Ken Barker. 2020 a. Dynamic Searchable Symmetric Encryption with Full Forward Privacy. 2020 IEEE International Conference on Information Security and Privacy Protection (2020), 985--995.

[18]

Khosro Salmani and Ken Barker. 2020 b. Leakless privacy-preserving multi-keyword ranked search over encrypted cloud data. Journal of Surveillance, Security and Safety, Vol. 1, 1 (2020), 79--101.

[19]

Dawn~Xiaoding Song, David Wagner, and Adrian Perrig. 2000. Practical techniques for searches on encrypted data. In Security and Privacy, 2000. S&P 2000. Proceedings. 2000 IEEE Symposium on. IEEE, 44--55.

Digital Library

[20]

Xiangfu Song, Changyu Dong, Dandan Yuan, Qiuliang Xu, and Minghao Zhao. 2018. Forward private searchable symmetric encryption with optimized I/O efficiency. IEEE Transactions on Dependable and Secure Computing (2018).

[21]

Emil Stefanov, Charalampos Papamanthou, and Elaine Shi. 2014. Practical Dynamic Searchable Encryption with Small Leakage. In NDSS, Vol., Vol. 71. 72--75.

[22]

Yupeng Zhang, Jonathan Katz, and Charalampos Papamanthou. 2016. All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 707--720. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/zhang

Cited By

Haltiwanger JHoang TVilela JSchulmann HLi N(2024)Exploiting Update Leakage in Searchable Symmetric EncryptionProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653260(115-126)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653260
Salmani KBarker K(2022)Leakage-abuse Attacks Against Forward Private Searchable Symmetric EncryptionAdvances in Science, Technology and Engineering Systems Journal10.25046/aj0702167:2(156-170)Online publication date: Apr-2022
https://doi.org/10.25046/aj070216
Wang JChow S(2021)Simple Storage-Saving Structure for Volume-Hiding Encrypted Multi-mapsData and Applications Security and Privacy XXXV10.1007/978-3-030-81242-3_4(63-83)Online publication date: 19-Jul-2021
https://dl.acm.org/doi/10.1007/978-3-030-81242-3_4

Index Terms

Don't fool yourself with Forward Privacy, Your queries STILL belong to us!
1. Security and privacy
  1. Security services
    1. Privacy-preserving protocols

Recommendations

Acquiring key privacy from data privacy
Inscrypt'10: Proceedings of the 6th international conference on Information security and cryptology

A primary functionality of public key encryption schemes is data privacy, while in many cases key privacy (aka. anonymity of public keys) may also be important. Traditionally, one has to separately design/ prove them, because data privacy and key ...
Research on Privacy Preserving of Searchable Encryption
HPCCT '18: Proceedings of the 2018 2nd High Performance Computing and Cluster Technologies Conference

In the cloud computing applications, the researchers proposed a new cryptographic primitive searchable encryption (SE) in order to ensure data security. Searchable encryption can make full use of cloud server computing capacity to search the ciphertext. ...
Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation

Personal health record (PHR) service is an emerging model for health information exchange. In PHR systems, patient's health records and information are maintained by the patient himself through the Web. In reality, PHRs are often outsourced to be stored ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy

April 2021

348 pages

ISBN:9781450381437

DOI:10.1145/3422337

General Chair:
Anupam Joshi
University of Maryland, Baltimore County, USA
,
Program Chairs:
Barbara Carminati
University of Insubria, Italy
,
Rakesh M. Verma
University of Houston, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 April 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CODASPY '21

Sponsor:

SIGSAC

CODASPY '21: Eleventh ACM Conference on Data and Application Security and Privacy

April 26 - 28, 2021

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
158
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Haltiwanger JHoang TVilela JSchulmann HLi N(2024)Exploiting Update Leakage in Searchable Symmetric EncryptionProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653260(115-126)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653260
Salmani KBarker K(2022)Leakage-abuse Attacks Against Forward Private Searchable Symmetric EncryptionAdvances in Science, Technology and Engineering Systems Journal10.25046/aj0702167:2(156-170)Online publication date: Apr-2022
https://doi.org/10.25046/aj070216
Wang JChow S(2021)Simple Storage-Saving Structure for Volume-Hiding Encrypted Multi-mapsData and Applications Security and Privacy XXXV10.1007/978-3-030-81242-3_4(63-83)Online publication date: 19-Jul-2021
https://dl.acm.org/doi/10.1007/978-3-030-81242-3_4

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents