Veil: A Storage and Communication Efficient Volume-Hiding Algorithm
Authors: 
Shanshan Han, Vishal Chakraborty, 
Michael T. Goodrich, Sharad Mehrotra, and 
Shantanu SharmaAuthors Info & Claims
Shanshan Han, Vishal Chakraborty, Michael T. Goodrich, Sharad Mehrotra, and Shantanu SharmaAuthors Info & ClaimsArticle No.: 265, Pages 1 - 27
Abstract
This paper addresses volume leakage (i.e., leakage of the number of records in the answer set) when processing keyword queries in encrypted key-value (KV) datasets. Volume leakage, coupled with prior knowledge about data distribution and/or previously executed queries, can reveal both ciphertexts and current user queries. We develop a solution to prevent volume leakage, entitled Veil, that partitions the dataset by randomly mapping keys to a set of equi-sized buckets. Veil provides a tunable mechanism for data owners to explore a trade-off between storage and communication overheads. To make buckets indistinguishable to the adversary, Veil uses a novel padding strategy that allow buckets to overlap, reducing the need to add fake records. Both theoretical and experimental results show Veil to significantly outperform existing state-of-the-art.
References
[1]
Ghous Amjad, Sarvar Patel, Giuseppe Persiano, Kevin Yeo, and Moti Yung. 2021. Dynamic Volume-Hiding Encrypted Multi-Maps with Applications to Searchable Encryption. (2021).
[2]
Johes Bater, Gregory Elliott, Craig Eggen, Satyender Goel, Abel Kho, and Jennie Rogers. 2016. SMCQL: secure querying for federated databases. arXiv preprint arXiv:1606.06808 (2016).
[3]
Dmytro Bogatov, George Kollios, and Leonid Reyzin. 2019. A comparative evaluation of order-revealing encryption schemes and secure range-query protocols. Proceedings of the VLDB Endowment, Vol. 12, 8 (2019), 933--947.
[4]
David Cash, Joseph Jaeger, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel-Cua tua lin Rocs u, and Michael Steiner. 2014. Dynamic searchable encryption in very-large databases: Data structures and implementation. Cryptology ePrint Archive (2014).
[5]
Anrin Chakraborti and Radu Sion. 2017. Sqoram: Read-optimized sequential write-only oblivious RAM. arXiv preprint arXiv:1707.01211 (2017).
[6]
Anrin Chakraborti and Radu Sion. 2018. ConcurORAM: High-throughput stateless parallel multi-client ORAM. arXiv preprint arXiv:1811.04366 (2018).
[7]
Zhao Chang, Dong Xie, Sheng Wang, and Feifei Li. 2022. Towards Practical Oblivious Join. Proceedings of the 2022 International Conference on Management of Data (2022).
[8]
Melissa Chase and Seny Kamara. 2010. Structured encryption and controlled disclosure. In Advances in Cryptology-ASIACRYPT 2010: 16th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 5--9, 2010. Proceedings 16. Springer, 577--594.
[9]
Guoxing Chen, Ten-Hwang Lai, Michael K. Reiter, and Yinqian Zhang. 2018. Differentially Private Access Patterns for Searchable Symmetric Encryption. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications (2018), 810--818.
[10]
Alain Crolotte and Ahmad Ghazal. 2012. Introducing skew into the TPC-H benchmark. In Topics in Performance Evaluation, Measurement and Characterization: Third TPC Technology Conference, TPCTC 2011, Seattle, WA, USA, August 29-September 3, 2011, Revised Selected Papers 3. Springer, 137--145.
[11]
Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky. 2006. Searchable symmetric encryption: improved definitions and efficient constructions. In Proceedings of the 13th ACM conference on Computer and communications security. 79--88.
[12]
Joan Daemen and Vincent Rijmen. 1999. AES proposal: Rijndael. (1999).
[13]
F Betül Durak, Thomas M DuBuisson, and David Cash. 2016. What else is revealed by order-revealing encryption?. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 1155--1166.
[14]
Sky Faber, Stanislaw Jarecki, Hugo Krawczyk, Quan Nguyen, Marcel Rosu, and Michael Steiner. 2015. Rich queries on encrypted data: Beyond exact matches. In Computer Security--ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21--25, 2015, Proceedings, Part II 20. Springer, 123--145.
[15]
Horst Feistel. 1973. Cryptography and computer privacy. Scientific american, Vol. 228, 5 (1973), 15--23.
[16]
Sanjam Garg, Payman Mohassel, and Charalampos Papamanthou. 2016. TWORAM: Efficient Oblivious RAM in Two Rounds with Applications to Searchable Encryption. In Annual International Cryptology Conference.
[17]
Marilyn George, Seny Kamara, and Tarik Moataz. 2021. Structured Encryption and Dynamic Leakage Suppression. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 370--396.
[18]
Eu-Jin Goh. 2003. Secure indexes. Cryptology ePrint Archive (2003).
[19]
Oded Goldreich. 1987. Towards a theory of software protection and simulation by oblivious RAMs. In Proceedings of the nineteenth annual ACM symposium on Theory of computing. 182--194.
[20]
Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM (JACM), Vol. 43, 3 (1996), 431--473.
[21]
Thomas Mueller Graf and Daniel Lemire. 2020. Xor filters: Faster and smaller than bloom and cuckoo filters. Journal of Experimental Algorithmics (JEA), Vol. 25 (2020), 1--16.
[22]
Zichen Gui, Oliver Johnson, and Bogdan Warinschi. 2019. Encrypted databases: New volume attacks against range queries. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 361--378.
[23]
Yu Guo, Cong Wang, Xingliang Yuan, and Xiaohua Jia. 2018. Enabling privacy-preserving header matching for outsourced middleboxes. In 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS). IEEE, 1--10.
[24]
Yu Guo, Chen Zhang, and Xiaohua Jia. 2020. Verifiable and forward-secure encrypted search using blockchain techniques. In ICC 2020--2020 IEEE international conference on communications (ICC). IEEE, 1--7.
[25]
Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation. In Network and Distributed System Security Symposium.
[26]
David S Johnson. 1973. Near-optimal bin packing algorithms. Ph.,D. Dissertation. Massachusetts Institute of Technology.
[27]
Charanjit S. Jutla and Sikhar Patranabis. 2021. Efficient Searchable Symmetric Encryption for Join Queries. In IACR Cryptology ePrint Archive.
[28]
Seny Kamara and Tarik Moataz. 2019. Computationally volume-hiding structured encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 183--213.
[29]
Seny Kamara, Tarik Moataz, and Olya Ohrimenko. 2018. Structured encryption and leakage suppression. In Annual International Cryptology Conference. Springer, 339--370.
[30]
Seny Kamara, Charalampos Papamanthou, and Tom Roeder. 2012. Dynamic searchable symmetric encryption. In Proceedings of the 2012 ACM conference on Computer and communications security. 965--976.
[31]
Georgios Kellaris, George Kollios, Kobbi Nissim, and Adam O'Neill. 2016a. Generic Attacks on Secure Outsourced Databases. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016).
[32]
Georgios Kellaris, George Kollios, Kobbi Nissim, and Adam O'neill. 2016b. Generic attacks on secure outsourced databases. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 1329--1340.
[33]
Marie-Sarah Lacharité, Brice Minaud, and Kenneth G Paterson. 2018. Improved reconstruction attacks on encrypted data using range query leakage. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 297--314.
[34]
Kevin Lewi and David J Wu. 2016. Order-revealing encryption: New constructions, applications, and lower bounds. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 1167--1178.
[35]
Rafail Ostrovsky. 1990. Efficient computation on oblivious RAMs. In Proceedings of the twenty-second annual ACM symposium on Theory of computing. 514--523.
[36]
Vasilis Pappas, Fernando Krell, Binh Vo, Vladimir Kolesnikov, Tal Malkin, Seung Geol Choi, Wesley George, Angelos Keromytis, and Steve Bellovin. 2014. Blind seer: A scalable private DBMS. In 2014 IEEE Symposium on Security and Privacy. IEEE, 359--374.
[37]
Sarvar Patel, Giuseppe Persiano, Kevin Yeo, and Moti Yung. 2019. Mitigating leakage in secure cloud-hosted data structures: volume-hiding for multi-maps via hashing. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 79--93.
[38]
Wouter Penard and Tim van Werkhoven. 2008. On the secure hash algorithm family. Cryptography in context (2008), 1--18.
[39]
Rishabh Poddar, Tobias Boelter, and Raluca Ada Popa. 2016. Arx: A Strongly Encrypted Database System. IACR Cryptol. ePrint Arch., Vol. 2016 (2016), 591.
[40]
Rishabh Poddar, Sukrit Kalra, Avishay Yanai, Ryan Deng, Raluca Ada Popa, and Joseph M Hellerstein. 2021. Senate: A Maliciously-Secure MPC Platform for Collaborative Analytics. In USENIX Security Symposium. 2129--2146.
[41]
Rishabh Poddar, Stephanie Wang, Jianan Lu, and Raluca Ada Popa. 2020. Practical volume-based attacks on encrypted databases. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 354--369.
[42]
Raluca Ada Popa, Catherine MS Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2011. CryptDB: Protecting confidentiality with encrypted query processing. In Proceedings of the twenty-third ACM symposium on operating systems principles. 85--100.
[43]
Kui Ren, Yu Guo, Jiaqi Li, Xiaohua Jia, Cong Wang, Yajin Zhou, Sheng Wang, Ning Cao, and Feifei Li. 2020. Hybridx: New hybrid index for volume-hiding range queries in data outsourcing services. In 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). IEEE, 23--33.
[44]
Xuanle Ren, Le Su, Zhen Gu, Sheng Wang, Feifei Li, Yuan Xie, Song Bian, Chao Li, and Fan Zhang. 2022. HEDA: Multi-Attribute Unbounded Aggregation over Homomorphically Encrypted Database. Proceedings of the VLDB Endowment, Vol. 16, 4 (2022), 601--614.
[45]
Dawn Xiaoding Song, David Wagner, and Adrian Perrig. 2000. Practical techniques for searches on encrypted data. In Proceeding 2000 IEEE symposium on security and privacy. S&P 2000. IEEE, 44--55.
[46]
Emil Stefanov, Marten van Dijk, Elaine Shi, T-H Hubert Chan, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2018. Path ORAM: an extremely simple oblivious RAM protocol. Journal of the ACM (JACM), Vol. 65, 4 (2018), 1--26.
[47]
Jianfeng Wang, Shi-Feng Sun, Tianci Li, Saiyu Qi, and Xiaofeng Chen. 2022. Practical Volume-Hiding Encrypted Multi-Maps with Optimal Overhead and Beyond. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 2825--2839.
[48]
Qiao Wang, Yu Guo, Hejiao Huang, and Xiaohua Jia. 2018. Multi-user forward secure dynamic searchable symmetric encryption. In Network and System Security: 12th International Conference, NSS 2018, Hong Kong, China, August 27--29, 2018, Proceedings 12. Springer, 125--140.
[49]
Yilei Wang and Ke Yi. 2021. Secure Yannakakis: Join-Aggregate Queries over Private Data. Proceedings of the 2021 International Conference on Management of Data (2021).
[50]
Songrui Wu, Qi Li, Guoliang Li, Dong Yuan, Xingliang Yuan, and Cong Wang. 2019. ServeDB: Secure, verifiable, and efficient range queries on outsourced database. In 2019 IEEE 35th International Conference on Data Engineering (ICDE). IEEE, 626--637.
[51]
Jing Yao, Yifeng Zheng, Yu Guo, and Cong Wang. 2020. Sok: A systematic study of attacks in efficient encrypted cloud data search. In Proceedings of the 8th International Workshop on Security in Blockchain and Cloud Computing. 14--20.
[52]
Xingliang Yuan, Yu Guo, Xinyu Wang, Cong Wang, Baochun Li, and Xiaohua Jia. 2017. Enckv: An encrypted key-value store with rich queries. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 423--435.
[53]
Xingliang Yuan, Xinyu Wang, Cong Wang, Baochun Li, Xiaohua Jia, et al. 2018. Enabling encrypted rich queries in distributed key-value stores. IEEE Transactions on Parallel and Distributed Systems, Vol. 30, 6 (2018), 1283--1297.
Index Terms
- Veil: A Storage and Communication Efficient Volume-Hiding Algorithm
Recommendations
Taxonomical Security Consideration of OAEP Variants*The proceedings version of this paper [11] appeared in Sixth International Conference on Information and Communications Security (ICICS'04).
We first model the variants of OAEP and SAEP by changing a construction and position of a redundancy, and establish a universal proof technique in the random oracle model, the comprehensive event dividing tree. We then make a taxonomical security ...
Generalized bucketization scheme for flexible privacy settings
Bucketization is an anonymization technique for publishing sensitive data. The idea is to group records into small buckets to obscure the record-level association between sensitive information and identifying information. Compared to the traditional ...
Comments
Information & Contributors
Information
Published In
December 2023
1317 pages
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 December 2023
Published in PACMMOD Volume 1, Issue 4
Author Tags
Qualifiers
- Research-article
Funding Sources
- HPI Research Center in Machine Learning and Data Science at UC Irvine
- NSF Grants
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 294Total Downloads
- Downloads (Last 12 months)294
- Downloads (Last 6 weeks)71
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in