VAL: Volume and Access Pattern Leakage-Abuse Attack with Leaked Documents

Lambregts, Steven; Chen, H.; Ning, Jianting; Liang, K.

doi:10.1007/978-3-031-17140-6_32

VAL

Title

VAL: Volume and Access Pattern Leakage-Abuse Attack with Leaked Documents

Author

Lambregts, Steven (Student TU Delft)
Chen, H. (TU Delft Cyber Security)
Ning, Jianting (Singapore Management University; Fujian Normal University)
Liang, K. (TU Delft Cyber Security)

Contributor

Atluri, Vijayalakshmi (editor)
Di Pietro, Roberto (editor)
Jensen, Christian D. (editor)
Meng, Weizhi (editor)

Date

2022

Abstract

Searchable Encryption schemes provide secure search over encrypted databases while allowing admitted information leakages. Generally, the leakages can be categorized into access and volume pattern. In most existing SE schemes, these leakages are caused by practical designs but are considered an acceptable price to achieve high search efficiency. Recent attacks have shown that such leakages could be easily exploited to retrieve the underlying keywords for search queries. Under the umbrella of attacking SE, we design a new Volume and Access Pattern Leakage-Abuse Attack (VAL-Attack) that improves the matching technique of LEAP (CCS ’21) and exploits both the access and volume patterns. Our proposed attack only leverages leaked documents and the keywords present in those documents as auxiliary knowledge and can effectively retrieve document and keyword matches from leaked data. Furthermore, the recovery performs without false positives. We further compare VAL-Attack with two recent well-defined attacks on several real-world datasets to highlight the effectiveness of our attack and present the performance under popular countermeasures.

Subject

Access pattern
Attack
Leakage
Searchable encryption
Volume pattern

To reference this document use:

http://resolver.tudelft.nl/uuid:37c3f1fc-fbfe-418b-a1fe-4ecfc62862da

DOI

https://doi.org/10.1007/978-3-031-17140-6_32

Publisher

Springer, Cham

Embargo date

2023-07-01

ISBN

978-3-031-17139-0

Source

Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings

Event

27th European Symposium on Research in Computer Security, ESORICS 2022, 2022-09-26 → 2022-09-30, Virtual, Online

Series

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 0302-9743, 13554

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Part of collection

Institutional Repository

Document type

conference paper

Rights

Files

file embargo until 2023-07-01