Unlocking the Potential of Document Recovery in Injection Attacks against SSE

Unlocking the Potential of Document Recovery in Injection Attacks against SSE: Inject Less, Recover More

Zhang, Manning (TU Delft Electrical Engineering, Mathematics and Computer Science)

Liang, K. (mentor)
Shi, Z. (mentor)
Smaragdakis, G. (graduation committee)
Decouchant, Jérémie (graduation committee)

Delft University of Technology

Computer Science | Cyber Security

2023-08-30

Searchable symmetric encryption (SSE) is an encryption scheme that allows a single user to perform searches over an encrypted dataset. The advent of dynamic SSE has further enhanced this scheme by enabling updates to the encrypted dataset, such as insertions and deletions. In dynamic SSE, attackers have employed file injection attacks, initially proposed by Cash et al. (CCS 2015), to obtain sensitive information. These attacks have shown impressive performance with 100% accuracy and no prior knowledge requirement. However, they fail to recover queries with underlying keywords not present in the injected files. To address these limitations, our research introduces a novel attack strategy that incorporates the idea of inference attacks relying on uniqueness in leakage patterns. The goal is to achieve an amplified effect in query recovery. Additionally, we propose a keyword classification based on their access patterns, which helps identify the current limitation of query recovery in reference attacks. With our proposed attack, we demonstrate a minimum query recovery rate of 1.3 queries per injected keyword with a 10% data leakage of real-life datasets. Furthermore, our findings initiate further research to overcome challenges associated with non-distinctive keywords faced by inference attacks.

Searchable Encryption
Attack
leakage
Access pattern

http://resolver.tudelft.nl/uuid:e95ad296-7666-4d87-888d-47c4c1d8e15b

Student theses

master thesis

© 2023 Manning Zhang