MEGA is a popular cloud storage provider in both commercial and consumer markets [2][1]. MEGA claims to provide secure storage, in a threat model where even the storage provider should be unable to tamper with a user’s data undetected [5]. Previous work by Backendal et. al., as well as other follow-up research works, discovered several attacks that an adversarial storage provider could perform to covertly read and write a user’s storage [7]. MEGA’s patches to the attacks solve the initial attacks that allow for the attack chain to take place, but did not solve the fundamental problems in the security architecture that enabled these attacks [6]. This work provides 5 attacks on user’s contact relationships and folder sharing, that even after the patches, allow for an adversarial storage provider to manipulate a user’s contact list, and forge data in their secure storage. ... Read more

This work addresses the challenge of performing expressive, multi-dimensional range queries directly over encrypted data while balancing query efficiency against privacy leakage. Existing searchable encryption and encrypted multi-map (EMM) schemes either reveal access or volume patterns or incur substantial overhead by fully hiding all leakage (e.g. via ORAM) making them unpractical. Building on the static, multi-dimensional EMM framework of Falzon et al., we introduce a family of five EMM variants that provide tunable leakage profiles, spanning from full access- and volume-pattern exposure to near-complete concealment through adaptive padding and dummy-access techniques. The empirical evaluation of our
five EMM variants reveals a clear, quantifiable spectrum of privacy-performance trade-offs. On large-range workloads, the access-hiding schemes offer the best overall balance, with measured average latency slopes of ≈ 0.012 ms/label. For workloads dominated by small result sets, a volume hiding scheme excels, achieving an even lower slope of 0.0032 ms/label by tuning its padding to realistic occupancy bounds. In contrast, fully padded schemes like incur substantially higher overheads, up to two orders of magnitude greater, making them suitable only when maximal leakage resilience is required. These results allow cloud providers with quantitative guidance to deploy encrypted range search that meets both privacy requirements and performance expectations in real-world, multi-attribute database services. ... Read more

Searchable Encryption (SE) has shown a lot of promise towards enabling secure and efficient queries over encrypted data. In order to achieve this efficiency, SE inevitably leaks some information, and a big open question is how dangerous this leakage is. While prior reconstruction attacks have demonstrated effectiveness in one-dimensional settings, extending them to high-dimensional datasets remains challenging. Existing methods either demand excessive query information (e.g. an attacker that has observed all possible responses) or produce low-quality reconstructions in sparse databases.
In this work, we present REMIN, a new leakage-abuse attack against SE schemes in multi-dimensional settings, based on access and search pattern leakage from range queries. Our approach leverages unsupervised representation learning to transform query co-occurrence frequencies into geometric signals, allowing the attacker to infer relative spatial relationships between records. This enables accurate and scalable reconstruction of high-dimensional datasets under minimal leakage. Furthermore, we introduce REMIN-P, a practical variant of the attack that incorporates a poisoning strategy. By injecting a small number of auxiliary anchor points—either known or intentionally leaked—REMIN-P significantly improves reconstruction quality, particularly in sparse or boundary regions.
We evaluate our attacks extensively on both synthetic and real-world structured datasets. Compared to state-of-the-art reconstruction attacks, our reconstruction attack achieves up to 50% reduction in mean squared error (MSE), all while maintaining fast and scalable runtime. When the poisoning strategy is chosen properly, our poisoning attack further reduces MSE by an additional 50% on average. To the best of our knowledge, these are the first attacks that enables accurate multi-dimensional reconstruction under low-leakage conditions for any type of database. ... Read more

This work explores the feasibility of combining zero-knowledge proofs with SGX enclave protection technology, using the Hyperledger fabric, as the testing environment. The focus is on assessing the viability of this combination in real-world scenarios where post-quantum security is crucial. To this end, a new zero-knowledge proof, called Vesper, has been developed. This is a lattice-based zk-SNARK with a Regev commitment scheme. Vesper aims to provide a novel approach to developing lattice-based zero-knowledge proofs suitable for blockchain environments. Vesper features a proof size of 128 bytes, an average verification time of 0.14 ms, requires no trusted setup, while achieving at least 128-bit and 256-bit security. Only the proof geberation time increases when the LWE dimension increases. To analyze and explore the potential of combining Intel SGX with such a ZKP and Hyperledger Fabric, two projects have been developed: 1. Vesper Smart Contract: This project uses Vesper in combination with a lattice-based digital signing scheme that has been NIST-approved. The proof generation benefits from SGX enclave protection, while the verifier for Vesper is deployed in a permissioned blockchain as a smart contract. Middleware using Fabric Peer command line interface (CLI) tools facilitates commu- nication between the prover and verifier sides. 2. Vesper-FPC: This project explores the feasibility of protecting Hyperledger Fabric chaincode with an SGX enclave. It combines Vesper with a simplified lattice-based digital signing function to accommodate a restricted environment. Both the proof generation and the deployed verifier are SGX-protected. Communication is managed via custom peer CLI commands specifically de- signed to handle the interaction between the additional SGX protection layer and the blockchain infrastructure. The simplified digital signing scheme of Vesper-FPC has a fast average verification time of 1.46 ms and an even faster average signing time of 0.49 ms while achiving 128-bit security. This is quicker than the NIST-approved digital signing scheme of Vesper Smart Contract, which has average signing and verification times of approximately 76.52 ms and 13.25 ms, respectively. The simplified version features a private key size of 512 bytes, a signature size of 768 bytes, and a public key size of 48 KB. In contrast, the digital signing scheme of Vesper Smart Contract has a private key size of 2528 bytes, a signature size of 2420 bytes, and a public key size of 1312 bytes. The execution time of Vesper Smart Contract without SGX is on average approximately 2086.83 ms for a 128-bit security level. Adding SGX protection on the prover side increased the average execution time to 26339 ms. Vesper-FPC, with SGX protection for both the prover and the deployed verifier, has an average execution time of approximately 51229 ms. ... Read more

One distinguishable feature of file-inject attacks on searchable encryption schemes is the 100% query recovery rate, i.e., confirming the corresponding keyword for each query. The main efficiency consideration of file-injection attacks is the number of injected files. In the work of Zhang et al. (USENIX 2016), log_2|K| injected files are required, each of which contains |K|/2 keywords for the keyword set K. Based on the construction of the uniform (s,n)-set, Wang et al. need fewer injected files when considering the threshold countermeasure. In this work, we propose a new attack that further reduces the number of injected files where Wang et al. need up to 38% more injections to achieve the same results. The attack is based on an increment (s,n)-set, which is also defined in this paper. ... Read more

A searchable symmetric encryption (SSE) scheme allows a user to securely perform a keyword search on an encrypted database. This search capability is useful but comes with the price of unintentional information leakage. An attacker abuses leakage to steal confidential information by launching SSE attacks. In this work, our goal is to design a new inference attack that improves the query recovery accuracy of an existing attack. We combine an additional volume leakage pattern and investigate the effectiveness of existing countermeasures against it. Our attack utilizes similar data knowledge and known queries to perform the attack. The results show that usage of an additional volume leakage pattern results in an improved query recovery accuracy, and a more stabilized spread in the results. When an attacker knows up to 4 known queries, we observe an improved query recovery accuracy between 5 and 19.5%. Furthermore, we investigate if the attack can be improved even further by utilizing clustering. However, the results are too close with a high trade-off in performance. From our findings, we can generalize that additional knowledge available to the attacker improves query recovery accuracy. More leakage combinations and their impact are open to future research. ... Read more

Searchable Symmetric Encryption (SSE) schemes provide secure search over encrypted databases while allowing admitted information leakages. Generally, the leakages can be categorized into access, search, and volume pattern. In most existing Searchable Encryption (SE) schemes, these leakages are caused by practical designs but are considered an acceptable price to achieve high search efficiency. Many attacks on SSE schemes have shown that such leakages could be easily exploited to retrieve the underlying keywords for search queries. Each attack abuses a different leakage pattern and uses different techniques to achieve high query recovery accuracy. An attacker could be passive or active, where an active attacker can inject files in an SSE scheme, while a passive attacker only observes the queried data. Some passive attacks use the number of files returned by a query to create a match with a candidate keyword. Others use the co-occurrence of multiple keywords in the files to match a query with the same occurrence. We continue this research and design a new Volume and Access Pattern Leakage-abuse Attack (VAL-Attack) that exploits both the access and volume patterns. Our proposed attack only leverages leaked documents and the keywords present in those documents as auxiliary knowledge and can effectively retrieve document and keyword matches from leaked data. Furthermore, the recovery performs with great accuracy and without false positives. We compare VALAttack with two recent well-defined attacks on several real-world datasets to highlight the effectiveness of our attack and present the performance under popular countermeasures. ... Read more

The amount of data individuals create keeps increasing every year to the point that the data cannot be stored on a single device anymore. Cloud storage provides a solution for this problem, but not everybody wants the cloud storage service providers to peek at their data and they thus encrypt their data before storing it on the service provider's servers. Unfortunately, due to the way encryption works, the users are not able to perform simple actions on their data, like for example keyword search. However with Searchable Symmetric Encryption (SSE) the users can still perform keyword search on their data when their data is encrypted. With the use of SSE, there is some information that is being exposed about the data that is being stored on the system, called leakage. This leakage can be used by attackers in an attack to perform query recovery.

Currently existing attacks are mostly known-data attacks which assume that the attacker already has access to a large part of the plaintexts stored on the system. However this is very unlikely in real-world scenarios. A few papers focus on similar-data attacks which have a slightly different assumption. With similar-data attacks, the assumption is that the attacker has a similar document set to the document set stored on the SSE system. These attacks are therefore more realistic than known-data attacks, but the best similar-data attack still has some flaws.

Therefore, in this thesis, we propose a new attack that is based on an already existing similar-data query recovery attack. This new attack is a combination of a file injection attack and a similar-data attack. This new attack achieves a higher accuracy than the best similar-data and known-data attacks, while injecting only a few files into the SSE system. To the best of our knowledge this is the first similar-data attack with a file injection component. The new attack is also more resilient to countermeasures such as padding and obfuscation.
... Read more

In a world where more data gets uploaded to the cloud, it is essential that the data gets stored securely. For users to keep search functionality, searchable symmetric encryption has been developed. SSE works by a user sending a token representing a keyword (or a range), after which the server returns the documents that match the keyword (or values in the queried range). These observed documents are called the access pattern. A number of attacks that work on range SSE schemes have been developed. Yet, most of these attacks work on density or query assumptions that hinder their performance if these assumptions are false. Furthermore, a number of these attacks use auxiliary information. Yet none of them uses known search tokens.

We, thus, propose a novel approach that uses a PQ-Tree to get the order of the observed documents. It uses the known pairs to assign possibilities for these documents and returns a list of options for each observed token and estimated values for each document. The basic attack guarantees that the correct query is always available by assigning document values based on the known tokens. A refined attack was made that assigns more known tokens by adding the best matches based on confidence score. This refinement allows for more exact token and query matches. Both of these attacks were extended using partial or similar documents from which document volume or rank information could be gathered to further increase the attack performance in cases where such data is available. We evaluate our attacks against current state-of-the-art and outperform those regarding document and query recovery on all tested datasets. Lastly, we use two countermeasures and see that all attacks are impacted but that our attack still outperforms most. ... Read more

Blockchain networks are increasingly recognized as a disruptive technology across sectors such as online services, finance, supply chain, administration etc. They are underpinned by smart contracts which provide programmatic instruction for the blockchain to operate. A major obstacle in the widespread adoption of blockchain technology is the security of the underlying smart contracts and potentially exploitative flaws in their technical makeup that pose a risk to data privacy. Modern trusted execution environments, such as Intel SGX, leverage hardware through process of attestation and have been proposed to preserve privacy in smart contracts; however, practical research & development in this field has seen slower progress. This paper explores the process of attestation by which Intel SGX enhances smart contract security, examines development & execution of a prototype smart contract that utilizes SGX for secure e-voting and evaluates benefits & limitations of the process. Finally, we also propose improvements to our approach and present further scope of research on the topic. ... Read more

The NIST PQC Standardization Process aims to find new cryptographic standards resistant to both classical and quantum computers. Several categories of cryptographic schemes are currently being evaluated by both NIST and the cryptographic community. Schemes are compared against one another with an emphasis on security, run-time performance, and bandwidth. A select few have made it to the third round and NIST hopes to standardize a subset of the schemes after the third round has come to an end. This research paper evaluates the encryption schemes of one of the five categories, code-based cryptography. Classic McEliece is a finalist and its security proof is strong, as its underlying mathematical concepts have been studied for over 40 years. Having said that, its large public key size makes it useful for only specific use cases. For general use, BIKE may be a better option, as its quasi-cyclic codes lead to a significant reduction in bandwidth. They will need to further analyze their decoding failure rate to ensure it is low enough to claim the required security level. Other metrics such as the rank-metric have also been considered. While they offer promising key sizes, further research into potential attacks is needed. ... Read more