An Efficiently Searchable Encrypted Data Structure for Range Queries
- 2 Citations
- 968 Downloads
Abstract
At CCS 2015 Naveed et al. presented first attacks on efficiently searchable encryption, such as deterministic and order-preserving encryption. These plaintext guessing attacks have been further improved in subsequent work, e.g. by Grubbs et al. in 2016. Such cryptanalysis is crucially important to sharpen our understanding of the implications of security models. In this paper we present an order-preserving encryption scheme in the form of an efficiently searchable, encrypted data structure that is provably secure against these and even more powerful chosen plaintext attacks. Our data structure supports logarithmic-time search with linear space complexity. The indices of our data structure can be used to search by standard comparisons and hence allow easy retrofitting to existing database management systems. We implemented our scheme and show that its search time overhead is only 10 ms compared to non-secure search on a database with 1 million entries.
References
- 1.
- 2.Boelter, T., Poddar, R., Popa, R.A.: A secure one-roundtrip index for range queries. Technical report 568, IACR Cryptology ePrint Archive (2016)Google Scholar
- 3.Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_13CrossRefGoogle Scholar
- 4.Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_33CrossRefGoogle Scholar
- 5.Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., Zimmerman, J.: Semantically secure order-revealing encryption: multi-input functional encryption without obfuscation. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 563–594. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_19CrossRefGoogle Scholar
- 6.Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_29CrossRefGoogle Scholar
- 7.Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, CCS (2015)Google Scholar
- 8.Chenette, N., Lewi, K., Weis, S.A., Wu, D.J.: Practical order-revealing encryption with limited leakage. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 474–493. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_24CrossRefzbMATHGoogle Scholar
- 9.Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)CrossRefGoogle Scholar
- 10.Demertzis, I., Papadopoulos, S., Papapetrou, O., Deligiannakis, A., Garofalakis, M.: Practical private range search revisited. In: Proceedings of the ACM International Conference on Management of Data, SIGMOD (2016)Google Scholar
- 11.Ducklin, P.: Anatomy of a password disaster - adobe’s giant-sized cryptographic blunder (2013). https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
- 12.Durak, B., DuBuisson, T., Cash, D.: What else is revealed by order-revealing encryption? In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)Google Scholar
- 13.Fitzpatrick, A.: Apple says systems weren’t hacked in nude pics grab (2014). http://time.com/3257945/apple-icloud-brute-force-jennifer-lawrence/
- 14.Grubbs, P., McPherson, R., Naveed, M., Ristenpart, T., Shmatikov, V.: Breaking web applications built on top of encrypted data. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)Google Scholar
- 15.Grubbs, P., Ristenpart, T., Shmatikov, V.: Why your encrypted database is not secure. Technical report 468, IACR Cryptology ePrint Archive (2017)Google Scholar
- 16.Grubbs, P., Sekniqi, K., Bindschaedler, V., Naveed, M., Ristenpart, T.: Leakage-abuse attacks against order-revealing encryption. Technical report 895, IACR Cryptology ePrint Archive (2016)Google Scholar
- 17.Hahn, F., Kerschbaum, F.: Poly-logarithmic range queries on encrypted data with small leakage. In: Proceedings of the ACM Workshop on Cloud Computing Security Workshop, CCSW (2016)Google Scholar
- 18.Islam, M., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: Proceedings of the 19th Network and Distributed System Security Symposium, NDSS (2012)Google Scholar
- 19.Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_9CrossRefGoogle Scholar
- 20.Kellaris, G., Kollios, G., Nissim, K., O’Neill, A.: Generic attacks on secure outsourced databases. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)Google Scholar
- 21.Kerschbaum, F.: Frequency-hiding order-preserving encryption. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, CCS (2015)Google Scholar
- 22.Kolesnikov, V., Shikfa, A.: On the limits of privacy provided byorder-preserving encryption. Bell Labs Tech. J. 17(3), 135–146 (2012)CrossRefGoogle Scholar
- 23.Lacharité, M.S., Minaud, B., Paterson, K.: Improved reconstruction attacks on encrypted data using range query leakage. Technical report 701, IACR Cryptology ePrint Archive (2017)Google Scholar
- 24.Lewi, K., Wu, D.: Order-revealing encryption: new constructions, applications, and lower bounds. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)Google Scholar
- 25.Lu, Y.: Privacy-preserving logarithmic-time search on encrypted data in cloud. In: Proceedings of the 19th Network and Distributed System Security Symposium, NDSS (2012)Google Scholar
- 26.McCarthy, K.: Panama papers hack: unpatched wordpress, drupal bugs to blame? (2016). http://www.theregister.co.uk/2016/04/07/panama_papers_unpatched_wordpress_drupal/
- 27.Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property-preserving encrypted databases. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, CCS (2015)Google Scholar
- 28.Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: 34th IEEE Symposium on Security and Privacy, S&P (2013)Google Scholar
- 29.Pouliot, D., Wright, C.: The shadow nemesis: inference attacks on efficiently deployable, efficiently searchable encryption. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)Google Scholar
- 30.Roche, D., Apon, D., Choi, S., Yerukhimovich, A.: Pope: partial order preserving encoding. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)Google Scholar
- 31.Shi, E., Bethencourt, J., Chan, H.T.H., Song, D.X., Perrig, A.: Multi-dimensional range query over encrypted data. In: Proceedings of the 2007 Symposium on Security and Privacy, S&P (2007)Google Scholar
- 32.Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: Proceedings of the 25th USENIX Security Symposium, USENIX SECURITY (2016)Google Scholar