Abstract
In Chap. 3, we discussed the security definitions of searchable encryption. In short, an SE scheme is said to achieve adaptively semantic security with a leakage function \(\mathcal {L}(\cdot )\) if the information revealed during its operation is bounded by \(\mathcal {L}(\cdot )\). Typically, allowed leakages include the size of encrypted data collection, whether a search token (trapdoor) has been repeated, which encrypted documents have been accessed, etc. In the extreme case, we can claim that a trivial plaintext solution is secure with \(\mathcal {L}(\mathrm {DB}, w_1, \dots , w_t)=(\mathrm {DB}, w_1, \dots , w_t)\), i.e., it leaks all plaintext data, though this leakage function is meaningless since it obviously reveals confidential data to the untrusted server.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Blackstone L, Kamara S, Moataz T (2020) Revisiting leakage abuse attacks. In: 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23–26, 2020, The Internet Society
Bogatov D, Kollios G, Reyzin L (2019) A comparative evaluation of order-revealing encryption schemes and secure range-query protocols. Proceedings of the International Conference on Very Large Databases 12(8):933–947
Bost R, Minaud B, Ohrimenko O (2017) Forward and backward private searchable encryption from constrained cryptographic primitives. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30–November 03, 2017, ACM, pp 1465–1482
Broder AZ, Mitzenmacher M (2003) Survey: Network applications of bloom filters: A survey. Internet Mathematics 1(4):485–509
Cash D, Grubbs P, Perry J, Ristenpart T (2016) Leakage-abuse attacks against searchable encryption. IACR Cryptology ePrint Archive p 718
Cohen WW (October, 2019) Enron email dataset. Online at https://www.cs.cmu.edu/~enron/
Curtmola R, Garay JA, Kamara S, Ostrovsky R (2006) Searchable symmetric encryption: improved definitions and efficient constructions. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, October 30–November 3, 2006, ACM, pp 79–88
George M, Kamara S, Moataz T (2021) Structured encryption and dynamic leakage suppression. In: Advances in Cryptology—EUROCRYPT 2021—40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17–21, 2021, Proceedings, Part III, Springer, Lecture Notes in Computer Science, vol 12698, pp 370–396
Goh EJ (2003) Secure indexes. IACR Cryptology ePrint Archive p 216
Goldreich O, Goldwasser S, Micali S (2019) How to construct random functions. In: Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, ACM, pp 241–264
Groot Roessink R (2020) Experimental review of the IKK query recovery attack: Assumptions, recovery rate and improvements
Grubbs P, Lacharité M, Minaud B, Paterson KG (2018) Pump up the volume: Practical database reconstruction from volume leakage on range queries. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15–19, 2018, ACM, pp 315–331
Grubbs P, Lacharité MS, Minaud B, Paterson KG (2019) Learning to reconstruct: Statistical learning theory and encrypted database attacks. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19–23, 2019, IEEE, pp 1067–1083
Grubbs P, Khandelwal A, Lacharité MS, Brown L, Li L, Agarwal R, Ristenpart T (2020) Pancake: Frequency smoothing for encrypted data stores. In: 29th USENIX Security Symposium, USENIX Security 2020, August 12–14, 2020, USENIX Association, pp 2451–2468
He W, Akhawe D, Jain S, Shi E, Song DX (2014) ShadowCrypt: Encrypted web applications for everyone. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3–7, 2014, ACM, pp 1028–1039
Islam MS, Kuzu M, Kantarcioglu M (2012) Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In: 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5–8, 2012, The Internet Society
Kamara S, Moataz T (2018) Encrypted multi-maps with computationally-secure leakage. IACR Cryptology ePrint Archive p 978
Kamara S, Moataz T (2019) Computationally volume-hiding structured encryption. In: Advances in Cryptology—EUROCRYPT 2019—38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19–23, 2019, Proceedings, Part II, Springer, Lecture Notes in Computer Science, vol 11477, pp 183–213
Kamara S, Moataz T, Ohrimenko O (2018) Structured encryption and leakage suppression. In: Advances in Cryptology—CRYPTO 2018—38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19–23, 2018, Proceedings, Part I, Springer, Lecture Notes in Computer Science, vol 10991, pp 339–370
Kamara S, Kati A, Moataz T, Schneider T, Treiber A, Yonli M (2022) SoK: Cryptanalysis of encrypted search with leaker—a framework for leakage attack evaluation on real-world data. In: 7th IEEE European Symposium on Security and Privacy, EuroS&P 2022, Genoa, Italy, June 6–10, 2022, IEEE, pp 90–108
Kirsch A, Mitzenmacher M, Wieder U (2009) More robust hashing: Cuckoo hashing with a stash. SIAM Journal on Computing 39(4):1543–1561
Kornaropoulos EM, Papamanthou C, Tamassia R (2020) The state of the uniform: Attacks on encrypted databases beyond the uniform query distribution. In: 2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18–21, 2020, IEEE, pp 1223–1240
Lau B, Chung SP, Song C, Jang Y, Lee W, Boldyreva A (2014) Mimesis aegis: A mimicry privacy shield-a system’s approach to data privacy on public cloud. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20–22, 2014, USENIX Association, pp 33–48
Lenstra AK, Lenstra HW, Lovász L (1982) Factoring polynomials with rational coefficients. Mathematische annalen 261(ARTICLE):515–534
Networks IS (2021) Skyhigh for salesforce. Online at https://www.mcafee.com/enterprise/en-us/products/mvision-cloud/salesforce.html
Ning J, Huang X, Poh GS, Yuan J, Li Y, Weng J, Deng RH (2021) Leap: Leakage-abuse attack on efficiently deployable, efficiently searchable encryption with partially known dataset. In: CCS ’21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15–19, 2021, ACM, pp 2307–2320
Oya S, Kerschbaum F (2021) Hiding the access pattern is not enough: Exploiting search pattern leakage in searchable encryption. In: 30th USENIX Security Symposium, USENIX Security 2021, August 11–13, 2021, USENIX Association, pp 127–142
Oya S, Kerschbaum F (2021) IHOP: Improved statistical query recovery against searchable symmetric encryption through quadratic optimization. CoRR abs/2110.04180, 2110.04180
Pagh R, Rodler FF (2004) Cuckoo hashing. Journal of Algorithms 51(2):122–144
Patel S, Persiano G, Yeo K, Yung M (2019) Mitigating leakage in secure cloud-hosted data structures: Volume-hiding for multi-maps via hashing. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11–15, 2019, ACM, pp 79–93
Song DX, Wagner DA, Perrig A (2000) Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, Berkeley, California, USA, May 14–17, 2000, IEEE Computer Society, pp 44–55
Xu L, Duan H, Zhou A, Yuan X, Wang C (2021) Interpreting and mitigating leakage-abuse attacks in searchable symmetric encryption. IEEE Transactions on Information Forensics and Security 16:5310–5325
Xu M, Namavari A, Cash D, Ristenpart T (2021) Searching encrypted data with size-locked indexes. In: 30th USENIX Security Symposium, USENIX Security 2021, August 11–13, 2021, USENIX Association, pp 4025–4042
Zhang Y, Katz J, Papamanthou C (2016) All your queries are belong to us: The power of file-injection attacks on searchable encryption. In: 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10–12, 2016, USENIX Association, pp 707–720
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ren, K., Wang, C. (2023). Security Impact of Leakage Profiles: Threats and Countermeasures. In: Searchable Encryption. Wireless Networks. Springer, Cham. https://doi.org/10.1007/978-3-031-21377-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-21377-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21376-2
Online ISBN: 978-3-031-21377-9
eBook Packages: Computer ScienceComputer Science (R0)