ABSTRACT
Recently, various protocols have been proposed for securely outsourcing database storage to a third party server, ranging from systems with "full-fledged" security based on strong cryptographic primitives such as fully homomorphic encryption or oblivious RAM, to more practical implementations based on searchable symmetric encryption or even on deterministic and order-preserving encryption. On the flip side, various attacks have emerged that show that for some of these protocols confidentiality of the data can be compromised, usually given certain auxiliary information. We take a step back and identify a need for a formal understanding of the inherent efficiency/privacy trade-off in outsourced database systems, independent of the details of the system. We propose abstract models that capture secure outsourced storage systems in sufficient generality, and identify two basic sources of leakage, namely access pattern and ommunication volume. We use our models to distinguish certain classes of outsourced database systems that have been proposed, and deduce that all of them exhibit at least one of these leakage sources.
We then develop generic reconstruction attacks on any system supporting range queries where either access pattern or communication volume is leaked. These attacks are in a rather weak passive adversarial model, where the untrusted server knows only the underlying query distribution. In particular, to perform our attack the server need not have any prior knowledge about the data, and need not know any of the issued queries nor their results. Yet, the server can reconstruct the secret attribute of every record in the database after about $N^4$ queries, where N is the domain size. We provide a matching lower bound showing that our attacks are essentially optimal. Our reconstruction attacks using communication volume apply even to systems based on homomorphic encryption or oblivious RAM in the natural way.
Finally, we provide experimental results demonstrating the efficacy of our attacks on real datasets with a variety of different features. On all these datasets, after the required number of queries our attacks successfully recovered the secret attributes of every record in at most a few seconds.
- R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In SIGMOD, 2004. Google ScholarDigital Library
- A. Arasu, S. Blanas, K. Eguro, R. Kaushik, D. Kossmann, R. Ramamurthy, and R. Venkatesan. Orthogonal security with cipherbase. In CIDR, 2013.Google Scholar
- A. Arasu, K. Eguro, R. Kaushik, and R. Ramamurthy. Querying encrypted data (tutorial). In ICDE, 2013.Google ScholarDigital Library
- S. Bajaj and R. Sion. Trusteddb: A trusted hardware-based database with privacy and data confidentiality. TKDE, 26(3):752--765, 2014. Google ScholarDigital Library
- M. Bellare, A. Boldyreva, and A. O'Neill. Deterministic and efficiently searchable encryption. In CRYPTO, 2007. Google ScholarDigital Library
- E. R. Berlekamp. Factoring polynomials over finite fields. Bell System Technical Journal, 46(8):1853--1859, 1967.Google ScholarCross Ref
- A. Boldyreva, N. Chenette, Y. Lee, and A. O'Neill. Order-preserving symmetric encryption. In EUROCRYPT, 2009.Google ScholarDigital Library
- A. Boldyreva, N. Chenette, and A. O'Neill. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In CRYPTO, 2011. Google ScholarDigital Library
- D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano. Public key encryption with keyword search. In EUROCRYPT, 2004.Google ScholarCross Ref
- D. Boneh, E.-J. Goh, and K. Nissim. Evaluating 2-dnf formulas on ciphertexts. In TCC, 2005. Google ScholarDigital Library
- D. Cash, P. Grubbs, J. Perry, and T. Ristenpart. Leakage-abuse attacks against searchable encryption. In CCS, 2015. Google ScholarDigital Library
- D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Roşu, and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In CRYPTO. 2013.Google ScholarCross Ref
- Y.-C. Chang and M. Mitzenmacher. Privacy preserving keyword searches on remote encrypted data. In ACNS, 2005. Google ScholarDigital Library
- M. Chase and S. Kamara. Structured encryption and controlled disclosure. In ASIACRYPT, 2010.Google ScholarCross Ref
- R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. In CCS, 2006. Google ScholarDigital Library
- J. L. Dautrich Jr and C. V. Ravishankar. Compromising privacy in precise query protocols. In EDBT, 2013. Google ScholarDigital Library
- I. Demertzis, S. Papadopoulos, O. Papapetrou, A. Deligiannakis, and M. Garofalakis. Practical private range search revisited. In SIGMOD, 2016. Google ScholarDigital Library
- I. Dinur and K. Nissim. Revealing information while preserving privacy. In PODS, 2003. Google ScholarDigital Library
- B. A. Fisch, B. Vo, F. Krell, A. Kumarasubramanian, V. Kolesnikov, T. Malkin, and S. M. Bellovin. Malicious-client security in blind seer: a scalable private dbms. In S&P, pages 395--410, 2015. Google ScholarDigital Library
- C. Gentry. Computing arbitrary functions of encrypted data. CACM, 53(3):97--105, 2010. Google ScholarDigital Library
- C. Gentry et al. Fully homomorphic encryption using ideal lattices. In STOC, 2009. Google ScholarDigital Library
- E.-J. Goh et al. Secure indexes. IACR Cryptology ePrint Archive, 2003:216, 2003.Google Scholar
- O. Goldreich. Towards a theory of software protection and simulation by oblivious rams. In STOC, 1987. Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In STOC, 1987. Google ScholarDigital Library
- O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious rams. JACM, 43(3):431--473, 1996. Google ScholarDigital Library
- H. Hacigümüş, B. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In SIGMOD, 2002. Google ScholarDigital Library
- H. Hacigümüş, B. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In SIGMOD, 2002. Google ScholarDigital Library
- B. Hore, S. Mehrotra, M. Canim, and M. Kantarcioglu. Secure multidimensional range queries over outsourced data. VLDBJ, 21(3):333--358, 2012. Google ScholarDigital Library
- B. Hore, S. Mehrotra, and G. Tsudik. A privacy-preserving index for range queries. In VLDB, 2004. Google ScholarDigital Library
- M. S. Islam, M. Kuzu, and M. Kantarcioglu. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In NDSS, 2012.Google Scholar
- M. S. Islam, M. Kuzu, and M. Kantarcioglu. Inference attack against encrypted range queries on outsourced databases. In CODASPY, 2014. Google ScholarDigital Library
- S. Kamara. How to search on encrypted data, 2015. https://cs.brown.edu/ seny/slides/encryptedsearch-full.pdf.Google Scholar
- S. Kamara and T. Moataz. Sql on structurally-encrypted databases. Cryptology ePrint Archive, Report 2016/453, 2016. http://eprint.iacr.org/.Google Scholar
- A. K. Lenstra, H. W. Lenstra, and L. Lovász. Factoring polynomials with rational coefficients. Mathematische Annalen, 261(4):515--534, 1982.Google ScholarCross Ref
- J. Li and E. R. Omiecinski. Efficiency and security trade-off in supporting range queries on encrypted databases. pages 69--83, 2005. Google ScholarDigital Library
- C. Liu, L. Zhu, M. Wang, and Y.-a. Tan. Search pattern leakage in searchable encryption: Attacks and new construction. Information Sciences, 265:176--188, 2014. Google ScholarDigital Library
- M. Naveed. The fallacy of composition of oblivious ram and searchable encryption. Cryptology ePrint Archive, Report 2015/668, 2015.Google Scholar
- M. Naveed, S. Kamara, and C. V. Wright. Inference attacks on property-preserving encrypted databases. In CCS, 2015. Google ScholarDigital Library
- O. Pandey and Y. Rouselakis. Property preserving symmetric encryption. In EUROCRYPT, 2012. Google ScholarDigital Library
- V. Pappas, F. Krell, B. Vo, V. Kolesnikov, T. Malkin, S. G. Choi, W. George, A. Keromytis, and S. Bellovin. Blind seer: A scalable private dbms. In S&P, 2014. Google ScholarDigital Library
- R. A. Popa, F. H. Li, and N. Zeldovich. An ideal-security protocol for order-preserving encoding. In SP, pages 463--477, 2013. Google ScholarDigital Library
- R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. Cryptdb: Protecting confidentiality with encrypted query processing. In SOSP, 2011. Google ScholarDigital Library
- E. Shen, E. Shi, and B. Waters. Predicate privacy in encryption systems. In TCC, 2009. Google ScholarDigital Library
- E. Shi, J. Bethencourt, T.-H. Chan, D. Song, and A. Perrig. Multi-dimensional range query over encrypted data. In SP, 2007. Google ScholarDigital Library
- D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In SP, 2000. Google ScholarDigital Library
- V. Vaikuntanathan. Computing blindfolded: New developments in fully homomorphic encryption. In FOCS, 2011. Google ScholarDigital Library
- A. C. Yao. Protocols for secure computations. In SFCS, 1982. Google ScholarDigital Library
Index Terms
- Generic Attacks on Secure Outsourced Databases
Recommendations
Generic certificateless encryption secure against malicious-hut-passive KGC attacks in the standard model
Despite the large number of certificateless encryption schemes proposed recently, many of them have been found insecure under a practical attack, called malicious-but-passive KGC (Key Generation Center) attack. In this work we propose the first generic ...
Fully Secure ABE with Outsourced Decryption against Chosen Ciphertext Attack
Information Security and CryptologyAbstractAttribute-based encryption (ABE) provides fine-grained access control on encrypted data, but it is not suitable for limited-resource devices due to the inefficiency of decryption. To solve this problem, Green et al. proposed a new paradigm named ...
Constructions of certificate-based signature secure against key replacement attacks
The 2007 European PKI Workshop: Theory and Practice (EuroPKI'07)In Eurocrypt 2003, Gentry introduced the notion of certificate-based encryption. The merit of certificate-based encryption lies in the following features: (1) providing more efficient public-key infrastructure (PKI) that requires less infrastructure, (2)...
Comments