Generic Attacks on Secure Outsourced Databases

Authors:
Georgios Kellaris

Boston University and Harvard University, Boston, USA

Boston University and Harvard University, Boston, USA
View Profile

,
George Kollios

Boston University, Boston, USA

Boston University, Boston, USA
View Profile

,
Kobbi Nissim

Ben-Gurion University and Harvard University, Beersheba, Israel

Ben-Gurion University and Harvard University, Beersheba, Israel
View Profile

,
Adam O'Neill

Georgetown University, Washington, USA

Georgetown University, Washington, USA
View Profile

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityOctober 2016Pages 1329–1340https://doi.org/10.1145/2976749.2978386

Published:24 October 2016Publication History

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 1329–1340

ABSTRACT

Recently, various protocols have been proposed for securely outsourcing database storage to a third party server, ranging from systems with "full-fledged" security based on strong cryptographic primitives such as fully homomorphic encryption or oblivious RAM, to more practical implementations based on searchable symmetric encryption or even on deterministic and order-preserving encryption. On the flip side, various attacks have emerged that show that for some of these protocols confidentiality of the data can be compromised, usually given certain auxiliary information. We take a step back and identify a need for a formal understanding of the inherent efficiency/privacy trade-off in outsourced database systems, independent of the details of the system. We propose abstract models that capture secure outsourced storage systems in sufficient generality, and identify two basic sources of leakage, namely access pattern and ommunication volume. We use our models to distinguish certain classes of outsourced database systems that have been proposed, and deduce that all of them exhibit at least one of these leakage sources.

We then develop generic reconstruction attacks on any system supporting range queries where either access pattern or communication volume is leaked. These attacks are in a rather weak passive adversarial model, where the untrusted server knows only the underlying query distribution. In particular, to perform our attack the server need not have any prior knowledge about the data, and need not know any of the issued queries nor their results. Yet, the server can reconstruct the secret attribute of every record in the database after about $N^4$ queries, where N is the domain size. We provide a matching lower bound showing that our attacks are essentially optimal. Our reconstruction attacks using communication volume apply even to systems based on homomorphic encryption or oblivious RAM in the natural way.

Finally, we provide experimental results demonstrating the efficacy of our attacks on real datasets with a variety of different features. On all these datasets, after the required number of queries our attacks successfully recovered the secret attributes of every record in at most a few seconds.

References

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In SIGMOD, 2004. Google ScholarDigital Library
A. Arasu, S. Blanas, K. Eguro, R. Kaushik, D. Kossmann, R. Ramamurthy, and R. Venkatesan. Orthogonal security with cipherbase. In CIDR, 2013.Google Scholar
A. Arasu, K. Eguro, R. Kaushik, and R. Ramamurthy. Querying encrypted data (tutorial). In ICDE, 2013.Google ScholarDigital Library
S. Bajaj and R. Sion. Trusteddb: A trusted hardware-based database with privacy and data confidentiality. TKDE, 26(3):752--765, 2014. Google ScholarDigital Library
M. Bellare, A. Boldyreva, and A. O'Neill. Deterministic and efficiently searchable encryption. In CRYPTO, 2007. Google ScholarDigital Library
E. R. Berlekamp. Factoring polynomials over finite fields. Bell System Technical Journal, 46(8):1853--1859, 1967.Google ScholarCross Ref
A. Boldyreva, N. Chenette, Y. Lee, and A. O'Neill. Order-preserving symmetric encryption. In EUROCRYPT, 2009.Google ScholarDigital Library
A. Boldyreva, N. Chenette, and A. O'Neill. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In CRYPTO, 2011. Google ScholarDigital Library
D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano. Public key encryption with keyword search. In EUROCRYPT, 2004.Google ScholarCross Ref
D. Boneh, E.-J. Goh, and K. Nissim. Evaluating 2-dnf formulas on ciphertexts. In TCC, 2005. Google ScholarDigital Library
D. Cash, P. Grubbs, J. Perry, and T. Ristenpart. Leakage-abuse attacks against searchable encryption. In CCS, 2015. Google ScholarDigital Library
D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Roşu, and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In CRYPTO. 2013.Google ScholarCross Ref
Y.-C. Chang and M. Mitzenmacher. Privacy preserving keyword searches on remote encrypted data. In ACNS, 2005. Google ScholarDigital Library
M. Chase and S. Kamara. Structured encryption and controlled disclosure. In ASIACRYPT, 2010.Google ScholarCross Ref
R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. In CCS, 2006. Google ScholarDigital Library
J. L. Dautrich Jr and C. V. Ravishankar. Compromising privacy in precise query protocols. In EDBT, 2013. Google ScholarDigital Library
I. Demertzis, S. Papadopoulos, O. Papapetrou, A. Deligiannakis, and M. Garofalakis. Practical private range search revisited. In SIGMOD, 2016. Google ScholarDigital Library
I. Dinur and K. Nissim. Revealing information while preserving privacy. In PODS, 2003. Google ScholarDigital Library
B. A. Fisch, B. Vo, F. Krell, A. Kumarasubramanian, V. Kolesnikov, T. Malkin, and S. M. Bellovin. Malicious-client security in blind seer: a scalable private dbms. In S&P, pages 395--410, 2015. Google ScholarDigital Library
C. Gentry. Computing arbitrary functions of encrypted data. CACM, 53(3):97--105, 2010. Google ScholarDigital Library
C. Gentry et al. Fully homomorphic encryption using ideal lattices. In STOC, 2009. Google ScholarDigital Library
E.-J. Goh et al. Secure indexes. IACR Cryptology ePrint Archive, 2003:216, 2003.Google Scholar
O. Goldreich. Towards a theory of software protection and simulation by oblivious rams. In STOC, 1987. Google ScholarDigital Library
O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In STOC, 1987. Google ScholarDigital Library
O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious rams. JACM, 43(3):431--473, 1996. Google ScholarDigital Library
H. Hacigümüş, B. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In SIGMOD, 2002. Google ScholarDigital Library
H. Hacigümüş, B. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In SIGMOD, 2002. Google ScholarDigital Library
B. Hore, S. Mehrotra, M. Canim, and M. Kantarcioglu. Secure multidimensional range queries over outsourced data. VLDBJ, 21(3):333--358, 2012. Google ScholarDigital Library
B. Hore, S. Mehrotra, and G. Tsudik. A privacy-preserving index for range queries. In VLDB, 2004. Google ScholarDigital Library
M. S. Islam, M. Kuzu, and M. Kantarcioglu. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In NDSS, 2012.Google Scholar
M. S. Islam, M. Kuzu, and M. Kantarcioglu. Inference attack against encrypted range queries on outsourced databases. In CODASPY, 2014. Google ScholarDigital Library
S. Kamara. How to search on encrypted data, 2015. https://cs.brown.edu/ seny/slides/encryptedsearch-full.pdf.Google Scholar
S. Kamara and T. Moataz. Sql on structurally-encrypted databases. Cryptology ePrint Archive, Report 2016/453, 2016. http://eprint.iacr.org/.Google Scholar
A. K. Lenstra, H. W. Lenstra, and L. Lovász. Factoring polynomials with rational coefficients. Mathematische Annalen, 261(4):515--534, 1982.Google ScholarCross Ref
J. Li and E. R. Omiecinski. Efficiency and security trade-off in supporting range queries on encrypted databases. pages 69--83, 2005. Google ScholarDigital Library
C. Liu, L. Zhu, M. Wang, and Y.-a. Tan. Search pattern leakage in searchable encryption: Attacks and new construction. Information Sciences, 265:176--188, 2014. Google ScholarDigital Library
M. Naveed. The fallacy of composition of oblivious ram and searchable encryption. Cryptology ePrint Archive, Report 2015/668, 2015.Google Scholar
M. Naveed, S. Kamara, and C. V. Wright. Inference attacks on property-preserving encrypted databases. In CCS, 2015. Google ScholarDigital Library
O. Pandey and Y. Rouselakis. Property preserving symmetric encryption. In EUROCRYPT, 2012. Google ScholarDigital Library
V. Pappas, F. Krell, B. Vo, V. Kolesnikov, T. Malkin, S. G. Choi, W. George, A. Keromytis, and S. Bellovin. Blind seer: A scalable private dbms. In S&P, 2014. Google ScholarDigital Library
R. A. Popa, F. H. Li, and N. Zeldovich. An ideal-security protocol for order-preserving encoding. In SP, pages 463--477, 2013. Google ScholarDigital Library
R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. Cryptdb: Protecting confidentiality with encrypted query processing. In SOSP, 2011. Google ScholarDigital Library
E. Shen, E. Shi, and B. Waters. Predicate privacy in encryption systems. In TCC, 2009. Google ScholarDigital Library
E. Shi, J. Bethencourt, T.-H. Chan, D. Song, and A. Perrig. Multi-dimensional range query over encrypted data. In SP, 2007. Google ScholarDigital Library
D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In SP, 2000. Google ScholarDigital Library
V. Vaikuntanathan. Computing blindfolded: New developments in fully homomorphic encryption. In FOCS, 2011. Google ScholarDigital Library
A. C. Yao. Protocols for secure computations. In SFCS, 1982. Google ScholarDigital Library

Index Terms

Generic Attacks on Secure Outsourced Databases
1. Security and privacy
  1. Database and storage security
    1. Management and querying of encrypted data

Recommendations

Generic certificateless encryption secure against malicious-hut-passive KGC attacks in the standard model

Despite the large number of certificateless encryption schemes proposed recently, many of them have been found insecure under a practical attack, called malicious-but-passive KGC (Key Generation Center) attack. In this work we propose the first generic ...
Read More
Fully Secure ABE with Outsourced Decryption against Chosen Ciphertext Attack
Information Security and Cryptology
Abstract
Attribute-based encryption (ABE) provides fine-grained access control on encrypted data, but it is not suitable for limited-resource devices due to the inefficiency of decryption. To solve this problem, Green et al. proposed a new paradigm named ...
Read More
Constructions of certificate-based signature secure against key replacement attacks
The 2007 European PKI Workshop: Theory and Practice (EuroPKI'07)

In Eurocrypt 2003, Gentry introduced the notion of certificate-based encryption. The merit of certificate-based encryption lies in the following features: (1) providing more efficient public-key infrastructure (PKI) that requires less infrastructure, (2)...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
October 2016
1924 pages
ISBN:9781450341394
DOI:10.1145/2976749
General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 October 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
generic attacks
secure outsourced databases
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '16 Paper Acceptance Rate137of831submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 168
  Total Citations
  View Citations
- 2,083
  Total Downloads
- Downloads (Last 12 months)250
- Downloads (Last 6 weeks)31
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Generic Attacks on Secure Outsourced Databases

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Generic certificateless encryption secure against malicious-hut-passive KGC attacks in the standard model

Fully Secure ABE with Outsourced Decryption against Chosen Ciphertext Attack

Constructions of certificate-based signature secure against key replacement attacks