Cryptology ePrint Archive: Report 2013/163

Search Pattern Leakage in Searchable Encryption: Attacks and New Construction

Chang Liu and Liehuang Zhu and Mingzhong Wang and Yu-an Tan

Abstract: Searching on remote encrypted data (commonly known as \textit{searchable encryption}) has become an important issue in secure data outsourcing, since it allows users to outsource encrypted data to an untrusted third party while maintains the capability of keyword search on the data.

Searchable encryption can be achieved using the classical method called oblivious RAM, but the resultant schemes are too inefficient to be applied in the real-world scenarios (e.g., cloud computing). Recently, a number of efficient searchable encryption schemes have been proposed under weaker security guarantees. Such schemes, however, still leak statistical information about the users' search pattern.

In this paper, we first present two concrete attack methods to show that the search pattern leakage will result in such a situation: an adversary who has some auxiliary knowledge can uncover the underlying keywords of user queries. To address this issue, we then develop a grouping-based construction (GBC) to transform an existing searchable encryption scheme to a new scheme hiding the search pattern. Finally, experiments based on the real-world dataset demonstrate the effectiveness of our attack methods and the feasibility of our construction.

Category / Keywords: search pattern, searchable encryption, cloud computing, fake query, grouping-based construction

Original Publication (in the same form): Information Sciences
DOI:
10.1016/j.ins.2013.11.021

Date: received 21 Mar 2013, last revised 4 Dec 2013

Contact author: changliu bit at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20131204:090022 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]