Cryptology ePrint Archive: Report 2017/024

Inference and Record-Injection Attacks on Searchable Encrypted Relational Databases

Mohamed Ahmed Abdelraheem and Tobias Andersson and Christian Gehrmann

Abstract: We point out the risks of providing security to relational databases via searchable encryption schemes by mounting a novel inference attack exploiting the structure of relational databases together with the leakage of searchable encryption schemes. We discuss some techniques to reduce the effectiveness of inference attacks against searchable encryption schemes. Moreover, we show that record-injection attacks mounted on relational databases have worse consequences than their file-injection counterparts on unstructured databases which have been recently proposed at USENIX 2016.

Category / Keywords: searchable symmetric encryption, inference attacks, complexity theory, subset sum problem, independent set problem, relational databases, privacy constraints, vertical fragmentation

Date: received 10 Jan 2017, last revised 12 Mar 2017

Contact author: moh ahm abdelraheem at gmail com

Available format(s): PDF | BibTeX Citation

Note: Modified the introduction and corrected some mistakes in the description of attacks.

Version: 20170312:191827 (All versions of this report)

Short URL: ia.cr/2017/024

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]