Paper 2017/046
Practical Passive Leakage-Abuse Attacks Against Symmetric Searchable Encryption
Matthieu Giraud and Alexandre Anzala-Yamajako and Olivier Bernard and Pascal Lafourcade
Abstract
The problem of securely outsourcing client data with search functionality has given rise to efficient solutions called Symmetric Searchable Encryption (SSE) schemes. These schemes are provably secure with respect to an explicit leakage profile; however, determining how much information can be inferred in practice from this leakage remains difficult. First, we refine and formalize the leakage hierarchy introduced by Cash et al. in 2015. Second, we further extend the analysis of existing attacks to better understand their real-world efficiency and the practicality of their hypothesis. Finally, we present the first complete practical attacks on L4, L3 and L2 leakage profiles. Our attacks are passive and only assume the very realistic knowledge of a small sample of plaintexts; moreover, we show their devastating effect on real-world datasets.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- symmetric searchable encryptionleakagepassive attacks
- Contact author(s)
- matthieu giraud @ uca fr
- History
- 2017-06-08: revised
- 2017-01-20: received
- See all versions
- Short URL
- https://ia.cr/2017/046
- License
-
CC BY