Paper 2017/024

Searchable Encrypted Relational Databases: Risks and Countermeasures

Mohamed Ahmed Abdelraheem, Tobias Andersson, and Christian Gehrmann

Abstract

We point out the risks of protecting relational databases via Searchable Symmetric Encryption (SSE) schemes by proposing an inference attack exploiting the structural properties of relational databases. We show that record-injection attacks mounted on relational databases have worse consequences than their file-injection counterparts on un- structured databases. Moreover, we discuss some techniques to reduce the effectiveness of inference attacks exploiting the access pattern leakage existing in SSE schemes. To the best of our knowledge, this is the first work that investigates the security of relational databases protected by SSE schemes.

Note: corrected some typos

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. Data Privacy Management 12th International Workshop (co-located with ESORICS 2017)
Keywords
searchable symmetric encryptionrelational databasesinference attacksinjection attacksprivacy constraintsvertical fragmentation
Contact author(s)
moh ahm abdelraheem @ gmail com
History
2018-05-01: last of 9 revisions
2017-01-13: received
See all versions
Short URL
https://ia.cr/2017/024
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/024,
      author = {Mohamed Ahmed Abdelraheem and Tobias Andersson and Christian Gehrmann},
      title = {Searchable Encrypted Relational Databases: Risks and Countermeasures},
      howpublished = {Cryptology ePrint Archive, Paper 2017/024},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/024}},
      url = {https://eprint.iacr.org/2017/024}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.