Presentation is loading. Please wait.

Presentation is loading. Please wait.

All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou University.

Published byHoratio Sherman Modified over 8 years ago

Similar presentations

Presentation on theme: "All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou University."— Presentation transcript:

1 All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou University of Maryland

2 What is Searchable Encryption? clientserver search query: keyword

3 An Example of Searchable Encryption k1k1 k2k2 k3k3 F1F1 F4F4 F2F2 F1F1 F2F2 F3F3 F4F4 F5F5 F6F6 F3F3 F6F6 F4F4 F2F2 F5F5 F1F1

4 k1k1 k2k2 k3k3 F1F1 F4F4 F2F2 F1F1 F2F2 F3F3 F4F4 F5F5 F6F6 F3F3 F6F6 F4F4 F2F2 F5F5 F1F1 k1k1 token

5 An Example of Searchable Encryption k1k1 k2k2 k3k3 F1F1 F4F4 F2F2 F1F1 F2F2 F3F3 F4F4 F5F5 F6F6 F3F3 F6F6 F4F4 F2F2 F5F5 F1F1 F7F7 F7F7

6 Leakage of Searchable Encryption k1k1 k2k2 k3k3 F1F1 F4F4 F2F2 F1F1 F2F2 F3F3 F4F4 F5F5 F6F6 F3F3 F6F6 F4F4 F2F2 F5F5 F1F1 k1k1 deterministic! file access patterns! F7F7 F7F7 search k 1 on new files!

7 Leakage of Searchable Encryption Search pattern leakage. Access pattern leakage. Leaked by all efficient searchable encryption schemes. No Forward Privacy. All SE schemes except [CM05, SPS14] do not have forward privacy.

8 Goal of Our Work What semantic information does this leakage actually reveal? We explore a new class of attacks that is devastating for query privacy.

9 Attacks on Searchable Encryption Islam et al. (IKK12) proposed a query recovery attack. Cash et al. (CGPR15) proposed another attack with higher success probability. The server knows all or most of the client’s files in plaintext.

10 Attack Model: File-injection Attack First proposed in CGPR15, but not used for query recovery attacks. clientserver search query: F1F1 F2F2 F3F3 k F4F4 F5F5 F6F6 F3F3 F5F5

11 Binary Search Attack k0k0 k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 k7k7 File 1: k0k0 k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 k7k7 File 2: k0k0 k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 k7k7 File 3: search result 0 1 0 Only inject 14 files for a universe of 10,000 keywords. Inject before seeing the queries (non-adaptive). Can recover all queries with probability 1.

12 Threshold Countermeasure Limitation of the attack: long injected files (|K|/2 keywords each). Countermeasure: filter all files that contains more than T keywords. Enron data set: 30,109 files, universe of 5,000 keywords Only 3% of files have more than T=200 keywords. Enron email dataset. https://www.cs.cmu.edu/~./enron/. Accessed: 2015-12-14.https://www.cs.cmu.edu/~./enron/

13 Modifying the Attack |K|/2T files of T keywords each to replace 1 file with |K|/2 keywords. Inject 131 files for |K|=5,000 and T=200. k0k0 k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 k7k7 File 1: File 1File 2

14 Attacks with Partial File Leakage The server learns a portion of client’s files in plaintext. (Announcement and alert emails broadcasted to many people)

15 Attacks with Partial File Leakage Adaptive, applies to SE schemes with no forward privacy. The server does not always succeed, but can determine whether attacks fails. k1k1 k2k2 k3k3 keywords estimated frequency f*(k 1 ) f*(k 2 ) f*(k 3 ) t f(t) k4k4 k5k5 f*(k 4 ) f*(k 5 ) token exact frequency candidate universe: f*(k)≈f(t) binary search attack

16 Attacks with Partial File Leakage Refer to our paper for an attack to recover multiple tokens

17 Experimental Methodology Enron data set with 30,109 emails. Stem words in the emails (remove -able, -ing etc.). Remove stop words (“to”, “you” etc.). Extract keywords (in total 77,000). Choose top 5,000 with highest frequency as the universe.

18 Experimental Results: Recover 1 Query U = 5,000, T = 200, number of injected files = 9

19 Experimental Results: Recover 100 Queries U = 5,000, T = 200, number of injected files <= 40

20 Extensions to Conjunctive SE Search files with keywords k 1, k 2, … k d. Ideal leakage: only leak the intersection of their search results. (No existing scheme achieves ideal leakage.)

21 Extensions to Conjunctive SE

22

23 Two other attacks, refer to our paper for more details.

24 Discussions on Potential Countermeasures Semantic filter. Search result padding. File ID shuffling and file length padding. Batched updates. Does not work! Partially works for static SE. Partially works.

25 Conclusions File-injection attacks are devastating for query privacy in SE Is it a satisfactory tradeoff between efficiency and leakage for existing SE? Future research:  Reduce or eliminate access pattern leakage  Exploring new directions such as interactive protocol or multi-server Forward Privacy

Download ppt "All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou University."

Similar presentations

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.

Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Oblivious Branching Program Evaluation

Oblivious Branching Program Evaluation
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Improved TF-IDF Ranker

Improved TF-IDF Ranker
TI: An Efficient Indexing Mechanism for Real-Time Search on Tweets Chun Chen 1, Feng Li 2, Beng Chin Ooi 2, and Sai Wu 2 1 Zhejiang University, 2 National.

TI: An Efficient Indexing Mechanism for Real-Time Search on Tweets Chun Chen 1, Feng Li 2, Beng Chin Ooi 2, and Sai Wu 2 1 Zhejiang University, 2 National.
Pete Bohman Adam Kunk.  Introduction  Related Work  System Overview  Indexing Scheme  Ranking  Evaluation  Conclusion.

Pete Bohman Adam Kunk.  Introduction  Related Work  System Overview  Indexing Scheme  Ranking  Evaluation  Conclusion.
CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.
Simple and Secure Approach to Discovery at the Desktop.

Simple and Secure Approach to Discovery at the Desktop.
Introduction to Practical Cryptography Lecture 9 Searchable Encryption.

Introduction to Practical Cryptography Lecture 9 Searchable Encryption.
1 Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky Johns Hopkins.

1 Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky Johns Hopkins.
INTRODUCTION PROBLEM FORMULATION FRAMEWORK AND PRIVACY REQUIREMENTS FOR MRSE PRIVACY-PRESERVING AND EFFICIENT MRSE PERFORMANCE ANALYSIS RELATED WORK CONCLUSION.

INTRODUCTION PROBLEM FORMULATION FRAMEWORK AND PRIVACY REQUIREMENTS FOR MRSE PRIVACY-PRESERVING AND EFFICIENT MRSE PERFORMANCE ANALYSIS RELATED WORK CONCLUSION.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
ANLE1 CC 437: Advanced Natural Language Engineering ASSIGNMENT 2: Implementing a query expansion component for a Web Search Engine.

ANLE1 CC 437: Advanced Natural Language Engineering ASSIGNMENT 2: Implementing a query expansion component for a Web Search Engine.
1 Conjunctive Keyword Search on Encrypted Data with Completeness and Computational Privacy Author : Radu Sion Bogdan Carbunar Presentered by Chia Jui Hsu.

1 Conjunctive Keyword Search on Encrypted Data with Completeness and Computational Privacy Author : Radu Sion Bogdan Carbunar Presentered by Chia Jui Hsu.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Turning Privacy Leaks into Floods: Surreptitious Discovery of Social Network Friendships Michael T. Goodrich Univ. of California, Irvine joint w/ Arthur.

Turning Privacy Leaks into Floods: Surreptitious Discovery of Social Network Friendships Michael T. Goodrich Univ. of California, Irvine joint w/ Arthur.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

Similar presentations

Ads by Google