Experimental Review of the IKK Query Recovery Attack: Assumptions, Recovery Rate and Improvements

Ruben Groot Roessink; Andreas Peter; Florian Hahn

doi:10.1007/978-3-030-78375-4_7

Experimental Review of the IKK Query Recovery Attack: Assumptions, Recovery Rate and Improvements

Ruben Groot Roessink^*, Andreas Peter, Florian Hahn

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

2 Citations (Scopus)

167 Downloads (Pure)

Abstract

In light of more data than ever being stored using cloud services and the request by the public for secure, privacy-enhanced, and easy-to-use systems, Searchable Encryption schemes were introduced. These schemes enable privacy-enhanced search among encrypted documents yet disclose (encrypted) queries and responses. The first query recovery attack, the IKK attack, uses the disclosed information to (partly) recover what plaintext words the client searched for. This can also leak information on the plaintext contents of the encrypted documents. Under specific assumptions, the IKK attack has been shown to potentially cause serious harm to the security of Searchable Encryption schemes. We empirically review the IKK query recovery attack to improve the understanding of its feasibility and potential security damage. In order to do so, we vary the assumed query distribution, which is shown to have a severe (negative) impact on the accuracy of the attack, and the input parameters of the IKK attack to find a correlation between these parameters and the accuracy of the IKK attack. Furthermore, we show that the recovery rate of the attack can be increased up to 10% points, while decreasing the variance of the recovery rate up to 78% points by combining the results of multiple attack runs. We also show that the including deterministic components in the probabilistic IKK attack can increase the recovery rate up to 21% points and decrease its variance up to 57% points.

Original language	English
Title of host publication	Applied Cryptography and Network Security
Subtitle of host publication	19th International Conference, ACNS 2021, Kamakura, Japan, June 21–24, 2021, Proceedings
Editors	Kazue Sako, Nils Ole Tippenhauer
Place of Publication	Cham
Publisher	Springer
Pages	155-183
Number of pages	29
Volume	I
ISBN (Electronic)	978-3-030-78375-4
ISBN (Print)	978-3-030-78374-7
DOIs	https://doi.org/10.1007/978-3-030-78375-4_7
Publication status	Published - 2021
Event	19th International Conference on Applied Cryptography and Network Security, ACNS 2021 - Virtual, Online Duration: 21 Jun 2021 → 24 Jun 2021 Conference number: 19

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	12727
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th International Conference on Applied Cryptography and Network Security, ACNS 2021
Abbreviated title	ACNS 2021
City	Virtual, Online
Period	21/06/21 → 24/06/21

Keywords

2022 OA procedure
Query recovery
Searchable Encryption
IKK

Access to Document

10.1007/978-3-030-78375-4_7

GrootRoessink2021experimentalFinal published version, 762 KBLicence: Taverne

Cite this

Groot Roessink, R., Peter, A., & Hahn, F. (2021). Experimental Review of the IKK Query Recovery Attack: Assumptions, Recovery Rate and Improvements. In K. Sako, & N. O. Tippenhauer (Eds.), Applied Cryptography and Network Security: 19th International Conference, ACNS 2021, Kamakura, Japan, June 21–24, 2021, Proceedings (Vol. I, pp. 155-183). (Lecture Notes in Computer Science; Vol. 12727). Springer. https://doi.org/10.1007/978-3-030-78375-4_7

Groot Roessink, Ruben ; Peter, Andreas ; Hahn, Florian. / Experimental Review of the IKK Query Recovery Attack : Assumptions, Recovery Rate and Improvements. Applied Cryptography and Network Security: 19th International Conference, ACNS 2021, Kamakura, Japan, June 21–24, 2021, Proceedings. editor / Kazue Sako ; Nils Ole Tippenhauer. Vol. I Cham : Springer, 2021. pp. 155-183 (Lecture Notes in Computer Science).

@inproceedings{2e49e9c062384aacbfec0f9ab077715e,

title = "Experimental Review of the IKK Query Recovery Attack: Assumptions, Recovery Rate and Improvements",

abstract = "In light of more data than ever being stored using cloud services and the request by the public for secure, privacy-enhanced, and easy-to-use systems, Searchable Encryption schemes were introduced. These schemes enable privacy-enhanced search among encrypted documents yet disclose (encrypted) queries and responses. The first query recovery attack, the IKK attack, uses the disclosed information to (partly) recover what plaintext words the client searched for. This can also leak information on the plaintext contents of the encrypted documents. Under specific assumptions, the IKK attack has been shown to potentially cause serious harm to the security of Searchable Encryption schemes. We empirically review the IKK query recovery attack to improve the understanding of its feasibility and potential security damage. In order to do so, we vary the assumed query distribution, which is shown to have a severe (negative) impact on the accuracy of the attack, and the input parameters of the IKK attack to find a correlation between these parameters and the accuracy of the IKK attack. Furthermore, we show that the recovery rate of the attack can be increased up to 10% points, while decreasing the variance of the recovery rate up to 78% points by combining the results of multiple attack runs. We also show that the including deterministic components in the probabilistic IKK attack can increase the recovery rate up to 21% points and decrease its variance up to 57% points.",

keywords = "2022 OA procedure, Query recovery, Searchable Encryption, IKK",

author = "{Groot Roessink}, Ruben and Andreas Peter and Florian Hahn",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, ACNS 2021 ; Conference date: 21-06-2021 Through 24-06-2021",

year = "2021",

doi = "10.1007/978-3-030-78375-4_7",

language = "English",

isbn = "978-3-030-78374-7",

volume = "I",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "155--183",

editor = "Kazue Sako and Tippenhauer, {Nils Ole}",

booktitle = "Applied Cryptography and Network Security",

address = "Germany",

}

Groot Roessink, R, Peter, A & Hahn, F 2021, Experimental Review of the IKK Query Recovery Attack: Assumptions, Recovery Rate and Improvements. in K Sako & NO Tippenhauer (eds), Applied Cryptography and Network Security: 19th International Conference, ACNS 2021, Kamakura, Japan, June 21–24, 2021, Proceedings. vol. I, Lecture Notes in Computer Science, vol. 12727, Springer, Cham, pp. 155-183, 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, Virtual, Online, 21/06/21. https://doi.org/10.1007/978-3-030-78375-4_7

Experimental Review of the IKK Query Recovery Attack: Assumptions, Recovery Rate and Improvements. / Groot Roessink, Ruben; Peter, Andreas ; Hahn, Florian.
Applied Cryptography and Network Security: 19th International Conference, ACNS 2021, Kamakura, Japan, June 21–24, 2021, Proceedings. ed. / Kazue Sako; Nils Ole Tippenhauer. Vol. I Cham: Springer, 2021. p. 155-183 (Lecture Notes in Computer Science; Vol. 12727).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Experimental Review of the IKK Query Recovery Attack

T2 - 19th International Conference on Applied Cryptography and Network Security, ACNS 2021

AU - Groot Roessink, Ruben

AU - Peter, Andreas

AU - Hahn, Florian

N1 - Conference code: 19

PY - 2021

Y1 - 2021

N2 - In light of more data than ever being stored using cloud services and the request by the public for secure, privacy-enhanced, and easy-to-use systems, Searchable Encryption schemes were introduced. These schemes enable privacy-enhanced search among encrypted documents yet disclose (encrypted) queries and responses. The first query recovery attack, the IKK attack, uses the disclosed information to (partly) recover what plaintext words the client searched for. This can also leak information on the plaintext contents of the encrypted documents. Under specific assumptions, the IKK attack has been shown to potentially cause serious harm to the security of Searchable Encryption schemes. We empirically review the IKK query recovery attack to improve the understanding of its feasibility and potential security damage. In order to do so, we vary the assumed query distribution, which is shown to have a severe (negative) impact on the accuracy of the attack, and the input parameters of the IKK attack to find a correlation between these parameters and the accuracy of the IKK attack. Furthermore, we show that the recovery rate of the attack can be increased up to 10% points, while decreasing the variance of the recovery rate up to 78% points by combining the results of multiple attack runs. We also show that the including deterministic components in the probabilistic IKK attack can increase the recovery rate up to 21% points and decrease its variance up to 57% points.

AB - In light of more data than ever being stored using cloud services and the request by the public for secure, privacy-enhanced, and easy-to-use systems, Searchable Encryption schemes were introduced. These schemes enable privacy-enhanced search among encrypted documents yet disclose (encrypted) queries and responses. The first query recovery attack, the IKK attack, uses the disclosed information to (partly) recover what plaintext words the client searched for. This can also leak information on the plaintext contents of the encrypted documents. Under specific assumptions, the IKK attack has been shown to potentially cause serious harm to the security of Searchable Encryption schemes. We empirically review the IKK query recovery attack to improve the understanding of its feasibility and potential security damage. In order to do so, we vary the assumed query distribution, which is shown to have a severe (negative) impact on the accuracy of the attack, and the input parameters of the IKK attack to find a correlation between these parameters and the accuracy of the IKK attack. Furthermore, we show that the recovery rate of the attack can be increased up to 10% points, while decreasing the variance of the recovery rate up to 78% points by combining the results of multiple attack runs. We also show that the including deterministic components in the probabilistic IKK attack can increase the recovery rate up to 21% points and decrease its variance up to 57% points.

KW - 2022 OA procedure

KW - Query recovery

KW - Searchable Encryption

KW - IKK

UR - http://www.scopus.com/inward/record.url?scp=85111082177&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-78375-4_7

DO - 10.1007/978-3-030-78375-4_7

M3 - Conference contribution

AN - SCOPUS:85111082177

SN - 978-3-030-78374-7

VL - I

T3 - Lecture Notes in Computer Science

SP - 155

EP - 183

BT - Applied Cryptography and Network Security

A2 - Sako, Kazue

A2 - Tippenhauer, Nils Ole

PB - Springer

CY - Cham

Y2 - 21 June 2021 through 24 June 2021

ER -

Groot Roessink R, Peter A , Hahn F. Experimental Review of the IKK Query Recovery Attack: Assumptions, Recovery Rate and Improvements. In Sako K, Tippenhauer NO, editors, Applied Cryptography and Network Security: 19th International Conference, ACNS 2021, Kamakura, Japan, June 21–24, 2021, Proceedings. Vol. I. Cham: Springer. 2021. p. 155-183. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-78375-4_7

Experimental Review of the IKK Query Recovery Attack: Assumptions, Recovery Rate and Improvements

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this