Passive Query-Recovery Attack Against Secure Conjunctive Keyword Search Schemes

Marco Dijkslag*, Marc Damie, Florian Hahn, Andreas Peter

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

While storing documents on the cloud can be attractive, the question remains whether cloud providers can be trusted with storing private documents. Even if trusted, data breaches are ubiquitous. To prevent information leakage one can store documents encrypted. If encrypted under traditional schemes, one loses the ability to perform simple operations over the documents, such as searching through them. Searchable encryption schemes were proposed allowing some search functionality while documents remain encrypted. Orthogonally, research is done to find attacks that exploit search and access pattern leakage that most efficient schemes have. One type of such an attack is the ability to recover plaintext queries. Passive query-recovery attacks on single-keyword search schemes have been proposed in literature, however, conjunctive keyword search has not been considered, although keyword searches with two or three keywords appear more frequently in online searches.

We introduce a generic extension strategy for existing passive query-recovery attacks against single-keyword search schemes and explore its applicability for the attack presented by Damie et al. (USENIX Security ’21). While the original attack achieves up to a recovery rate of 85%
against single-keyword search schemes for an attacker without exact background knowledge, our experiments show that the generic extension to conjunctive queries comes with a significant performance decrease achieving recovery rates of at most 32%. Assuming a stronger attacker with partial knowledge of the indexed document set boosts the recovery rate to 85% for conjunctive keyword queries with two keywords and achieves similar recovery rates as previous attacks by Cash et al. (CCS ’15) and Islam et al. (NDSS ’12) in the same setting for single-keyword search schemes.
Original languageEnglish
Title of host publicationConference Proeedings Applied Cryptography and Network Security
EditorsGiuseppe Ateniese, Daniele Venturi
PublisherSpringer
Pages126-146
Number of pages21
ISBN (Electronic)978-3-031-09234-3
ISBN (Print)9783031092336
DOIs
Publication statusPublished - 2022

Keywords

  • 22/3 OA procedure

Fingerprint

Dive into the research topics of 'Passive Query-Recovery Attack Against Secure Conjunctive Keyword Search Schemes'. Together they form a unique fingerprint.

Cite this