Practical Attacks on Relational Databases Protected via Searchable Encryption

Abdelraheem, Mohamed Ahmed; Andersson, Tobias; Gehrmann, Christian; Glackin, Cornelius

Practical Attacks on Relational Databases Protected via Searchable Encryption

Mark

Abdelraheem, Mohamed Ahmed ; Andersson, Tobias ; Gehrmann, Christian ^LU and Glackin, Cornelius (2018) 21st Information Security Conference, ISC 2018 In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11060 LNCS. p.171-191

Abstract: Searchable symmetric encryption (SSE) schemes are commonly proposed to enable search in a protected unstructured documents such as email archives or any set of sensitive text files. However, some SSE schemes have been recently proposed in order to protect relational databases. Most of the previous attacks on SSE schemes have only targeted its common use case, protecting unstructured data. In this work, we propose a new inference attack on relational databases protected via SSE schemes. Our inference attack enables a passive adversary with only basic knowledge about the meta-data information of the target relational database to recover the attribute names of some observed queries. This violates query privacy since the attribute name of a... (More); Searchable symmetric encryption (SSE) schemes are commonly proposed to enable search in a protected unstructured documents such as email archives or any set of sensitive text files. However, some SSE schemes have been recently proposed in order to protect relational databases. Most of the previous attacks on SSE schemes have only targeted its common use case, protecting unstructured data. In this work, we propose a new inference attack on relational databases protected via SSE schemes. Our inference attack enables a passive adversary with only basic knowledge about the meta-data information of the target relational database to recover the attribute names of some observed queries. This violates query privacy since the attribute name of a query is secret.
(Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/4caa6e7a-10ab-4421-906e-12c454a4dee2

author

Abdelraheem, Mohamed Ahmed ; Andersson, Tobias ; Gehrmann, Christian ^LU and Glackin, Cornelius

organization

publishing date

2018

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Information Systems

host publication

Information Security - 21st International Conference, ISC 2018, Proceedings

series title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

editor

Chen, Liqun ; Manulis, Mark and Schneider, Steve

volume

11060 LNCS

pages

21 pages

publisher

Springer

conference name

21st Information Security Conference, ISC 2018

conference location

Guildford, United Kingdom

conference dates

2018-09-09 - 2018-09-12

external identifiers

scopus:85053994380

ISSN

0302-9743

1611-3349

ISBN

9783319991351

DOI

10.1007/978-3-319-99136-8_10

project

Cyber Security for Next Generation Factory (SEC4FACTORY)

Cloudification of Production Engineering for Predictive Digital Manufacturing

language

English

LU publication?

yes

id

4caa6e7a-10ab-4421-906e-12c454a4dee2

date added to LUP

2018-10-22 14:19:08

date last changed

2024-09-03 04:28:12

@inproceedings{4caa6e7a-10ab-4421-906e-12c454a4dee2,
  abstract     = {{<p>Searchable symmetric encryption (SSE) schemes are commonly proposed to enable search in a protected unstructured documents such as email archives or any set of sensitive text files. However, some SSE schemes have been recently proposed in order to protect relational databases. Most of the previous attacks on SSE schemes have only targeted its common use case, protecting unstructured data. In this work, we propose a new inference attack on relational databases protected via SSE schemes. Our inference attack enables a passive adversary with only basic knowledge about the meta-data information of the target relational database to recover the attribute names of some observed queries. This violates query privacy since the attribute name of a query is secret.</p>}},
  author       = {{Abdelraheem, Mohamed Ahmed and Andersson, Tobias and Gehrmann, Christian and Glackin, Cornelius}},
  booktitle    = {{Information Security - 21st International Conference, ISC 2018, Proceedings}},
  editor       = {{Chen, Liqun and Manulis, Mark and Schneider, Steve}},
  isbn         = {{9783319991351}},
  issn         = {{0302-9743}},
  language     = {{eng}},
  pages        = {{171--191}},
  publisher    = {{Springer}},
  series       = {{Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}},
  title        = {{Practical Attacks on Relational Databases Protected via Searchable Encryption}},
  url          = {{http://dx.doi.org/10.1007/978-3-319-99136-8_10}},
  doi          = {{10.1007/978-3-319-99136-8_10}},
  volume       = {{11060 LNCS}},
  year         = {{2018}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

Practical Attacks on Relational Databases Protected via Searchable Encryption