Advanced

Practical Attacks on Relational Databases Protected via Searchable Encryption

Abdelraheem, Mohamed Ahmed; Andersson, Tobias; Gehrmann, Christian LU and Glackin, Cornelius (2018) 21st Information Security Conference, ISC 2018 In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11060 LNCS. p.171-191
Abstract

Searchable symmetric encryption (SSE) schemes are commonly proposed to enable search in a protected unstructured documents such as email archives or any set of sensitive text files. However, some SSE schemes have been recently proposed in order to protect relational databases. Most of the previous attacks on SSE schemes have only targeted its common use case, protecting unstructured data. In this work, we propose a new inference attack on relational databases protected via SSE schemes. Our inference attack enables a passive adversary with only basic knowledge about the meta-data information of the target relational database to recover the attribute names of some observed queries. This violates query privacy since the attribute name of a... (More)

Searchable symmetric encryption (SSE) schemes are commonly proposed to enable search in a protected unstructured documents such as email archives or any set of sensitive text files. However, some SSE schemes have been recently proposed in order to protect relational databases. Most of the previous attacks on SSE schemes have only targeted its common use case, protecting unstructured data. In this work, we propose a new inference attack on relational databases protected via SSE schemes. Our inference attack enables a passive adversary with only basic knowledge about the meta-data information of the target relational database to recover the attribute names of some observed queries. This violates query privacy since the attribute name of a query is secret.

(Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
host publication
Information Security - 21st International Conference, ISC 2018, Proceedings
series title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
editor
Chen, Liqun; Manulis, Mark; Schneider, Steve; ; and
volume
11060 LNCS
pages
21 pages
publisher
Springer Verlag
conference name
21st Information Security Conference, ISC 2018
conference location
Guildford, United Kingdom
conference dates
2018-09-09 - 2018-09-12
external identifiers
  • scopus:85053994380
ISSN
1611-3349
0302-9743
ISBN
9783319991351
DOI
10.1007/978-3-319-99136-8_10
language
English
LU publication?
yes
id
4caa6e7a-10ab-4421-906e-12c454a4dee2
date added to LUP
2018-10-22 14:19:08
date last changed
2019-01-06 14:11:35
@inproceedings{4caa6e7a-10ab-4421-906e-12c454a4dee2,
  abstract     = {<p>Searchable symmetric encryption (SSE) schemes are commonly proposed to enable search in a protected unstructured documents such as email archives or any set of sensitive text files. However, some SSE schemes have been recently proposed in order to protect relational databases. Most of the previous attacks on SSE schemes have only targeted its common use case, protecting unstructured data. In this work, we propose a new inference attack on relational databases protected via SSE schemes. Our inference attack enables a passive adversary with only basic knowledge about the meta-data information of the target relational database to recover the attribute names of some observed queries. This violates query privacy since the attribute name of a query is secret.</p>},
  author       = {Abdelraheem, Mohamed Ahmed and Andersson, Tobias and Gehrmann, Christian and Glackin, Cornelius},
  booktitle    = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
  editor       = {Chen, Liqun and Manulis, Mark and Schneider, Steve},
  isbn         = {9783319991351},
  issn         = {1611-3349},
  language     = {eng},
  location     = {Guildford, United Kingdom},
  pages        = {171--191},
  publisher    = {Springer Verlag},
  title        = {Practical Attacks on Relational Databases Protected via Searchable Encryption},
  url          = {http://dx.doi.org/10.1007/978-3-319-99136-8_10},
  volume       = {11060 LNCS},
  year         = {2018},
}