IHOP: Improved Statistical Query Recovery against Searchable Symmetric Encryption through Quadratic Optimization

10/08/2021 ∙ by Simon Oya, et al. ∙ 0

Searchable Symmetric Encryption (SSE) schemes allow a client to perform secure searches over encrypted databases on a remote server. These schemes leak certain information that an honest-but-curious service provider can use to recover the keywords of the client's queries. Effective query recovery attacks typically rely on auxiliary ground-truth information about the queries or dataset. Query recovery is also possible under the weaker statistical auxiliary information assumption, although statistical-based attacks achieve lower accuracy and are not considered a serious threat. In this work we present IHOP, a statistical-based query recovery attack that formulates query recovery as a quadratic optimization problem and reaches a solution by iterating over linear assignment problems. We show that IHOP outperforms all other statistical-based query recovery attacks on SSE schemes with typical access and search pattern leakage, reaching query recovery accuracies around 80 against access-pattern obfuscation defenses and show that it still achieves reasonable recovery rates, outperforming existing attacks in this scenario. Finally, we use IHOP in a frequency-only leakage setting where the client's queries are correlated, and show that our attack can exploit query dependencies even when PANCAKE, a recent frequency-hiding defense by Grubbs et al., is applied. Our findings indicate that statistical query recovery attacks pose a severe threat to privacy-preserving SSE schemes.



There are no comments yet.


page 18

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.