TY - JOUR
T1 - Toward Full Accounting for Leakage Exploitation and Mitigation in Dynamic Encrypted Databases
AU - Xu, Lei
AU - Zhou, Anxin
AU - Duan, Huayi
AU - Wang, Cong
AU - Wang, Qian
AU - Jia, Xiaohua
PY - 2024/7
Y1 - 2024/7
N2 - Encrypted databases have garnered considerable attention for their ability to safeguard sensitive data outsourced to third parties. However, recent studies have revealed the vulnerability of encrypted databases to leakage-abuse attacks on their search module, prompting the development of countermeasures to address this issue. While most studies have focused on static databases, limited research has been conducted on dynamic encrypted databases. To bridge this gap, this paper focuses on undertaking a comprehensive examination of leakage exploitation in dynamic encrypted databases, with the aim of providing effective mitigations. Our investigation begins with two attacks that can be employed to recover encrypted queries. The first attack, known as an active attack, involves injecting encoded files and utilizing correlated file volume information. The second attack, referred to as a passive attack, identifies unique relational characteristics of queries across database updates, assuming certain background knowledge of the plaintext databases. To mitigate these attacks, a two-layer encrypted database hardening approach is proposed, which obfuscates both search indexes and files in a continuous way. Doing so allows us to eliminate the unique characteristics emerging after data updates constantly. We conduct a series of experiments to confirm the severity of our attacks and the effectiveness of our countermeasures. © 2023 IEEE.
AB - Encrypted databases have garnered considerable attention for their ability to safeguard sensitive data outsourced to third parties. However, recent studies have revealed the vulnerability of encrypted databases to leakage-abuse attacks on their search module, prompting the development of countermeasures to address this issue. While most studies have focused on static databases, limited research has been conducted on dynamic encrypted databases. To bridge this gap, this paper focuses on undertaking a comprehensive examination of leakage exploitation in dynamic encrypted databases, with the aim of providing effective mitigations. Our investigation begins with two attacks that can be employed to recover encrypted queries. The first attack, known as an active attack, involves injecting encoded files and utilizing correlated file volume information. The second attack, referred to as a passive attack, identifies unique relational characteristics of queries across database updates, assuming certain background knowledge of the plaintext databases. To mitigate these attacks, a two-layer encrypted database hardening approach is proposed, which obfuscates both search indexes and files in a continuous way. Doing so allows us to eliminate the unique characteristics emerging after data updates constantly. We conduct a series of experiments to confirm the severity of our attacks and the effectiveness of our countermeasures. © 2023 IEEE.
KW - Costs
KW - Cryptographic databases
KW - Cryptography
KW - Databases
KW - Defenses
KW - Encrypted search
KW - Encryption
KW - Indexes
KW - Leakage abuse attack
KW - Protocols
KW - Urban areas
UR - http://www.scopus.com/inward/record.url?scp=85165288332&partnerID=8YFLogxK
UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85165288332&origin=recordpage
U2 - 10.1109/TDSC.2023.3296189
DO - 10.1109/TDSC.2023.3296189
M3 - RGC 21 - Publication in refereed journal
SN - 1545-5971
VL - 21
SP - 1918
EP - 1934
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 4
ER -