Graduate School and Research Center in Digital Sciences

A leakage-abuse attack against multi-user searchable encryption

Van Rompay, Cédric; Molva, Refik; Önen, Melek

PETS 2017, 17th Privacy Enhancing Technologies Symposium July 18-21, 2017, Minneapolis, USA / Also published as ePrint Archive: Report 2017/400

Searchable Encryption (SE) allows a user to upload data to the cloud and to search it in a remote fashion while preserving the privacy of both the data and the queries. Recent research results describe attacks on SE schemes using the access pattern, denoting the ids of documents matching search queries, which most SE schemes reveal during query processing. However SE schemes usually leak more than just the access pattern, and this extra leakage can lead to attacks (much) more harmful than the ones using basic access pattern leakage only. We remark that in the special case of Multi-User Searchable Encryption (MUSE), where many users upload and search data in a cloud-based infrastructure, a large number of existing solutions have a common leakage in addition to the well-studied access pattern leakage. We show that this seemingly small extra leakage allows a very simple yet powerful attack, and that the privacy degree of the affected schemes have been overestimated. We also show that this new vulnerability affects existing software. Finally we formalize the newly identified leakage profile and show how it relates to previously defined ones.

Document Hal Bibtex

Title:A leakage-abuse attack against multi-user searchable encryption
Keywords:multi-user searchable encryption, leakage profile, attack
Department:Digital Security
Eurecom ref:5149
Bibtex: @inproceedings{EURECOM+5149, year = {2017}, title = {{A} leakage-abuse attack against multi-user searchable encryption}, author = {{V}an {R}ompay, {C}{\'e}dric and {M}olva, {R}efik and {\"{O}}nen, {M}elek}, booktitle = {{PETS} 2017, 17th {P}rivacy {E}nhancing {T}echnologies {S}ymposium {J}uly 18-21, 2017, {M}inneapolis, {USA} / {A}lso published as e{P}rint {A}rchive: {R}eport 2017/400}, address = {{M}inneapolis, {UNITED} {STATES}}, month = {07}, url = {} }
See also: