Searchable symmetric encryption enables private queries over an encrypted database, but it also yields information leakages. Adversaries can exploit these leakages to launch injection attacks (Zhang et al., USENIX'16) to recover the underlying keywords from queries. The performance of the existing injection attacks is strongly dependent on the amount of leaked information or injection. In this work, we propose two new injection attacks, namely BVA and BVMA, by leveraging a binary volumetric approach. We enable adversaries to inject fewer files than the existing volumetric attacks by using the known keywords and reveal the queries by observing the volume of the query results. Our attacks can thwart well-studied defenses (e.g., threshold countermeasure, static padding) without exploiting the distribution of target queries and client databases. We evaluate the proposed attacks empirically in real-world datasets with practical queries. The results show that our attacks can obtain a high recovery rate (>80%) in the best case and a roughly 60% recovery even under a large-scale dataset with a small number of injections (<20 files).
翻译:加密的可搜索对称加密使私人查询得以在加密数据库中进行, 但也会产生信息泄漏。 逆差可以利用这些渗漏来发动注射攻击( Zhang 等人, USENIX'16), 从询问中收回基本关键词 。 现有的注射攻击的性能在很大程度上取决于泄漏信息或注入的数量 。 在这项工作中, 我们提出两次新的注射攻击, 即 BVA 和 BVMA, 利用二进制的体积法。 我们使用已知的关键词, 使对手能够输入比现有数量攻击少的文件, 并通过观察查询结果的量来披露查询。 我们的攻击可以在不利用目标查询和客户数据库的分布的情况下, 挫败经过认真研究的辩护( 例如, 门槛反制、 静态粘贴) 。 我们用实际的查询方法, 在现实世界的数据集中, 实证地评估拟议的攻击 。 结果显示, 我们的攻击在最佳情况下可以获得高恢复率( > 80%) 和大约60%的恢复率, 即使是在少量注射( < 20 文件) ) 。