Inject Less, Recover More: Unlocking the Potential of Document Recovery in Injection Attacks Against SSE

Manning Zhang; Zeshun Shi; Huanhuan Chen; Kaitai Liang

doi:10.1109/CSF61375.2024.00029

Inject Less, Recover More: Unlocking the Potential of Document Recovery in Injection Attacks Against SSE

Manning Zhang, Zeshun Shi^*, Huanhuan Chen^*, Kaitai Liang

^*Corresponding author for this work

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

Abstract

Searchable symmetric encryption has been vulnerable to inference attacks that rely on uniqueness in leakage patterns. However, many keywords in datasets lack distinctive leakage patterns, limiting the effectiveness of such attacks. The file injection attacks, initially proposed by Cash et al. (CCS 2015), have shown impressive performance with 100% accuracy and no prior knowledge requirement. Nevertheless, this attack fails to recover queries with underlying keywords not present in the injected files. To address these limitations, our research introduces a novel attack strategy called LEAP-Hierarchical Fusion Attack (LHFA) that combines the strengths of both file injection attacks and inference attacks. Before initiating keyword injection, we introduce a new approach for inert/active keyword selection. In the phase of selecting injected keywords, we focus on keywords without unique leakage patterns and recover them, leveraging their presence for document recovery. Our goal is to achieve an amplified effect in query recovery. We demonstrate a minimum query recovery rate of 1.3 queries per injected keyword with a 10% data leakage of a real-life dataset, and initiate further research to overcome challenges associated with non-distinctive keywords.

Original language	English
Title of host publication	Proceedings of the 2024 IEEE 37th Computer Security Foundations Symposium (CSF)
Editors	L. O’Conner
Place of Publication	Piscataway
Publisher	IEEE
Pages	311-323
Number of pages	13
ISBN (Electronic)	979-8-3503-6203-9
ISBN (Print)	979-8-3503-6204-6
DOIs	https://doi.org/10.1109/CSF61375.2024.00029
Publication status	Published - 2024
Event	37th IEEE Computer Security Foundations Symposium, CSF 2024 - Enschede, Netherlands Duration: 8 Jul 2024 → 12 Jul 2024

Publication series

Name	Proceedings - IEEE Computer Security Foundations Symposium
ISSN (Print)	1940-1434

Conference

Conference	37th IEEE Computer Security Foundations Symposium, CSF 2024
Country/Territory	Netherlands
City	Enschede
Period	8/07/24 → 12/07/24

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

Access pattern
File injection attack
Inference attack
Searchable symmetric encryption

Access to Document

10.1109/CSF61375.2024.00029

Cite this

Zhang, M., Shi, Z., Chen, H., & Liang, K. (2024). Inject Less, Recover More: Unlocking the Potential of Document Recovery in Injection Attacks Against SSE. In L. O’Conner (Ed.), Proceedings of the 2024 IEEE 37th Computer Security Foundations Symposium (CSF) (pp. 311-323). (Proceedings - IEEE Computer Security Foundations Symposium). IEEE. https://doi.org/10.1109/CSF61375.2024.00029

@inproceedings{8aa0d78f71ba4a1288aa0c3441d70a70,

title = "Inject Less, Recover More: Unlocking the Potential of Document Recovery in Injection Attacks Against SSE",

abstract = "Searchable symmetric encryption has been vulnerable to inference attacks that rely on uniqueness in leakage patterns. However, many keywords in datasets lack distinctive leakage patterns, limiting the effectiveness of such attacks. The file injection attacks, initially proposed by Cash et al. (CCS 2015), have shown impressive performance with 100% accuracy and no prior knowledge requirement. Nevertheless, this attack fails to recover queries with underlying keywords not present in the injected files. To address these limitations, our research introduces a novel attack strategy called LEAP-Hierarchical Fusion Attack (LHFA) that combines the strengths of both file injection attacks and inference attacks. Before initiating keyword injection, we introduce a new approach for inert/active keyword selection. In the phase of selecting injected keywords, we focus on keywords without unique leakage patterns and recover them, leveraging their presence for document recovery. Our goal is to achieve an amplified effect in query recovery. We demonstrate a minimum query recovery rate of 1.3 queries per injected keyword with a 10% data leakage of a real-life dataset, and initiate further research to overcome challenges associated with non-distinctive keywords.",

keywords = "Access pattern, File injection attack, Inference attack, Searchable symmetric encryption",

author = "Manning Zhang and Zeshun Shi and Huanhuan Chen and Kaitai Liang",

note = "Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.; 37th IEEE Computer Security Foundations Symposium, CSF 2024 ; Conference date: 08-07-2024 Through 12-07-2024",

year = "2024",

doi = "10.1109/CSF61375.2024.00029",

language = "English",

isbn = "979-8-3503-6204-6",

series = "Proceedings - IEEE Computer Security Foundations Symposium",

publisher = "IEEE",

pages = "311--323",

editor = "{O{\textquoteright}Conner }, L.",

booktitle = "Proceedings of the 2024 IEEE 37th Computer Security Foundations Symposium (CSF)",

address = "United States",

}

Zhang, M, Shi, Z , Chen, H & Liang, K 2024, Inject Less, Recover More: Unlocking the Potential of Document Recovery in Injection Attacks Against SSE. in L O’Conner (ed.), Proceedings of the 2024 IEEE 37th Computer Security Foundations Symposium (CSF). Proceedings - IEEE Computer Security Foundations Symposium, IEEE, Piscataway, pp. 311-323, 37th IEEE Computer Security Foundations Symposium, CSF 2024, Enschede, Netherlands, 8/07/24. https://doi.org/10.1109/CSF61375.2024.00029

Inject Less, Recover More: Unlocking the Potential of Document Recovery in Injection Attacks Against SSE. / Zhang, Manning; Shi, Zeshun ; Chen, Huanhuan et al.
Proceedings of the 2024 IEEE 37th Computer Security Foundations Symposium (CSF). ed. / L. O’Conner . Piscataway: IEEE, 2024. p. 311-323 (Proceedings - IEEE Computer Security Foundations Symposium).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Inject Less, Recover More

T2 - 37th IEEE Computer Security Foundations Symposium, CSF 2024

AU - Zhang, Manning

AU - Shi, Zeshun

AU - Chen, Huanhuan

AU - Liang, Kaitai

N1 - Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

PY - 2024

Y1 - 2024

N2 - Searchable symmetric encryption has been vulnerable to inference attacks that rely on uniqueness in leakage patterns. However, many keywords in datasets lack distinctive leakage patterns, limiting the effectiveness of such attacks. The file injection attacks, initially proposed by Cash et al. (CCS 2015), have shown impressive performance with 100% accuracy and no prior knowledge requirement. Nevertheless, this attack fails to recover queries with underlying keywords not present in the injected files. To address these limitations, our research introduces a novel attack strategy called LEAP-Hierarchical Fusion Attack (LHFA) that combines the strengths of both file injection attacks and inference attacks. Before initiating keyword injection, we introduce a new approach for inert/active keyword selection. In the phase of selecting injected keywords, we focus on keywords without unique leakage patterns and recover them, leveraging their presence for document recovery. Our goal is to achieve an amplified effect in query recovery. We demonstrate a minimum query recovery rate of 1.3 queries per injected keyword with a 10% data leakage of a real-life dataset, and initiate further research to overcome challenges associated with non-distinctive keywords.

AB - Searchable symmetric encryption has been vulnerable to inference attacks that rely on uniqueness in leakage patterns. However, many keywords in datasets lack distinctive leakage patterns, limiting the effectiveness of such attacks. The file injection attacks, initially proposed by Cash et al. (CCS 2015), have shown impressive performance with 100% accuracy and no prior knowledge requirement. Nevertheless, this attack fails to recover queries with underlying keywords not present in the injected files. To address these limitations, our research introduces a novel attack strategy called LEAP-Hierarchical Fusion Attack (LHFA) that combines the strengths of both file injection attacks and inference attacks. Before initiating keyword injection, we introduce a new approach for inert/active keyword selection. In the phase of selecting injected keywords, we focus on keywords without unique leakage patterns and recover them, leveraging their presence for document recovery. Our goal is to achieve an amplified effect in query recovery. We demonstrate a minimum query recovery rate of 1.3 queries per injected keyword with a 10% data leakage of a real-life dataset, and initiate further research to overcome challenges associated with non-distinctive keywords.

KW - Access pattern

KW - File injection attack

KW - Inference attack

KW - Searchable symmetric encryption

UR - http://www.scopus.com/inward/record.url?scp=85205957478&partnerID=8YFLogxK

U2 - 10.1109/CSF61375.2024.00029

DO - 10.1109/CSF61375.2024.00029

M3 - Conference contribution

AN - SCOPUS:85205957478

SN - 979-8-3503-6204-6

T3 - Proceedings - IEEE Computer Security Foundations Symposium

SP - 311

EP - 323

BT - Proceedings of the 2024 IEEE 37th Computer Security Foundations Symposium (CSF)

A2 - O’Conner , L.

PB - IEEE

CY - Piscataway

Y2 - 8 July 2024 through 12 July 2024

ER -

Zhang M, Shi Z , Chen H , Liang K. Inject Less, Recover More: Unlocking the Potential of Document Recovery in Injection Attacks Against SSE. In O’Conner L, editor, Proceedings of the 2024 IEEE 37th Computer Security Foundations Symposium (CSF). Piscataway: IEEE. 2024. p. 311-323. (Proceedings - IEEE Computer Security Foundations Symposium). doi: 10.1109/CSF61375.2024.00029

Inject Less, Recover More: Unlocking the Potential of Document Recovery in Injection Attacks Against SSE

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Embargoed Document

Fingerprint

Cite this