Leakage Models and Inference Attacks on Searchable Encryption for Cyber-Physical Social Systems

Guofeng Wang; Chuanyi Liu; Yingfei Dong; Kim-Kwang Raymond Choo; Peiyi Han; Hezhong Pan; Binxing Fang

doi:10.1109/ACCESS.2018.2800684

IEEE Access (Jan 2018)

Leakage Models and Inference Attacks on Searchable Encryption for Cyber-Physical Social Systems

Guofeng Wang,
Chuanyi Liu,
Yingfei Dong,
Kim-Kwang Raymond Choo,
Peiyi Han,
Hezhong Pan,
Binxing Fang

Affiliations

Guofeng Wang: ORCiD; School of Computer Science, Beijing University of Posts and Telecommunications, Beijing, China
Chuanyi Liu: School of Computer and Technology, Harbin Institute of Technology, Shenzhen, China
Yingfei Dong: Department of Electrical Engineering, University of Hawaii, Honolulu, HI, USA
Kim-Kwang Raymond Choo: ORCiD; Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX, USA
Peiyi Han: School of Computer Science, Beijing University of Posts and Telecommunications, Beijing, China
Hezhong Pan: School of Computer Science, Beijing University of Posts and Telecommunications, Beijing, China
Binxing Fang: School of Computer and Technology, Harbin Institute of Technology, Shenzhen, China

DOI: https://doi.org/10.1109/ACCESS.2018.2800684
Journal volume & issue: Vol. 6
pp. 21828 – 21839

Abstract

Read online

Searchable encryption (SE) schemes, such as those deployed for cyber-physical social systems, may be vulnerable to inference attacks. In such attacks, attackers seek to learn sensitive information about the queries and data stored on the (cyber-physical social) systems. However, these attacks are often based on strong (impractical) assumptions (e.g., the complete knowledge of documents or known document injection) using access-pattern leakage. In this paper, we first identify different leakage models based on the leakage profiles of common SE schemes, and then design inference methods accordingly. In particular, based on the leakage models, we show that some information leakage allows a very powerful attack with little prior knowledge. We then propose new inference attacks in which an adversary only needs to have a partial knowledge of target documents. Unlike previous attacks, the proposed inference algorithms perform effective document-mapping attacks before query recovery attacks, in the sense that they are more efficient and scalable without requiring optimization overheads. We then use experiments to demonstrate their effectiveness.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords