Skip to main content
SpringerLink
Log in
Book cover

International Conference on Applied Cryptography and Network Security

ACNS 2021: Applied Cryptography and Network Security pp 50–75Cite as

Towards Efficient and Strong Backward Private Searchable Encryption with Secure Enclaves

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12726))

Abstract

Dynamic searchable symmetric encryption (DSSE) can enable a cloud server to search and update over the encrypted data. Recently, forward and backward privacy in DSSE receive wide attention due to the rise in a number of emerging attacks exploiting the leakage in data update operations. Forward privacy ensures newly added data is not related to queries issued in the past, whilst backward privacy ensures previously deleted data is not revealed in the queries. Unfortunately, achieving strong forward and backward privacy, i.e., only revealing insertion timestamps of search results, requires the adoption of oblivious data structures, which incur heavy computation and communication overhead at both the client and server-side. In this paper, we resort to secure enclaves, aka Intel SGX, to tackle the above problem. Specifically, we propose Maiden, the first strong backward-private DSSE scheme without relying on ORAM. Our key idea is to keep track of the states of updates and the deletion information inside the secure enclave to prevent the leakage from the server. To speed up, we further leverage a compressed data structure to maintain a sketch of addition operations in the enclave to facilitate the fast generation of search tokens of non-deleted data. We conduct formal security analysis and perform comprehensive evaluations on both synthetic and real-world datasets. Our results confirm that Maiden outperforms the prior work.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Source code: https://github.com/MonashCybersecurityLab/SGXSSE.

  2. 2.

    Enron email dataset: https://www.cs.cmu.edu/~./enron/.

References

  1. Amjad, G., Kamara, S., Moataz, T.: Forward and backward private searchable encryption with SGX. In: EuroSec 2019 (2019)

    Google Scholar 

  2. Biondo, A., Conti, M., Davi, L., Frassetto, T., Sadeghi, A.R.: The guard’s dilemma: efficient code-reuse attacks against intel SGX. In: USENIX Security 2018 (2018)

    Google Scholar 

  3. Borges, G., Domingos, H., Ferreira, B., Leitão, J., Oliveira, T., Portela, B.: BISEN: efficient boolean searchable symmetric encryption with verifiability and minimal leakage. In: IEEE SRDS 2019 (2019)

    Google Scholar 

  4. Bost, R.: \(\Sigma o\varphi \)o\(\varsigma \) - forward secure searchable encryption. In: ACM CCS 2016 (2016)

    Google Scholar 

  5. Bost, R., Fouque, P.A.: Thwarting leakage abuse attacks against searchable encryption - a formal approach and applications to database padding. Cryptology ePrint Archive, Report 2017/1060 (2017). https://eprint.iacr.org/2017/1060

  6. Bost, R., Minaud, B., Ohrimenko, O.: Forward and backward private searchable encryption from constrained cryptographic primitives. In: ACM CCS 2017 (2017)

    Google Scholar 

  7. Brasser, F., Capkun, S., Dmitrienko, A., Frassetto, T., Kostiainen, K., Sadeghi, A.R.: DR.SGX: automated and adjustable side-channel protection for SGX using data location randomization. In: ACSAC 2019 (2019)

    Google Scholar 

  8. Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: WOOT 2017 (2017)

    Google Scholar 

  9. Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: ACM CCS 2015 (2015)

    Google Scholar 

  10. Cash, D., Jaeger, J., Jarecki, S., Jutla, C.: Dynamic searchable encryption in very large databases: data structures and implementation. In: NDSS 2014 (2014)

    Google Scholar 

  11. Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: CRYPTO 2013 (2013)

    Google Scholar 

  12. Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., Lai, T.H.: Sgxpectre: stealing intel secrets from SGX enclaves via speculative execution. In: Euro S&P 2019 (2019)

    Google Scholar 

  13. Chen, S., Zhang, X., Reiter, M.K., Zhang, Y.: Detecting privileged side-channel attacks in shielded execution with déjà vu. In: ASIA CCS 2017 (2017)

    Google Scholar 

  14. Christian, P., Kapil, V., Manuel, C.: EnclaveDB: a secure database using SGX. In: IEEE S&P 2018 (2018)

    Google Scholar 

  15. Cloosters, T., Rodler, M., Davi, L.: TeeRex: discovery and exploitation of memory corruption vulnerabilities in SGX enclaves. In: USENIX Security 2020, pp. 841–858 (2020)

    Google Scholar 

  16. Costan, V., Devadas, S.: Intel SGX explained. In: IACR Cryptol. ePrint Arch. (2016)

    Google Scholar 

  17. Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM CCS 2006 (2016)

    Google Scholar 

  18. Cutress, I.: Analyzing core i9–9900K performance with spectre and meltdown hardware mitigations. Intel Corp (2018). https://www.anandtech.com/show/13659/analyzing-core-i9-9900k-performance-with-spectre-and-meltdown-hardware-mitigations

  19. Demertzis, I., Chamani, J.G., Papadopoulos, D., Papamanthou, C.: Dynamic searchable encryption with small client storage. In: NDSS 2020 (2020)

    Google Scholar 

  20. Eskandarian, S., Zaharia, M.: Oblidb: oblivious query processing for secure databases. In: Proceedings of the VLDB Endow. (2019)

    Google Scholar 

  21. Etemad, M., Küpçü, A., Papamanthou, C., Evans, D.: Efficient dynamic searchable encryption with forward privacy. In: PET 2018 (2018)

    Google Scholar 

  22. Fu, Y., Bauman, E., Quinonez, R., Lin, Z.: SGX-LAPD: thwarting controlled side channel attacks via enclave verifiable page faults. In: RAID (2017)

    Google Scholar 

  23. Fuhry, B., Bahmani, R., Brasser, F., Hahn, F., Kerschbaum, F., Sadeghi, A.: HardIDX: practical and Secure Index with SGX. In: DBSec 2017 (2017)

    Google Scholar 

  24. Ghareh Chamani, J., Papadopoulos, D., Papamanthou, C., Jalili, R.: New constructions for forward and backward private symmetric searchable encryption. In: ACM CCS 2018, pp. 1038–1055 (2018)

    Google Scholar 

  25. Götzfried, J., Eckert, M., Schinzel, S., Müller, T.: Cache attacks on intel SGX. In: EuroSec 2017 (2017)

    Google Scholar 

  26. Gruss, D., Lipp, M., Schwarz, M., Fellner, R., Maurice, C., Mangard, S.: KASLR is dead: long live KASLR. In: Bodden, E., Payer, M., Athanasopoulos, E. (eds.) ESSoS 2017. LNCS, vol. 10379, pp. 161–176. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62105-0_11

    Chapter  Google Scholar 

  27. Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., Costa, M.: Strong and efficient cache side-channel protection using hardware transactional memory. In: USENIX Security 2017, pp. 217–233 (2017)

    Google Scholar 

  28. Hoang, T., Ozmen, M.O., Jang, Y., Yavuz, A.A.: Hardware-supported ORAM in effect: practical oblivious search and update on very large dataset. In: PET 2019 (2019)

    Google Scholar 

  29. Intel: Intel processors voltage settings modification advisory (2020). https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html

  30. Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: ACM CCS 2012, pp. 965–976 (2012)

    Google Scholar 

  31. Kuvaiskii, D., et al.: SGXBOUNDS: memory safety for shielded execution. In: EuroSys 2017, pp. 205–221 (2017)

    Google Scholar 

  32. Lai, S., et al.: Result pattern hiding searchable encryption for conjunctive queries. In: ACM CCS 2018, pp. 745–762 (2018)

    Google Scholar 

  33. Lee, J., et al.: Hacking in darkness: return-oriented programming against secure enclaves. In: USENIX Security 2017, pp. 523–539 (2017)

    Google Scholar 

  34. Marshall, A., Howard, M., Bugher, G., Harden, B.: Security best practices for developing windows azure applications. Microsoft Corp 42, 12–15 (2010)

    Google Scholar 

  35. McKeen, F., et al.: Intel® software guard extensions (intel® SGX) support for dynamic memory management inside an enclave. In: HASP 2016 (2016)

    Google Scholar 

  36. Mishra, P., Poddar, R., Chen, J., Chiesa, A., Popa, R.A.: Oblix: an efficient oblivious search index. In: IEEE S&P 2018 (2018)

    Google Scholar 

  37. Murdock, K., et al.: Plundervolt: software-based fault injection attacks against intel SGX. In: IEEE S&P 2020 (2020)

    Google Scholar 

  38. Ohrimenko, O., et al.: Oblivious multi-party machine learning on trusted processors. In: USENIX Security 2016 (2016)

    Google Scholar 

  39. Oleksenko, O., et al.: Varys: Protecting SGX enclaves from practical side-channel attacks. In: USENIX ATC 2018 (2018)

    Google Scholar 

  40. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Topics in Cryptology - CT-RSA 2006 (2006)

    Google Scholar 

  41. Rane, A., Lin, C., Tiwari, M.: Raccoon: closing digital side-channels through obfuscated execution. In: USENIX Security 2015 (2015)

    Google Scholar 

  42. Sasy, S., Gorbunov, S., Fletcher, C.W.: Zerotrace: oblivious memory primitives from intel SGX. In: NDSS 2018 (2018)

    Google Scholar 

  43. Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3–24. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_1

    Chapter  Google Scholar 

  44. Seo, J., et al.: SGX-shield: enabling address space layout randomization for SGX programs. In: NDSS (2017)

    Google Scholar 

  45. Shih, M.W., Lee, S., Kim, T., Peinado, M.: T-SGX: eradicating controlled-channel attacks against enclave programs. In: NDSS (2017)

    Google Scholar 

  46. Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing page faults from telling your secrets. In: ACM AsiaCCS 2016 (2016)

    Google Scholar 

  47. Sinha, R., Rajamani, S., Seshia, S.A.: A compiler and verifier for page access oblivious computation. In: ESEC/FSE 2017 (2017)

    Google Scholar 

  48. Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE S&P 2000, pp. 44–55 (2000)

    Google Scholar 

  49. Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable symmetric encryption with small leakage. In: NDSS 2014 (2014)

    Google Scholar 

  50. Sun, S.F., et al.: Practical backward-secure searchable encryption from symmetric puncturable encryption. In: ACM CCS 2018 (2018)

    Google Scholar 

  51. Van Bulck, J., et al.: Foreshadow: extracting the keys to the intel SGX kingdom with transient out-of-order execution. In: USENIX Security 2018 (2018)

    Google Scholar 

  52. Vinayagamurthy, D., Gribov, A., Gorbunov, S.: Stealthdb: A scalable encrypted database with full SQL query support. In: PET 2019 (2019)

    Google Scholar 

  53. Vo, V., Lai, S., Yuan, X., Sun, S.F., Nepal, S., Liu, J.K.: Accelerating forward and backward private searchable encryption using trusted execution. In: ACNS 2020 (2020)

    Google Scholar 

  54. Wang, W., et al.: Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: CCS 2017 (2017)

    Google Scholar 

  55. Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: IEEE S&P 2015 (2015)

    Google Scholar 

  56. Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security 2014 (2014)

    Google Scholar 

  57. Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: The power of file-injection attacks on searchable encryption. In: USENIX Security 2016 (2016)

    Google Scholar 

  58. Zhao, W., Lu, K., Qi, Y., Qi, S.: Mptee: bringing flexible and efficient memory protection to intel SGX. In: EuroSys 2020 (2020)

    Google Scholar 

  59. Zheng, W., Dave, A., Beekman, J.G., Popa, R.A., Gonzalez, J.E., Stoica, I.: Opaque: an oblivious and encrypted distributed analytics platform. In: USENIX NSDI 2017 (2017)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the anonymous reviewers for their valuable comments. The work was supported in part by the Australian Research Council Discovery Project grants DP180102199 and DP200103308, a Data61-Monash Collaborative Research Project (D61 Challenge: E01), and an Oceania Cyber Security Centre industry co-funded project.

Author information

Authors and Affiliations

  1. Department of Software Systems and Cybersecurity, Monash University, Melbourne, Australia

    Viet Vo, Shangqi Lai, Xingliang Yuan & Joseph K. Liu

  2. Data61, CSIRO, Sydney, Australia

    Viet Vo & Surya Nepal

Authors
  1. Viet Vo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shangqi Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xingliang Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Surya Nepal
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Joseph K. Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xingliang Yuan .

Editor information

Editors and Affiliations

  1. Waseda University, Tokyo, Japan

    Kazue Sako

  2. CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

    Nils Ole Tippenhauer

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vo, V., Lai, S., Yuan, X., Nepal, S., Liu, J.K. (2021). Towards Efficient and Strong Backward Private Searchable Encryption with Secure Enclaves. In: Sako, K., Tippenhauer, N.O. (eds) Applied Cryptography and Network Security. ACNS 2021. Lecture Notes in Computer Science(), vol 12726. Springer, Cham. https://doi.org/10.1007/978-3-030-78372-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78372-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78371-6

  • Online ISBN: 978-3-030-78372-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation