Skip to main content
SpringerLink
Log in

Cetus: an efficient symmetric searchable encryption against file-injection attack with SGX

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

Symmetric searchable encryption (SSE) allows the users to store and query their private data in the encrypted database. Many SSE schemes for different scenarios have been proposed in the past few years, however, most of these schemes still face more or fewer security issues. Using these security leakages, many attacks against the SSE scheme have been proposed, and especially the non-adaptive file injection attack is the most serious. Non-adaptive file injection attack (NAFA) can effectively recover some extremely important private information such as keyword plaintext. As of now, there is no scheme that can effectively defend against such attacks. We first propose the new security attribute called toward privacy to resist non-adaptive file injection attacks. We then present an efficient SSE construction called Cetus to achieve toward privacy. By setting up a buffer and designing the efficient oblivious reading algorithm based on software guard extensions (SGX), we propose the efficient one-time oblivious writing mechanism. Oblivious writing protects the update pattern and allows search operations to be performed directly on the data. The experiment results show that Cetus achieves O(aw) search time and O(1) update communication. The practical search time, communication, and computation overheads incurred by Cetus are lower than those of state-of-the-art.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Stefanov E, van Dijk M, Shi E, et al. Path ORAM: an extremely simple oblivious RAM protocol. In: Proceedings of 2013 ACM SIGSAC Conference on Computer & Communications Security. 2013. 299–310

  2. Garg S, Mohassel P, Papamanthou C. TWORAM: efficient oblivious RAM in two rounds with applications to searchable encryption. In: Proceedings of Annual International Cryptology Conference. Berlin: Springer, 2016. 563–592

    MATH  Google Scholar 

  3. Naveed M, Prabhakaran M, Gunter C A. Dynamic searchable encryption via blind storage. In: Proceedings of 2014 IEEE Symposium on Security and Privacy, 2014. 639–654

  4. Song X, Dong C, Yuan D, et al. Forward private searchable symmetric encryption with optimized I/O efficiency. IEEE Trans Dependable Secure Comput, 2020, 17: 912–927

    Article  Google Scholar 

  5. Kim K S, Kim M, Lee D, et al. Forward secure dynamic searchable symmetric encryption with efficient updates. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. 1449–1463

  6. Liu Z, Lv S, Wei Y, et al. FFSSE: flexible forward secure searchable encryption with efficient performance. IACR Cryptol ePrint Arch, 2017, 2017: 1105

    Google Scholar 

  7. Ghareh C J, Papadopoulos D, Papamanthou C, et al. New constructions for forward and backward private symmetric searchable encryption. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018. 1038–1055

  8. Bost R, Minaud B, Ohrimenko O. Forward and backward private searchable encryption from constrained cryptographic primitives. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. 1465–1482

  9. Etemad M, Küpçü A, Papamanthou C, et al. Efficient dynamic searchable encryption with forward privacy. Proc Privacy Enhancing Technol, 2018, 2018: 5–20

    Article  Google Scholar 

  10. Li J, Huang Y, Wei Y, et al. Searchable symmetric encryption with forward search privacy. IEEE Trans Dependable Secure Comput, 2019. doi: https://doi.org/10.1109/TDSC.2019.2894411

  11. Bost R. Σοϕοϛ: forward secure searchable encryption. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016. 1143–1154

  12. Cash D, Grubbs P, Perry J, et al. Leakage-abuse attacks against searchable encryption. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. 668–679

  13. Stefanov E, Papamanthou C, Shi E. Practical dynamic searchable encryption with small leakage. In: Proceedings of Network and Distributed System Security Symposium, 2014, 71: 72–75

    Google Scholar 

  14. Song D X, Wagner D, Perrig A. Practical techniques for searches on encrypted data. In: Proceedings of 2000 IEEE Symposium on Security and Privacy, 2000. 44–55

  15. Curtmola R, Garay J, Kamara S, et al. Searchable symmetric encryption: improved definitions and efficient constructions. J Comput Secur, 2011, 19: 895–934

    Article  Google Scholar 

  16. Chase M, Kamara S. Structured encryption and controlled disclosure. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2010. 577–594

    MATH  Google Scholar 

  17. Kamara S, Papamanthou C, Roeder T. Dynamic searchable symmetric encryption. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, 2012. 965–976

  18. Kamara S, Papamanthou C. Parallel and dynamic searchable symmetric encryption. In: Proceedings of International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2013. 258–274

    Google Scholar 

  19. Cash D, Jaeger J, Jarecki S, et al. Dynamic searchable encryption in very-large databases: data structures and implementation. In: Proceedings of Network and Distributed System Security Symposium, 2014, 14: 23–26

    Google Scholar 

  20. Chang Y C, Mitzenmacher M. Privacy preserving keyword searches on remote encrypted data. In: Proceedings of International Conference on Applied Cryptography and Network Security. Berlin: Springer, 2005. 442–455

    MATH  Google Scholar 

  21. Hahn F, Kerschbaum F. Searchable encryption with secure and efficient updates. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014. 310–320

  22. Naveed M. The fallacy of composition of oblivious RAM and searchable encryption. IACR Cryptol ePrint Arch, 2015, 2015, 668

    Google Scholar 

  23. Cash D, Jarecki S, Jutla C, et al. Highly-scalable searchable symmetric encryption with support for boolean queries. In: Proceedings of Annual Cryptology Conference. Berlin: Springer, 2013. 353–373

    MATH  Google Scholar 

  24. Demertzis I, Papadopoulos S, Papapetrou O, et al. Practical private range search revisited. In: Proceedings of 2016 International Conference on Management of Data, 2016. 185–198

  25. Kamara S, Moataz T. Boolean searchable symmetric encryption with worst-case sub-linear complexity. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Cham: Springer, 2017. 94–124

    MATH  Google Scholar 

  26. Meng X, Kamara S, Nissim K, et al. Grecs: graph encryption for approximate shortest distance queries. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. 504–517

  27. Kamara S, Moataz T. SQL on structurally-encrypted databases. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Cham: Springer, 2018. 149–180

    MATH  Google Scholar 

  28. Blass E O, Mayberry T, Noubir G, et al. Toward robust hidden volumes using write-only oblivious RAM. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014. 203–214

  29. Aviv A J, Choi S G, Mayberry T, et al. Oblivisync: practical oblivious file backup and synchronization. 2016. ArXiv: 1605.09779

  30. Haider S K, van Dijk M. Flat ORAM: a simplified write-only oblivious RAM construction for secure processors. Cryptography, 2019, 3: 10

    Article  Google Scholar 

  31. Roche D S, Aviv A, Choi S G, et al. Deterministic, stash-free write-only ORAM. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. 507–521

  32. Li L, Datta A. Write-only oblivious RAM-based privacy-preserved access of outsourced data. Int J Inf Secur, 2017, 16: 23–42

    Article  Google Scholar 

  33. Zheng W, Dave A, Beekman J G, et al. Opaque: an oblivious and encrypted distributed analytics platform. In: Proceedings of the 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17), 2017. 283–298

  34. Shaon F, Kantarcioglu M, Lin Z, et al. SGX-bigmatrix: a practical encrypted data analytic framework with trusted processors. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. 1211–1228

  35. Hoang T, Ozmen M O, Jang Y, et al. Hardware-supported ORAM in effect: practical oblivious search and update on very large dataset. Proc Privacy Enhancing Technol, 2019, 2019: 172–191

    Article  Google Scholar 

  36. Ahmad A, Kim K, Sarfaraz M I, et al. OBLIVIATE: a data oblivious filesystem for intel SGX. In: Proceedings of Network and Distributed System Security Symposium, 2018

  37. Mandal A, Mitchell J C, Montgomery H, et al. Data oblivious genome variants search on Intel SGX. In: Data Privacy Management, Cryptocurrencies and Blockchain Technology. Cham: Springer, 2018. 296–310

    Google Scholar 

  38. Goldreich O. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge: Cambridge University Press, 2009

    MATH  Google Scholar 

  39. Zhang Y, Katz J, Papamanthou C. All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), 2016. 707–720

  40. Katz J, Lindell Y. Introduction to Modern Cryptography. Boca Raton: CRC Press, 2014

    Book  Google Scholar 

  41. Costan V, Devadas S. Intel SGX explained. IACR Cryptol ePrint Arch, 2016, 2016: 1–118

    Google Scholar 

Download references

Acknowledgements

This work was supported by the National Natural Science Foundation of China (Grant No. 61672300), National Natural Science Foundation of Tianjin (Grant No. 18ZXZNGX00140), and National Natural Science Foundation for Outstanding Youth Foundation (Grant No. 61722203).

Author information

Authors and Affiliations

  1. College of Cyber Science and the College of Computer Science, Tianjin Key Laboratory of Network and Data Security Technology, Nankai University, Tianjin, 300350, China

    Yanyu Huang, Siyi Lv & Zheli Liu

  2. School of Computer Science and Technology, Shandong University, Jinan, 250100, China

    Xiangfu Song

  3. School of Computer Science, Guangzhou University, Guangzhou, 510006, China

    Jin Li

  4. Department of Computer Science, University of Göttingen, Göttingen, 37073, Germany

    Yali Yuan

  5. School of Computing, Newcastle University, Newcastle upon Tyne, NE1 7RU, UK

    Changyu Dong

Authors
  1. Yanyu Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Siyi Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zheli Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiangfu Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yali Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Changyu Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zheli Liu.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Huang, Y., Lv, S., Liu, Z. et al. Cetus: an efficient symmetric searchable encryption against file-injection attack with SGX. Sci. China Inf. Sci. 64, 182314 (2021). https://doi.org/10.1007/s11432-020-3039-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-020-3039-x

Keywords

Search

Navigation