Abstract
Symmetric searchable encryption (SSE) allows the users to store and query their private data in the encrypted database. Many SSE schemes for different scenarios have been proposed in the past few years, however, most of these schemes still face more or fewer security issues. Using these security leakages, many attacks against the SSE scheme have been proposed, and especially the non-adaptive file injection attack is the most serious. Non-adaptive file injection attack (NAFA) can effectively recover some extremely important private information such as keyword plaintext. As of now, there is no scheme that can effectively defend against such attacks. We first propose the new security attribute called toward privacy to resist non-adaptive file injection attacks. We then present an efficient SSE construction called Cetus to achieve toward privacy. By setting up a buffer and designing the efficient oblivious reading algorithm based on software guard extensions (SGX), we propose the efficient one-time oblivious writing mechanism. Oblivious writing protects the update pattern and allows search operations to be performed directly on the data. The experiment results show that Cetus achieves O(aw) search time and O(1) update communication. The practical search time, communication, and computation overheads incurred by Cetus are lower than those of state-of-the-art.
Similar content being viewed by others
References
Stefanov E, van Dijk M, Shi E, et al. Path ORAM: an extremely simple oblivious RAM protocol. In: Proceedings of 2013 ACM SIGSAC Conference on Computer & Communications Security. 2013. 299–310
Garg S, Mohassel P, Papamanthou C. TWORAM: efficient oblivious RAM in two rounds with applications to searchable encryption. In: Proceedings of Annual International Cryptology Conference. Berlin: Springer, 2016. 563–592
Naveed M, Prabhakaran M, Gunter C A. Dynamic searchable encryption via blind storage. In: Proceedings of 2014 IEEE Symposium on Security and Privacy, 2014. 639–654
Song X, Dong C, Yuan D, et al. Forward private searchable symmetric encryption with optimized I/O efficiency. IEEE Trans Dependable Secure Comput, 2020, 17: 912–927
Kim K S, Kim M, Lee D, et al. Forward secure dynamic searchable symmetric encryption with efficient updates. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. 1449–1463
Liu Z, Lv S, Wei Y, et al. FFSSE: flexible forward secure searchable encryption with efficient performance. IACR Cryptol ePrint Arch, 2017, 2017: 1105
Ghareh C J, Papadopoulos D, Papamanthou C, et al. New constructions for forward and backward private symmetric searchable encryption. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018. 1038–1055
Bost R, Minaud B, Ohrimenko O. Forward and backward private searchable encryption from constrained cryptographic primitives. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. 1465–1482
Etemad M, Küpçü A, Papamanthou C, et al. Efficient dynamic searchable encryption with forward privacy. Proc Privacy Enhancing Technol, 2018, 2018: 5–20
Li J, Huang Y, Wei Y, et al. Searchable symmetric encryption with forward search privacy. IEEE Trans Dependable Secure Comput, 2019. doi: https://doi.org/10.1109/TDSC.2019.2894411
Bost R. Σοϕοϛ: forward secure searchable encryption. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016. 1143–1154
Cash D, Grubbs P, Perry J, et al. Leakage-abuse attacks against searchable encryption. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. 668–679
Stefanov E, Papamanthou C, Shi E. Practical dynamic searchable encryption with small leakage. In: Proceedings of Network and Distributed System Security Symposium, 2014, 71: 72–75
Song D X, Wagner D, Perrig A. Practical techniques for searches on encrypted data. In: Proceedings of 2000 IEEE Symposium on Security and Privacy, 2000. 44–55
Curtmola R, Garay J, Kamara S, et al. Searchable symmetric encryption: improved definitions and efficient constructions. J Comput Secur, 2011, 19: 895–934
Chase M, Kamara S. Structured encryption and controlled disclosure. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2010. 577–594
Kamara S, Papamanthou C, Roeder T. Dynamic searchable symmetric encryption. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, 2012. 965–976
Kamara S, Papamanthou C. Parallel and dynamic searchable symmetric encryption. In: Proceedings of International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2013. 258–274
Cash D, Jaeger J, Jarecki S, et al. Dynamic searchable encryption in very-large databases: data structures and implementation. In: Proceedings of Network and Distributed System Security Symposium, 2014, 14: 23–26
Chang Y C, Mitzenmacher M. Privacy preserving keyword searches on remote encrypted data. In: Proceedings of International Conference on Applied Cryptography and Network Security. Berlin: Springer, 2005. 442–455
Hahn F, Kerschbaum F. Searchable encryption with secure and efficient updates. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014. 310–320
Naveed M. The fallacy of composition of oblivious RAM and searchable encryption. IACR Cryptol ePrint Arch, 2015, 2015, 668
Cash D, Jarecki S, Jutla C, et al. Highly-scalable searchable symmetric encryption with support for boolean queries. In: Proceedings of Annual Cryptology Conference. Berlin: Springer, 2013. 353–373
Demertzis I, Papadopoulos S, Papapetrou O, et al. Practical private range search revisited. In: Proceedings of 2016 International Conference on Management of Data, 2016. 185–198
Kamara S, Moataz T. Boolean searchable symmetric encryption with worst-case sub-linear complexity. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Cham: Springer, 2017. 94–124
Meng X, Kamara S, Nissim K, et al. Grecs: graph encryption for approximate shortest distance queries. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. 504–517
Kamara S, Moataz T. SQL on structurally-encrypted databases. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Cham: Springer, 2018. 149–180
Blass E O, Mayberry T, Noubir G, et al. Toward robust hidden volumes using write-only oblivious RAM. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014. 203–214
Aviv A J, Choi S G, Mayberry T, et al. Oblivisync: practical oblivious file backup and synchronization. 2016. ArXiv: 1605.09779
Haider S K, van Dijk M. Flat ORAM: a simplified write-only oblivious RAM construction for secure processors. Cryptography, 2019, 3: 10
Roche D S, Aviv A, Choi S G, et al. Deterministic, stash-free write-only ORAM. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. 507–521
Li L, Datta A. Write-only oblivious RAM-based privacy-preserved access of outsourced data. Int J Inf Secur, 2017, 16: 23–42
Zheng W, Dave A, Beekman J G, et al. Opaque: an oblivious and encrypted distributed analytics platform. In: Proceedings of the 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17), 2017. 283–298
Shaon F, Kantarcioglu M, Lin Z, et al. SGX-bigmatrix: a practical encrypted data analytic framework with trusted processors. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. 1211–1228
Hoang T, Ozmen M O, Jang Y, et al. Hardware-supported ORAM in effect: practical oblivious search and update on very large dataset. Proc Privacy Enhancing Technol, 2019, 2019: 172–191
Ahmad A, Kim K, Sarfaraz M I, et al. OBLIVIATE: a data oblivious filesystem for intel SGX. In: Proceedings of Network and Distributed System Security Symposium, 2018
Mandal A, Mitchell J C, Montgomery H, et al. Data oblivious genome variants search on Intel SGX. In: Data Privacy Management, Cryptocurrencies and Blockchain Technology. Cham: Springer, 2018. 296–310
Goldreich O. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge: Cambridge University Press, 2009
Zhang Y, Katz J, Papamanthou C. All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), 2016. 707–720
Katz J, Lindell Y. Introduction to Modern Cryptography. Boca Raton: CRC Press, 2014
Costan V, Devadas S. Intel SGX explained. IACR Cryptol ePrint Arch, 2016, 2016: 1–118
Acknowledgements
This work was supported by the National Natural Science Foundation of China (Grant No. 61672300), National Natural Science Foundation of Tianjin (Grant No. 18ZXZNGX00140), and National Natural Science Foundation for Outstanding Youth Foundation (Grant No. 61722203).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Huang, Y., Lv, S., Liu, Z. et al. Cetus: an efficient symmetric searchable encryption against file-injection attack with SGX. Sci. China Inf. Sci. 64, 182314 (2021). https://doi.org/10.1007/s11432-020-3039-x
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-020-3039-x