Searchable Symmetric Encryption Attacks

Abstract

A searchable symmetric encryption (SSE) scheme allows a user to securely perform a keyword search on an encrypted database. This search capability is useful but comes with the price of unintentional information leakage. An attacker abuses leakage to steal confidential information by launching SSE attacks. In this work, our goal is to design a new inference attack that improves the query recovery accuracy of an existing attack. We combine an additional volume leakage pattern and investigate the effectiveness of existing countermeasures against it. Our attack utilizes similar data knowledge and known queries to perform the attack. The results show that usage of an additional volume leakage pattern results in an improved query recovery accuracy, and a more stabilized spread in the results. When an attacker knows up to 4 known queries, we observe an improved query recovery accuracy between 5 and 19.5%. Furthermore, we investigate if the attack can be improved even further by utilizing clustering. However, the results are too close with a high trade-off in performance. From our findings, we can generalize that additional knowledge available to the attacker improves query recovery accuracy. More leakage combinations and their impact are open to future research.