A Leakage-Abuse Attack Against Multi-User Searchable Encryption

Cédric Van Rompay 1 , Refik Molva 2 , and Melek Önen 3
  • 1 EURECOM,
  • 2 EURECOM,
  • 3 EURECOM,


Searchable Encryption (SE) allows a user to upload data to the cloud and to search it in a remote fashion while preserving the privacy of both the data and the queries. Recent research results describe attacks on SE schemes using the access pattern, denoting the ids of documents matching search queries, which most SE schemes reveal during query processing. However SE schemes usually leak more than just the access pattern, and this extra leakage can lead to attacks (much) more harmful than the ones using basic access pattern leakage only. We remark that in the special case of Multi-User Searchable Encryption (MUSE), where many users upload and search data in a cloud-based infrastructure, a large number of existing solutions have a common leakage in addition to the well-studied access pattern leakage. We show that this seemingly small extra leakage allows a very simple yet powerful attack, and that the privacy degree of the affected schemes have been overestimated. We also show that this new vulnerability affects existing software. Finally we formalize the newly identified leakage profile and show how it relates to previously defined ones.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Enron email dataset. http://www.cs.cmu.edu/~enron/ Accessed on May 2016.

  • [2] Source code to reproduce our experiments. http://www.eurecom.fr/~vanrompa/iterative-testing/

  • [3] M. R. Asghar, G. Russello, B. Crispo, and M. Ion. Supporting complex queries and access policies for multi-user encrypted databases. In CCSW’13, Proceedings of the 2013 ACM Cloud Computing Security Workshop, Co-located with CCS 2013, Berlin, Germany, November 4, 2013, pages 77–88, 2013.

  • [4] F. Bao, R. H. Deng, X. Ding, and Y. Yang. Private Query on Encrypted Data in Multi-user Settings. In Information Security Practice and Experience, 4th International Conference, ISPEC 2008, Sydney, Australia, April 21-23, 2008, Proceedings, pages 71–85, 2008.

  • [5] C. Bösch, P. Hartel, W. Jonker, and A. Peter. A Survey of Provably Secure Searchable Encryption. ACM Computing Surveys, 47(2):1–51, Aug. 2014.

  • [6] D. Cash, P. Grubbs, J. Perry, and T. Ristenpart. Leakage-Abuse Attacks Against Searchable Encryption. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-6, 2015, pages 668–679, 2015.

  • [7] D. Cash, J. Jaeger, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Rosu, and M. Steiner. Dynamic searchable encryption in very large databases: Data structures and implementation. In Proc. of NDSS, volume 14, 2014.

  • [8] D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Rosu, and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In Advances in Cryptology–CRYPTO 2013, pages 353–373. Springer, 2013.

  • [9] R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: Improved definitions and efficient constructions. Journal of Computer Security, 19(5):895–934, 2011.

  • [10] D. Derler, C. Hanser, and D. Slamanig. Revisiting Cryptographic Accumulators, Additional Properties and Relations to Other Primitives. In Topics in Cryptology - CT-RSA 2015, The Cryptographer’s Track at the RSA Conference 2015, San Francisco, CA, USA, April 20-24, 2015. Proceedings, pages 127–144, 2015.

  • [11] C. Dong, G. Russello, and N. Dulay. Shared and Searchable Encrypted Data for Untrusted Servers. In Data and Applications Security XXII, 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, London, UK, July 13-16, 2008, Proceedings, pages 127–143, 2008.

  • [12] P. Grubbs, R. McPherson, M. Naveed, T. Ristenpart, and V. Shmatikov. Breaking Web Applications Built On Top of Encrypted Data. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 1353–1364, 2016.

  • [13] F. Hahn and F. Kerschbaum. Searchable Encryption with Secure and Efficient Updates. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 310–320, 2014.

  • [14] Y. H. Hwang and P. J. Lee. Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multiuser System. In Pairing-Based Cryptography - Pairing 2007, First International Conference, Tokyo, Japan, July 2-4, 2007, Proceedings, pages 2–22, 2007.

  • [15] M. Islam, M. Kuzu, and M. Kantarcioglu. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. Network and Distributed System Security Symposium (NDSS’12), 2012.

  • [16] S. Jarecki, C. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Outsourced symmetric private information retrieval. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 875–888. ACM, 2013.

  • [17] S. Kamara and C. Papamanthou. Parallel and Dynamic Searchable Symmetric Encryption. In Financial Cryptography and Data Security - 17th International Conference, FC 2013, Okinawa, Japan, April 1-5, 2013, Revised Selected Papers, pages 258–274, 2013.

  • [18] N. Karapanos, A. Filios, R. A. Popa, and S. Capkun. Verena: End-to-end integrity protection for web applications. To appear in 37th IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 23-25, 2016.

  • [19] C. Lan, J. Sherry, R. A. Popa, and S. Ratnasamy. Embark: Securely outsourcing middleboxes to the cloud. To appear in 13th USENIX Symposium on Networked Systems Design and Implementation, NSDI 16, Santa Clara, CA, USA, March 16-18, 2016.

  • [20] A. Levy, H. Corrigan-Gibbs, and D. Boneh. Stickler: Defending Against Malicious CDNs in an Unmodified Browser. 2015.

  • [21] C. Liu, L. Zhu, M. Wang, and Y.-a. Tan. Search pattern leakage in searchable encryption: Attacks and new construction. Inf. Sci., 265:176–188, 2014.

  • [22] M. Naveed, S. Kamara, and C. V. Wright. Inference Attacks on Property-Preserving Encrypted Databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-6, 2015, pages 644–655, 2015.

  • [23] V. Pappas, F. Krell, B. Vo, V. Kolesnikov, T. Malkin, S. G. Choi, W. George, A. Keromytis, and S. Bellovin. Blind Seer: A Scalable Private DBMS. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP ’14, pages 359–374, Washington, DC, USA, 2014. IEEE Computer Society.

  • [24] R. A. Popa, E. Stark, S. Valdez, J. Helfer, N. Zeldovich, and H. Balakrishnan. Building Web Applications on Top of Encrypted Data Using Mylar. In Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2014, Seattle, WA, USA, April 2-4, 2014, pages 157–172, 2014.

  • [25] R. A. Popa and N. Zeldovich. Multi-Key Searchable Encryption. IACR Cryptology ePrint Archive, 2013:508, 2013.

  • [26] M. F. Porter. An algorithm for suffix stripping. Program, 14(3):130–137, 1980.

  • [27] C. V. Rompay, R. Molva, and M. Önen. Multi-user Searchable Encryption in the Cloud. In Information Security - 18th International Conference, ISC 2015, Trondheim, Norway, September 9-11, 2015, Proceedings, pages 299–316, 2015.

  • [28] F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 38–54, 2015.

  • [29] D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In Security and Privacy, 2000. S P 2000. Proceedings. 2000 IEEE Symposium on, pages 44–55, 2000.

  • [30] P. Wang, H. Wang, and J. Pieprzyk. Common Secure Index for Conjunctive Keyword-Based Retrieval over Encrypted Data. In Secure Data Management, 4th VLDB Workshop, SDM 2007, Vienna, Austria, September 23-24, 2007, Proceedings, pages 108–123, 2007.

  • [31] Y. Yang, H. Lu, and J. Weng. Multi-User Private Keyword Search for Cloud Computing. pages 264–271. IEEE, Nov. 2011.

  • [32] Y. Zhang, J. Katz, and C. Papamanthou. All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption. In 25th USENIX Security Symposium (USENIX Security 16), pages 707–720, Austin, TX, Aug. 2016. USENIX Association.

  • [33] F. Zhao, T. Nishide, and K. Sakurai. Multi-User Keyword Search Scheme for Secure Data Sharing with Fine-Grained Access Control. In Information Security and Cryptology - ICISC 2011 - 14th International Conference, Seoul, Korea, November 30 - December 2, 2011. Revised Selected Papers, pages 406–418, 2011.


Journal + Issues