TY - GEN
T1 - Randex
T2 - 2019 IEEE Conference on Communications and Network Security, CNS 2019
AU - Quan, Hanyu
AU - Liu, Hao
AU - Wang, Boyang
AU - Li, Ming
AU - Zhang, Yuqing
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/6
Y1 - 2019/6
N2 - Searchable Encryption enables search functions over encrypted data on an untrusted server without the need of accessing data or queries in plaintext. To boost search time, most of the Searchable Encryption schemes leak access pattern. Unfortunately, by harnessing access pattern, a variation of a chosen-query attack, named range injection attack, can efficiently recover sensitive data in any encrypted tuple. The privacy leakage under a range injection attack is severe, and it is imperative to strengthen the privacy of searchable encrypted data. In this paper, we devise an efficient mechanism, referred to as Randex, to mitigate leakage on searchable encrypted data. Specifically, we apply pre-encryption obfuscation by deploying Randomized Response, which obfuscates access pattern. Randex renders minimal tradeoffs to the correctness of range queries, and is compatible with any Searchable Encryption scheme. We formally prove that Randex achieves-local differential privacy and rigorously analyze an adversary's guessing probability against range injection attacks. We implement Randex and conduct extensive experiments on a synthetic dataset with 1 million tuples and a real-world dataset with 299 thousand tuples. Our results suggest that, with only 4% false negatives and no false positives, Randex can suppress an adversary's guessing probability to 0.17, which is significantly lower than the guessing probability of 1 without the privacy protection offered by Randex.
AB - Searchable Encryption enables search functions over encrypted data on an untrusted server without the need of accessing data or queries in plaintext. To boost search time, most of the Searchable Encryption schemes leak access pattern. Unfortunately, by harnessing access pattern, a variation of a chosen-query attack, named range injection attack, can efficiently recover sensitive data in any encrypted tuple. The privacy leakage under a range injection attack is severe, and it is imperative to strengthen the privacy of searchable encrypted data. In this paper, we devise an efficient mechanism, referred to as Randex, to mitigate leakage on searchable encrypted data. Specifically, we apply pre-encryption obfuscation by deploying Randomized Response, which obfuscates access pattern. Randex renders minimal tradeoffs to the correctness of range queries, and is compatible with any Searchable Encryption scheme. We formally prove that Randex achieves-local differential privacy and rigorously analyze an adversary's guessing probability against range injection attacks. We implement Randex and conduct extensive experiments on a synthetic dataset with 1 million tuples and a real-world dataset with 299 thousand tuples. Our results suggest that, with only 4% false negatives and no false positives, Randex can suppress an adversary's guessing probability to 0.17, which is significantly lower than the guessing probability of 1 without the privacy protection offered by Randex.
UR - http://www.scopus.com/inward/record.url?scp=85071723082&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85071723082&partnerID=8YFLogxK
U2 - 10.1109/CNS.2019.8802641
DO - 10.1109/CNS.2019.8802641
M3 - Conference contribution
AN - SCOPUS:85071723082
T3 - 2019 IEEE Conference on Communications and Network Security, CNS 2019
SP - 133
EP - 141
BT - 2019 IEEE Conference on Communications and Network Security, CNS 2019
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 10 June 2019 through 12 June 2019
ER -