Abstract | ||
---|---|---|
To mitigate security concerns of outsourced databases, quite a few protocols have been proposed that outsource data in encrypted format and allow encrypted query execution on the server side. Among the more practical protocols, the \"bucketization\" approach facilitates query execution at the cost of reduced efficiency by allowing some false positives in the query results. Precise Query Protocols (PQPs), on the other hand, enable the server to execute queries without incurring any false positives. Even though these protocols do not reveal the underlying data, they reveal query access pattern to an adversary. In this paper, we introduce a general attack on PQPs based on access pattern disclosure in the context of secure range queries. Our empirical analysis on several real world datasets shows that the proposed attack is able to disclose significant amount of sensitive data with high accuracy provided that the attacker has reasonable amount of background knowledge. We further demonstrate that a slight variation of such an attack can also be used on imprecise protocols (e.g., bucketization) to disclose significant amount of sensitive information. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1145/2557547.2557561 | CODASPY |
Keywords | Field | DocType |
outsource data,false positive,encrypted range query,query access pattern,significant amount,secure range query,query execution,general attack,proposed attack,reasonable amount,inference attack,outsourced databases,query result | Data mining,Internet privacy,Computer security,Computer science,Outsourcing,Encryption,Inference attack,Information sensitivity,Server-side,Query optimization,Range query (data structures),Database,False positive paradox | Conference |
Citations | PageRank | References |
19 | 0.69 | 23 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Mohammad Saiful Islam | 1 | 192 | 9.66 |
Mehmet Kuzu | 2 | 310 | 13.37 |
Murat Kantarcioglu | 3 | 2470 | 168.03 |