Publication Type

Journal Article

Version

acceptedVersion

Publication Date

3-2022

Abstract

Recently, reconstruction attacks on static encrypted database supporting range queries have been proposed. However, attacks on encrypted database within two updates in the similar setting have not been studied extensively. As far as we know, the only work is the update recovery attack presented by Grubbs et al. (CCS 2018). Following their seminal work, we present new update recovery attacks for dense dataset (i.e. at least one record corresponding to each value in the range), which enable a deeper understanding of the impact caused by leakages due to updates on dynamic encrypted database. Our first attack aims at recovering the value of a newly added record in the case of one database update. We further demonstrate that the attack can fully reconstruct the database counts if the updated value is either the minimum or maximum in the range. We then consider a setting where two distinct records are added separately, which leads to our second attack. We next extend our attacks to the setting where the update operation is deletion. To the best of our knowledge, update recovery attack on database supporting deletion has not been considered before. We demonstrate practicality of our attack via extensive simulations using real dataset.

Keywords

Dynamic encrypted database, information leakage, range query, update recovery attacks

Discipline

Information Security

Research Areas

Cybersecurity

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

19

Issue

2

First Page

1164

Last Page

1180

ISSN

1545-5971

Identifier

10.1109/TDSC.2020.3015997

Publisher

IEEE

Embargo Period

6-11-2021

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/TDSC.2020.3015997

Download

Share

COinS