Improved File-injection Attacks on Searchable Encryption Using Finite Set Theory

Gaoli Wang; Zhenfu Cao; Xiaolei Dong

doi:10.1093/comjnl/bxaa161

Improved File-injection Attacks on Searchable Encryption Using Finite Set Theory

Gaoli Wang^*, Zhenfu Cao, Xiaolei Dong

^*Corresponding author for this work

Software Engineering Institute

CAS - Institute of Information Engineering

Research output: Contribution to journal › Article › peer-review

8 Scopus citations

Abstract

Searchable encryption (SE) allows the cloud server to search over the encrypted data and leak information as little as possible. Most existing efficient SE schemes assume that the leakage of search pattern and access pattern is acceptable. A series of work was proposed, instructing malicious users to use this leakage to come up with attacks. Especially, with a devastating attack proposed by Zhang et al., the cloud server can reveal the keywords queried by normal users by using some injected files. From the method of constructing uniform $(k,n)$-set of a finite set $A$ proposed by Cao, we put forward a new file-injection attack. In our attack, the server needs fewer injected files than the previous attack when the size of $T$ is larger than 9 and the size of keyword set is larger than $2T$, where $T$ is the threshold of the number of keywords in each injected file. Our attack is more practical and easier to implement in the real scenario.

Original language	English
Pages (from-to)	1264-1276
Number of pages	13
Journal	Computer Journal
Volume	64
Issue number	8
DOIs	https://doi.org/10.1093/comjnl/bxaa161
State	Published - 1 Aug 2021

Keywords

file-injection attack
finite set theory
leakage
searchable encryption
security
uniform (k,n)-set

Access to Document

10.1093/comjnl/bxaa161

Cite this

@article{94d5f894516a421a8228fee289349778,

title = "Improved File-injection Attacks on Searchable Encryption Using Finite Set Theory",

abstract = "Searchable encryption (SE) allows the cloud server to search over the encrypted data and leak information as little as possible. Most existing efficient SE schemes assume that the leakage of search pattern and access pattern is acceptable. A series of work was proposed, instructing malicious users to use this leakage to come up with attacks. Especially, with a devastating attack proposed by Zhang et al., the cloud server can reveal the keywords queried by normal users by using some injected files. From the method of constructing uniform \$(k,n)\$-set of a finite set \$A\$ proposed by Cao, we put forward a new file-injection attack. In our attack, the server needs fewer injected files than the previous attack when the size of \$T\$ is larger than 9 and the size of keyword set is larger than \$2T\$, where \$T\$ is the threshold of the number of keywords in each injected file. Our attack is more practical and easier to implement in the real scenario.",

keywords = "file-injection attack, finite set theory, leakage, searchable encryption, security, uniform (k,n)-set",

author = "Gaoli Wang and Zhenfu Cao and Xiaolei Dong",

year = "2021",

month = aug,

day = "1",

doi = "10.1093/comjnl/bxaa161",

language = "英语",

volume = "64",

pages = "1264--1276",

journal = "Computer Journal",

issn = "0010-4620",

publisher = "Oxford University Press",

number = "8",

}

TY - JOUR

T1 - Improved File-injection Attacks on Searchable Encryption Using Finite Set Theory

AU - Wang, Gaoli

AU - Cao, Zhenfu

AU - Dong, Xiaolei

PY - 2021/8/1

Y1 - 2021/8/1

N2 - Searchable encryption (SE) allows the cloud server to search over the encrypted data and leak information as little as possible. Most existing efficient SE schemes assume that the leakage of search pattern and access pattern is acceptable. A series of work was proposed, instructing malicious users to use this leakage to come up with attacks. Especially, with a devastating attack proposed by Zhang et al., the cloud server can reveal the keywords queried by normal users by using some injected files. From the method of constructing uniform $(k,n)$-set of a finite set $A$ proposed by Cao, we put forward a new file-injection attack. In our attack, the server needs fewer injected files than the previous attack when the size of $T$ is larger than 9 and the size of keyword set is larger than $2T$, where $T$ is the threshold of the number of keywords in each injected file. Our attack is more practical and easier to implement in the real scenario.

AB - Searchable encryption (SE) allows the cloud server to search over the encrypted data and leak information as little as possible. Most existing efficient SE schemes assume that the leakage of search pattern and access pattern is acceptable. A series of work was proposed, instructing malicious users to use this leakage to come up with attacks. Especially, with a devastating attack proposed by Zhang et al., the cloud server can reveal the keywords queried by normal users by using some injected files. From the method of constructing uniform $(k,n)$-set of a finite set $A$ proposed by Cao, we put forward a new file-injection attack. In our attack, the server needs fewer injected files than the previous attack when the size of $T$ is larger than 9 and the size of keyword set is larger than $2T$, where $T$ is the threshold of the number of keywords in each injected file. Our attack is more practical and easier to implement in the real scenario.

KW - file-injection attack

KW - finite set theory

KW - leakage

KW - searchable encryption

KW - security

KW - uniform (k,n)-set

UR - https://www.scopus.com/pages/publications/85117248419

U2 - 10.1093/comjnl/bxaa161

DO - 10.1093/comjnl/bxaa161

M3 - 文章

AN - SCOPUS:85117248419

SN - 0010-4620

VL - 64

SP - 1264

EP - 1276

JO - Computer Journal

JF - Computer Journal

IS - 8

ER -

Improved File-injection Attacks on Searchable Encryption Using Finite Set Theory

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this