Skip to main content
SpringerLink
Log in
Book cover

European Symposium on Research in Computer Security

ESORICS 2019: Computer Security – ESORICS 2019 pp 344–364Cite as

An Efficiently Searchable Encrypted Data Structure for Range Queries

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11736))

Abstract

At CCS 2015 Naveed et al. presented first attacks on efficiently searchable encryption, such as deterministic and order-preserving encryption. These plaintext guessing attacks have been further improved in subsequent work, e.g. by Grubbs et al. in 2016. Such cryptanalysis is crucially important to sharpen our understanding of the implications of security models. In this paper we present an order-preserving encryption scheme in the form of an efficiently searchable, encrypted data structure that is provably secure against these and even more powerful chosen plaintext attacks. Our data structure supports logarithmic-time search with linear space complexity. The indices of our data structure can be used to search by standard comparisons and hence allow easy retrofitting to existing database management systems. We implemented our scheme and show that its search time overhead is only 10 ms compared to non-secure search on a database with 1 million entries.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    In case several cells of a simple data structure are encrypted as a whole, we call this combination a cell of another data structure.

  2. 2.

    Note that in case of public key encryption our definition does not imply that the entire operation can be completed using only the public key.

  3. 3.

    This is easy to see, since they do not encrypt the structural information in their data structure, i.e. the pointers to leaf nodes in the tree, and hence the ciphertexts can be ordered.

  4. 4.

    Recall that the adversary is allowed to submit the same plaintext multi-sets in the -security experiment.

References

  1. http://dblp.l3s.de/dblp++.php

  2. Boelter, T., Poddar, R., Popa, R.A.: A secure one-roundtrip index for range queries. Technical report 568, IACR Cryptology ePrint Archive (2016)

    Google Scholar 

  3. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_13

    Chapter  Google Scholar 

  4. Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_33

    Chapter  Google Scholar 

  5. Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., Zimmerman, J.: Semantically secure order-revealing encryption: multi-input functional encryption without obfuscation. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 563–594. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_19

    Chapter  Google Scholar 

  6. Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_29

    Chapter  Google Scholar 

  7. Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, CCS (2015)

    Google Scholar 

  8. Chenette, N., Lewi, K., Weis, S.A., Wu, D.J.: Practical order-revealing encryption with limited leakage. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 474–493. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_24

    Chapter  MATH  Google Scholar 

  9. Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)

    Article  Google Scholar 

  10. Demertzis, I., Papadopoulos, S., Papapetrou, O., Deligiannakis, A., Garofalakis, M.: Practical private range search revisited. In: Proceedings of the ACM International Conference on Management of Data, SIGMOD (2016)

    Google Scholar 

  11. Ducklin, P.: Anatomy of a password disaster - adobe’s giant-sized cryptographic blunder (2013). https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/

  12. Durak, B., DuBuisson, T., Cash, D.: What else is revealed by order-revealing encryption? In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)

    Google Scholar 

  13. Fitzpatrick, A.: Apple says systems weren’t hacked in nude pics grab (2014). http://time.com/3257945/apple-icloud-brute-force-jennifer-lawrence/

  14. Grubbs, P., McPherson, R., Naveed, M., Ristenpart, T., Shmatikov, V.: Breaking web applications built on top of encrypted data. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)

    Google Scholar 

  15. Grubbs, P., Ristenpart, T., Shmatikov, V.: Why your encrypted database is not secure. Technical report 468, IACR Cryptology ePrint Archive (2017)

    Google Scholar 

  16. Grubbs, P., Sekniqi, K., Bindschaedler, V., Naveed, M., Ristenpart, T.: Leakage-abuse attacks against order-revealing encryption. Technical report 895, IACR Cryptology ePrint Archive (2016)

    Google Scholar 

  17. Hahn, F., Kerschbaum, F.: Poly-logarithmic range queries on encrypted data with small leakage. In: Proceedings of the ACM Workshop on Cloud Computing Security Workshop, CCSW (2016)

    Google Scholar 

  18. Islam, M., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: Proceedings of the 19th Network and Distributed System Security Symposium, NDSS (2012)

    Google Scholar 

  19. Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_9

    Chapter  Google Scholar 

  20. Kellaris, G., Kollios, G., Nissim, K., O’Neill, A.: Generic attacks on secure outsourced databases. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)

    Google Scholar 

  21. Kerschbaum, F.: Frequency-hiding order-preserving encryption. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, CCS (2015)

    Google Scholar 

  22. Kolesnikov, V., Shikfa, A.: On the limits of privacy provided byorder-preserving encryption. Bell Labs Tech. J. 17(3), 135–146 (2012)

    Article  Google Scholar 

  23. Lacharité, M.S., Minaud, B., Paterson, K.: Improved reconstruction attacks on encrypted data using range query leakage. Technical report 701, IACR Cryptology ePrint Archive (2017)

    Google Scholar 

  24. Lewi, K., Wu, D.: Order-revealing encryption: new constructions, applications, and lower bounds. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)

    Google Scholar 

  25. Lu, Y.: Privacy-preserving logarithmic-time search on encrypted data in cloud. In: Proceedings of the 19th Network and Distributed System Security Symposium, NDSS (2012)

    Google Scholar 

  26. McCarthy, K.: Panama papers hack: unpatched wordpress, drupal bugs to blame? (2016). http://www.theregister.co.uk/2016/04/07/panama_papers_unpatched_wordpress_drupal/

  27. Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property-preserving encrypted databases. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, CCS (2015)

    Google Scholar 

  28. Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: 34th IEEE Symposium on Security and Privacy, S&P (2013)

    Google Scholar 

  29. Pouliot, D., Wright, C.: The shadow nemesis: inference attacks on efficiently deployable, efficiently searchable encryption. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)

    Google Scholar 

  30. Roche, D., Apon, D., Choi, S., Yerukhimovich, A.: Pope: partial order preserving encoding. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS (2016)

    Google Scholar 

  31. Shi, E., Bethencourt, J., Chan, H.T.H., Song, D.X., Perrig, A.: Multi-dimensional range query over encrypted data. In: Proceedings of the 2007 Symposium on Security and Privacy, S&P (2007)

    Google Scholar 

  32. Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: Proceedings of the 25th USENIX Security Symposium, USENIX SECURITY (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Waterloo, Waterloo, Canada

    Florian Kerschbaum

  2. SAP, Karlsruhe, Germany

    Anselme Tueno

Authors
  1. Florian Kerschbaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anselme Tueno
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Florian Kerschbaum .

Editor information

Editors and Affiliations

  1. NEC Corporation, Kawasaki, Japan

    Kazue Sako

  2. University of Surrey, Guildford, UK

    Steve Schneider

  3. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter Y. A. Ryan

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kerschbaum, F., Tueno, A. (2019). An Efficiently Searchable Encrypted Data Structure for Range Queries. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29962-0_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29961-3

  • Online ISBN: 978-3-030-29962-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation