Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks

Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, K. Paterson
{"title":"Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks","authors":"Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, K. Paterson","doi":"10.1109/SP.2019.00030","DOIUrl":null,"url":null,"abstract":"We show that the problem of reconstructing encrypted databases from access pattern leakage is closely related to statistical learning theory. This new viewpoint enables us to develop broader attacks that are supported by streamlined performance analyses. First, we address the problem of ε-approximate database reconstruction (ε-ADR) from range query leakage, giving attacks whose query cost scales only with the relative error ε, and is independent of the size of the database, or the number N of possible values of data items. This already goes significantly beyond the state-of-the-art for such attacks, as represented by Kellaris et al. (ACM CCS 2016) and Lacharité et al. (IEEE S&P 2018). We also study the new problem of ε-approximate order reconstruction (ε-AOR), where the adversary is tasked with reconstructing the order of records, except for records whose values are approximately equal. We show that as few as O(ε^−1 log ε^−1) uniformly random range queries suffice. Our analysis relies on an application of learning theory to PQ-trees, special data structures tuned to compactly record certain ordering constraints. We then show that when an auxiliary distribution is available, ε-AOR can be enhanced to achieve ε-ADR; using real data, we show that devastatingly small numbers of queries are needed to attain very accurate database reconstruction. Finally, we generalize from ranges to consider what learning theory tells us about the impact of access pattern leakage for other classes of queries, focusing on prefix and suffix queries. We illustrate this with both concrete attacks for prefix queries and with a general lower bound for all query classes. We also show a very general reduction from reconstruction with known or chosen queries to PAC learning.","PeriodicalId":272713,"journal":{"name":"2019 IEEE Symposium on Security and Privacy (SP)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"103","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2019.00030","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 103

Abstract

We show that the problem of reconstructing encrypted databases from access pattern leakage is closely related to statistical learning theory. This new viewpoint enables us to develop broader attacks that are supported by streamlined performance analyses. First, we address the problem of ε-approximate database reconstruction (ε-ADR) from range query leakage, giving attacks whose query cost scales only with the relative error ε, and is independent of the size of the database, or the number N of possible values of data items. This already goes significantly beyond the state-of-the-art for such attacks, as represented by Kellaris et al. (ACM CCS 2016) and Lacharité et al. (IEEE S&P 2018). We also study the new problem of ε-approximate order reconstruction (ε-AOR), where the adversary is tasked with reconstructing the order of records, except for records whose values are approximately equal. We show that as few as O(ε^−1 log ε^−1) uniformly random range queries suffice. Our analysis relies on an application of learning theory to PQ-trees, special data structures tuned to compactly record certain ordering constraints. We then show that when an auxiliary distribution is available, ε-AOR can be enhanced to achieve ε-ADR; using real data, we show that devastatingly small numbers of queries are needed to attain very accurate database reconstruction. Finally, we generalize from ranges to consider what learning theory tells us about the impact of access pattern leakage for other classes of queries, focusing on prefix and suffix queries. We illustrate this with both concrete attacks for prefix queries and with a general lower bound for all query classes. We also show a very general reduction from reconstruction with known or chosen queries to PAC learning.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
学习重构:统计学习理论和加密数据库攻击
我们证明了从访问模式泄漏中重构加密数据库的问题与统计学习理论密切相关。这个新的观点使我们能够开发更广泛的攻击,这些攻击是由流线型性能分析支持的。首先,我们解决了范围查询泄漏的ε-近似数据库重构(ε- adr)问题,给出了查询代价仅与相对误差ε相关的攻击,并且与数据库的大小或数据项的可能值的个数N无关。这已经大大超过了Kellaris等人(ACM CCS 2016)和lacharit等人(IEEE S&P 2018)所代表的此类攻击的最新技术。我们还研究了ε-近似顺序重建(ε-AOR)的新问题,其中对手的任务是重建记录的顺序,除了值近似相等的记录。我们证明只需O(ε^−1 log ε^−1)均匀随机范围查询就足够了。我们的分析依赖于学习理论对pq树的应用,pq树是一种特殊的数据结构,用于紧凑地记录某些排序约束。当有辅助分布时,可以增强ε-AOR以达到ε-ADR;通过使用真实数据,我们可以看到,只需要很少的查询就可以获得非常精确的数据库重建。最后,我们从范围进行推广,以考虑学习理论告诉我们访问模式泄漏对其他查询类的影响,重点关注前缀和后缀查询。我们用前缀查询的具体攻击和所有查询类的一般下界来说明这一点。我们还展示了从使用已知或选择的查询进行重构到PAC学习的非常普遍的简化。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation PrivKV: Key-Value Data Collection with Local Differential Privacy Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1