SMSSE: Size-Pattern Mitigation Searchable Symmetric Encryption

Abstract

Searchable Symmetric Encryption (SSE) enables clients to make confidential queries over encrypted data while revealing some formally-defined leakage profiles. Despite the promising performance and application prospects of SSE, the recent leakage-abuse attacks show that a passive adversary can recover queries by exploiting patterns about data disclosed from leakage profiles. Among those attacks, the size pattern is a frequently exploited leakage. Although several countermeasures have been proposed, they can provide neither sufficient protection to mitigate size pattern leakage, nor sufficient scalability for large-scale databases. To address those challenges, we present an SGX-based size-pattern mitigation SSE scheme SMSSE with two tailored response padding approaches and an I/O efficient disk-based index construction. In addition, we evaluate the size pattern leakage after padding through conditional entropy and differential privacy. Furthermore, we demonstrate the scalability robustness of SMSSE on different databases by theoretically deducing the approximate boundary of index reading efficiency under a reasonable query distribution. Experiment results on representative real-world datasets show that SMSSE can provide high utility and strong protection against newly size pattern-based leakage-abuse attacks.