Query Correlation Attack Against Searchable Symmetric Encryption With Supporting for Conjunctive Queries

Abstract

Searchable symmetric encryption (SSE) supporting conjunctive queries has garnered significant attention over the past decade due to its practicality and wide applicability. While extensive research has addressed common leakages, such as the access pattern and search pattern, efforts to mitigate these vulnerabilities have primarily focused on structural issues inherent to scheme construction. In this work, we shift the focus to a less explored yet critical leakage stemming from users’ inherent querying behaviors: query correlation. Originally introduced by Grubbs et al. [USENIX SEC’20], formally defined by Oya and Kerschbaum [USENIX SEC’22], and leveraged to mount a high-success query recovery attack against single-keyword SSE, query correlation raises a crucial question: does it pose a similar threat to the security of conjunctive SSE? To tackle this issue, we undertake two key efforts. First, we generalize the notion of query correlation in the context of conjunctive SSE, introducing the “generalized query correlation pattern”, which captures the co-occurrence relationships among queried tokens within a conjunctive query. Second, we develop a new passive query recovery attack, QCCK, which exploits both the search pattern and generalized query correlation pattern to infer the mapping between tokens and keywords. Comprehensive evaluations on the Enron dataset confirm QCCK’s efficacy, achieving a query recovery rate of approximately 80% with a keyword universe size ranging from 200 to 1000 and an observed query size between 5000 and 50,000. These findings highlight the significant threat posed by query correlation in conjunctive SSE and underscore the urgent need for robust countermeasures.