Practical searchable encryption scheme against response identity attacks

IF 6.8 1区计算机科学 0 COMPUTER SCIENCE, INFORMATION SYSTEMS Information Sciences Pub Date : 2025-07-01 Epub Date: 2025-02-20 DOI:10.1016/j.ins.2025.121975

Shengming Li , Xuan Jing , Yunling Wang , Xin Xu , Zichen Zhang , Jianfeng Wang

{"title":"Practical searchable encryption scheme against response identity attacks","authors":"Shengming Li , Xuan Jing , Yunling Wang , Xin Xu , Zichen Zhang , Jianfeng Wang","doi":"10.1016/j.ins.2025.121975","DOIUrl":null,"url":null,"abstract":"<div><div>Searchable symmetric encryption (SSE) enables efficient keyword-based search over encrypted data while revealing nothing about data and query beyond some pre-defined leakage, such as access pattern and search pattern. A new class of leakage-abuse attacks, called response identity attacks, can exploit access patterns to recover the queried keywords. Although some progress has been made to resist on response identity attacks, it is challenging to design a practical SSE scheme that resists on response identity attacks while protecting the security of data and queries (i.e., end-to-end SSE). To this end, we first present a novel dynamic SSE scheme supporting toward privacy based on the modified Path-ORAM, where the server cannot identify update patterns. We then design a dynamic end-to-end SSE scheme defending response identity attacks under two non-colluding servers model, which splits each encrypted document into the main document and extra blocks, and stores them separately using different obfuscation strategies. The proposed scheme can prevent adversaries from identifying which document in prior knowledge contains the searched keyword while hiding the data content and queries. Experimental results show that our proposed scheme is superior to the state-of-the-art scheme.</div></div>","PeriodicalId":51063,"journal":{"name":"Information Sciences","volume":"706 ","pages":"Article 121975"},"PeriodicalIF":6.8000,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Sciences","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0020025525001070","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/2/20 0:00:00","PubModel":"Epub","JCR":"0","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Searchable symmetric encryption (SSE) enables efficient keyword-based search over encrypted data while revealing nothing about data and query beyond some pre-defined leakage, such as access pattern and search pattern. A new class of leakage-abuse attacks, called response identity attacks, can exploit access patterns to recover the queried keywords. Although some progress has been made to resist on response identity attacks, it is challenging to design a practical SSE scheme that resists on response identity attacks while protecting the security of data and queries (i.e., end-to-end SSE). To this end, we first present a novel dynamic SSE scheme supporting toward privacy based on the modified Path-ORAM, where the server cannot identify update patterns. We then design a dynamic end-to-end SSE scheme defending response identity attacks under two non-colluding servers model, which splits each encrypted document into the main document and extra blocks, and stores them separately using different obfuscation strategies. The proposed scheme can prevent adversaries from identifying which document in prior knowledge contains the searched keyword while hiding the data content and queries. Experimental results show that our proposed scheme is superior to the state-of-the-art scheme.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

针对响应身份攻击的实用可搜索加密方案

可搜索对称加密（SSE）支持对加密数据进行高效的基于关键字的搜索，同时除了一些预定义的泄漏（如访问模式和搜索模式）之外，不会透露任何关于数据和查询的信息。一种新的泄漏滥用攻击，称为响应身份攻击，可以利用访问模式来恢复查询的关键字。尽管在抵抗响应身份攻击方面已经取得了一些进展，但设计一个实用的SSE方案，既能抵抗响应身份攻击，又能保护数据和查询的安全性（即端到端SSE），这是一个挑战。为此，我们首先提出了一种新的基于修改后的Path-ORAM的支持隐私的动态SSE方案，其中服务器无法识别更新模式。然后，我们在两个非串通服务器模型下设计了一个防御响应身份攻击的动态端到端SSE方案，该方案将每个加密文档拆分为主文档和额外的块，并使用不同的混淆策略分别存储它们。该方案可以在隐藏数据内容和查询的同时，防止攻击者在先验知识中识别包含搜索关键字的文档。实验结果表明，该方案优于现有方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Information Sciences 工程技术-计算机：信息系统

CiteScore

14.00

自引率

17.30%

发文量

1322

审稿时长

10.4 months

期刊介绍： Informatics and Computer Science Intelligent Systems Applications is an esteemed international journal that focuses on publishing original and creative research findings in the field of information sciences. We also feature a limited number of timely tutorial and surveying contributions. Our journal aims to cater to a diverse audience, including researchers, developers, managers, strategic planners, graduate students, and anyone interested in staying up-to-date with cutting-edge research in information science, knowledge engineering, and intelligent systems. While readers are expected to share a common interest in information science, they come from varying backgrounds such as engineering, mathematics, statistics, physics, computer science, cell biology, molecular biology, management science, cognitive science, neurobiology, behavioral sciences, and biochemistry.