Searchable encryption (SE) enables efficient search over encrypted databases by allowing a predetermined amount of information leakage during operations. While this leakage is typically considered “inconsequential,” its real-world impact on security remains unclear and must be carefully analyzed. Leakage abuse attacks aim to exploit such leakage to recover sensitive information, such as search queries or database contents. In this paper, we revisit one of the most powerful leakage abuse attacks to date, the \(\textsf{Subgraph}\) attack (NDSS 2020), and examine two critical aspects: its experimental evaluation methodology and its core algorithm. Although empirical evaluation is essential for understanding the effectiveness of these attacks, we show that prior studies often rely on unrealistic experimental assumptions. We identify and analyze this issue and present a sound and realistic evaluation framework for the \(\textsf{Subgraph}\) attack. Our results show that its previously reported effectiveness was indeed overestimated. In addition, we propose two improved variants of the \(\textsf{Subgraph}\) attacks, \(\textsf{Subgraph}\texttt {+}^\textsf{ID}\) and \(\textsf{SimGraph}^\textsf{VL}\) , that exploit allowable leakage commonly considered acceptable in the SE literature. Under our sound experimental setting, these improved attacks achieve up to twice the query recovery performance of the original \(\textsf{Subgraph}\) attacks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Correcting the Record on Leakage Abuse Attacks: Revisiting the Subgraph Attacks with Sound Evaluation

  • Takumi Namiki,
  • Takumi Amada,
  • Mitsugu Iwamoto,
  • Yohei Watanabe

摘要

Searchable encryption (SE) enables efficient search over encrypted databases by allowing a predetermined amount of information leakage during operations. While this leakage is typically considered “inconsequential,” its real-world impact on security remains unclear and must be carefully analyzed. Leakage abuse attacks aim to exploit such leakage to recover sensitive information, such as search queries or database contents. In this paper, we revisit one of the most powerful leakage abuse attacks to date, the \(\textsf{Subgraph}\) attack (NDSS 2020), and examine two critical aspects: its experimental evaluation methodology and its core algorithm. Although empirical evaluation is essential for understanding the effectiveness of these attacks, we show that prior studies often rely on unrealistic experimental assumptions. We identify and analyze this issue and present a sound and realistic evaluation framework for the \(\textsf{Subgraph}\) attack. Our results show that its previously reported effectiveness was indeed overestimated. In addition, we propose two improved variants of the \(\textsf{Subgraph}\) attacks, \(\textsf{Subgraph}\texttt {+}^\textsf{ID}\) and \(\textsf{SimGraph}^\textsf{VL}\) , that exploit allowable leakage commonly considered acceptable in the SE literature. Under our sound experimental setting, these improved attacks achieve up to twice the query recovery performance of the original \(\textsf{Subgraph}\) attacks.