{"title":"Improved File-injection Attacks on Searchable Encryption Using Finite Set Theory","authors":"Gaoli Wang;Zhenfu Cao;Xiaolei Dong","doi":"10.1093/comjnl/bxaa161","DOIUrl":null,"url":null,"abstract":"Searchable encryption (SE) allows the cloud server to search over the encrypted data and leak information as little as possible. Most existing efficient SE schemes assume that the leakage of search pattern and access pattern is acceptable. A series of work was proposed, instructing malicious users to use this leakage to come up with attacks. Especially, with a devastating attack proposed by Zhang et al., the cloud server can reveal the keywords queried by normal users by using some injected files. From the method of constructing uniform \n<tex>$(k,n)$</tex>\n-set of a finite set \n<tex>$A$</tex>\n proposed by Cao, we put forward a new file-injection attack. In our attack, the server needs fewer injected files than the previous attack when the size of \n<tex>$T$</tex>\n is larger than 9 and the size of keyword set is larger than \n<tex>$2T$</tex>\n, where \n<tex>$T$</tex>\n is the threshold of the number of keywords in each injected file. Our attack is more practical and easier to implement in the real scenario.","PeriodicalId":50641,"journal":{"name":"Computer Journal","volume":"64 8","pages":"1264-1276"},"PeriodicalIF":1.5000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1093/comjnl/bxaa161","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/9579294/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 4
Abstract
Searchable encryption (SE) allows the cloud server to search over the encrypted data and leak information as little as possible. Most existing efficient SE schemes assume that the leakage of search pattern and access pattern is acceptable. A series of work was proposed, instructing malicious users to use this leakage to come up with attacks. Especially, with a devastating attack proposed by Zhang et al., the cloud server can reveal the keywords queried by normal users by using some injected files. From the method of constructing uniform
$(k,n)$
-set of a finite set
$A$
proposed by Cao, we put forward a new file-injection attack. In our attack, the server needs fewer injected files than the previous attack when the size of
$T$
is larger than 9 and the size of keyword set is larger than
$2T$
, where
$T$
is the threshold of the number of keywords in each injected file. Our attack is more practical and easier to implement in the real scenario.
期刊介绍:
The Computer Journal is one of the longest-established journals serving all branches of the academic computer science community. It is currently published in four sections.