Privacy-preserving Searchable Databases with Controllable Leakage

TL;DR

This paper introduces P-McDb, a privacy-preserving searchable encryption scheme that minimizes data leakage, protects against inference attacks, and maintains efficiency, enabling secure multi-cloud database searches.

Contribution

It proposes a novel multi-cloud symmetric searchable encryption scheme with minimal leakage, forward/backward privacy, and resistance to inference and injection attacks.

Findings

P-McDb effectively reduces leakage and protects search patterns.

The scheme resists active injection and inference attacks.

Prototype implementation demonstrates practical efficiency.

Abstract

Searchable Encryption (SE) is a technique that allows Cloud Service Providers (CSPs) to search over encrypted datasets without learning the content of queries and records. In recent years, many SE schemes have been proposed to protect outsourced data from CSPs. Unfortunately, most of them leak sensitive information, from which the CSPs could still infer the content of queries and records by mounting leakage-based inference attacks, such as the count attack and file injection attack. In this work, first we define the leakage in searchable encrypted databases and analyse how the leakage is leveraged in existing leakage-based attacks. Second, we propose a Privacy-preserving Multi-cloud based dynamic symmetric SE (SSE) scheme for relational Database (P-McDb). P-McDb has minimal leakage, which not only ensures confidentiality of queries and records, but also protects the search, access, and size patterns from CSPs. Moreover, P-McDb ensures both forward and backward privacy of the database. Thus, P-McDb could resist existing leakage-based attacks, e.g., active file/record-injection attacks. We give security definition and analysis to show how P-McDb hides the aforementioned patterns. Finally, we implemented a prototype of P-McDb and test it using the TPC-H benchmark dataset. Our evaluation results show the feasibility and practical efficiency of P-McDb.