SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data Stores

TL;DR

SWAT is a flexible, efficient system that mitigates multiple leakage patterns in encrypted data stores, offering tunable privacy and performance trade-offs tailored to different workload types.

Contribution

The paper introduces SWAT, a novel system that provides workload-specific, tunable leakage mitigation with provable security guarantees, improving privacy-efficiency balance in encrypted data stores.

Findings

SWAT achieves near encryption-only performance with significant leakage mitigation.

SWAT is an order of magnitude slower than encryption-only but faster than zero-leakage solutions.

Performance of SWAT remains competitive compared to existing leakage-specific mitigation methods.

Abstract

Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. While many solutions have been proposed to mitigate these leakages, they either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various workloads, thereby impeding the attainment of fine-tuned privacy-efficiency trade-offs. In light of various detrimental leakage patterns, this paper starts with an investigation into which specific leakage patterns require our focus in the contexts of key-value, range-query, and dynamic workloads, respectively. Subsequently, we introduce new security notions tailored to the specific privacy requirements of these workloads. Accordingly, we propose and instantiate SWAT, an efficient construction that progressively enables these workloads, while provably mitigating system-wide leakage via a suite of algorithms with tunable privacy-efficiency trade-offs. We conducted extensive experiments and compiled a detailed result analysis, showing the efficiency of our solution. SWATis about an order of magnitude slower than an encryption-only data store that reveals various leakage patterns and is two orders of magnitude faster than a trivial zero-leakage solution. Meanwhile, the performance of SWATremains highly competitive compared to other designs that mitigate specific types of leakage.