S-Leak: Leakage-Abuse Attack Against Efficient Conjunctive SSE via s-term Leakage

TL;DR

This paper introduces S-Leak, a passive attack exploiting s-term leakage in conjunctive searchable encryption, revealing significant vulnerabilities and challenging existing security assumptions in multi-keyword search schemes.

Contribution

It presents the first attack framework that effectively recovers conjunctive queries by exploiting s-term leakage, highlighting a critical security flaw in current CSSE schemes.

Findings

Achieves over 95% accuracy in recovering at least one keyword in queries.

Remains effective against defenses like padding and obfuscation.

Reveals the need to reconsider leakage models in multi-keyword searchable encryption.

Abstract

Conjunctive Searchable Symmetric Encryption (CSSE) enables secure conjunctive searches over encrypted data. While leakage-abuse attacks (LAAs) against single-keyword SSE have been extensively studied, their extension to conjunctive queries faces a critical challenge: the combinatorial explosion of candidate keyword combinations, leading to enormous time and space overhead for attacks. In this paper, we reveal a fundamental vulnerability in state-of-the-art CSSE schemes: s-term leakage, where the keyword with the minimal document frequency in a query leaks distinct patterns. We propose S-Leak, the first passive attack framework that progressively recovers conjunctive queries by exploiting s-term leakage and global leakage. Our key innovation lies in a three-stage approach: identifying the s-term of queries, pruning low-probability keyword conjunctions, and reconstructing full queries. We propose novel metrics to better assess attacks in conjunctive query scenarios. Empirical evaluations on real-world datasets demonstrate that our attack is effective in diverse CSSE configurations. When considering 161,700 conjunctive keyword queries, our attack achieves a 95.15% accuracy in recovering at least one keyword, 82.57% for at least two, 58% for all three keywords, and maintains efficacy against defenses such as SEAL padding and CLRZ obfuscation. Our work exposes the underestimated risks of s-term leakage in practical SSE deployments and calls for a redesign of leakage models for multi-keyword search scenarios.