Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks

Hao Liu, Boyang Wang, Nan Niu, Shomir Wilson, Xuetao Wei

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Searchable Encryption can search over encrypted data without accessing data or queries in plaintext. It preserves privacy while queries are performed over data on an untrusted server. To ensure the efficiency of search, most Searchable Encryption schemes reveal access patterns, i.e., a server learns which encrypted files are retrieved for each query. Unfortunately, by collecting access patterns, a file-injection attack can completely compromise the query privacy offered by Searchable Encryption. In this paper, we propose a novel pre-encryption obfuscation mechanism, referred to as Vaccine, which can effectively protect searchable encrypted data against a file-injection attack. Specifically, the main idea of Vaccine is to introduce a self file-injection attack, which obfuscates access patterns obtained by an attacker and prevents this attacker from inferring correct queries in plaintext. In addition, by harnessing natural language processing techniques, Vaccine can effectively remove self-injected files from search results, and therefore introduce minimal tradeoffs. Our experimental results on a real-world dataset show that Vaccine can reduce an adversary's guessing probability from 1 to 3.7\times 10^{-3}, which significantly promotes privacy protection. Furthermore, Vaccine introduces only 3.4% false negatives and no false positives in search results.

Original languageEnglish (US)
Title of host publication2019 IEEE Conference on Communications and Network Security, CNS 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages109-117
Number of pages9
ISBN (Electronic)9781538671177
DOIs
StatePublished - Jun 1 2019
Event2019 IEEE Conference on Communications and Network Security, CNS 2019 - Washington, United States
Duration: Jun 10 2019Jun 12 2019

Publication series

Name2019 IEEE Conference on Communications and Network Security, CNS 2019

Conference

Conference2019 IEEE Conference on Communications and Network Security, CNS 2019
CountryUnited States
CityWashington
Period6/10/196/12/19

Fingerprint

Vaccines
Cryptography
Servers
Injection
Query
Attack
Vaccine
Encryption
Processing
Privacy

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Cite this

Liu, H., Wang, B., Niu, N., Wilson, S., & Wei, X. (2019). Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks. In 2019 IEEE Conference on Communications and Network Security, CNS 2019 (pp. 109-117). [8802803] (2019 IEEE Conference on Communications and Network Security, CNS 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNS.2019.8802803
Liu, Hao ; Wang, Boyang ; Niu, Nan ; Wilson, Shomir ; Wei, Xuetao. / Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks. 2019 IEEE Conference on Communications and Network Security, CNS 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 109-117 (2019 IEEE Conference on Communications and Network Security, CNS 2019).
@inproceedings{93f8a749e6c04368a312884986b9fb98,
title = "Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks",
abstract = "Searchable Encryption can search over encrypted data without accessing data or queries in plaintext. It preserves privacy while queries are performed over data on an untrusted server. To ensure the efficiency of search, most Searchable Encryption schemes reveal access patterns, i.e., a server learns which encrypted files are retrieved for each query. Unfortunately, by collecting access patterns, a file-injection attack can completely compromise the query privacy offered by Searchable Encryption. In this paper, we propose a novel pre-encryption obfuscation mechanism, referred to as Vaccine, which can effectively protect searchable encrypted data against a file-injection attack. Specifically, the main idea of Vaccine is to introduce a self file-injection attack, which obfuscates access patterns obtained by an attacker and prevents this attacker from inferring correct queries in plaintext. In addition, by harnessing natural language processing techniques, Vaccine can effectively remove self-injected files from search results, and therefore introduce minimal tradeoffs. Our experimental results on a real-world dataset show that Vaccine can reduce an adversary's guessing probability from 1 to 3.7\times 10^{-3}, which significantly promotes privacy protection. Furthermore, Vaccine introduces only 3.4{\%} false negatives and no false positives in search results.",
author = "Hao Liu and Boyang Wang and Nan Niu and Shomir Wilson and Xuetao Wei",
year = "2019",
month = "6",
day = "1",
doi = "10.1109/CNS.2019.8802803",
language = "English (US)",
series = "2019 IEEE Conference on Communications and Network Security, CNS 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "109--117",
booktitle = "2019 IEEE Conference on Communications and Network Security, CNS 2019",
address = "United States",

}

Liu, H, Wang, B, Niu, N, Wilson, S & Wei, X 2019, Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks. in 2019 IEEE Conference on Communications and Network Security, CNS 2019., 8802803, 2019 IEEE Conference on Communications and Network Security, CNS 2019, Institute of Electrical and Electronics Engineers Inc., pp. 109-117, 2019 IEEE Conference on Communications and Network Security, CNS 2019, Washington, United States, 6/10/19. https://doi.org/10.1109/CNS.2019.8802803

Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks. / Liu, Hao; Wang, Boyang; Niu, Nan; Wilson, Shomir; Wei, Xuetao.

2019 IEEE Conference on Communications and Network Security, CNS 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 109-117 8802803 (2019 IEEE Conference on Communications and Network Security, CNS 2019).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks

AU - Liu, Hao

AU - Wang, Boyang

AU - Niu, Nan

AU - Wilson, Shomir

AU - Wei, Xuetao

PY - 2019/6/1

Y1 - 2019/6/1

N2 - Searchable Encryption can search over encrypted data without accessing data or queries in plaintext. It preserves privacy while queries are performed over data on an untrusted server. To ensure the efficiency of search, most Searchable Encryption schemes reveal access patterns, i.e., a server learns which encrypted files are retrieved for each query. Unfortunately, by collecting access patterns, a file-injection attack can completely compromise the query privacy offered by Searchable Encryption. In this paper, we propose a novel pre-encryption obfuscation mechanism, referred to as Vaccine, which can effectively protect searchable encrypted data against a file-injection attack. Specifically, the main idea of Vaccine is to introduce a self file-injection attack, which obfuscates access patterns obtained by an attacker and prevents this attacker from inferring correct queries in plaintext. In addition, by harnessing natural language processing techniques, Vaccine can effectively remove self-injected files from search results, and therefore introduce minimal tradeoffs. Our experimental results on a real-world dataset show that Vaccine can reduce an adversary's guessing probability from 1 to 3.7\times 10^{-3}, which significantly promotes privacy protection. Furthermore, Vaccine introduces only 3.4% false negatives and no false positives in search results.

AB - Searchable Encryption can search over encrypted data without accessing data or queries in plaintext. It preserves privacy while queries are performed over data on an untrusted server. To ensure the efficiency of search, most Searchable Encryption schemes reveal access patterns, i.e., a server learns which encrypted files are retrieved for each query. Unfortunately, by collecting access patterns, a file-injection attack can completely compromise the query privacy offered by Searchable Encryption. In this paper, we propose a novel pre-encryption obfuscation mechanism, referred to as Vaccine, which can effectively protect searchable encrypted data against a file-injection attack. Specifically, the main idea of Vaccine is to introduce a self file-injection attack, which obfuscates access patterns obtained by an attacker and prevents this attacker from inferring correct queries in plaintext. In addition, by harnessing natural language processing techniques, Vaccine can effectively remove self-injected files from search results, and therefore introduce minimal tradeoffs. Our experimental results on a real-world dataset show that Vaccine can reduce an adversary's guessing probability from 1 to 3.7\times 10^{-3}, which significantly promotes privacy protection. Furthermore, Vaccine introduces only 3.4% false negatives and no false positives in search results.

UR - http://www.scopus.com/inward/record.url?scp=85071718356&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85071718356&partnerID=8YFLogxK

U2 - 10.1109/CNS.2019.8802803

DO - 10.1109/CNS.2019.8802803

M3 - Conference contribution

AN - SCOPUS:85071718356

T3 - 2019 IEEE Conference on Communications and Network Security, CNS 2019

SP - 109

EP - 117

BT - 2019 IEEE Conference on Communications and Network Security, CNS 2019

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Liu H, Wang B, Niu N, Wilson S, Wei X. Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks. In 2019 IEEE Conference on Communications and Network Security, CNS 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 109-117. 8802803. (2019 IEEE Conference on Communications and Network Security, CNS 2019). https://doi.org/10.1109/CNS.2019.8802803