Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks

Hao Liu, Boyang Wang, Nan Niu, Shomir Wilson, Xuetao Wei

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Searchable Encryption can search over encrypted data without accessing data or queries in plaintext. It preserves privacy while queries are performed over data on an untrusted server. To ensure the efficiency of search, most Searchable Encryption schemes reveal access patterns, i.e., a server learns which encrypted files are retrieved for each query. Unfortunately, by collecting access patterns, a file-injection attack can completely compromise the query privacy offered by Searchable Encryption. In this paper, we propose a novel pre-encryption obfuscation mechanism, referred to as Vaccine, which can effectively protect searchable encrypted data against a file-injection attack. Specifically, the main idea of Vaccine is to introduce a self file-injection attack, which obfuscates access patterns obtained by an attacker and prevents this attacker from inferring correct queries in plaintext. In addition, by harnessing natural language processing techniques, Vaccine can effectively remove self-injected files from search results, and therefore introduce minimal tradeoffs. Our experimental results on a real-world dataset show that Vaccine can reduce an adversary's guessing probability from 1 to 3.7\times 10^{-3}, which significantly promotes privacy protection. Furthermore, Vaccine introduces only 3.4% false negatives and no false positives in search results.

Original languageEnglish (US)
Title of host publication2019 IEEE Conference on Communications and Network Security, CNS 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages109-117
Number of pages9
ISBN (Electronic)9781538671177
DOIs
StatePublished - Jun 2019
Event2019 IEEE Conference on Communications and Network Security, CNS 2019 - Washington, United States
Duration: Jun 10 2019Jun 12 2019

Publication series

Name2019 IEEE Conference on Communications and Network Security, CNS 2019

Conference

Conference2019 IEEE Conference on Communications and Network Security, CNS 2019
CountryUnited States
CityWashington
Period6/10/196/12/19

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks'. Together they form a unique fingerprint.

  • Cite this

    Liu, H., Wang, B., Niu, N., Wilson, S., & Wei, X. (2019). Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks. In 2019 IEEE Conference on Communications and Network Security, CNS 2019 (pp. 109-117). [8802803] (2019 IEEE Conference on Communications and Network Security, CNS 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNS.2019.8802803