We use cookies to improve your experience with our site.

揭序加密:文件注入攻击和前向安全

Order-Revealing Encryption: File-Injection Attack and Forward Security

  • 摘要: 保序加密和揭序加密是应用于加密数据库中的两个重要的密码学工具。本文主要对保序/揭序加密的泄露及其前向安全性进行了研究。
    本文给出了针对保序/揭序加密通用且强大的文件注入攻击,其中,该攻击利用了排序操作和范围查询。本文给出的文件注入攻击不需要数据的密度或频率信息,而仅仅利用了保序加密/揭序加密的理想化泄露。该文件注入攻击可以通过利用频率统计信息借助分层的思想进行进一步的效率优化,使得那些高频率的明文数值可以被更快的恢复。为测试文件注入攻击方案的性能,在真实数据集上做了相关实验,结果表明给出的文件注入攻击对现有的绝大多数保序加密和揭序加密方案造成了极大的威胁,即具有高效性和100%恢复率。
    接下来,本文对揭序加密的前向安全性进行了形式化,并给出了一个能够达到前向安全且抗文件注入攻击的实用化编译框架。该编译框架能够在较小的计算和存储开销下,将现有的绝大部分保序/揭序加密方案转换为前向安全的揭序加密方案。同时,本文还对该框架的安全性和效率进行了分析,即给出了相应的安全证明和实验数据。

     

    Abstract: Order-preserving encryption (OPE) and order-revealing encryption (ORE) are among the core ingredients for encrypted databases (EDBs). In this work, we study the leakage of OPE and ORE and their forward security. We propose generic yet powerful file-injection attacks (FIAs) on OPE/ORE, aimed at the situations of possessing order by and range queries. Our FIAs only exploit the ideal leakage of OPE/ORE (in particular, no need of data denseness or frequency). We also improve their efficiency with the frequency statistics using a hierarchical idea such that the high-frequency values will be recovered more quickly. We conduct some experiments on real datasets to test the performance, and the results show that our FIAs can cause an extreme hazard on most of the existing OPEs and OREs with high efficiency and 100% recovery rate. We then formulate forward security of ORE, and propose a practical compilation framework for achieving forward secure ORE to resist the perniciousness of FIA. The compilation framework can transform most of the existing OPEs/OREs into forward secure OREs, with the goal of minimizing the extra burden incurred on computation and storage. We also present its security proof, and execute some experiments to analyze its performance. The proposed compilation is highly efficient and forward secure.

     

/

返回文章
返回