Cetus: an efficient symmetric searchable encryption against file-injection attack with SGX

作     者：Yanyu HUANG Siyi LV Zheli LIU Xiangfu SONG Jin LI Yali YUAN Changyu Dong Yanyu HUANG;Siyi LV;Zheli LIU;Xiangfu SONG;Jin LI;Yali YUAN;Changyu Dong

作者机构：College of Cyber Science and the College of Computer ScienceTianjin Key Laboratory of Network and Data Security TechnologyNankai University School of Computer Science and TechnologyShandong University School of Computer ScienceGuangzhou University Department of Computer ScienceUniversity of G?ttingen School of ComputingNewcastle University 

出 版 物：《Science China(Information Sciences)》 (中国科学:信息科学(英文版))

年 卷 期：2021年第64卷第8期

页      面：195-212页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National Natural Science Foundation of China (Grant No. 61672300) National Natural Science Foundation of Tianjin (Grant No. 18ZXZNGX00140) National Natural Science Foundation for Outstanding Youth Foundation (Grant No. 61722203) 

主　　题：searchable encryption SGX technique file injection attack forward/toward privacy cloud databases 

摘      要：Symmetric searchable encryption(SSE) allows the users to store and query their private data in the encrypted database. Many SSE schemes for different scenarios have been proposed in the past few years, however, most of these schemes still face more or fewer security issues. Using these security leakages,many attacks against the SSE scheme have been proposed, and especially the non-adaptive file injection attack is the most serious. Non-adaptive file injection attack(NAFA) can effectively recover some extremely important private information such as keyword plaintext. As of now, there is no scheme that can effectively defend against such attacks. We first propose the new security attribute called toward privacy to resist nonadaptive file injection attacks. We then present an efficient SSE construction called Cetus to achieve toward privacy. By setting up a buffer and designing the efficient oblivious reading algorithm based on software guard extensions(SGX), we propose the efficient one-time oblivious writing mechanism. Oblivious writing protects the update pattern and allows search operations to be performed directly on the data. The experiment results show that Cetus achieves O(aw) search time and O(1) update communication. The practical search time, communication, and computation overheads incurred by Cetus are lower than those of state-of-the-art.