Off-line keyword guessing attacks on recent keyword search schemes over encrypted data

  • Authors:
  • Jin Wook Byun;Hyun Suk Rhee;Hyun-A Park;Dong Hoon Lee

  • Affiliations:
  • Center for Information Security Technologies (CIST), Korea University, Seoul, Korea;Center for Information Security Technologies (CIST), Korea University, Seoul, Korea;Center for Information Security Technologies (CIST), Korea University, Seoul, Korea;Center for Information Security Technologies (CIST), Korea University, Seoul, Korea

  • Venue:
  • SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

A keyword search scheme over encrypted documents allows for remote keyword search of documents by a user in possession of a trapdoor (secret key). A data supplier first uploads encrypted documents on a storage system, and then a user of the storage system searches documents containing keywords while insider (such as administrators of the storage system) and outsider attackers do not learn anything else about the documents. In this paper, we firstly raise a serious vulnerability of recent keyword search schemes, which lies in the fact that keywords are chosen from much smaller space than passwords and users usually use well-known keywords for search of document. Hence this fact sufficiently gives rise to an off-line keyword guessing attack. Unfortunately, we observe that the recent public key-based keyword search schemes are susceptible to an off-line keyword guessing attack. We demonstrated that anyone (insider/outsider) can retrieve information of certain keyword from any captured query messages.