Department of Computer Science
Leakage-Abuse Attacks Against Searchable Encryption
- Publication Type: Conference Publications
- Publication Date: 2015-10-01
- Journal Volume: CCS 2015
- Conference Location: Denver, CO
- Link to Content 1: [eprint]
- Abstract: Schemes for secure outsourcing of client data with search capability are being increasingly marketed and deployed. In the literature, schemes for accomplishing this efficiently are called Searchable Encryption (SE). They achieve high efficiency with provable security by means of a quantifiable leakage profile. However, the degree to which SE leakage can be exploited by an adversary is not well understood. To address this, we present a characterization of the leakage profiles of in-the-wild searchable encryption products and SE schemes in the literature, and present attack models based on an adversarial server’s prior knowledge. Then we empirically investigate the security of searchable encryption by providing query recovery and plaintext recovery attacks that exploit these leakage profiles. We term these 'leakage-abuse attacks' and demonstrate their effectiveness for varying leakage profiles and levels of server knowledge, for realistic scenarios. Amongst our contributions are realistic active attacks which have not been previously explored.
We are committed to fostering a safe environment while upholding the principles of academic freedom and free expression of our community.
We're Hiring
Undergraduate
Graduate
Research
Upcoming Events
| 12 May 2026; - 02:30PM - 04:30PM Enhancing Consistency Models for Multi-Agent Trajectory Prediction |
| 13 May 2026; - 01:00PM - 02:00PM Towards Efficient Multi-LLM Collaborative Debate via Reinforcement Learning |
| 15 May 2026; - 01:00PM - 03:00PM Towards Compliant Human Trajectory Prediction: From Environment-Aware Generation to Multi-Agent Joint Alignment |
