Change search
Link to record
Permanent link

Direct link
BETA
Publications (3 of 3) Show all publications
Abdelraheem, M., Andersson, T., Gehrmann, C. & Glackin, C. (2018). Practical Attacks on Relational Databases Protected via Searchable Encryption. In: Lecture Notes in Computer Science: . Paper presented at Information Security - 21st International Conference, ISC 2018, Proceedings. 21st Information Security Conference, ISC 2018, Guildford, United Kingdom 2018-09-08 -- 2018-09-11 (pp. 171-191).
Open this publication in new window or tab >>Practical Attacks on Relational Databases Protected via Searchable Encryption
2018 (English)In: Lecture Notes in Computer Science, 2018, p. 171-191Conference paper, Published paper (Refereed)
Abstract [en]

Searchable symmetric encryption (SSE) schemes are commonly proposed to enable search in a protected unstructured documents such as email archives or any set of sensitive text files. However, some SSE schemes have been recently proposed in order to protect relational databases. Most of the previous attacks on SSE schemes have only targeted its common use case, protecting unstructured data. In this work, we propose a new inference attack on relational databases protected via SSE schemes. Our inference attack enables a passive adversary with only basic knowledge about the meta-data information of the target relational database to recover the attribute names of some observed queries. This violates query privacy since the attribute name of a query is secret.

Keywords
Query languages, Query processing, Security of data, E-mail archives, Inference attacks, Passive adversary, Relational Database, Searchable encryptions, Symmetric encryption, Unstructured data, Unstructured documents, Cryptography
National Category
Natural Sciences
Identifiers
urn:nbn:se:ri:diva-35902 (URN)10.1007/978-3-319-99136-8_10 (DOI)2-s2.0-85053994380 (Scopus ID)9783319991351 (ISBN)
Conference
Information Security - 21st International Conference, ISC 2018, Proceedings. 21st Information Security Conference, ISC 2018, Guildford, United Kingdom 2018-09-08 -- 2018-09-11
Note

Funding details: ICT-07-2014; Funding details: 644814; Funding text: Acknowledgments. This work was supported by European Union’s Horizon 2020 research and innovation programme under grant agreement No 644814, the PaaSword project within the ICT Programme ICT-07-2014: Advanced Cloud Infrastructures and Services.

Available from: 2018-11-07 Created: 2018-11-07 Last updated: 2019-01-18Bibliographically approved
Gunnarsson, M., Andersson, T. & Seitz, L. (2017). Performance and overhead evaluation of OSCOAP and DTLS. Kista, Sweden
Open this publication in new window or tab >>Performance and overhead evaluation of OSCOAP and DTLS
2017 (English)Report (Other academic)
Abstract [en]

In this report we compare the OSCOAP protocol to CoAP overDTLS-PSK to evaluate their performance in constrained devices

Place, publisher, year, edition, pages
Kista, Sweden: , 2017. p. 7
Series
SICS Technical Report, ISSN 1100-3154 ; T2017:05
Keywords
IoT, M2M, Security, OSCOAP, DTLS, CoAP, Constrained Devices, LLN
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-32611 (URN)
Available from: 2017-11-13 Created: 2017-11-13 Last updated: 2018-08-24Bibliographically approved
Abdelraheem, M. A., Andersson, T. & Gehrmann, C. (2017). Searchable Encrypted Relational Databases:Risks and Countermeasures. In: Joaquin Garcia-Alfaro et al. (Ed.), Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2017 International Workshops, DPM 2017 and CBT 2017, Oslo, Norway, September 14-15, 2017, Proceedings. Paper presented at ESORICS 2017 International Workshops: DPM 2017 (pp. 70-85). Gewerbestrasse 11, 6330 Cham, Switzerland: Springer Nature, 10436
Open this publication in new window or tab >>Searchable Encrypted Relational Databases:Risks and Countermeasures
2017 (English)In: Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2017 International Workshops, DPM 2017 and CBT 2017, Oslo, Norway, September 14-15, 2017, Proceedings / [ed] Joaquin Garcia-Alfaro et al., Gewerbestrasse 11, 6330 Cham, Switzerland: Springer Nature , 2017, Vol. 10436, p. 70-85Conference paper, Published paper (Refereed)
Abstract [en]

We point out the risks of protecting relational databases viaSearchable Symmetric Encryption (SSE) schemes by proposing an infer-ence attack exploiting the structural properties of relational databases.We show that record-injection attacks mounted on relational databaseshave worse consequences than their file-injection counterparts on un-structured databases. Moreover, we discuss some techniques to reducethe effectiveness of inference attacks exploiting the access pattern leak-age existing in SSE schemes. To the best of our knowledge, this is thefirst work that investigates the security of relational databases protectedby SSE schemes.

Place, publisher, year, edition, pages
Gewerbestrasse 11, 6330 Cham, Switzerland: Springer Nature, 2017
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 10436
Keywords
Privacy. SSE Database. Inference Attacks.
National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-33180 (URN)10.1007/978-3-319-67816-0 (DOI)2-s2.0-85030152876 (Scopus ID)978-3-319-67816-0 (ISBN)
Conference
ESORICS 2017 International Workshops: DPM 2017
Projects
PaaSword
Note

Publication venue: the 12th Data Privacy and Management (DPM) workshop co-located with ESORICS 2017

Available from: 2018-01-23 Created: 2018-01-23 Last updated: 2019-01-29Bibliographically approved
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-6229-2809

Search in DiVA

Show all publications
v. 2.35.8