We point out the risks of protecting relational databases viaSearchable Symmetric Encryption (SSE) schemes by proposing an infer-ence attack exploiting the structural properties of relational databases.We show that record-injection attacks mounted on relational databaseshave worse consequences than their file-injection counterparts on un-structured databases. Moreover, we discuss some techniques to reducethe effectiveness of inference attacks exploiting the access pattern leak-age existing in SSE schemes. To the best of our knowledge, this is thefirst work that investigates the security of relational databases protectedby SSE schemes.
Publication venue: the 12th Data Privacy and Management (DPM) workshop co-located with ESORICS 2017