Vaccine:: Obfuscating Access Pattern Against File-Injection Attacks

Abstract

Searchable Encryption can search over encrypted data without accessing data or queries in plaintext. It preserves privacy while queries are performed over data on an untrusted server. To ensure the efficiency of search, most Searchable Encryption schemes reveal access patterns, i.e., a server learns which encrypted files are retrieved for each query. Unfortunately, by collecting access patterns, a file-injection attack can completely compromise the query privacy offered by Searchable Encryption. In this paper, we propose a novel pre-encryption obfuscation mechanism, referred to as Vaccine, which can effectively protect searchable encrypted data against a file-injection attack. Specifically, the main idea of Vaccine is to introduce a self file-injection attack, which obfuscates access patterns obtained by an attacker and prevents this attacker from inferring correct queries in plaintext. In addition, by harnessing natural language processing techniques, Vaccine can effectively remove self-injected files from search results, and therefore introduce minimal tradeoffs. Our experimental results on a real-world dataset show that Vaccine can reduce an adversary's guessing probability from 1 to $3.7\times 10^{-3}$ , which significantly promotes privacy protection. Furthermore, Vaccine introduces only 3.4% false negatives and no false positives in search results.