Leakage Models and Inference Attacks on Searchable Encryption for Cyber-Physical Social Systems

Searchable encryption (SE) schemes, such as those deployed for cyber-physical social systems, may be vulnerable to inference attacks. In such attacks, attackers seek to learn sensitive information about the queries and data stored on the (cyber-physical social) systems. However, these attacks are often based on strong (impractical) assumptions (e.g., the complete knowledge of documents or known document injection) using access-pattern leakage. In this paper, we first identify different leakage models based on the leakage profiles of common SE schemes, and then design inference methods accordingly. In particular, based on the leakage models, we show that some information leakage allows a very powerful attack with little prior knowledge. We then propose new inference attacks in which an adversary only needs to have a partial knowledge of target documents. Unlike previous attacks, the proposed inference algorithms perform effective document-mapping attacks before query recovery attacks, in the sense that they are more efficient and scalable without requiring optimization overheads. We then use experiments to demonstrate their effectiveness.