Don't fool yourself with Forward Privacy, Your queries STILL belong to us!

ABSTRACTDynamic Searchable Symmetric Encryption (DSSE) enables a user to perform encrypted search queries on encrypted data stored on a server. Recently, a notion of Forward Privacy (FP) was introduced to guarantee that a newly added document cannot be linked to previous queries, and to thwart relative attacks and lessen information leakage and its consequences. However, in this paper we show that the forward-private schemes have no advantage (in preventing the related attacks) compared to traditional approaches, and previous attacks are still applicable on FP schemes. In FP approaches, access pattern leakage is still possible and can be employed to uncover the search pattern which can be used by passive and adaptive attacks. To address this issue, we construct a new parallelizable DSSE approach to obfuscate the access and search pattern. Our cost-efficient scheme supports both updates and searches. Our security proof and performance analysis demonstrate the practicality, efficiency, and security of our approach.