Using Query Estimators for Attacking Relational Encrypted Search

Master Thesis


Encrypted search provides a search functionality on encrypted data, e.g., via encrypted SQL queries on a relational encrypted database [3]. These schemes usually possess some well-defined information leakage. Leakage attacks on encrypted search (see [2] for an overview) aim to abuse this revealed information with auxiliary knowledge to uncover sensitive plaintext information. However, these have largely not been considered for the case of relational databases. Furthermore, they often rely on basic estimates of, e.g., the cardinality. To optimize relational Database Management Systems (DBMS), query estimator techniques [1] for, e.g., the cardinality using some knowledge of the data also play an important role in DBMS research and are significantly more advanced than those used in leakage attacks thus far.


This thesis aims at leveraging DBMS techniques [1] in attacks against relational encrypted search [2]. Suitable candidates should be found, selected, and evaluated. Existing applicable attacks should be transformed into the relational setting, targeting the construction of [3]. Candidate estimators should be incorporated into these attacks. The relational attacks should be implemented in the LEAKER framework for leakage attack evaluations [2], building on an already existing relational backend. The attacks should be evaluated on a range of real-world relational data, e.g., the medical data set MIMIC [4] to see the efficacy of the different attacks and estimators on this setting.