5

The main motivation for Oblivious RAM (ORAM) is that, for instance, in the "cloud" setting a client outsources his data to a server in the form of encrypted blocks. Later on, he wants to perform read and write operation on these encrypted blocks, which apparently may leak information about what data is stored. ORAM now ensures that the server cannot tell which blocks the client is interested in and whether he is reading or writing.

My question is: Are there any concrete examples/attacks, where the access pattern on encrypted data leaks sensitive data?

Cryptonaut
  • 1,106
  • 7
  • 19

2 Answers2

3

There is a new paper on the topic, the paper is not publicly available yet; however, its slides are available at David Cash, Paul Grubbs, Jason Perry, Tom Ristenpart - Leakage-Abuse Attacks against Searchable Encryption .

A short summary of the talk is available at Seny Kamara - Workshop on Encryption for Secure Search & Other Algorithms:

David Cash also discussed inference attacks. In addition to standard inference attacks, however, he also described attacks where the adversary exploits more than leakage and, in particular, knows or chooses some of documents. The findings were very interesting. One thing that came out of this study was that the IKK attack—while very interesting in theory—is not really practical. There are several technical reasons for this but I’ll leave you to read David’s paper when it appears if you are interested. This study also looked at a new class of schemes (not SSE/structured schemes) that have appeared in the literature recently and showed that they were vulnerable to adversaries who know and/or can choose documents (though to be fair they were not designed with that adversarial model in mind).

CodesInChaos
  • 25,121
  • 2
  • 90
  • 129
Muhammad Naveed
  • 31
  • 2
2

By observing data access patterns in emails researchers were able to infer search pattern.

curious
  • 6,280
  • 6
  • 34
  • 48