Peekaboo, I See Your Queries: Passive Attacks Against DSSE Via Intermittent Observations - UTU Research Portal

A4 Refereed article in a conference publication

Peekaboo, I See Your Queries: Passive Attacks Against DSSE Via Intermittent Observations

Authors: Nie, Hao; Wang, Wei; Xu, Peng; Chen, Wei; Yang, Laurence T.; Conti, Mauro; Liang, Kaitai

Editors: Huang, Chun-Ying; Chen, Jyh-Cheng; Shieh, Shiuh-Pyng; Lie, David; Cortier, Véronique

Conference name: ACM Conference on Computer and Communications Security

Publication year: 2025

Journal: ACM Conference on Computer and Communications Security

Book title : CCS '25 : Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security

First page : 2429

Last page: 2443

ISBN: 979-8-4007-1525-9

ISSN: 1543-7221

DOI: https://doi.org/10.1145/3719027.3765075

Publication's open availability at the time of reporting: No Open Access

Publication channel's open availability : Partially Open Access publication channel

Web address : https://doi.org/10.1145/3719027.3765075

Abstract

Dynamic Searchable Symmetric Encryption (DSSE) allows secure searches over a dynamic encrypted database but suffers from inherent information leakage. Existing passive attacks against DSSE rely on persistent leakage monitoring to infer leakage patterns, whereas this work targets intermittent observation - a more practical threat model. We propose Peekaboo - a new universal attack framework - and the core design relies on inferring the search pattern and further combining it with auxiliary knowledge and other leakage. We instantiate Peekaboo over the SOTA attacks, Sap (USENIX' 21) and Jigsaw (USENIX' 24), to derive their ''+'' variants (Sap+ and Jigsaw+). Extensive experiments demonstrate that our design achieves >0.9 adjusted rand index for search pattern recovery and ∼90% query accuracy vs. FMA's ∼30% (CCS' 23). Peekaboo's accuracy scales with observation rounds and the number of observed queries but also it resists SOTA countermeasures, with >40% accuracy against file size padding and >80% against obfuscation.

Funding information in the publication:
This work was supported by the National Key Research and Development Program of China under Grant No. 2022YFB4501500 and the National Natural Science Foundation of China under Grant No. 62372201 and No. 62272186.