Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data Stores

Leqian Zheng, Lei Xu, Cong Wang, Sheng Wang, Yuke Hu, Zhan Qin, Feifei Li, Kui Ren

TL;DR

SWAT addresses the challenge of protecting encrypted data stores from multiple leakage patterns with tunable privacy-efficiency trade-offs. It combines a trusted client proxy, bucketized data organization, and differential oblivious techniques to support key-value, range-query, and dynamic workloads within an SGX-based framework. The approach introduces theta-query decorrelation, nearly zero-leakage range queries, and a k-way DO-merge for dynamization, achieving strong security guarantees (e.g., DO and ROR-CRDA) while delivering practical performance—about $10.6\times$ slower than encryption-only and $31.6\times$ faster than a fully zero-leakage baseline. The empirical evaluation shows Swat is competitive with state-of-the-art leakage-mitigation designs for specific workloads and emphasizes tunability to adapt to workload characteristics and bandwidth costs, enabling system-wide leakage mitigation in real deployments.

Abstract

Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. While many solutions have been proposed to mitigate these leakages, they either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various workloads, thereby impeding the attainment of fine-tuned privacy-efficiency trade-offs. In light of various detrimental leakage patterns, this paper starts with an investigation into which specific leakage patterns require our focus in the contexts of key-value, range-query, and dynamic workloads, respectively. Subsequently, we introduce new security notions tailored to the specific privacy requirements of these workloads. Accordingly, we propose and instantiate SWAT, an efficient construction that progressively enables these workloads, while provably mitigating system-wide leakage via a suite of algorithms with tunable privacy-efficiency trade-offs. We conducted extensive experiments and compiled a detailed result analysis, showing the efficiency of our solution. SWATis about an order of magnitude slower than an encryption-only data store that reveals various leakage patterns and is two orders of magnitude faster than a trivial zero-leakage solution. Meanwhile, the performance of SWATremains highly competitive compared to other designs that mitigate specific types of leakage.

SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data Stores

TL;DR

SWAT addresses the challenge of protecting encrypted data stores from multiple leakage patterns with tunable privacy-efficiency trade-offs. It combines a trusted client proxy, bucketized data organization, and differential oblivious techniques to support key-value, range-query, and dynamic workloads within an SGX-based framework. The approach introduces theta-query decorrelation, nearly zero-leakage range queries, and a k-way DO-merge for dynamization, achieving strong security guarantees (e.g., DO and ROR-CRDA) while delivering practical performance—about slower than encryption-only and faster than a fully zero-leakage baseline. The empirical evaluation shows Swat is competitive with state-of-the-art leakage-mitigation designs for specific workloads and emphasizes tunability to adapt to workload characteristics and bandwidth costs, enabling system-wide leakage mitigation in real deployments.

Abstract

Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. While many solutions have been proposed to mitigate these leakages, they either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various workloads, thereby impeding the attainment of fine-tuned privacy-efficiency trade-offs. In light of various detrimental leakage patterns, this paper starts with an investigation into which specific leakage patterns require our focus in the contexts of key-value, range-query, and dynamic workloads, respectively. Subsequently, we introduce new security notions tailored to the specific privacy requirements of these workloads. Accordingly, we propose and instantiate SWAT, an efficient construction that progressively enables these workloads, while provably mitigating system-wide leakage via a suite of algorithms with tunable privacy-efficiency trade-offs. We conducted extensive experiments and compiled a detailed result analysis, showing the efficiency of our solution. SWATis about an order of magnitude slower than an encryption-only data store that reveals various leakage patterns and is two orders of magnitude faster than a trivial zero-leakage solution. Meanwhile, the performance of SWATremains highly competitive compared to other designs that mitigate specific types of leakage.
Paper Structure (16 sections, 4 theorems, 9 equations, 9 figures, 2 tables, 3 algorithms)

This paper contains 16 sections, 4 theorems, 9 equations, 9 figures, 2 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Our Contributions
  3. Background
  4. Syntax and System Model
  5. Threat Model and Security Definitions
  6. Swat Design
  7. Overview
  8. $\theta$-query Decorrelation in Frequency-Smoothed KV Stores
  9. Nearly Zero-Leakage Range Query Support
  10. Differentially Oblivious Dynamization
  11. Security Assurance and Efficiency Tuning
  12. Experimental Evaluation
  13. Experimental Setup
  14. Experiment Stages
  15. Related Work
  16. ...and 1 more sections

Key Result

Theorem 1

Swat with an unweighted sampling policy achieves $\theta$-query decorrelation in def:decorrelation.

Figures (9)

  • Figure 1: Upon receiving a query, the client proxy splits it into bucket accesses based on tags prepared by the cloud server's enclave. These accesses are added to a sampling pool, from which a batch of bucket IDs is randomly selected. The proxy also filters false positives in those buckets and returns the final results to the client. Upon receiving an update, the client proxy caches it until a bucket of updates accumulates. Subsequently, the client proxy sorts these updates and uploads them to the server's enclave. The enclave then updates the encrypted data store in a differentially oblivious way.
  • Figure 2: An example of $3$-binomial transform. At each step $t$, layers from top to bottom hold $\binom{D_1}{1}$, $\binom{D_2}{2}$, and $\binom{D_3}{3}$ items, respectively, resulting in a total of $t$ items. We have $D_1=2$, $D_2=3$, and $D_3=4$ for $t=9$. Inserting one more element will trigger the destruction of all three layers and rebuild them into a new one in the third layer, with $D_1=0,\ D_2=1,\ D_3=5$.
  • Figure 3: Observed query transition frequencies following the Markov process in \ref{['fig:markovModel']}. Reduced color variation signifies a decrease in observed query correlation. The rightmost figure represents a scenario in which queries are generated independently.
  • Figure 4: Markov model (left) and its stationary distribution of queried keywords (right).
  • Figure 5: Privacy benefits and efficiency penalties over varying sampling pool sizes $\theta$ and weight update policies against Pancake. RSD lines denotes relative standard deviation that measures the degree of dispersion of frequencies relative to the uniform. Latency bars, measured by the number of batches to retrieve the target data, serves as a key performance indicator to reflect system responsiveness. The three middle bars from left to right represent exponential, linear, and constant updates to sampling weights in each batch.
  • ...and 4 more figures

Theorems & Definitions (7)

  • Definition 1: $\theta$-query decorrelation
  • Definition 2
  • Theorem 1
  • Theorem 2: DO$_{\text{update}}$-ODDS
  • Definition 3: Real-or-random indistinguishability under chosen-range-query-distribution attacks
  • Theorem 3
  • Theorem 4: DO$_{\text{update}}$-ODDS