Table of Contents
Fetching ...

Enhancing Leakage Attacks on Searchable Symmetric Encryption Using LLM-Based Synthetic Data Generation

Joshua Chiu, Partha Protim Paul, Zahin Wahab

TL;DR

The paper tackles privacy risks in SSE by relaxing the common assumption of substantial leaked data and exploring how LLM-generated synthetic data can empower leakage attacks. It uses Enron emails as a case study and evaluates SAP attacks under a minimal-leak threat model, comparing baseline real-data attacks with random and clustering-based synthetic data augmentation generated by GPT-4o variants. The key finding is that increasing synthetic data size and, critically, applying hierarchical clustering to guide data generation significantly improves keyword inference, sometimes matching performance achieved with much larger real datasets; model choice (GPT-4o vs GPT-4o-mini) has limited impact. This work highlights the growing relevance of LLMs in adversarial contexts and suggests implications for SSE design, threat modeling, and defenses against data-generation-assisted leakage.

Abstract

Searchable Symmetric Encryption (SSE) enables efficient search capabilities over encrypted data, allowing users to maintain privacy while utilizing cloud storage. However, SSE schemes are vulnerable to leakage attacks that exploit access patterns, search frequency, and volume information. Existing studies frequently assume that adversaries possess a substantial fraction of the encrypted dataset to mount effective inference attacks, implying there is a database leakage of such documents, thus, an assumption that may not hold in real-world scenarios. In this work, we investigate the feasibility of enhancing leakage attacks under a more realistic threat model in which adversaries have access to minimal leaked data. We propose a novel approach that leverages large language models (LLMs), specifically GPT-4 variants, to generate synthetic documents that statistically and semantically resemble the real-world dataset of Enron emails. Using the email corpus as a case study, we evaluate the effectiveness of synthetic data generated via random sampling and hierarchical clustering methods on the performance of the SAP (Search Access Pattern) keyword inference attack restricted to token volumes only. Our results demonstrate that, while the choice of LLM has limited effect, increasing dataset size and employing clustering-based generation significantly improve attack accuracy, achieving comparable performance to attacks using larger amounts of real data. We highlight the growing relevance of LLMs in adversarial contexts.

Enhancing Leakage Attacks on Searchable Symmetric Encryption Using LLM-Based Synthetic Data Generation

TL;DR

The paper tackles privacy risks in SSE by relaxing the common assumption of substantial leaked data and exploring how LLM-generated synthetic data can empower leakage attacks. It uses Enron emails as a case study and evaluates SAP attacks under a minimal-leak threat model, comparing baseline real-data attacks with random and clustering-based synthetic data augmentation generated by GPT-4o variants. The key finding is that increasing synthetic data size and, critically, applying hierarchical clustering to guide data generation significantly improves keyword inference, sometimes matching performance achieved with much larger real datasets; model choice (GPT-4o vs GPT-4o-mini) has limited impact. This work highlights the growing relevance of LLMs in adversarial contexts and suggests implications for SSE design, threat modeling, and defenses against data-generation-assisted leakage.

Abstract

Searchable Symmetric Encryption (SSE) enables efficient search capabilities over encrypted data, allowing users to maintain privacy while utilizing cloud storage. However, SSE schemes are vulnerable to leakage attacks that exploit access patterns, search frequency, and volume information. Existing studies frequently assume that adversaries possess a substantial fraction of the encrypted dataset to mount effective inference attacks, implying there is a database leakage of such documents, thus, an assumption that may not hold in real-world scenarios. In this work, we investigate the feasibility of enhancing leakage attacks under a more realistic threat model in which adversaries have access to minimal leaked data. We propose a novel approach that leverages large language models (LLMs), specifically GPT-4 variants, to generate synthetic documents that statistically and semantically resemble the real-world dataset of Enron emails. Using the email corpus as a case study, we evaluate the effectiveness of synthetic data generated via random sampling and hierarchical clustering methods on the performance of the SAP (Search Access Pattern) keyword inference attack restricted to token volumes only. Our results demonstrate that, while the choice of LLM has limited effect, increasing dataset size and employing clustering-based generation significantly improve attack accuracy, achieving comparable performance to attacks using larger amounts of real data. We highlight the growing relevance of LLMs in adversarial contexts.
Paper Structure (25 sections, 1 equation, 1 figure, 2 tables)

This paper contains 25 sections, 1 equation, 1 figure, 2 tables.

Figures (1)

  • Figure 1: Bar chart showing the client's word frequencies sorted in descending order. For each word, the corresponding frequency from the attacker is shown in the same position.