Searchable Encryption (SE) is a technique that allows Cloud Service Providers to search over encrypted datasets without learning the content of queries and records. In recent years, many SE schemes have been proposed to protect outsourced data. However, most of them leak sensitive information, from which attackers could still infer the content of queries and records by mounting leakage-based inference attacks, such as the count attack and file-injection attack . In this work, first we define the leakage in searchable encrypted databases and analyse how the leakage is leveraged in existing leakage-based attacks. Second, we propose a <underline>P</underline>rivacy-preserving <underline>M</underline>ulti-<underline>c</underline>loud based dynamic symmetric SE scheme for relational <underline>D</underline>ata<underline>b</underline>ase ( P-McDb ). P-McDb has minimal leakage, which not only ensures confidentiality of queries and records but also protects the search, intersection, and size patterns. Moreover, P-McDb ensures both forward and backward privacy of the database. Thus, P-McDb could resist existing leakage-based attacks, e.g., active file/record-injection attacks. We give security definition and analysis to show how P-McDb hides the aforementioned patterns. Finally, we implemented a prototype of P-McDb and tested it using the TPC-H benchmark dataset. Our evaluation results show that users can get the required records in 2.16 s when searching over 4.1 million records.

中文翻译：

---

具有可控泄漏的隐私保护动态对称可搜索加密

可搜索加密 (SE) 是一种允许云服务提供商在不了解查询和记录内容的情况下搜索加密数据集的技术。近年来，已经提出了许多 SE 方案来保护外包数据。然而，它们中的大多数泄漏敏感信息，攻击者仍然可以通过安装基于泄漏的推理攻击来推断查询和记录的内容，例如计数攻击和文件注入攻击. 在这项工作中，首先我们在可搜索的加密数据库中定义泄漏，并分析如何在现有的基于泄漏的攻击中利用泄漏。其次，我们提出了一种<underline>P</underline>隐私保护<underline>M</underline>ulti-<underline>c</underline>用于关系<underline>D</underline>的动态对称SE方案ata<下划线>b</下划线>ase (P-McDb）。P-McDb具有最小的泄漏，这不仅可以确保查询和记录的机密性，还可以保护搜索、交叉和大小模式。而且，P-McDb确保数据库的前向和后向隐私。因此，P-McDb可以抵抗现有的基于泄漏的攻击，例如主动文件/记录注入攻击。我们给出安全定义和分析来展示如何P-McDb隐藏上述模式。最后，我们实现了一个原型P-McDb并使用 TPC-H 基准数据集对其进行了测试。我们的评估结果表明，当搜索超过 410 万条记录时，用户可以在 2.16 秒内获得所需的记录。