Searchable symmetric encryption enables private queries over an encrypted database, but it also yields information leakages. Adversaries can exploit these leakages to launch injection attacks (Zhang et al., USENIX'16) to recover the underlying keywords from queries. The performance of the existing injection attacks is strongly dependent on the amount of leaked information or injection. In this work, we propose two new injection attacks, namely BVA and BVMA, by leveraging a binary volumetric approach. We enable adversaries to inject fewer files than the existing volumetric attacks by using the known keywords and reveal the queries by observing the volume of the query results. Our attacks can thwart well-studied defenses (e.g., threshold countermeasure, static padding) without exploiting the distribution of target queries and client databases. We evaluate the proposed attacks empirically in real-world datasets with practical queries. The results show that our attacks can obtain a high recovery rate (>80%) in the best case and a roughly 60% recovery even under a large-scale dataset with a small number of injections (<20 files).

翻译：可搜索对称加密支持对加密数据库进行隐私查询，但也会泄露信息。攻击者可利用这些泄露发动注入攻击（Zhang 等人，USENIX'16），从查询中恢复底层关键词。现有注入攻击的性能高度依赖于泄露信息量或注入量。本文提出两种新型注入攻击——BVA 和 BVMA，采用二进制体积方法。通过利用已知关键词，攻击者能以低于现有体积攻击的文件注入量，通过观察查询结果的体积来揭示查询内容。我们的攻击能够规避经过充分研究的防御措施（如阈值对抗、静态填充），且无需利用目标查询分布或客户端数据库。我们在真实数据集上采用实际查询对攻击进行了实证评估。结果表明，在最佳情况下，我们的攻击可获得高恢复率（>80%），即使面对大规模数据集且注入文件数量较少（<20个）时，恢复率仍能达到约60%。