Dynamic searchable symmetric encryption (DSSE) enables a server to efficiently search and update over encrypted files. To minimize the leakage during updates, a security notion named forward and backward privacy is expected for newly proposed DSSE schemes. Those schemes are generally constructed in a way to break the linkability across search and update queries to a given keyword. However, it remains underexplored whether forward and backward private DSSE is resilient against practical leakage-abuse attacks (LAAs), where an attacker attempts to recover query keywords from the leakage passively collected during queries. In this paper, we aim to be the first to answer this question firmly through two non-trivial efforts. First, we revisit the spectrum of forward and backward private DSSE schemes over the past few years, and unveil some inherent constructional limitations in most schemes. Those limitations allow attackers to exploit query equality and establish a guaranteed linkage among different (refreshed) query tokens surjective to a candidate keyword. Second, we refine volumetric leakage profiles of updates and queries by associating each with a specific operation. By further exploiting update volume and query response volume, we demonstrate that all forward and backward private DSSE schemes can leak the same volumetric information (e.g., insertion volume, deletion volume) as those without such security guarantees. To testify our findings, we realize two generic LAAs, i.e., frequency matching attack and volumetric inference attack, and we evaluate them over various experimental settings in the dynamic context. Finally, we call for new efficient schemes to protect query equality and volumetric information across search and update queries.

翻译：动态可搜索对称加密（DSSE）使服务器能够高效地搜索和更新加密文件。为最小化更新过程中的信息泄露，新提出的DSSE方案预期应具备名为前向和后向隐私的安全概念。这些方案通常以打破给定关键词的搜索与更新查询之间可链接性的方式构建。然而，前向和后向隐私DSSE是否能够抵御实际中的泄露滥用攻击（LAAs）（攻击者试图从查询期间被动收集的泄露中恢复查询关键词）这一问题仍未得到充分探索。在本文中，我们旨在通过两项重要努力首次明确回答这一问题。首先，我们重新审视了过去几年前向和后向隐私DSSE方案的发展谱系，并揭示了大多数方案中存在的固有结构性限制。这些限制使攻击者能够利用查询等价性，并在映射到候选关键词的不同（刷新）查询令牌之间建立有保证的链接。其次，我们通过将更新和查询与特定操作相关联，细化了其体积泄露轮廓。通过进一步利用更新体积和查询响应体积，我们证明所有前向和后向隐私DSSE方案都可能泄露与未提供此类安全保证的方案相同的体积信息（例如插入体积、删除体积）。为验证我们的发现，我们实现了两种通用LAAs，即频率匹配攻击和体积推断攻击，并在动态场景下的各种实验设置中对其进行了评估。最后，我们呼吁设计新的高效方案来保护搜索和更新查询之间的查询等价性和体积信息。