RangeQC: A Query Control Framework for Range Query Leakage Quantification and Mitigation

Encrypted range schemes enable the user to perform expressive range queries over encrypted databases by only revealing the necessary information for the search. In comparison to the extensively studied keyword schemes, range schemes inherently carry a more detrimental leakage profile as they contain extra structural information that can be exploited by attackers. This is evidenced by the escalation of attacks and defenses targeting range schemes in recent years, showing an inadequate understanding of range schemes' leakage implications. To this end, we identify and investigate two major aspects that have been largely overlooked in prior leakage analysis: 1) lack of a comprehensive approach for coordinating access, volume, and search patterns simultaneously, resulting in separate resolutions for each type of leakage; 2) absence of granular leakage quantification aimed at individual queries, leading to the gradual accumulation of imperceptible leakage over time. Based on this understanding, we present the query control framework RangeQC that provides a novel uniformed viewpoint of all three primary patterns at a per-query level. At the core of our techniques is a set of customized entropy analyzes tailored for the representative structures extracting various types of patterns. We further develop feasible countermeasures to suppress pattern leakage with tunable query control rules. Extensive evaluation results on real-world datasets demonstrate the superiority of RangeQC for leakage quantification and mitigation effectiveness.