LAMA: Leakage Abuse Attacks Against Microsoft Always Encrypted

Ryan Seah; Ryan Seah; Daren Khu; Alexander Hoover; Ruth Ng

doi:10.5220/0012714800003767

LAMA: Leakage Abuse Attacks Against Microsoft Always Encrypted

Ryan Seah, Ryan Seah, Daren Khu, Alexander Hoover, Ruth Ng

2024

Abstract

Always Encrypted (AE) is a Microsoft SQL Server feature that allows clients to encrypt sensitive data inside client applications and ensures that the sensitive data is hidden from untrusted servers and database administrators. AE offers two column-encryption options: deterministic encryption (DET) and randomized encryption (RND). In this paper, we explore the security implications of using AE with both DET and RND encryption modes by running Leakage Abuse Attacks (LAAs) against the system. We demonstrate how an adversary could extract the necessary data to run a frequency analysis LAA against DET-encrypted columns and an LAA for Order-Revealing Encryption against RND-encrypted columns. We run our attacks using real-world datasets encrypted in a full-scale AE instancer and demonstrate that a snooping server can recovers over 95% of the rows in 8 out of 15 DET-encrypted columns, and 10 out of 15 RND-encrypted columns.

Download

Paper Citation

in Harvard Style

Seah R., Khu D., Hoover A. and Ng R. (2024). LAMA: Leakage Abuse Attacks Against Microsoft Always Encrypted. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 628-633. DOI: 10.5220/0012714800003767

in Bibtex Style

@conference{secrypt24,
author={Ryan Seah and Daren Khu and Alexander Hoover and Ruth Ng},
title={LAMA: Leakage Abuse Attacks Against Microsoft Always Encrypted},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={628-633},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012714800003767},
isbn={978-989-758-709-2},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - LAMA: Leakage Abuse Attacks Against Microsoft Always Encrypted
SN - 978-989-758-709-2
AU - Seah R.
AU - Khu D.
AU - Hoover A.
AU - Ng R.
PY - 2024
SP - 628
EP - 633
DO - 10.5220/0012714800003767
PB - SciTePress