A Small Dummy Disrupting Database Reconstruction in a Cache Side-Channel Attack
This paper demonstrates the feasibility of a database reconstruction attack on open-source database engines and presents a defense method against it. We launch a Flush+Reload attack on SQLite, which returns approximate, noisy volumes returned by range queries for a private database. Given the volume...
Gespeichert in:
Veröffentlicht in: | International journal of advanced computer science & applications 2023, Vol.14 (10) |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | 10 |
container_start_page | |
container_title | International journal of advanced computer science & applications |
container_volume | 14 |
creator | Han, Hyeonwoo Lee, Eun-Kyu Jo, Junghee |
description | This paper demonstrates the feasibility of a database reconstruction attack on open-source database engines and presents a defense method against it. We launch a Flush+Reload attack on SQLite, which returns approximate, noisy volumes returned by range queries for a private database. Given the volumes, our database reconstruction uses two al-gorithms, a Modified Clique-Finding algorithm and Match-Extension algorithm, to recover the database. Experiments show that an attacker can reconstruct the victim’s database with a size of 10,000 and a range of 12 with an error rate of up to 0.07% at most. To mitigate the attack, a small dummy data is added to the result volumes of range queries, which makes the approximation more confused. Experimental results show that by adding about 1% of dummy data, an attack success rate (in terms of the number of reconstructed volumes in the database) is reduced to 60% from 100% and an error rate increases to 15% from 0.07%. It is also observed that by adding about 2%of dummy data, the reconstruction is completely failed. |
doi_str_mv | 10.14569/IJACSA.2023.01410111 |
format | Article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2893798549</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2893798549</sourcerecordid><originalsourceid>FETCH-LOGICAL-c276t-642755c31887ee91f8a4c0eefcb87486bcb834bb3891846cf808eb426cbee18d3</originalsourceid><addsrcrecordid>eNo1kEtLw0AcxBdRsNR-BGHBc-q-szmG1EelULAK3pbN9h-bmkfd3Rz67Y2tzmXmMMzAD6FbSuZUSJXdL1_yYpPPGWF8TqighFJ6gSaMSpVImZLLU9YJJenHNZqFsCejeMaU5hO0zvGmtU2DF0PbHvGiDn44xLr7xAsbbWkD4FdwfReiH1ys-w7XHba4sG4HeFNvISl2tuugwXmM1n3doKvKNgFmfz5F748Pb8Vzslo_LYt8lTiWqpgowVIpHadapwAZrbQVjgBUrtSp0KocnYuy5DqjWihXaaKhFEy5EoDqLZ-iu_PuwfffA4Ro9v3gu_HSMJ3xNNNSZGNLnlvO9yF4qMzB1631R0OJOeEzZ3zmF5_5x8d_AJ_tYhs</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2893798549</pqid></control><display><type>article</type><title>A Small Dummy Disrupting Database Reconstruction in a Cache Side-Channel Attack</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Han, Hyeonwoo ; Lee, Eun-Kyu ; Jo, Junghee</creator><creatorcontrib>Han, Hyeonwoo ; Lee, Eun-Kyu ; Jo, Junghee</creatorcontrib><description>This paper demonstrates the feasibility of a database reconstruction attack on open-source database engines and presents a defense method against it. We launch a Flush+Reload attack on SQLite, which returns approximate, noisy volumes returned by range queries for a private database. Given the volumes, our database reconstruction uses two al-gorithms, a Modified Clique-Finding algorithm and Match-Extension algorithm, to recover the database. Experiments show that an attacker can reconstruct the victim’s database with a size of 10,000 and a range of 12 with an error rate of up to 0.07% at most. To mitigate the attack, a small dummy data is added to the result volumes of range queries, which makes the approximation more confused. Experimental results show that by adding about 1% of dummy data, an attack success rate (in terms of the number of reconstructed volumes in the database) is reduced to 60% from 100% and an error rate increases to 15% from 0.07%. It is also observed that by adding about 2%of dummy data, the reconstruction is completely failed.</description><identifier>ISSN: 2158-107X</identifier><identifier>EISSN: 2156-5570</identifier><identifier>DOI: 10.14569/IJACSA.2023.01410111</identifier><language>eng</language><publisher>West Yorkshire: Science and Information (SAI) Organization Limited</publisher><subject>Algorithms ; Cloud computing ; Computer science ; Queries ; Reconstruction</subject><ispartof>International journal of advanced computer science & applications, 2023, Vol.14 (10)</ispartof><rights>2023. This work is licensed under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>315,782,786,4028,27932,27933,27934</link.rule.ids></links><search><creatorcontrib>Han, Hyeonwoo</creatorcontrib><creatorcontrib>Lee, Eun-Kyu</creatorcontrib><creatorcontrib>Jo, Junghee</creatorcontrib><title>A Small Dummy Disrupting Database Reconstruction in a Cache Side-Channel Attack</title><title>International journal of advanced computer science & applications</title><description>This paper demonstrates the feasibility of a database reconstruction attack on open-source database engines and presents a defense method against it. We launch a Flush+Reload attack on SQLite, which returns approximate, noisy volumes returned by range queries for a private database. Given the volumes, our database reconstruction uses two al-gorithms, a Modified Clique-Finding algorithm and Match-Extension algorithm, to recover the database. Experiments show that an attacker can reconstruct the victim’s database with a size of 10,000 and a range of 12 with an error rate of up to 0.07% at most. To mitigate the attack, a small dummy data is added to the result volumes of range queries, which makes the approximation more confused. Experimental results show that by adding about 1% of dummy data, an attack success rate (in terms of the number of reconstructed volumes in the database) is reduced to 60% from 100% and an error rate increases to 15% from 0.07%. It is also observed that by adding about 2%of dummy data, the reconstruction is completely failed.</description><subject>Algorithms</subject><subject>Cloud computing</subject><subject>Computer science</subject><subject>Queries</subject><subject>Reconstruction</subject><issn>2158-107X</issn><issn>2156-5570</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>8G5</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><sourceid>GUQSH</sourceid><sourceid>M2O</sourceid><recordid>eNo1kEtLw0AcxBdRsNR-BGHBc-q-szmG1EelULAK3pbN9h-bmkfd3Rz67Y2tzmXmMMzAD6FbSuZUSJXdL1_yYpPPGWF8TqighFJ6gSaMSpVImZLLU9YJJenHNZqFsCejeMaU5hO0zvGmtU2DF0PbHvGiDn44xLr7xAsbbWkD4FdwfReiH1ys-w7XHba4sG4HeFNvISl2tuugwXmM1n3doKvKNgFmfz5F748Pb8Vzslo_LYt8lTiWqpgowVIpHadapwAZrbQVjgBUrtSp0KocnYuy5DqjWihXaaKhFEy5EoDqLZ-iu_PuwfffA4Ro9v3gu_HSMJ3xNNNSZGNLnlvO9yF4qMzB1631R0OJOeEzZ3zmF5_5x8d_AJ_tYhs</recordid><startdate>2023</startdate><enddate>2023</enddate><creator>Han, Hyeonwoo</creator><creator>Lee, Eun-Kyu</creator><creator>Jo, Junghee</creator><general>Science and Information (SAI) Organization Limited</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7XB</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8G5</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>GUQSH</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>M2O</scope><scope>MBDVC</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope></search><sort><creationdate>2023</creationdate><title>A Small Dummy Disrupting Database Reconstruction in a Cache Side-Channel Attack</title><author>Han, Hyeonwoo ; Lee, Eun-Kyu ; Jo, Junghee</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c276t-642755c31887ee91f8a4c0eefcb87486bcb834bb3891846cf808eb426cbee18d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Algorithms</topic><topic>Cloud computing</topic><topic>Computer science</topic><topic>Queries</topic><topic>Reconstruction</topic><toplevel>online_resources</toplevel><creatorcontrib>Han, Hyeonwoo</creatorcontrib><creatorcontrib>Lee, Eun-Kyu</creatorcontrib><creatorcontrib>Jo, Junghee</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>Research Library (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>Research Library Prep</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Research Library</collection><collection>Research Library (Corporate)</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of advanced computer science & applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Han, Hyeonwoo</au><au>Lee, Eun-Kyu</au><au>Jo, Junghee</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Small Dummy Disrupting Database Reconstruction in a Cache Side-Channel Attack</atitle><jtitle>International journal of advanced computer science & applications</jtitle><date>2023</date><risdate>2023</risdate><volume>14</volume><issue>10</issue><issn>2158-107X</issn><eissn>2156-5570</eissn><abstract>This paper demonstrates the feasibility of a database reconstruction attack on open-source database engines and presents a defense method against it. We launch a Flush+Reload attack on SQLite, which returns approximate, noisy volumes returned by range queries for a private database. Given the volumes, our database reconstruction uses two al-gorithms, a Modified Clique-Finding algorithm and Match-Extension algorithm, to recover the database. Experiments show that an attacker can reconstruct the victim’s database with a size of 10,000 and a range of 12 with an error rate of up to 0.07% at most. To mitigate the attack, a small dummy data is added to the result volumes of range queries, which makes the approximation more confused. Experimental results show that by adding about 1% of dummy data, an attack success rate (in terms of the number of reconstructed volumes in the database) is reduced to 60% from 100% and an error rate increases to 15% from 0.07%. It is also observed that by adding about 2%of dummy data, the reconstruction is completely failed.</abstract><cop>West Yorkshire</cop><pub>Science and Information (SAI) Organization Limited</pub><doi>10.14569/IJACSA.2023.01410111</doi><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 2158-107X |
ispartof | International journal of advanced computer science & applications, 2023, Vol.14 (10) |
issn | 2158-107X 2156-5570 |
language | eng |
recordid | cdi_proquest_journals_2893798549 |
source | Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
subjects | Algorithms Cloud computing Computer science Queries Reconstruction |
title | A Small Dummy Disrupting Database Reconstruction in a Cache Side-Channel Attack |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-02T23%3A54%3A43IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Small%20Dummy%20Disrupting%20Database%20Reconstruction%20in%20a%20Cache%20Side-Channel%20Attack&rft.jtitle=International%20journal%20of%20advanced%20computer%20science%20&%20applications&rft.au=Han,%20Hyeonwoo&rft.date=2023&rft.volume=14&rft.issue=10&rft.issn=2158-107X&rft.eissn=2156-5570&rft_id=info:doi/10.14569/IJACSA.2023.01410111&rft_dat=%3Cproquest_cross%3E2893798549%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2893798549&rft_id=info:pmid/&rfr_iscdi=true |