1 / 17

Secure Database in cloud

Secure Database in cloud. Mohammad Ahmadian ahmadian@knights.ucf.edu COP-6087 University of Central Florida. PART 2. DbCrypt. Goal: protect confidentiality and Integrity of data. user password. Threat 2: active/passive attacks on all servers. Threat 1: passive attacks on DB server.

brandy
Download Presentation

Secure Database in cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Secure Database in cloud Mohammad Ahmadian ahmadian@knights.ucf.edu COP-6087 University of Central Florida PART 2

  2. DbCrypt • Goal: protect confidentiality and Integrity of data user password Threat 2: active/passive attacks on all servers Threat 1: passive attacks on DB server User 1 DB Server SQL Proxy Application User 2 User 3 • Process SQL queries on encrypted data • Capture and enforce cryptographically access control in SQL: chain keys from user passwords to data item (Keygen)

  3. Threat Model • curious DB administrators User 1 DB Server SQL Application User 2 User 3 • hackers • curious cloud/employees • physical attacks • Consider attacks on any part of the servers, • Consider passive attack like modification of information in database by malicious cloud insider

  4. Threat 1: Active attack to connection the cloud Trusted Trusted application queries unencrypted DB Server SQL Proxy Under attack • Client & server side both are trusted • The session between client and db server is compromised All queries are encrypted The benefit of attackers are very low

  5. Threat 2: Passive attacks to DB Server Trusted Under attack application queries unencrypted DB Server SQL Proxy • Client side enjoys issuing query without concerning about underlying security mechanisms in proxy • DB server is unchanged • It is impossible to attacker to change data without revealing to user Perform SQL query processing on encrypted data Support standard SQL queries on encrypted data Process queriescompletely at the DB server No change to existing DBMS

  6. Solution: Cryptographic techniques • RND-Advanced Encryption Standard • Obs.: set of SQL operators is limited • Different encryption schemes provide different functionality • OPE-Order Preserving Encryption • Enable to comparison, order by, join, sort, MAX, MIN. • MAC –Message authentication code • Provides integrity for data element

  7. Example Application 60 100 800 100 SELECT * FROM cinfo WHERE income= 100 ≥ table1 (cinfo) SELECT * FROM cinfo WHERE income= x5a8c34 col1/rank col2/name col3/salary ≥ x638e54 Proxy x1eab81 x934bc1 X4be2 19 x5a8c34 x638e54 x95c623 x922eb4 x5a8c34 ? x84a21c x2ea887 x638e54 x5a8c34 x5a8c34 x5a8c34 x638e54 ? x17cea7 x5a8c34 x922eb4 x638e54 x5a8c34

  8. Encryption Technics comparison Scheme Operation Detail Highest RND None AES e.g., =, !=, GROUP BY, IN, COUNT, DISTINCT e.g., Paillier HOM +, * Security DET equality AES in CTR e.g., >, <, ORDER BY, SORT, MAX, MIN Boldyreva et al. ’09 OPE order first practical implementation

  9. AES The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.

  10. AES • AES is one of secure block cipher for digital information. I adapt it with key size 128 bit for this project for encrypting text columns. One of negative point of AES is it’s speed, actually it’s key generation is not so fast.

  11. Order Preserving Encryption(OPE) Order Preserving encryption(OPE) is an encryption scheme whose deterministically preserves numerical order of plaintext in the ciphertext. For quick start, consider a random order-preserving function from M to N, so that |M|<|N|. Without loss of generality, we can consider M the set {1,2,...,M} and N likewise {1,2,...,N}. Now, pick M elements of N randomly and put them in order. Our function f:M → N is simply this ordered set. To encrypt i in M, just output the ith element of this list. Consider f is an order-preserving function which maps elements in domain to ordered list of elements of the range. Obviously, the elements of range can be divided in two categories of marked and unmarked. If an element is selected by f then it is member of marked otherwise it is member of unmarked category. Thus elements of the range are partitioned into the marked and unmarked subsets, as being balls in a bin. If we draw balls without replacement, the number x of marked balls we've drawn after y samples can be described by the Hyper Geometric Distribution(HGD)

  12. OPE-Encryption

  13. OPE-Decryption

  14. Multi-user

  15. What I did in this project • I spend 3 weeks to install open source cryptdb • It failed because it is depended to lots of packages and libraries and there isn’t any documentation. • I spend 3 weeks to writing my own mysql-proxy • It is almost 1200 lines of code in c++ and easy to install. It needs to add some features to handle all type of datbases

  16. Acknowledgment & Reference • John Singleton • SalihSafa Reference: 1- CryptDB: Confidentiality for Database Applications with Encrypted Query Processing Raluca Ada Popa, Catherine Redfield, NickolaiZeldovich, and HariBalakrishnanMIT CSAIL 2-Order-Preserving Symmetric Encryption Alexandra Boldyreva, Nathan Chenette, Younho Lee and Adam O'Neill Georgia Institute of Technology, Atlanta, GA, USA

  17. Questions & Demo

More Related