210 likes | 501 Views
CryptDB : A Pratical Encrypted Relational DBMS. Advanced Database Systems Spring 2014 Fadi Yilmaz. Outline. Introduction Trusted Frontend and Untrusted Server Is that worth? System Overview Design of CryptDB SQL – aware Encryption Strategy Encryption Algorithms Query Execution
E N D
CryptDB : A Pratical Encrypted Relational DBMS Advanced Database Systems Spring 2014 FadiYilmaz
Outline • Introduction • Trusted Frontend and Untrusted Server • Is that worth? • System Overview • Design of CryptDB • SQL – aware Encryption Strategy • Encryption Algorithms • Query Execution • Optimization • Performance
Introduction • Trusted frontend and untrusted server • Is that worth? • Extra works • Key Management • Encryption Algorithms • Extra memory • Encrypted data is bigger than plain data • Extra Time • But, trusted!
System overview • User Defined Functions • User-Enforced Security • Rejecting queries
Design of CryptDB • SQL – aware Encryption Strategy
Encryption Algorithms • Random : provides maximum privacy • AES • Deterministic : allows the server to perform equality checks • HMAC-SHA1
Encryption Algorithms • Order Preserving Encryption • weaker encryption • if x < y, then OPE (x) < OPE(y) • Homomorphic encryption : to perform computations on encrypted data • HOM(x) · HOM(y) = HOM(x + y) • Paillier • 2048-bit ciphertext
Encryption Algorithms • Search : to allow word searches • Join and OPE – Join • Required, because DET uses different keys for each table
Query Execution • Query Rewriter/Encryptor • SELECT * FROM Employees WHERE name = ’Alice’ • SELECT C1-Onion1, C2-Onion1, C3-Onion1 FROM Table1 WHERE C2-Onion1 = x7d35a3
Query Execution • SELECT COUNT(*) FROM Employees WHERE name = ’Bob’ • SELECT COUNT(*) FROM Table1 WHERE C2-Onion1 = xbb234a
Query Execution • What if an update query comes? • salary = salary +10000 • Use Onion Level 3 (HOM)
Query Execution • What if an update query is followed by a comparison? • salary < 60000. • Need Onion Level 2 (OPE)
Query Execution • salary = salary +10000 is not a common query. • If it comes update all level of encryption. • In most cases executed on individual rows.
Optimization • Eliminating never used onion levels for known query sets • Ciphertext caching under different keys
Performance • Postgres is a relational DBMS
References • R.A. Popa, C. M. S. Redfield, N. Zeldovich, H. Balakrishnan, CryptDB: Processing Queries on an Encrypted Database, CACM 2012 • S. Tu, M. Kaashoek, S. Madden, N. Zeldovich Processing Analytical Queries over Encrypted Data. VLDB 2013