Using cryptography in databases and web applications Nickolai Zeldovich MIT CSAIL Joint work with Raluca Ada Popa Stephen Tu Emily Stark Jonas Helfer Steven Valdez Hari Balakrishnan ID: 762019
Download Presentation The PPT/PDF document "Using cryptography in databases and web ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Using cryptography in databases and web applications Nickolai Zeldovich MIT CSAIL Joint work with Raluca Ada Popa , Stephen Tu , Emily Stark, Jonas Helfer , Steven Valdez, Hari Balakrishnan , Frans Kaashoek , Sam Madden
Problem: private data breaches s erver c lients S ecret S ecret S ecret n o computation computation storage d atabases, web applications, mobile applications, machine learning, etc. encryption ?? (encrypted files, email)
Common approach: prevent break-ins Enforced at many levels: operating system, hardware, network, programming language, … s erver c lients S ecret S ecret
Bad guys find ways to break in Complex software has bugs Attackers find and exploit vulnerabilities Many people have access to infrastructureServer administrators Cloud / data center employeesAnyone that breaks into their accounts Compromises are inevitable
s erver client New approach: practical processing of encrypted data ?? Result S ecret S ecret Secret Secret Strawman : Result
CryptDB setup transformed query plain query u nder attack Application decrypted results encrypted results Database server e ncrypted DB Proxy Secret Secret Stores schema and master key Minimal or no query execution t rusted client-side
col1/rank col2/name table1/emp SELECT * FROM emp SELECT * FROM table1 x2ea887 col3/salary 60 100 800 100 Randomized encryption (RND) - semantic Example Application Proxy x95c623 x4be219 x17cea7 x2ea887 x95c623 x4be219 x17cea7
col1/rank col2/name table1/emp SELECT * FROM emp WHERE salary = 100 x934bc1 x5a8c34 x5a8c34 x84a21c SELECT * FROM table1 WHERE col3 = x5a8c34 ? x5a8c34 x5a8c34 ? x5a8c34 x5a8c34 x4be219 x95c623 x2ea887 x17cea7 col3/salary 60 100 800 100 Randomized encryption (RND) Deterministic encryption (DET) Example Application Proxy
col1/rank col2/name table1 ( emp ) x934bc1 x5a8c34 x5a8c34 x84a21c x578b34 x638e54 x122eb4 x9eab81 SELECT cdb_sum (col3) FROM table1 x72295a col3/salary 60 100 800 100 Deterministic encryption (DET) SELECT sum(salary) FROM emp “ S ummable ” encryption (HOM) - semantic 1060 Example Application Proxy
col1/rank col2/name table1 ( emp ) x934bc1 x5a8c34 x5a8c34 x84a21c x578b34 x638e54 x122eb4 x9eab81 SELECT cdb_sum (col3) FROM table1 x72295a col3/salary 60 100 800 100 SELECT sqrt (sum(salary)) FROM emp 1060 Example Application Proxy
col1/rank col2/name table1 ( emp ) x934bc1 x5a8c34 x5a8c34 x84a21c x578b34 x638e54 x122eb4 x9eab81 SELECT cdb_sum (col3) FROM table1 x72295a col3/salary 60 100 800 100 SELECT sqrt (sum(salary)) FROM emp 1060 Example Application Proxy 32.55
Techniques Compute on encrypted data at the server Use SQL-aware set of efficient encryption schemes Adjust encryption of data based on queries Compute on decrypted data at the proxy Can decrypt can perform any computationChoose optimal split to reduce bandwidth, proxy load
SQL-aware e ncryption schemes e.g., = , !=, IN, GROUP BY , DISTINCT Scheme RND HOM DET SEARCH JOIN OPE Function d ata moving addition equality join word search order Construction AES in UFE AES in CMC Paillier our new scheme Song et al.,‘00 e.g., > , <, ORDER BY, ASC, DESC, MAX , MIN, GREATEST, LEAST restricted ILIKE e.g., SUM, + our new scheme e.g., SELECT, UPDATE, DELETE, INSERT, COUNT r eveals only repeat pattern Security r eveals only order ≈ semantic security SQL operations:
value OPE DET RND + functionality + security Adjust encryption: strip off layer of the onion Onion of encryptions
CryptDB works well in practice Supports many database applications Web sites, transactional processing, data analytics Never reveals plaintext data on database server Modest performance overheads 20-30% throughput loss for typical benchmarks Approach now used by Google (among others) Encrypted BigQuery service
application users CryptDB SQL queries on encrypted DB CryptDB proxy Compromised app. server? DB server Secret
application DB server users CryptDB proxy CryptDB proxy CryptDB proxy Secret Secret Secret Secret Secret Secret Compromised app. server?
Mylar: browser-side encryption w eb application DB server Decrypted data exists only in users’ browsers Secret Secret Secret Secret browser Secret Secret Secret
Challenge: computationin web applications Client-side application framework Data sharing – need a way to manage keys Keyword search – need new cryptosystem: documents encrypted with many keys 2. Non client-side computation: Most computation happens in client’s web browser ( Javascript code)
Mylar supports many applicationsPorted 6 applications to Mylar Performance overheads are modest Data privacy despite server compromises
Future research directionsPractical cryptographyComputing on data encrypted w/ many keys Delegating limited functions over encrypted data Practical systemsAuditing for data disclosures Protecting end-user computers