Cloud and mobile computing give room to an unprecedented level of access points into corporate data leaving you to rethink how to protect it. Client-side encryption is increasingly being used as a solution. While it solves the problem of unauthorized access, it is still in its infancy and has many limitations and pitfalls that IT practitioners should consider before embracing it.
(Source: RSA Conference USA 2017)
26. #RSAC
Encrypted Databases: MS SQL Always Encrypted
26
Name SSN Title Department
Alice *&x@#12# &*xr^t+!# IT
Bob 9(4$$^*1 ^#x@0!1* HR
Eve &&@41*) &*xr^t+!# IT
.Net client lib
SELECT name, SSN FROM emp
WHERE title = “manager”;
SELECT name, SSN FROM emp
WHERE title = “&*xr^t+!#”;
Name SSN
Alice *&x@#12#
Eve &&@41*)
Name SSN
Alice 330-61-
8769
Eve 321-90-
3217
1 2
34
27. #RSAC
Encrypted Databases: BigQuery
27
[
{
“name”: Alice,
”SSN”: *&x@#12#,
“age”: 2345
},
{
“name”: Bob,
”SSN”: 9(4$$^*1,
”age”: 3212
},
{
“name”: Eve,
”SSN”: &&@41*),
”age”: 2110
}
…
]
Proxy
SELECT name, age FROM emp
WHERE age > 20;
1 2
34
SELECT name, age FROM emp
WHERE age > 2531;
[ {
“name”: Bob,
“age”: 3212
}]
BigQuery
[ {
“name”: Bob,
“age”: 24
}]
Any Value
OPE
RND
* CryptDB: Protecting Confidentiality with Encrypted Query Processing, Popa et. al, SOSP 2011
* Onions