SlideShare a Scribd company logo

Overview of CryptDB

Mateus S. H. Cruz
Mateus S. H. Cruz

Presentation given at the KDE Seminar (University of Tsukuba) about CryptDB*. This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations. A summary of the paper is available at: https://mshcruz.wordpress.com/2016/06/24/summary-cryptdb/ The official website for CryptDB is: http://css.csail.mit.edu/cryptdb/ *Popa et al.: "CryptDB: Protecting Confidentiality with Encrypted Query Processing". SOSP 2011.

Technology
1 of 39
Download to read offline
CryptDB: Protecting Confidentiality with Encrypted Query Processing Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan 23rd ACM Symposium on Operating Systems Principles (SOSP) Cascais, Portugal, October 2011 KDE Seminar May 11th, 2015 Mateus Cruz
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 2 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 3 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OVERVIEW SQL queries over encrypted data Security Performance (low overhead) Dynamic encryption levels Protection against security threats 1 Curious DBA 2 Adversary compromises application or server 4 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion MAIN IDEAS SQL-Aware encryption Execute queries over encrypted data Adjustable query-based encryption Change encryption for data items at runtime 5 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion LIMITATIONS Does not ensure Integrity Freshness Completeness Does not cover attacks on user machines 6 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ARCHITECTURE 7 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 8 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion INTUITION Many cryptosystems available Different security levels IND-CPA IND-CCA Different allowed computations Equality comparison Ordering Summation Use the most secure cryptosystem that allows the desired computation over the data item 9 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion RANDOM (RND) Different ciphertexts for the same plaintext Maximum security in CryptDB IND-CPA Does not allow computations Constructed using AES/Blowfish with a random initialization vector (IV) 10 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion DETERMINISTIC (DET) Same ciphertext for the same plaintext Leaks which items are repeated But not the values Allows equality checks SELECT with equality predicates, GROUP BY, COUNT, DISTINCT, etc Constructed using AES/Blowfish 11 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ORDER-PRESERVING ENCRYPTION (OPE) Random mapping that preserves order If x < y, then OPEK(x) < OPEK(y) Allows range queries and ordering ORDER BY, MIN, MAX, etc Leaks order between data items 12 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion HOMOMORPHIC ENCRYPTION (HOM) IND-CPA that allows computations Fully HOM is very slow Slowdowns on the order of 109 Constructed using Paillier cryptosystem HOMK(x) × HOMK(y) = HOMK(x + y) Allows SUM aggregates 13 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ADJUSTABLE JOIN (JOIN-ADJ) Join columns with the same encryption Prevent join without request JOIN(x) = JOIN-ADJ(x)||DET(x) JOIN-ADJ is non-invertible Can obtain x by decrypting DET(x) Can join columns by using JOIN-ADJ(x) 14 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion WORD SEARCH (SEARCH) Searches on encrypted text Allows LIKE operations Does not support regular expressions Nearly as secure as RND Leaks the number of duplicated words 15 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 16 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion INTUITION Different encryption models Different security levels Allow different computations Balance between security and functionality Adjust the encryption at runtime 17 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ONION MODEL Each data item has layers of encryption Layers form an onion 18 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion DATA LAYOUT Multiple onions for one data item 19 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion DECRYPTION OF ONIONS The proxy issues a decryption using UDFs User Defined Functions Speeds up subsequent queries Example Decrypt onion Ord of column 2 in Table1: UPDATE Table1 SET C2-ORD = DECRYPT RND(K,C2-ORD,C2-IV) 20 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion DECRYPTION OF ONIONS The proxy issues a decryption using UDFs User Defined Functions Speeds up subsequent queries Example Decrypt onion Ord of column 2 in Table1: UPDATE Table1 SET C2-ORD = DECRYPT RND(K,C2-ORD,C2-IV Decryption from RND requires the initializa- tion vector (IV) ) 20 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example Initial query: SELECT ID FROM Employees WHERE Name = ’Alice’ 1 - Lower encryption of Name to DET: UPDATE Table1 SET C2-Eq = DECRYPT RND(KT1,C2,Eq,RND,C2-Eq,C2-IV) 21 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example Initial query: SELECT ID FROM Employees WHERE Name = ’Alice’ 1 - Lower encryption of Name to DET: UPDATE Table1 SET C2-Eq = DECRYPT RND(KT1,C2,Eq,RND Key for decrypting layer RND, of onion Eq, of column C2, on table T1 ,C2-Eq,C2-IV) 21 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example Initial query: SELECT ID FROM Employees WHERE Name = ’Alice’ 1 - Lower encryption of Name to DET: UPDATE Table1 SET C2-Eq = DECRYPT RND(KT1,C2,Eq,RND,C2-Eq,C2-IV) 21 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example (Cont.) 2 - Perform the selection: SELECT C1-Eq, C1-IV FROM Table1 WHERE C2-Eq = ’x7..d’ 3 - Decrypt results using keys KT1,C1,Eq,RND, KT1,C1,Eq,DET, KT1,C1,Eq,JOIN and obtain the final result: 23. 21 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example (Cont.) 2 - Perform the selection: SELECT C1-Eq, C1-IV Requires the initializa- tion vector (IV) to de- crypt layer RND FROM Table1 WHERE C2-Eq = ’x7..d’ 3 - Decrypt results using keys KT1,C1,Eq,RND, KT1,C1,Eq,DET, KT1,C1,Eq,JOIN and obtain the final result: 23. 21 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example (Cont.) 2 - Perform the selection: SELECT C1-Eq, C1-IV FROM Table1 WHERE C2-Eq = ’x7..d’ Encryption of the value ’Alice’ with layers JOIN and DET 3 - Decrypt results using keys KT1,C1,Eq,RND, KT1,C1,Eq,DET, KT1,C1,Eq,JOIN and obtain the final result: 23. 21 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example (Cont.) 2 - Perform the selection: SELECT C1-Eq, C1-IV FROM Table1 WHERE C2-Eq = ’x7..d’ 3 - Decrypt results using keys KT1,C1,Eq,RND, KT1,C1,Eq,DET, KT1,C1,Eq,JOIN and obtain the final result: 23 Decrypts three layers to obtain the plaintext . 21 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion IMPROVING SECURITY Minimum number of layers Specify the lowest layer revealed Onion re-encryption Re-encrypt onions after infrequent queries 22 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion IMPROVING PERFORMANCE Training mode Obtain correctly adjusted layers Cyphertext pre-computing and caching Encryption of HOM and OPE are expensive Pre-computes and caches frequent constants for HOM and OPE under different keys 23 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 24 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion IMPLEMENTATION C++ library: 18.000 lines Lua module: 150 lines MySQL 5.1 NTL library Cryptographic implementation 25 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ENVIRONMENT Server Node with two 2.46Ghz Intel Xeon E5620 4-cores 12GB RAM Proxy and clients Node with eight 2.4Ghz AMD Opteron 8431 6-cores 64GB RAM All workloads fit in the server’s RAM 26 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion PERFORMANCE Using TPC-C workload 21% to 26% slower than plaintext MySQL 27 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion PERFORMANCE PER QUERY TYPE Slower for queries involving HOM (SUM) 28 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion LATENCY Overall server latency increased by 20% Proxy adds 0.6ms 23% in encryption and decryption 24% in MySQL proxy 53% in parsing and processing 29 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion STORAGE Increased required storage Multiple onions per field Some ciphertexts are larger than plaintexts – HOM maps 32 bits integer to 2048 bits Increased size by 3.76 times using TPC-C 30 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 31 / 32
Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion CONCLUSION Provide practical confidentiality Deal with two threat models Curious DBAs Compromise of DBMS server Main points SQL-Aware encryption Adjustable encryption Modest performance penalty 14.5% to 26% 32 / 32

Recommended

Cloud adoption and rudiments
Cloud adoption and rudimentsCloud adoption and rudiments
Cloud adoption and rudimentsgaurav jain
 
Cloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computingCloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computinghrmalik20
 
Application of MapReduce in Cloud Computing
Application of MapReduce in Cloud ComputingApplication of MapReduce in Cloud Computing
Application of MapReduce in Cloud ComputingMohammad Mustaqeem
 
Distributed Systems Naming
Distributed Systems NamingDistributed Systems Naming
Distributed Systems NamingAhmed Magdy Ezzeldin, MSc.
 
4.file service architecture
4.file service architecture4.file service architecture
4.file service architectureAbDul ThaYyal
 
Data Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture NotesData Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture NotesFellowBuddy.com
 
Lecture6 introduction to data streams
Lecture6 introduction to data streamsLecture6 introduction to data streams
Lecture6 introduction to data streamshktripathy
 
Virtual machine security
Virtual machine securityVirtual machine security
Virtual machine securityJacob Zvirikuzhe
 

Recommended

Cloud adoption and rudiments
Cloud adoption and rudimentsCloud adoption and rudiments
Cloud adoption and rudimentsgaurav jain
 
Cloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computingCloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computinghrmalik20
 
Application of MapReduce in Cloud Computing
Application of MapReduce in Cloud ComputingApplication of MapReduce in Cloud Computing
Application of MapReduce in Cloud ComputingMohammad Mustaqeem
 
Distributed Systems Naming
Distributed Systems NamingDistributed Systems Naming
Distributed Systems NamingAhmed Magdy Ezzeldin, MSc.
 
4.file service architecture
4.file service architecture4.file service architecture
4.file service architectureAbDul ThaYyal
 
Data Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture NotesData Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture NotesFellowBuddy.com
 
Lecture6 introduction to data streams
Lecture6 introduction to data streamsLecture6 introduction to data streams
Lecture6 introduction to data streamshktripathy
 
Virtual machine security
Virtual machine securityVirtual machine security
Virtual machine securityJacob Zvirikuzhe
 
Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3RMK ENGINEERING COLLEGE, CHENNAI
 
Sliding window and error control
Sliding window and error controlSliding window and error control
Sliding window and error controlAdil Mehmoood
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
DISTRIBUTED DATABASE WITH RECOVERY TECHNIQUES
DISTRIBUTED DATABASE WITH RECOVERY TECHNIQUESDISTRIBUTED DATABASE WITH RECOVERY TECHNIQUES
DISTRIBUTED DATABASE WITH RECOVERY TECHNIQUESAAKANKSHA JAIN
 
Distributed file systems dfs
Distributed file systems dfsDistributed file systems dfs
Distributed file systems dfsPragati Startup Presentation Designer firm
 
System models for distributed and cloud computing
System models for distributed and cloud computingSystem models for distributed and cloud computing
System models for distributed and cloud computingpurplesea
 
Case Study - SUN NFS
Case Study - SUN NFSCase Study - SUN NFS
Case Study - SUN NFSAshish KC
 
Cloud adoption and rudiments
Cloud adoption and rudimentsCloud adoption and rudiments
Cloud adoption and rudimentsGaurav Jain
 
Cloud Management Mechanisms
Cloud Management MechanismsCloud Management Mechanisms
Cloud Management MechanismsMohammed Sajjad Ali
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxkumari36
 
Query Decomposition and data localization
Query Decomposition and data localization Query Decomposition and data localization
Query Decomposition and data localization Hafiz faiz
 
Advanced computer network
Advanced computer networkAdvanced computer network
Advanced computer networkTrinity Dwarka
 
Corba concepts & corba architecture
Corba concepts & corba architectureCorba concepts & corba architecture
Corba concepts & corba architecturenupurmakhija1211
 
Naming in Distributed System
Naming in Distributed SystemNaming in Distributed System
Naming in Distributed SystemMNM Jain Engineering College
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Cloud and dynamic infrastructure
Cloud and dynamic infrastructureCloud and dynamic infrastructure
Cloud and dynamic infrastructureGaurav Jain
 
Distributed Database Management System
Distributed Database Management SystemDistributed Database Management System
Distributed Database Management SystemAAKANKSHA JAIN
 
IEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesIEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesSayed Chhattan Shah
 
Distributed Objects and Remote Invocation
Distributed Objects and Remote InvocationDistributed Objects and Remote Invocation
Distributed Objects and Remote InvocationMedicaps University
 
9. Object Relational Databases in DBMS
9. Object Relational Databases in DBMS9. Object Relational Databases in DBMS
9. Object Relational Databases in DBMSkoolkampus
 
Privacy-Preserving Search for Chemical Compound Databases
Privacy-Preserving Search for Chemical Compound DatabasesPrivacy-Preserving Search for Chemical Compound Databases
Privacy-Preserving Search for Chemical Compound DatabasesMateus S. H. Cruz
 
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Mateus S. H. Cruz
 

More Related Content

What's hot

Sliding window and error control
Sliding window and error controlSliding window and error control
Sliding window and error controlAdil Mehmoood
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
DISTRIBUTED DATABASE WITH RECOVERY TECHNIQUES
DISTRIBUTED DATABASE WITH RECOVERY TECHNIQUESDISTRIBUTED DATABASE WITH RECOVERY TECHNIQUES
DISTRIBUTED DATABASE WITH RECOVERY TECHNIQUESAAKANKSHA JAIN
 
System models for distributed and cloud computing
System models for distributed and cloud computingSystem models for distributed and cloud computing
System models for distributed and cloud computingpurplesea
 
Case Study - SUN NFS
Case Study - SUN NFSCase Study - SUN NFS
Case Study - SUN NFSAshish KC
 
Cloud adoption and rudiments
Cloud adoption and rudimentsCloud adoption and rudiments
Cloud adoption and rudimentsGaurav Jain
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxkumari36
 
Query Decomposition and data localization
Query Decomposition and data localization Query Decomposition and data localization
Query Decomposition and data localization Hafiz faiz
 
Advanced computer network
Advanced computer networkAdvanced computer network
Advanced computer networkTrinity Dwarka
 
Corba concepts & corba architecture
Corba concepts & corba architectureCorba concepts & corba architecture
Corba concepts & corba architecturenupurmakhija1211
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Cloud and dynamic infrastructure
Cloud and dynamic infrastructureCloud and dynamic infrastructure
Cloud and dynamic infrastructureGaurav Jain
 
Distributed Database Management System
Distributed Database Management SystemDistributed Database Management System
Distributed Database Management SystemAAKANKSHA JAIN
 
IEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesIEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesSayed Chhattan Shah
 
Distributed Objects and Remote Invocation
Distributed Objects and Remote InvocationDistributed Objects and Remote Invocation
Distributed Objects and Remote InvocationMedicaps University
 
9. Object Relational Databases in DBMS
9. Object Relational Databases in DBMS9. Object Relational Databases in DBMS
9. Object Relational Databases in DBMSkoolkampus
 

What's hot (20)

Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3
 
Sliding window and error control
Sliding window and error controlSliding window and error control
Sliding window and error control
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
 
DISTRIBUTED DATABASE WITH RECOVERY TECHNIQUES
DISTRIBUTED DATABASE WITH RECOVERY TECHNIQUESDISTRIBUTED DATABASE WITH RECOVERY TECHNIQUES
DISTRIBUTED DATABASE WITH RECOVERY TECHNIQUES
 
Distributed file systems dfs
Distributed file systems dfsDistributed file systems dfs
Distributed file systems dfs
 
System models for distributed and cloud computing
System models for distributed and cloud computingSystem models for distributed and cloud computing
System models for distributed and cloud computing
 
Case Study - SUN NFS
Case Study - SUN NFSCase Study - SUN NFS
Case Study - SUN NFS
 
Cloud adoption and rudiments
Cloud adoption and rudimentsCloud adoption and rudiments
Cloud adoption and rudiments
 
Cloud Management Mechanisms
Cloud Management MechanismsCloud Management Mechanisms
Cloud Management Mechanisms
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docx
 
Query Decomposition and data localization
Query Decomposition and data localization Query Decomposition and data localization
Query Decomposition and data localization
 
Advanced computer network
Advanced computer networkAdvanced computer network
Advanced computer network
 
Corba concepts & corba architecture
Corba concepts & corba architectureCorba concepts & corba architecture
Corba concepts & corba architecture
 
Naming in Distributed System
Naming in Distributed SystemNaming in Distributed System
Naming in Distributed System
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
Cloud and dynamic infrastructure
Cloud and dynamic infrastructureCloud and dynamic infrastructure
Cloud and dynamic infrastructure
 
Distributed Database Management System
Distributed Database Management SystemDistributed Database Management System
Distributed Database Management System
 
IEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesIEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and Services
 
Distributed Objects and Remote Invocation
Distributed Objects and Remote InvocationDistributed Objects and Remote Invocation
Distributed Objects and Remote Invocation
 
9. Object Relational Databases in DBMS
9. Object Relational Databases in DBMS9. Object Relational Databases in DBMS
9. Object Relational Databases in DBMS
 

Viewers also liked

Privacy-Preserving Search for Chemical Compound Databases
Privacy-Preserving Search for Chemical Compound DatabasesPrivacy-Preserving Search for Chemical Compound Databases
Privacy-Preserving Search for Chemical Compound DatabasesMateus S. H. Cruz
 
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Mateus S. H. Cruz
 
Fuzzy Keyword Search over Encrypted Data in Cloud Computing
Fuzzy Keyword Search over Encrypted Data in Cloud ComputingFuzzy Keyword Search over Encrypted Data in Cloud Computing
Fuzzy Keyword Search over Encrypted Data in Cloud ComputingMateus S. H. Cruz
 
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the CloudPrivacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the CloudMateus S. H. Cruz
 
DBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesDBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesMateus S. H. Cruz
 
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...Mateus S. H. Cruz
 
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...Mateus S. H. Cruz
 
ENKI: Access Control for Encrypted Query Processing
ENKI: Access Control for Encrypted Query ProcessingENKI: Access Control for Encrypted Query Processing
ENKI: Access Control for Encrypted Query ProcessingMateus S. H. Cruz
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...IEEEFINALSEMSTUDENTPROJECTS
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Pushpa
 
Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSkyhigh Networks
 
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...Beat Signer
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
 
13. Query Processing in DBMS
13. Query Processing in DBMS13. Query Processing in DBMS
13. Query Processing in DBMSkoolkampus
 
Semantic BDD with ShouldIT?
Semantic BDD with ShouldIT?Semantic BDD with ShouldIT?
Semantic BDD with ShouldIT?Richard McIntyre
 

Viewers also liked (20)

Privacy-Preserving Search for Chemical Compound Databases
Privacy-Preserving Search for Chemical Compound DatabasesPrivacy-Preserving Search for Chemical Compound Databases
Privacy-Preserving Search for Chemical Compound Databases
 
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
 
Fuzzy Keyword Search over Encrypted Data in Cloud Computing
Fuzzy Keyword Search over Encrypted Data in Cloud ComputingFuzzy Keyword Search over Encrypted Data in Cloud Computing
Fuzzy Keyword Search over Encrypted Data in Cloud Computing
 
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the CloudPrivacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud
 
DBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesDBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational Databases
 
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...
 
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...
 
Overview of MONOMI
Overview of MONOMIOverview of MONOMI
Overview of MONOMI
 
ENKI: Access Control for Encrypted Query Processing
ENKI: Access Control for Encrypted Query ProcessingENKI: Access Control for Encrypted Query Processing
ENKI: Access Control for Encrypted Query Processing
 
Synopsis_kamlesh
Synopsis_kamleshSynopsis_kamlesh
Synopsis_kamlesh
 
connect
connectconnect
connect
 
Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloud
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
 
Helib
HelibHelib
Helib
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
 
Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done Right
 
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
 
13. Query Processing in DBMS
13. Query Processing in DBMS13. Query Processing in DBMS
13. Query Processing in DBMS
 
Semantic BDD with ShouldIT?
Semantic BDD with ShouldIT?Semantic BDD with ShouldIT?
Semantic BDD with ShouldIT?
 

Similar to Overview of CryptDB

Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Cybersecurity Education and Research Centre
 
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodOracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodLudovico Caldara
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLUlisses Costa
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresCade Zvavanjanja
 
End-End Security with Confluent Platform
End-End Security with Confluent Platform End-End Security with Confluent Platform
End-End Security with Confluent Platform confluent
 
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHMEFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHMAJAL A J
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureqqlan
 
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...Security Session
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...DefconRussia
 
Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersCommon Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersPriyanka Aash
 
New Lightweight Cryptographic Algorithm
New Lightweight Cryptographic AlgorithmNew Lightweight Cryptographic Algorithm
New Lightweight Cryptographic Algorithmarunkumar2949
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
New features of SQL in Firebird
New features of SQL in FirebirdNew features of SQL in Firebird
New features of SQL in FirebirdMind The Firebird
 
Analysis of Searchable Encryption
Analysis of Searchable EncryptionAnalysis of Searchable Encryption
Analysis of Searchable EncryptionNagendra Posani
 
Module 2 network and computer security
Module 2 network and computer securityModule 2 network and computer security
Module 2 network and computer securityDeepak John
 
Unleash oracle 12c performance with cisco ucs
Unleash oracle 12c performance with cisco ucsUnleash oracle 12c performance with cisco ucs
Unleash oracle 12c performance with cisco ucssolarisyougood
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DESchatsiri
 
Data Access Technologies
Data Access TechnologiesData Access Technologies
Data Access TechnologiesDimara Hakim
 

Similar to Overview of CryptDB (20)

Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
 
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodOracle Client Failover - Under The Hood
Oracle Client Failover - Under The Hood
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDL
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
 
End-End Security with Confluent Platform
End-End Security with Confluent Platform End-End Security with Confluent Platform
End-End Security with Confluent Platform
 
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHMEFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
 
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
 
Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersCommon Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers
 
New Lightweight Cryptographic Algorithm
New Lightweight Cryptographic AlgorithmNew Lightweight Cryptographic Algorithm
New Lightweight Cryptographic Algorithm
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
New features of SQL in Firebird
New features of SQL in FirebirdNew features of SQL in Firebird
New features of SQL in Firebird
 
Analysis of Searchable Encryption
Analysis of Searchable EncryptionAnalysis of Searchable Encryption
Analysis of Searchable Encryption
 
20141105 asfws-norx-slides
20141105 asfws-norx-slides20141105 asfws-norx-slides
20141105 asfws-norx-slides
 
Module 2 network and computer security
Module 2 network and computer securityModule 2 network and computer security
Module 2 network and computer security
 
Unleash oracle 12c performance with cisco ucs
Unleash oracle 12c performance with cisco ucsUnleash oracle 12c performance with cisco ucs
Unleash oracle 12c performance with cisco ucs
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DES
 
Data Access Technologies
Data Access TechnologiesData Access Technologies
Data Access Technologies
 
GR740 User day
GR740 User dayGR740 User day
GR740 User day
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Overview of CryptDB

  • 1. CryptDB: Protecting Confidentiality with Encrypted Query Processing Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan 23rd ACM Symposium on Operating Systems Principles (SOSP) Cascais, Portugal, October 2011 KDE Seminar May 11th, 2015 Mateus Cruz
  • 2. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 2 / 32
  • 3. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 3 / 32
  • 4. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OVERVIEW SQL queries over encrypted data Security Performance (low overhead) Dynamic encryption levels Protection against security threats 1 Curious DBA 2 Adversary compromises application or server 4 / 32
  • 5. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion MAIN IDEAS SQL-Aware encryption Execute queries over encrypted data Adjustable query-based encryption Change encryption for data items at runtime 5 / 32
  • 6. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion LIMITATIONS Does not ensure Integrity Freshness Completeness Does not cover attacks on user machines 6 / 32
  • 7. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ARCHITECTURE 7 / 32
  • 8. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 8 / 32
  • 9. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion INTUITION Many cryptosystems available Different security levels IND-CPA IND-CCA Different allowed computations Equality comparison Ordering Summation Use the most secure cryptosystem that allows the desired computation over the data item 9 / 32
  • 10. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion RANDOM (RND) Different ciphertexts for the same plaintext Maximum security in CryptDB IND-CPA Does not allow computations Constructed using AES/Blowfish with a random initialization vector (IV) 10 / 32
  • 11. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion DETERMINISTIC (DET) Same ciphertext for the same plaintext Leaks which items are repeated But not the values Allows equality checks SELECT with equality predicates, GROUP BY, COUNT, DISTINCT, etc Constructed using AES/Blowfish 11 / 32
  • 12. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ORDER-PRESERVING ENCRYPTION (OPE) Random mapping that preserves order If x < y, then OPEK(x) < OPEK(y) Allows range queries and ordering ORDER BY, MIN, MAX, etc Leaks order between data items 12 / 32
  • 13. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion HOMOMORPHIC ENCRYPTION (HOM) IND-CPA that allows computations Fully HOM is very slow Slowdowns on the order of 109 Constructed using Paillier cryptosystem HOMK(x) × HOMK(y) = HOMK(x + y) Allows SUM aggregates 13 / 32
  • 14. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ADJUSTABLE JOIN (JOIN-ADJ) Join columns with the same encryption Prevent join without request JOIN(x) = JOIN-ADJ(x)||DET(x) JOIN-ADJ is non-invertible Can obtain x by decrypting DET(x) Can join columns by using JOIN-ADJ(x) 14 / 32
  • 15. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion WORD SEARCH (SEARCH) Searches on encrypted text Allows LIKE operations Does not support regular expressions Nearly as secure as RND Leaks the number of duplicated words 15 / 32
  • 16. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 16 / 32
  • 17. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion INTUITION Different encryption models Different security levels Allow different computations Balance between security and functionality Adjust the encryption at runtime 17 / 32
  • 18. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ONION MODEL Each data item has layers of encryption Layers form an onion 18 / 32
  • 19. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion DATA LAYOUT Multiple onions for one data item 19 / 32
  • 20. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion DECRYPTION OF ONIONS The proxy issues a decryption using UDFs User Defined Functions Speeds up subsequent queries Example Decrypt onion Ord of column 2 in Table1: UPDATE Table1 SET C2-ORD = DECRYPT RND(K,C2-ORD,C2-IV) 20 / 32
  • 21. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion DECRYPTION OF ONIONS The proxy issues a decryption using UDFs User Defined Functions Speeds up subsequent queries Example Decrypt onion Ord of column 2 in Table1: UPDATE Table1 SET C2-ORD = DECRYPT RND(K,C2-ORD,C2-IV Decryption from RND requires the initializa- tion vector (IV) ) 20 / 32
  • 22. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example Initial query: SELECT ID FROM Employees WHERE Name = ’Alice’ 1 - Lower encryption of Name to DET: UPDATE Table1 SET C2-Eq = DECRYPT RND(KT1,C2,Eq,RND,C2-Eq,C2-IV) 21 / 32
  • 23. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example Initial query: SELECT ID FROM Employees WHERE Name = ’Alice’ 1 - Lower encryption of Name to DET: UPDATE Table1 SET C2-Eq = DECRYPT RND(KT1,C2,Eq,RND Key for decrypting layer RND, of onion Eq, of column C2, on table T1 ,C2-Eq,C2-IV) 21 / 32
  • 24. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example Initial query: SELECT ID FROM Employees WHERE Name = ’Alice’ 1 - Lower encryption of Name to DET: UPDATE Table1 SET C2-Eq = DECRYPT RND(KT1,C2,Eq,RND,C2-Eq,C2-IV) 21 / 32
  • 25. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example (Cont.) 2 - Perform the selection: SELECT C1-Eq, C1-IV FROM Table1 WHERE C2-Eq = ’x7..d’ 3 - Decrypt results using keys KT1,C1,Eq,RND, KT1,C1,Eq,DET, KT1,C1,Eq,JOIN and obtain the final result: 23. 21 / 32
  • 26. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example (Cont.) 2 - Perform the selection: SELECT C1-Eq, C1-IV Requires the initializa- tion vector (IV) to de- crypt layer RND FROM Table1 WHERE C2-Eq = ’x7..d’ 3 - Decrypt results using keys KT1,C1,Eq,RND, KT1,C1,Eq,DET, KT1,C1,Eq,JOIN and obtain the final result: 23. 21 / 32
  • 27. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example (Cont.) 2 - Perform the selection: SELECT C1-Eq, C1-IV FROM Table1 WHERE C2-Eq = ’x7..d’ Encryption of the value ’Alice’ with layers JOIN and DET 3 - Decrypt results using keys KT1,C1,Eq,RND, KT1,C1,Eq,DET, KT1,C1,Eq,JOIN and obtain the final result: 23. 21 / 32
  • 28. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion QUERY EXECUTION Example (Cont.) 2 - Perform the selection: SELECT C1-Eq, C1-IV FROM Table1 WHERE C2-Eq = ’x7..d’ 3 - Decrypt results using keys KT1,C1,Eq,RND, KT1,C1,Eq,DET, KT1,C1,Eq,JOIN and obtain the final result: 23 Decrypts three layers to obtain the plaintext . 21 / 32
  • 29. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion IMPROVING SECURITY Minimum number of layers Specify the lowest layer revealed Onion re-encryption Re-encrypt onions after infrequent queries 22 / 32
  • 30. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion IMPROVING PERFORMANCE Training mode Obtain correctly adjusted layers Cyphertext pre-computing and caching Encryption of HOM and OPE are expensive Pre-computes and caches frequent constants for HOM and OPE under different keys 23 / 32
  • 31. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 24 / 32
  • 32. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion IMPLEMENTATION C++ library: 18.000 lines Lua module: 150 lines MySQL 5.1 NTL library Cryptographic implementation 25 / 32
  • 33. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion ENVIRONMENT Server Node with two 2.46Ghz Intel Xeon E5620 4-cores 12GB RAM Proxy and clients Node with eight 2.4Ghz AMD Opteron 8431 6-cores 64GB RAM All workloads fit in the server’s RAM 26 / 32
  • 34. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion PERFORMANCE Using TPC-C workload 21% to 26% slower than plaintext MySQL 27 / 32
  • 35. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion PERFORMANCE PER QUERY TYPE Slower for queries involving HOM (SUM) 28 / 32
  • 36. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion LATENCY Overall server latency increased by 20% Proxy adds 0.6ms 23% in encryption and decryption 24% in MySQL proxy 53% in parsing and processing 29 / 32
  • 37. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion STORAGE Increased required storage Multiple onions per field Some ciphertexts are larger than plaintexts – HOM maps 32 bits integer to 2048 bits Increased size by 3.76 times using TPC-C 30 / 32
  • 38. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion OUTLINE 1 Introduction 2 SQL-Aware Encryption 3 Adjustable Encryption 4 Experiments 5 Conclusion 31 / 32
  • 39. Introduction SQL-Aware Encryption Adjustable Encryption Experiments Conclusion CONCLUSION Provide practical confidentiality Deal with two threat models Curious DBAs Compromise of DBMS server Main points SQL-Aware encryption Adjustable encryption Modest performance penalty 14.5% to 26% 32 / 32