SlideShare a Scribd company logo

PaaSword - Distributed Searchable Encryption Engine

PaaSword EU Project
PaaSword EU Project

Presentations of the 1st PaaSword CS-IFG Workshop that took place on 10th of November 2016 in Athens, Greece

Software
1 of 15
Download to read offline
www.paasword.eu Distributed Searchable Encryption Engine Innovathens 11/10/2016
Outline Objectives Architecture and DB Transform Example of an SQL Query in PaaSword Improvements so far PaaSword – WP4 (Database Encryption)18/11/2016 2
Objectives Improve Privacy in a transparent way Automatic encryption and decryption Automatic distribution synthesis Sufficient (but restricted) support for SQL Most important queries should be supported Efficiency Acceptable performance impact PaaSword – WP4 (Database Encryption)18/11/2016 3
Basic Idea PaaSword18/11/2016 4 Client Cloud DB DB Proxy Cloud DBClient Common (insecure) scenario Desired (secure) scenario
DB Proxy Architecture PaaSword18/11/2016 5 Data Index2Index1 SQL SQLDatabase Proxy (trusted) SQL Cloud (untrusted) User / Application Data (not encrypted) Data (encrypted)
Database Transformation PaaSword18/11/2016 6 ID Name Surname City Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Howard Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1985 ID Encrypted Data 1 Enc(Paul,Anderson,Athens,01.01.1979) 2 Enc(Howard,Miller,Karlsruhe,02.02.1974) 3 Enc(Henry,Cooper,Berlin,03.03.1980) 4 Enc(Henry,Jones,Brussels,04.04.1985) Data Keyword IDs Name:Paul Enc(1) Name:Howard Enc(2) Name:Henry Enc(3,4) Index1 Keyword IDs Surname:Anderson Enc(1) Surname:Miller Enc(2) Surname:Cooper Enc(3) Surname:Jones Enc(4) Index2 Original Association is hidden
Example (1/4) PaaSword18/11/2016 7 •SQL-Query: •SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘ Data Index2Index1 SELECT ID FROM Index1 WHERE Keyword=‘Name:Henry‘ SELECT ID FROM Index2 WHERE Keyword=‘Surname:Jones‘ transform query ID Name Surname Stadt Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983 Database Proxy SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘
Example (2/4) PaaSword18/11/2016 8 •SQL-Query: •SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘ Data Index2Index1 IDs Enc(3,4) IDs Enc(4) decrypt and compute result Database Proxy ID 4 ID Name Surname Stadt Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983
Example (3/4) PaaSword18/11/2016 9 •SQL-Query: •SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘ Data Index2Index1 SELECT * FROM Data WHERE ‘ID’ in {4} retrieve relevant data ID Name Surname City Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983 Database Proxy ID Name Surname Stadt Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983
Example (4/4) PaaSword18/11/2016 10 •SQL-Query: •SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘ Data Index2Index1 Henry,Jones,Brussels,04.04.1983 decrypt and return result Database Proxy Enc(Henry,Jones,Brussels,04.04.1983) ID Name Surname Stadt Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983
Improvements (1/2) PaaSword18/11/2016 11 ID Name Surname City Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Howard Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1985 ID Encrypted Data 1 Enc(Paul,Anderson,Athens,01.01.1979) 2 Enc(Howard,Miller,Karlsruhe,02.02.1974) 3 Enc(Henry,Cooper,Berlin,03.03.1980) 4 Enc(Henry,Jones,Brussels,04.04.1985) Data Keyword-Name IDs Enc(Paul) Enc(1) Enc(Howard) Enc(2) Enc(Henry) Enc(3,4) Index1 Keyword-Surname IDs Enc(Anderson) Enc(1) Enc(Miller) Enc(2) Enc(Cooper) Enc(3) Enc(Jones) Enc(4) Index2 Original Keyword Encryption • AES (deterministic) • Support for most query types (excl. LIKE) Index Distribution • Index for same data type can be stored at different server Data Distribution Minimize exposure of sensitive information by careful distribution
PaaSword18/11/2016 12 Improvements (2/2) Feature Support Before PaaSword Current State Index Encryption Multiple Tables Joins Subselect LIKE Partial * Privacy Constraints Data Distribution * Only if index keyword is not encrypted
Supported Statements SELECT, UPDATE, INSERT, DELETE, DROP TABLE, ALTER TABLE Joins Left/right, full/outer/inner, … =, NOT, AND, OR, IN LIKE (%) SELECT (SELECT …) ) <, <=, >, >= GROUP BY, LIMIT, AVG, SUM PaaSword – WP4 (Database Encryption)18/11/2016 13
Way forward Extend SQL query support for encrypted index Improve performance Measure performance in different scenarios Integrate into PaaSword framework Include key management PaaSword18/11/2016 14
PaaSword18/11/2016 15 Questions? Visit us: www.paasword.euAcknowledgements: This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644814.

Recommended

Bill of Materials Database
Bill of Materials DatabaseBill of Materials Database
Bill of Materials DatabaseJohn Chugh
 
Searchable Encryption
Searchable EncryptionSearchable Encryption
Searchable EncryptionNagendra Posani
 
CipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption SystemsChristopher Frenz
 
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...Mateus S. H. Cruz
 
Search on encrypted data
Search on encrypted dataSearch on encrypted data
Search on encrypted dataSELASI OCANSEY
 
Kapanowski FINAL_Lean Assessment
Kapanowski FINAL_Lean AssessmentKapanowski FINAL_Lean Assessment
Kapanowski FINAL_Lean AssessmentGary Kapanowski
 
Conducting Bicycle Counts_McCarthy
Conducting Bicycle Counts_McCarthyConducting Bicycle Counts_McCarthy
Conducting Bicycle Counts_McCarthyLev McCarthy
 

Recommended

Bill of Materials Database
Bill of Materials DatabaseBill of Materials Database
Bill of Materials DatabaseJohn Chugh
 
Searchable Encryption
Searchable EncryptionSearchable Encryption
Searchable EncryptionNagendra Posani
 
CipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption SystemsChristopher Frenz
 
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...Mateus S. H. Cruz
 
Search on encrypted data
Search on encrypted dataSearch on encrypted data
Search on encrypted dataSELASI OCANSEY
 
Kapanowski FINAL_Lean Assessment
Kapanowski FINAL_Lean AssessmentKapanowski FINAL_Lean Assessment
Kapanowski FINAL_Lean AssessmentGary Kapanowski
 
Conducting Bicycle Counts_McCarthy
Conducting Bicycle Counts_McCarthyConducting Bicycle Counts_McCarthy
Conducting Bicycle Counts_McCarthyLev McCarthy
 
sujata
sujatasujata
sujataAlice Notarianni
 
mamtalq
mamtalqmamtalq
mamtalqAlice Notarianni
 
Portfolio
PortfolioPortfolio
PortfolioЕріка Микуланинець
 
LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)
LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)
LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)Julian Gamboa
 
Portfolio
PortfolioPortfolio
PortfolioЕріка Микуланинець
 
TechSheet_Focus3D X 330
TechSheet_Focus3D X 330TechSheet_Focus3D X 330
TechSheet_Focus3D X 330Derrick McBreairty
 
Kapanowski FINAL_CIPL
Kapanowski FINAL_CIPLKapanowski FINAL_CIPL
Kapanowski FINAL_CIPLGary Kapanowski
 
Revathy pp da 1
Revathy pp da 1Revathy pp da 1
Revathy pp da 1revasurev
 
Ajay_oracle dba
Ajay_oracle dbaAjay_oracle dba
Ajay_oracle dbaajay pat
 
Word Cloud | LBSA Marketing Fall 2015
Word Cloud | LBSA Marketing Fall 2015Word Cloud | LBSA Marketing Fall 2015
Word Cloud | LBSA Marketing Fall 2015Julian Gamboa
 
Soudip sinha roy
Soudip sinha roySoudip sinha roy
Soudip sinha roySoudip Sinha Roy
 
Acucut Presentation.rev1
Acucut Presentation.rev1Acucut Presentation.rev1
Acucut Presentation.rev1Ajit Shah
 
PassiveVoiceChart
PassiveVoiceChartPassiveVoiceChart
PassiveVoiceChartaalr94
 
Método Alemão
Método AlemãoMétodo Alemão
Método Alemãotaina2105
 
Energía solar - definiciones y terminología
Energía solar - definiciones y terminologíaEnergía solar - definiciones y terminología
Energía solar - definiciones y terminologíaBrad Pitt
 
Integrated Business Solutions
Integrated Business SolutionsIntegrated Business Solutions
Integrated Business Solutionsonesystemau
 
DePauwThesis
DePauwThesisDePauwThesis
DePauwThesisWhitney Grandi
 
Mike Faris
Mike FarisMike Faris
Mike FarisMichael Faris
 
Lightning Talk: Agility & Databases
Lightning Talk: Agility & DatabasesLightning Talk: Agility & Databases
Lightning Talk: Agility & DatabasesUwe Printz
 
Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...
Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...
Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...Spark Summit
 
Sparkler at spark summit east 2017
Sparkler at spark summit east 2017Sparkler at spark summit east 2017
Sparkler at spark summit east 2017Thamme Gowda
 
Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Karanjeet Singh
 

More Related Content

Viewers also liked

LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)
LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)
LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)Julian Gamboa
 
Revathy pp da 1
Revathy pp da 1Revathy pp da 1
Revathy pp da 1revasurev
 
Ajay_oracle dba
Ajay_oracle dbaAjay_oracle dba
Ajay_oracle dbaajay pat
 
Word Cloud | LBSA Marketing Fall 2015
Word Cloud | LBSA Marketing Fall 2015Word Cloud | LBSA Marketing Fall 2015
Word Cloud | LBSA Marketing Fall 2015Julian Gamboa
 
Acucut Presentation.rev1
Acucut Presentation.rev1Acucut Presentation.rev1
Acucut Presentation.rev1Ajit Shah
 
PassiveVoiceChart
PassiveVoiceChartPassiveVoiceChart
PassiveVoiceChartaalr94
 
Método Alemão
Método AlemãoMétodo Alemão
Método Alemãotaina2105
 
Energía solar - definiciones y terminología
Energía solar - definiciones y terminologíaEnergía solar - definiciones y terminología
Energía solar - definiciones y terminologíaBrad Pitt
 
Integrated Business Solutions
Integrated Business SolutionsIntegrated Business Solutions
Integrated Business Solutionsonesystemau
 

Viewers also liked (18)

sujata
sujatasujata
sujata
 
mamtalq
mamtalqmamtalq
mamtalq
 
Portfolio
PortfolioPortfolio
Portfolio
 
LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)
LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)
LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)
 
Portfolio
PortfolioPortfolio
Portfolio
 
TechSheet_Focus3D X 330
TechSheet_Focus3D X 330TechSheet_Focus3D X 330
TechSheet_Focus3D X 330
 
Kapanowski FINAL_CIPL
Kapanowski FINAL_CIPLKapanowski FINAL_CIPL
Kapanowski FINAL_CIPL
 
Revathy pp da 1
Revathy pp da 1Revathy pp da 1
Revathy pp da 1
 
Ajay_oracle dba
Ajay_oracle dbaAjay_oracle dba
Ajay_oracle dba
 
Word Cloud | LBSA Marketing Fall 2015
Word Cloud | LBSA Marketing Fall 2015Word Cloud | LBSA Marketing Fall 2015
Word Cloud | LBSA Marketing Fall 2015
 
Soudip sinha roy
Soudip sinha roySoudip sinha roy
Soudip sinha roy
 
Acucut Presentation.rev1
Acucut Presentation.rev1Acucut Presentation.rev1
Acucut Presentation.rev1
 
PassiveVoiceChart
PassiveVoiceChartPassiveVoiceChart
PassiveVoiceChart
 
Método Alemão
Método AlemãoMétodo Alemão
Método Alemão
 
Energía solar - definiciones y terminología
Energía solar - definiciones y terminologíaEnergía solar - definiciones y terminología
Energía solar - definiciones y terminología
 
Integrated Business Solutions
Integrated Business SolutionsIntegrated Business Solutions
Integrated Business Solutions
 
DePauwThesis
DePauwThesisDePauwThesis
DePauwThesis
 
Mike Faris
Mike FarisMike Faris
Mike Faris
 

Similar to PaaSword - Distributed Searchable Encryption Engine

Lightning Talk: Agility & Databases
Lightning Talk: Agility & DatabasesLightning Talk: Agility & Databases
Lightning Talk: Agility & DatabasesUwe Printz
 
Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...
Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...
Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...Spark Summit
 
Sparkler at spark summit east 2017
Sparkler at spark summit east 2017Sparkler at spark summit east 2017
Sparkler at spark summit east 2017Thamme Gowda
 
Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Karanjeet Singh
 
A researcher driven data description for the archived web: Why and how?
A researcher driven data description for the archived web: Why and how?A researcher driven data description for the archived web: Why and how?
A researcher driven data description for the archived web: Why and how?WARCnet
 
Interconnecting Belgian national and regional address data using EC ISA "Loca...
Interconnecting Belgian national and regional address data using EC ISA "Loca...Interconnecting Belgian national and regional address data using EC ISA "Loca...
Interconnecting Belgian national and regional address data using EC ISA "Loca...PeterWinstanley1
 

Similar to PaaSword - Distributed Searchable Encryption Engine (7)

Lightning Talk: Agility & Databases
Lightning Talk: Agility & DatabasesLightning Talk: Agility & Databases
Lightning Talk: Agility & Databases
 
Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...
Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...
Sparkler—Crawler on Apache Spark: Spark Summit East talk by Karanjeet Singh a...
 
Sparkler at spark summit east 2017
Sparkler at spark summit east 2017Sparkler at spark summit east 2017
Sparkler at spark summit east 2017
 
Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017
 
A researcher driven data description for the archived web: Why and how?
A researcher driven data description for the archived web: Why and how?A researcher driven data description for the archived web: Why and how?
A researcher driven data description for the archived web: Why and how?
 
US7167901
US7167901US7167901
US7167901
 
Interconnecting Belgian national and regional address data using EC ISA "Loca...
Interconnecting Belgian national and regional address data using EC ISA "Loca...Interconnecting Belgian national and regional address data using EC ISA "Loca...
Interconnecting Belgian national and regional address data using EC ISA "Loca...
 

More from PaaSword EU Project

PaaSword - No More Dark Clouds with PaaSword
PaaSword - No More Dark Clouds with PaaSwordPaaSword - No More Dark Clouds with PaaSword
PaaSword - No More Dark Clouds with PaaSwordPaaSword EU Project
 
PaaSword - Context-aware Access Control
PaaSword - Context-aware Access ControlPaaSword - Context-aware Access Control
PaaSword - Context-aware Access ControlPaaSword EU Project
 
PaaSword Presentation - Project Overview
PaaSword Presentation - Project OverviewPaaSword Presentation - Project Overview
PaaSword Presentation - Project OverviewPaaSword EU Project
 
No More Dark Clouds With PaaSword - An Innovative Security By Design Framework
No More Dark Clouds With PaaSword - An Innovative Security By Design FrameworkNo More Dark Clouds With PaaSword - An Innovative Security By Design Framework
No More Dark Clouds With PaaSword - An Innovative Security By Design FrameworkPaaSword EU Project
 
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service FrameworkA Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service FrameworkPaaSword EU Project
 
Towards Trusted eHealth Services in the Cloud
Towards Trusted eHealth Services in the CloudTowards Trusted eHealth Services in the Cloud
Towards Trusted eHealth Services in the CloudPaaSword EU Project
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudPaaSword EU Project
 
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...PaaSword EU Project
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudPaaSword EU Project
 
PaaSword's main idea, technical architecture and scientific challenges
PaaSword's main idea, technical architecture and scientific challenges PaaSword's main idea, technical architecture and scientific challenges
PaaSword's main idea, technical architecture and scientific challenges PaaSword EU Project
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
 

More from PaaSword EU Project (14)

PaaSword - No More Dark Clouds with PaaSword
PaaSword - No More Dark Clouds with PaaSwordPaaSword - No More Dark Clouds with PaaSword
PaaSword - No More Dark Clouds with PaaSword
 
PaaSword - Technology Baseline
PaaSword - Technology BaselinePaaSword - Technology Baseline
PaaSword - Technology Baseline
 
PaaSword - Context-aware Access Control
PaaSword - Context-aware Access ControlPaaSword - Context-aware Access Control
PaaSword - Context-aware Access Control
 
PaaSword-Business Cases
PaaSword-Business CasesPaaSword-Business Cases
PaaSword-Business Cases
 
Daten unter Kontrolle
Daten unter KontrolleDaten unter Kontrolle
Daten unter Kontrolle
 
PaaSword Presentation - Project Overview
PaaSword Presentation - Project OverviewPaaSword Presentation - Project Overview
PaaSword Presentation - Project Overview
 
No More Dark Clouds With PaaSword - An Innovative Security By Design Framework
No More Dark Clouds With PaaSword - An Innovative Security By Design FrameworkNo More Dark Clouds With PaaSword - An Innovative Security By Design Framework
No More Dark Clouds With PaaSword - An Innovative Security By Design Framework
 
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service FrameworkA Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
 
Towards Trusted eHealth Services in the Cloud
Towards Trusted eHealth Services in the CloudTowards Trusted eHealth Services in the Cloud
Towards Trusted eHealth Services in the Cloud
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the Cloud
 
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
 
PaaSword's main idea, technical architecture and scientific challenges
PaaSword's main idea, technical architecture and scientific challenges PaaSword's main idea, technical architecture and scientific challenges
PaaSword's main idea, technical architecture and scientific challenges
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
 

Recently uploaded

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 

Recently uploaded (20)

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 

PaaSword - Distributed Searchable Encryption Engine

  • 2. Outline Objectives Architecture and DB Transform Example of an SQL Query in PaaSword Improvements so far PaaSword – WP4 (Database Encryption)18/11/2016 2
  • 3. Objectives Improve Privacy in a transparent way Automatic encryption and decryption Automatic distribution synthesis Sufficient (but restricted) support for SQL Most important queries should be supported Efficiency Acceptable performance impact PaaSword – WP4 (Database Encryption)18/11/2016 3
  • 4. Basic Idea PaaSword18/11/2016 4 Client Cloud DB DB Proxy Cloud DBClient Common (insecure) scenario Desired (secure) scenario
  • 5. DB Proxy Architecture PaaSword18/11/2016 5 Data Index2Index1 SQL SQLDatabase Proxy (trusted) SQL Cloud (untrusted) User / Application Data (not encrypted) Data (encrypted)
  • 6. Database Transformation PaaSword18/11/2016 6 ID Name Surname City Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Howard Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1985 ID Encrypted Data 1 Enc(Paul,Anderson,Athens,01.01.1979) 2 Enc(Howard,Miller,Karlsruhe,02.02.1974) 3 Enc(Henry,Cooper,Berlin,03.03.1980) 4 Enc(Henry,Jones,Brussels,04.04.1985) Data Keyword IDs Name:Paul Enc(1) Name:Howard Enc(2) Name:Henry Enc(3,4) Index1 Keyword IDs Surname:Anderson Enc(1) Surname:Miller Enc(2) Surname:Cooper Enc(3) Surname:Jones Enc(4) Index2 Original Association is hidden
  • 7. Example (1/4) PaaSword18/11/2016 7 •SQL-Query: •SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘ Data Index2Index1 SELECT ID FROM Index1 WHERE Keyword=‘Name:Henry‘ SELECT ID FROM Index2 WHERE Keyword=‘Surname:Jones‘ transform query ID Name Surname Stadt Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983 Database Proxy SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘
  • 8. Example (2/4) PaaSword18/11/2016 8 •SQL-Query: •SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘ Data Index2Index1 IDs Enc(3,4) IDs Enc(4) decrypt and compute result Database Proxy ID 4 ID Name Surname Stadt Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983
  • 9. Example (3/4) PaaSword18/11/2016 9 •SQL-Query: •SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘ Data Index2Index1 SELECT * FROM Data WHERE ‘ID’ in {4} retrieve relevant data ID Name Surname City Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983 Database Proxy ID Name Surname Stadt Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983
  • 10. Example (4/4) PaaSword18/11/2016 10 •SQL-Query: •SELECT * FROM Customers WHERE Name=‚Henry‘ AND Surname=‚Jones‘ Data Index2Index1 Henry,Jones,Brussels,04.04.1983 decrypt and return result Database Proxy Enc(Henry,Jones,Brussels,04.04.1983) ID Name Surname Stadt Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Hans Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1983
  • 11. Improvements (1/2) PaaSword18/11/2016 11 ID Name Surname City Day of Birth 1 Paul Anderson Athens 01.01.1979 2 Howard Miller Karlsruhe 02.02.1974 3 Henry Cooper Berlin 03.03.1980 4 Henry Jones Brussels 04.04.1985 ID Encrypted Data 1 Enc(Paul,Anderson,Athens,01.01.1979) 2 Enc(Howard,Miller,Karlsruhe,02.02.1974) 3 Enc(Henry,Cooper,Berlin,03.03.1980) 4 Enc(Henry,Jones,Brussels,04.04.1985) Data Keyword-Name IDs Enc(Paul) Enc(1) Enc(Howard) Enc(2) Enc(Henry) Enc(3,4) Index1 Keyword-Surname IDs Enc(Anderson) Enc(1) Enc(Miller) Enc(2) Enc(Cooper) Enc(3) Enc(Jones) Enc(4) Index2 Original Keyword Encryption • AES (deterministic) • Support for most query types (excl. LIKE) Index Distribution • Index for same data type can be stored at different server Data Distribution Minimize exposure of sensitive information by careful distribution
  • 12. PaaSword18/11/2016 12 Improvements (2/2) Feature Support Before PaaSword Current State Index Encryption Multiple Tables Joins Subselect LIKE Partial * Privacy Constraints Data Distribution * Only if index keyword is not encrypted
  • 13. Supported Statements SELECT, UPDATE, INSERT, DELETE, DROP TABLE, ALTER TABLE Joins Left/right, full/outer/inner, … =, NOT, AND, OR, IN LIKE (%) SELECT (SELECT …) ) <, <=, >, >= GROUP BY, LIMIT, AVG, SUM PaaSword – WP4 (Database Encryption)18/11/2016 13
  • 14. Way forward Extend SQL query support for encrypted index Improve performance Measure performance in different scenarios Integrate into PaaSword framework Include key management PaaSword18/11/2016 14
  • 15. PaaSword18/11/2016 15 Questions? Visit us: www.paasword.euAcknowledgements: This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644814.