SlideShare a Scribd company logo

connect

P
Prakruti Chandrashekar
1 of 16
Download to read offline
International Institute of Information Technology Ecient Format Preserving Encrypted Databases Prakruti C prakruti@iiitb.org Sashank Dara sdara@cisco.com Muralidhara V.N murali@iiitb.org July 9, 2015
1 Content CryptDB Chanllenges in CryptDB Format Preserving Encryption Flexible Naor and Reingold Scheme FP-CryptDB Experiments and Results Storage gain using FP-CryptDB performance measure of FP-CryptDB Conclusion and Future Work Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
2 CryptDB CryptDB is a Onion-Layered Encryption System used to protect data confidentiality and privacy in applications that are backed by SQL databases. Functions of CryptDB Protect Confidentiality of Data Process SQL queries on Encrypted Data Protect Data against Passive Attacks on Database Servers by malicious Database Administrators Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
3 Challenges in CryptDB Use of conventional cryptographic schemes like AES-CBC, AES-CMC, BlowFish for encryption AES ciphers require more storage space Format of input plaintext is not preserved Removal of Format can open up security vulnerabilities Can pave way for SQL injection attacks example Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
4 Format Preserving Encryption Format Preserving Encryption (FPE) refers to encrypting in such a way that the output (the ciphertext) is in the same format as the input (the plaintext) Example: Format Preserving Encryption of an IPv4 Address Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
5 FNR: Flexible Naor and Reingold Scheme Small Domain Block Cipher based on classic Feistel Networks Can cipher small domain input data formats such as IPv4(32), IPv6(32), MAC addresses etc Preserves the format and length of small domain input data Uses Pairwise Independent Permutation Function based on N × N Invertible Matrices Uses AES scheme for input block encryption Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
6 FP-CryptDB: CryptDB + FPE We propose FP-CryptDB, which is a combination of CryptDB and FPE We implement format-preserving encryption schemes in CryptDB to preserve the length and format of input data and thereby re- duce the length of the ciphertext. FP-CryptDB Uses FNR encryption scheme for encryption of input database fields Preserves the length and format of input database fields 1. Preserves format of IPv4 addresses 2. Preserves format of Timestamps of the form 'yyyy/mm/ddThh:mm:ss' using a proposed format-preserving algorithm 3. Preserves format of Integer datatype Achieves reduction in encrypted database size Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
7 Experiments and Results Plain Text Cipher Text Raw(Dotted) Ranked(Integer) Raw(Integer) De-ranked(Dotted) 64.243.129.86 941079480 1226870871 73.32.144.87 56.23.187.184 2213763856 1067498731 63.160.188.235 131.243.91.16 4026531837 2739475379 163.73.19.179 Table: Format preservation of IPv4 Addresses Plain Text Cipher Text Raw(String) Ranked(Integer) Raw(Integer) De-Ranked(String) Date String Unix Timestamp Unix timestamp Date String 2004/11/16T21:04:05 1100639045 1531152620 2018/07/09T16:10:20 2004/11/15T15:44:38 1100533478 627185476 1989/11/16T02:11:16 1988/01/14T09:27:05 569150825 3645016902 2085/07/03T16:41:42 Table: Format preservation of Timestamps Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
8 Storage gain in FP-CryptDB We achieve 50% Storage gain using FP-CryptDB Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
9 performance measure of FP-CryptDB There is a performance degrade in the case of FP-CryptDB as compared to CryptDB The performance degrades y ≈ 7x times times Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
10 Conclusion and Future Work We proposed Format Preserving Encrypted Databases, FP-CryptDB We have taken Network Monitoring as our reference Application We have provided experimental results on storage gains that could be achieved using FPE schemes with a degrade in performance. Future work includes building applications like threat analytics on encrypted data using FP-CryptDB and Crypt-DB, to achieve data security. Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
11 Thank You! Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
12 An Example: Encryption of a 16-digit Credit Card Number Figure: where the conventional encryption schemes radically alter the structure of data, Format Preserving Encryption maintains Data Format Integrity, significantly minimizing changes to existing applications back Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
13 Technical Architecture of CryptDB CryptDB is a complex system that is comprised of: Application Server Proxy Server DBMS Server Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
14 Onion layers of CryptDB Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
15 Onion layers of FP-CryptDB Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |

Recommended

Intro elasticsearch taswarbhatti
Intro elasticsearch taswarbhattiIntro elasticsearch taswarbhatti
Intro elasticsearch taswarbhattiTaswar Bhatti
 
Distributed Cache, bridging C++ to new technologies (Hazelcast)
Distributed Cache, bridging C++ to new technologies (Hazelcast)Distributed Cache, bridging C++ to new technologies (Hazelcast)
Distributed Cache, bridging C++ to new technologies (Hazelcast)Ovidiu Farauanu
 
Graylog is the New Black
Graylog is the New BlackGraylog is the New Black
Graylog is the New BlackMegan Roddie
 
CPaaS.io Y1 Review Meeting - Holistic Data Management
CPaaS.io Y1 Review Meeting - Holistic Data ManagementCPaaS.io Y1 Review Meeting - Holistic Data Management
CPaaS.io Y1 Review Meeting - Holistic Data ManagementStephan Haller
 
FIWARE Global Summit - NGSI-LD: Modelling, Linking and Utilizing Context Info...
FIWARE Global Summit - NGSI-LD: Modelling, Linking and Utilizing Context Info...FIWARE Global Summit - NGSI-LD: Modelling, Linking and Utilizing Context Info...
FIWARE Global Summit - NGSI-LD: Modelling, Linking and Utilizing Context Info...FIWARE
 
Topic modeling using big data analytics
Topic modeling using big data analytics Topic modeling using big data analytics
Topic modeling using big data analytics Farheen Nilofer
 
Research Papers Recommender based on Digital Repositories Metadata
Research Papers Recommender based on Digital Repositories MetadataResearch Papers Recommender based on Digital Repositories Metadata
Research Papers Recommender based on Digital Repositories MetadataRicard de la Vega
 
معرفی کاربردهای یادگیری عمیق و چالش های آن در کلان داده
معرفی کاربردهای یادگیری عمیق و چالش های آن در کلان دادهمعرفی کاربردهای یادگیری عمیق و چالش های آن در کلان داده
معرفی کاربردهای یادگیری عمیق و چالش های آن در کلان دادهWeb Standards School
 

Recommended

Intro elasticsearch taswarbhatti
Intro elasticsearch taswarbhattiIntro elasticsearch taswarbhatti
Intro elasticsearch taswarbhattiTaswar Bhatti
 
Distributed Cache, bridging C++ to new technologies (Hazelcast)
Distributed Cache, bridging C++ to new technologies (Hazelcast)Distributed Cache, bridging C++ to new technologies (Hazelcast)
Distributed Cache, bridging C++ to new technologies (Hazelcast)Ovidiu Farauanu
 
Graylog is the New Black
Graylog is the New BlackGraylog is the New Black
Graylog is the New BlackMegan Roddie
 
CPaaS.io Y1 Review Meeting - Holistic Data Management
CPaaS.io Y1 Review Meeting - Holistic Data ManagementCPaaS.io Y1 Review Meeting - Holistic Data Management
CPaaS.io Y1 Review Meeting - Holistic Data ManagementStephan Haller
 
FIWARE Global Summit - NGSI-LD: Modelling, Linking and Utilizing Context Info...
FIWARE Global Summit - NGSI-LD: Modelling, Linking and Utilizing Context Info...FIWARE Global Summit - NGSI-LD: Modelling, Linking and Utilizing Context Info...
FIWARE Global Summit - NGSI-LD: Modelling, Linking and Utilizing Context Info...FIWARE
 
Topic modeling using big data analytics
Topic modeling using big data analytics Topic modeling using big data analytics
Topic modeling using big data analytics Farheen Nilofer
 
Research Papers Recommender based on Digital Repositories Metadata
Research Papers Recommender based on Digital Repositories MetadataResearch Papers Recommender based on Digital Repositories Metadata
Research Papers Recommender based on Digital Repositories MetadataRicard de la Vega
 
معرفی کاربردهای یادگیری عمیق و چالش های آن در کلان داده
معرفی کاربردهای یادگیری عمیق و چالش های آن در کلان دادهمعرفی کاربردهای یادگیری عمیق و چالش های آن در کلان داده
معرفی کاربردهای یادگیری عمیق و چالش های آن در کلان دادهWeb Standards School
 
Processing genetic data at scale
Processing genetic data at scaleProcessing genetic data at scale
Processing genetic data at scaleMark Schroering
 
Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...
Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...
Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...Yahoo Developer Network
 
Block-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplicationBlock-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplicationIRJET Journal
 
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...IRJET Journal
 
Watermarking of JPEG2000 Compressed Images with Improved Encryption
Watermarking of JPEG2000 Compressed Images with Improved EncryptionWatermarking of JPEG2000 Compressed Images with Improved Encryption
Watermarking of JPEG2000 Compressed Images with Improved EncryptionEditor IJCATR
 
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...IRJET Journal
 
TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform Seldon
 
Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...
Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...
Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...DataStax
 
1670 1673
1670 16731670 1673
1670 1673Editor IJARCET
 
1670 1673
1670 16731670 1673
1670 1673Editor IJARCET
 
P4_tutorial.pdf
P4_tutorial.pdfP4_tutorial.pdf
P4_tutorial.pdfPramodhN3
 
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataA Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataIRJET Journal
 
Better Together: How Graph database enables easy data integration with Spark ...
Better Together: How Graph database enables easy data integration with Spark ...Better Together: How Graph database enables easy data integration with Spark ...
Better Together: How Graph database enables easy data integration with Spark ...TigerGraph
 
Privacy preserving repositoy
Privacy preserving repositoyPrivacy preserving repositoy
Privacy preserving repositoymanishajadhav13j
 
Resume_Mohan Selvamoorthy_Sec
Resume_Mohan Selvamoorthy_SecResume_Mohan Selvamoorthy_Sec
Resume_Mohan Selvamoorthy_SecMohan RamKarthik Selvamoorthy
 
A DHT Chord-like mannered overlay-network to store and retrieve data
A DHT Chord-like mannered overlay-network to store and retrieve dataA DHT Chord-like mannered overlay-network to store and retrieve data
A DHT Chord-like mannered overlay-network to store and retrieve dataAndrea Tino
 
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in CloudIRJET Journal
 
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...ScyllaDB
 
IRJET- Privacy Preserving Encrypted Keyword Search Schemes
IRJET- Privacy Preserving Encrypted Keyword Search SchemesIRJET- Privacy Preserving Encrypted Keyword Search Schemes
IRJET- Privacy Preserving Encrypted Keyword Search SchemesIRJET Journal
 
Private datawarehouse queries
Private datawarehouse queriesPrivate datawarehouse queries
Private datawarehouse queriesEr Deepshikha Varshney
 

More Related Content

Similar to connect

Processing genetic data at scale
Processing genetic data at scaleProcessing genetic data at scale
Processing genetic data at scaleMark Schroering
 
Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...
Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...
Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...Yahoo Developer Network
 
Block-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplicationBlock-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplicationIRJET Journal
 
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...IRJET Journal
 
Watermarking of JPEG2000 Compressed Images with Improved Encryption
Watermarking of JPEG2000 Compressed Images with Improved EncryptionWatermarking of JPEG2000 Compressed Images with Improved Encryption
Watermarking of JPEG2000 Compressed Images with Improved EncryptionEditor IJCATR
 
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...IRJET Journal
 
TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform Seldon
 
Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...
Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...
Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...DataStax
 
P4_tutorial.pdf
P4_tutorial.pdfP4_tutorial.pdf
P4_tutorial.pdfPramodhN3
 
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataA Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataIRJET Journal
 
Better Together: How Graph database enables easy data integration with Spark ...
Better Together: How Graph database enables easy data integration with Spark ...Better Together: How Graph database enables easy data integration with Spark ...
Better Together: How Graph database enables easy data integration with Spark ...TigerGraph
 
Privacy preserving repositoy
Privacy preserving repositoyPrivacy preserving repositoy
Privacy preserving repositoymanishajadhav13j
 
A DHT Chord-like mannered overlay-network to store and retrieve data
A DHT Chord-like mannered overlay-network to store and retrieve dataA DHT Chord-like mannered overlay-network to store and retrieve data
A DHT Chord-like mannered overlay-network to store and retrieve dataAndrea Tino
 
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in CloudIRJET Journal
 
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...ScyllaDB
 
IRJET- Privacy Preserving Encrypted Keyword Search Schemes
IRJET- Privacy Preserving Encrypted Keyword Search SchemesIRJET- Privacy Preserving Encrypted Keyword Search Schemes
IRJET- Privacy Preserving Encrypted Keyword Search SchemesIRJET Journal
 

Similar to connect (20)

Processing genetic data at scale
Processing genetic data at scaleProcessing genetic data at scale
Processing genetic data at scale
 
Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...
Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...
Apache Hadoop India Summit 2011 talk "Provisioning Hadoop’s MapReduce in clou...
 
Block-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplicationBlock-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplication
 
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
 
Watermarking of JPEG2000 Compressed Images with Improved Encryption
Watermarking of JPEG2000 Compressed Images with Improved EncryptionWatermarking of JPEG2000 Compressed Images with Improved Encryption
Watermarking of JPEG2000 Compressed Images with Improved Encryption
 
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...
 
TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform
 
Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...
Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...
Replication and Consistency in Cassandra... What Does it All Mean? (Christoph...
 
1670 1673
1670 16731670 1673
1670 1673
 
1670 1673
1670 16731670 1673
1670 1673
 
P4_tutorial.pdf
P4_tutorial.pdfP4_tutorial.pdf
P4_tutorial.pdf
 
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataA Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
 
Better Together: How Graph database enables easy data integration with Spark ...
Better Together: How Graph database enables easy data integration with Spark ...Better Together: How Graph database enables easy data integration with Spark ...
Better Together: How Graph database enables easy data integration with Spark ...
 
Privacy preserving repositoy
Privacy preserving repositoyPrivacy preserving repositoy
Privacy preserving repositoy
 
Resume_Mohan Selvamoorthy_Sec
Resume_Mohan Selvamoorthy_SecResume_Mohan Selvamoorthy_Sec
Resume_Mohan Selvamoorthy_Sec
 
A DHT Chord-like mannered overlay-network to store and retrieve data
A DHT Chord-like mannered overlay-network to store and retrieve dataA DHT Chord-like mannered overlay-network to store and retrieve data
A DHT Chord-like mannered overlay-network to store and retrieve data
 
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
 
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
 
IRJET- Privacy Preserving Encrypted Keyword Search Schemes
IRJET- Privacy Preserving Encrypted Keyword Search SchemesIRJET- Privacy Preserving Encrypted Keyword Search Schemes
IRJET- Privacy Preserving Encrypted Keyword Search Schemes
 
Private datawarehouse queries
Private datawarehouse queriesPrivate datawarehouse queries
Private datawarehouse queries
 

connect

  • 1. International Institute of Information Technology Ecient Format Preserving Encrypted Databases Prakruti C prakruti@iiitb.org Sashank Dara sdara@cisco.com Muralidhara V.N murali@iiitb.org July 9, 2015
  • 2. 1 Content CryptDB Chanllenges in CryptDB Format Preserving Encryption Flexible Naor and Reingold Scheme FP-CryptDB Experiments and Results Storage gain using FP-CryptDB performance measure of FP-CryptDB Conclusion and Future Work Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 3. 2 CryptDB CryptDB is a Onion-Layered Encryption System used to protect data confidentiality and privacy in applications that are backed by SQL databases. Functions of CryptDB Protect Confidentiality of Data Process SQL queries on Encrypted Data Protect Data against Passive Attacks on Database Servers by malicious Database Administrators Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 4. 3 Challenges in CryptDB Use of conventional cryptographic schemes like AES-CBC, AES-CMC, BlowFish for encryption AES ciphers require more storage space Format of input plaintext is not preserved Removal of Format can open up security vulnerabilities Can pave way for SQL injection attacks example Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 5. 4 Format Preserving Encryption Format Preserving Encryption (FPE) refers to encrypting in such a way that the output (the ciphertext) is in the same format as the input (the plaintext) Example: Format Preserving Encryption of an IPv4 Address Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 6. 5 FNR: Flexible Naor and Reingold Scheme Small Domain Block Cipher based on classic Feistel Networks Can cipher small domain input data formats such as IPv4(32), IPv6(32), MAC addresses etc Preserves the format and length of small domain input data Uses Pairwise Independent Permutation Function based on N × N Invertible Matrices Uses AES scheme for input block encryption Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 7. 6 FP-CryptDB: CryptDB + FPE We propose FP-CryptDB, which is a combination of CryptDB and FPE We implement format-preserving encryption schemes in CryptDB to preserve the length and format of input data and thereby re- duce the length of the ciphertext. FP-CryptDB Uses FNR encryption scheme for encryption of input database fields Preserves the length and format of input database fields 1. Preserves format of IPv4 addresses 2. Preserves format of Timestamps of the form 'yyyy/mm/ddThh:mm:ss' using a proposed format-preserving algorithm 3. Preserves format of Integer datatype Achieves reduction in encrypted database size Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 8. 7 Experiments and Results Plain Text Cipher Text Raw(Dotted) Ranked(Integer) Raw(Integer) De-ranked(Dotted) 64.243.129.86 941079480 1226870871 73.32.144.87 56.23.187.184 2213763856 1067498731 63.160.188.235 131.243.91.16 4026531837 2739475379 163.73.19.179 Table: Format preservation of IPv4 Addresses Plain Text Cipher Text Raw(String) Ranked(Integer) Raw(Integer) De-Ranked(String) Date String Unix Timestamp Unix timestamp Date String 2004/11/16T21:04:05 1100639045 1531152620 2018/07/09T16:10:20 2004/11/15T15:44:38 1100533478 627185476 1989/11/16T02:11:16 1988/01/14T09:27:05 569150825 3645016902 2085/07/03T16:41:42 Table: Format preservation of Timestamps Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 9. 8 Storage gain in FP-CryptDB We achieve 50% Storage gain using FP-CryptDB Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 10. 9 performance measure of FP-CryptDB There is a performance degrade in the case of FP-CryptDB as compared to CryptDB The performance degrades y ≈ 7x times times Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 11. 10 Conclusion and Future Work We proposed Format Preserving Encrypted Databases, FP-CryptDB We have taken Network Monitoring as our reference Application We have provided experimental results on storage gains that could be achieved using FPE schemes with a degrade in performance. Future work includes building applications like threat analytics on encrypted data using FP-CryptDB and Crypt-DB, to achieve data security. Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 12. 11 Thank You! Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 13. 12 An Example: Encryption of a 16-digit Credit Card Number Figure: where the conventional encryption schemes radically alter the structure of data, Format Preserving Encryption maintains Data Format Integrity, significantly minimizing changes to existing applications back Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 14. 13 Technical Architecture of CryptDB CryptDB is a complex system that is comprised of: Application Server Proxy Server DBMS Server Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 15. 14 Onion layers of CryptDB Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |
  • 16. 15 Onion layers of FP-CryptDB Prakruti C prakruti@iiitb.org, Sashank Dara sdara@cisco.com, Muralidhara V.N murali@iiitb.org |