Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using cryptography in databases and web applications

Published byNigel Maxwell Modified over 6 years ago

Similar presentations

Presentation on theme: "Using cryptography in databases and web applications"— Presentation transcript:

1 Using cryptography in databases and web applications
Nickolai Zeldovich MIT CSAIL Joint work with Raluca Ada Popa, Stephen Tu, Emily Stark, Jonas Helfer, Steven Valdez, Hari Balakrishnan, Frans Kaashoek, Sam Madden

2 Problem: private data breaches
server clients Secret Secret Secret no computation computation storage databases, web applications, mobile applications, machine learning, etc. ?? encryption (encrypted files, )

3 Common approach: prevent break-ins
server clients Secret Secret Enforced at many levels: operating system, hardware, network, programming language, …

4 Bad guys find ways to break in
Complex software has bugs Attackers find and exploit vulnerabilities Many people have access to infrastructure Server administrators Cloud / data center employees Anyone that breaks into their accounts Compromises are inevitable

5 New approach: practical processing of encrypted data
server client ?? Strawman: Secret Result Secret Result Secret

6 CryptDB setup trusted client-side under attack Database server Proxy
transformed query Database server plain query Proxy Application encrypted DB decrypted results Secret encrypted results Secret Stores schema and master key Minimal or no query execution

7 Randomized encryption (RND) - semantic
Example Application Randomized encryption (RND) - semantic x2ea887 x95c623 x4be219 x17cea7 SELECT * FROM emp table1/emp col1/rank col2/name col3/salary Proxy SELECT * FROM table1 x4be219 60 x95c623 100 x2ea887 800 x17cea7 100

8 Example Randomized encryption (RND) Deterministic encryption (DET)
Application Randomized encryption (RND) Deterministic encryption (DET) SELECT * FROM emp WHERE salary = 100 table1/emp col1/rank col2/name col3/salary SELECT * FROM table1 WHERE col3 = x5a8c34 Proxy x4be219 x934bc1 60 x5a8c34 x95c623 100 x2ea887 x84a21c 800 ? x5a8c34 x5a8c34 x17cea7 100

9 Example “Summable” encryption (HOM) - semantic
Application “Summable” encryption (HOM) - semantic Deterministic encryption (DET) SELECT sum(salary) FROM emp table1 (emp) Proxy SELECT cdb_sum(col3) FROM table1 col1/rank col2/name col3/salary x9eab81 x934bc1 60 x638e54 x5a8c34 100 x122eb4 x84a21c 800 x578b34 x5a8c34 1060 x72295a 100

10 Example Application Proxy SELECT sqrt(sum(salary)) FROM emp
table1 (emp) Proxy SELECT cdb_sum(col3) FROM table1 col1/rank col2/name col3/salary x9eab81 x934bc1 60 x638e54 x5a8c34 100 x122eb4 x84a21c 800 x578b34 x5a8c34 1060 x72295a 100

11 Example Application Proxy SELECT sqrt(sum(salary)) FROM emp
32.55 table1 (emp) Proxy SELECT cdb_sum(col3) FROM table1 col1/rank col2/name col3/salary x9eab81 x934bc1 60 x638e54 x5a8c34 100 x122eb4 x84a21c 800 x578b34 x5a8c34 1060 x72295a 100

12 Techniques Compute on encrypted data at the server
Use SQL-aware set of efficient encryption schemes Adjust encryption of data based on queries Compute on decrypted data at the proxy Can decrypt  can perform any computation Choose optimal split to reduce bandwidth, proxy load

13 SQL-aware encryption schemes
Security Scheme Construction Function SQL operations: e.g., SELECT, UPDATE, DELETE, INSERT, COUNT RND AES in UFE data moving ≈ semantic security HOM Paillier addition e.g., SUM, + word search SEARCH Song et al.,‘00 restricted ILIKE e.g., =, !=, IN, GROUP BY, DISTINCT reveals only repeat pattern DET equality AES in CMC JOIN our new scheme join e.g., >, <, ORDER BY, ASC, DESC, MAX, MIN, GREATEST, LEAST reveals only order OPE order our new scheme

14 Onion of encryptions + +
security + RND DET OPE value + functionality Adjust encryption: strip off layer of the onion

15 CryptDB works well in practice
Supports many database applications Web sites, transactional processing, data analytics Never reveals plaintext data on database server Modest performance overheads 20-30% throughput loss for typical benchmarks Approach now used by Google (among others) Encrypted BigQuery service

16 Compromised app. server?
users CryptDB proxy DB server application Secret CryptDB SQL queries on encrypted DB

17 Compromised app. server?
CryptDB proxy users CryptDB proxy DB server Secret Secret application Secret Secret CryptDB proxy

18 Mylar: browser-side encryption
Secret Secret Secret web application DB server Secret Secret Secret Secret Decrypted data exists only in users’ browsers

19 Challenge: computation in web applications
Client-side application framework Most computation happens in client’s web browser (Javascript code) 2. Non client-side computation: Data sharing – need a way to manage keys Keyword search – need new cryptosystem: documents encrypted with many keys

20 Mylar supports many applications
Ported 6 applications to Mylar Performance overheads are modest Data privacy despite server compromises

21 Future research directions
Practical cryptography Computing on data encrypted w/ many keys Delegating limited functions over encrypted data Practical systems Auditing for data disclosures Protecting end-user computers

Download ppt "Using cryptography in databases and web applications"

Similar presentations

Monomi: Practical Analytical Query Processing over Encrypted Data

Monomi: Practical Analytical Query Processing over Encrypted Data
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
CryptDB: Protecting Confidentiality with Encrypted Query Processing by Raluca Ada Popa Catherine M. S. Redfield Nickolai Zeldovich Hari Balakrishnan MIT.

CryptDB: Protecting Confidentiality with Encrypted Query Processing by Raluca Ada Popa Catherine M. S. Redfield Nickolai Zeldovich Hari Balakrishnan MIT.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Sam Madden With a cast of many….

Sam Madden With a cast of many….
11 Section D: SQL  SQL Basics  Adding Records  Searching for Information  Updating Fields  Joining Tables Chapter 11: Databases1.

11 Section D: SQL  SQL Basics  Adding Records  Searching for Information  Updating Fields  Joining Tables Chapter 11: Databases1.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
CryptDB: Protecting Confidentiality with Encrypted Query Processing

CryptDB: Protecting Confidentiality with Encrypted Query Processing
CryptDB: Confidentiality for Database Applications with Encrypted Query Processing Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan.

CryptDB: Confidentiality for Database Applications with Encrypted Query Processing Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan.
CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.

CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Overview and Roadmap for Microsoft SQL Server Security

Overview and Roadmap for Microsoft SQL Server Security
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
 Relational Cloud: A Database-as-a-Service for the Cloud Carlo Curino, Evan Jones, Raluca Ada Popa, Nirmesh Malaviya, Eugene Wu, Sam Madden, Hari Balakrishnan,

 Relational Cloud: A Database-as-a-Service for the Cloud Carlo Curino, Evan Jones, Raluca Ada Popa, Nirmesh Malaviya, Eugene Wu, Sam Madden, Hari Balakrishnan,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Security in SQL Jon Holmes CIS 407 Fall 2007. Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.
SERVER Betül ŞAHİN - 21001525. What is this? Betül ŞAHİN - 21001525.

SERVER Betül ŞAHİN What is this? Betül ŞAHİN

Similar presentations

Ads by Google