Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mohammad Ahmadian COP-6087 University of Central Florida.

Published byScott Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "Mohammad Ahmadian COP-6087 University of Central Florida."— Presentation transcript:

1 Mohammad Ahmadian ahmadian@knights.ucf.eduahmadian@knights.ucf.edu COP-6087 University of Central Florida

2  Goal: protect confidentiality and Integrity of data Application DB Server SQL Threat 1: passive attacks on DB server Threat 2: active/passive attacks on all servers User 1 User 2 User 3 Proxy 1. Process SQL queries on encrypted data 2. Capture and enforce cryptographically access control in SQL: chain keys from user passwords to data item (Keygen) user password

3 Application DB Server  curious DB administrators  hackers  curious cloud/employees  physical attacks SQL User 1 User 2 User 3 Threat Model  Consider attacks on any part of the servers,  Consider passive attack like modification of information in database by malicious cloud insider

4 DB Server SQL Trusted All queries are encrypted Proxy application queries unencrypted  Client & server side both are trusted  The session between client and db server is compromised Under attack The benefit of attackers are very low Trusted

5 DB Server SQL Trusted Perform SQL query processing on encrypted data Proxy application queries unencrypted  Client side enjoys issuing query without concerning about underlying security mechanisms in proxy  DB server is unchanged  It is impossible to attacker to change data without revealing to user Under attack 1. Support standard SQL queries on encrypted data 2. Process queries completely at the DB server 3. No change to existing DBMS

6 1. RND-Advanced Encryption Standard ◦ Obs.: set of SQL operators is limited ◦ Different encryption schemes provide different functionality 2. OPE-Order Preserving Encryption ◦ Enable to comparison, order by, join, sort, MAX, MIN. 3. MAC –Message authentication code ◦ Provides integrity for data element Solution: Cryptographic techniques

7 ? Example col1/rankcol2/name table1 (cinfo) SELECT * FROM cinfo WHERE income= 100 x5a8c34 x934bc1 x5a8c34 x84a21c x5a8c34 ≥ x638e5 4 x922eb4 x1eab8 1 SELECT * FROM cinfo WHERE income= x5a8c34 ≥ Proxy 60 100 800 100 ? x5a8c34 x638e5 4 x922eb4 x638e5 4 X4be2 1 9 x95c623 x2ea887 x17cea7 x638e54 col3/salary Application

8 e.g., =, !=, GROUP BY, IN, COUNT, DISTINCT Highest SchemeOperationDetail RNDNone AES HOM+, * AES in CTR DETequality e.g., Paillier OPEorder Boldyreva et al. ’09 e.g., >, <, ORDER BY, SORT, MAX, MIN first practical implementation Security

9 The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.

10  AES is one of secure block cipher for digital information. I adapt it with key size 128 bit for this project for encrypting text columns. One of negative point of AES is it’s speed, actually it’s key generation is not so fast.

11 Order Preserving encryption(OPE) is an encryption scheme whose deterministically preserves numerical order of plaintext in the ciphertext. For quick start, consider a random order-preserving function from M to N, so that |M|<|N|. Without loss of generality, we can consider M the set {1,2,...,M} and N likewise {1,2,...,N}. Now, pick M elements of N randomly and put them in order. Our function f:M → N is simply this ordered set. To encrypt i in M, just output the ith element of this list. Consider f is an order-preserving function which maps elements in domain to ordered list of elements of the range. Obviously, the elements of range can be divided in two categories of marked and unmarked. If an element is selected by f then it is member of marked otherwise it is member of unmarked category. Thus elements of the range are partitioned into the marked and unmarked subsets, as being balls in a bin. If we draw balls without replacement, the number x of marked balls we've drawn after y samples can be described by the Hyper Geometric Distribution (HGD)

12

13

14

15  I spend 3 weeks to install open source cryptdb  It failed because it is depended to lots of packages and libraries and there isn’t any documentation.  I spend 3 weeks to writing my own mysql-proxy  It is almost 1200 lines of code in c++ and easy to install. It needs to add some features to handle all type of datbases

16  John Singleton  Salih Safa Reference: 1- CryptDB: Confidentiality for Database Applications with Encrypted Query Processing Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL 2-Order-Preserving Symmetric Encryption Alexandra Boldyreva, Nathan Chenette, Younho Lee and Adam O'Neill Georgia Institute of Technology, Atlanta, GA, USA

17

Download ppt "Mohammad Ahmadian COP-6087 University of Central Florida."

Similar presentations

Monomi: Practical Analytical Query Processing over Encrypted Data

Monomi: Practical Analytical Query Processing over Encrypted Data
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
CryptDB: Protecting Confidentiality with Encrypted Query Processing

CryptDB: Protecting Confidentiality with Encrypted Query Processing
CryptDB: Confidentiality for Database Applications with Encrypted Query Processing Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan.

CryptDB: Confidentiality for Database Applications with Encrypted Query Processing Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan.
CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.

CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
 Relational Cloud: A Database-as-a-Service for the Cloud Carlo Curino, Evan Jones, Raluca Ada Popa, Nirmesh Malaviya, Eugene Wu, Sam Madden, Hari Balakrishnan,

 Relational Cloud: A Database-as-a-Service for the Cloud Carlo Curino, Evan Jones, Raluca Ada Popa, Nirmesh Malaviya, Eugene Wu, Sam Madden, Hari Balakrishnan,
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.

Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

Similar presentations

Ads by Google