Presentation is loading. Please wait.

Presentation is loading. Please wait.

CryptDB: Protecting Confidentiality with Encrypted Query Processing

Published byBarnard Booker Modified over 9 years ago

Similar presentations

Presentation on theme: "CryptDB: Protecting Confidentiality with Encrypted Query Processing"— Presentation transcript:

1 CryptDB: Protecting Confidentiality with Encrypted Query Processing
Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL Presenter Kecong Tang

2 DBA story Rules Some Jobs need to read the data
Should never read the data. If you have to, FORGET them TOTALY after you’re done! Some Jobs need to read the data “hey we get data conflicted ” “we need you to recover some data” “we need a special data collection”

3 Problems Online applications are vulnerable to theft of sensitive information. Who? Curious & Malicious DBA Attackers gain Admin or DBA level access What? Confidentiality

4 Solutions: CryptDB Encrypted Query Processing

5 Introducing CryptDB Encrypted database Nothing is pain text
By different keys and encryptions for different columns and users’ data

6 Three key ideas: SQL-aware encryption
Adjustable query-based encryption Chain encryption keys to user passwords

7 SQL-aware encryption Different columns different Ops
different Encryptions Ops: Sum, >,=,Order,Group,like… Data still encrypted but Operational

8 Adjustable query-based encryption
Type Date usually for “order by” What if I search “ ”? Re-encryption to the required format.

9 Chain encryption keys to user passwords
Data is only availably when user login Different users’ data different encryption keys This can deal with SQL injection Hacker will get encrypted data without keys

10 CryptDB’s architecture

11 Application server CryptDB proxy server DBMS server
Normal front web page User login Key setup to Database poxy CryptDB proxy server Active keys Annotate schema DBMS server Normal DBMS with encrypted data User defined functions to encrypt Encrypted Key table

12 DBMS server Compromise full access DBA or attacker
Threat 1: DBMS server Compromise full access DBA or attacker usually read data Server cannot compute the (encrypted) results

13 All servers are compromised
Threat 2: All servers are compromised Different user different key Inactive users’ key are not available Only logged-in users’ key can be decrypted

14 Case Studies phpBB is a widely used open source forum with a rich set of access control settings. HotCRP is a popular conference review application grad-apply is a graduate admissions system used by MIT EECS

15 Limitations Both computation and comparison on same column
WHERE salary > age*2+10. Multi-principal can not encrypted to different format order by date where date=“ ”

16 Contribution Definitely improve Data Security
Prevent data leaking even the server totally compromise

17 Weakness Performance Data repair and Offical Investigate
Frequently Re-write Time,update 1 column in an-over-100k-lines MYSQL table will take ???? minutes. Harddrive life: frequently Harddrive writting Data repair and Offical Investigate It takes time even they can decrypt.

18 Improvement Should we open a Back Door?
“One button to decrypt all data”…

19 Thanks Questions?

Download ppt "CryptDB: Protecting Confidentiality with Encrypted Query Processing"

Similar presentations

Monomi: Practical Analytical Query Processing over Encrypted Data

Monomi: Practical Analytical Query Processing over Encrypted Data
PHP SQL. Connection code:- mysql_connect(server, username, password); Connect to the Database Server with the authorised user and password. Eg $connect.

PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.
CryptDB: Protecting Confidentiality with Encrypted Query Processing by Raluca Ada Popa Catherine M. S. Redfield Nickolai Zeldovich Hari Balakrishnan MIT.

CryptDB: Protecting Confidentiality with Encrypted Query Processing by Raluca Ada Popa Catherine M. S. Redfield Nickolai Zeldovich Hari Balakrishnan MIT.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Simple and Secure Approach to Discovery at the Desktop.

Simple and Secure Approach to Discovery at the Desktop.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
CryptDB: Protecting Confidentiality with Encrypted Query Processing

CryptDB: Protecting Confidentiality with Encrypted Query Processing
CryptDB: Confidentiality for Database Applications with Encrypted Query Processing Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan.

CryptDB: Confidentiality for Database Applications with Encrypted Query Processing Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan.
CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.

CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
 Relational Cloud: A Database-as-a-Service for the Cloud Carlo Curino, Evan Jones, Raluca Ada Popa, Nirmesh Malaviya, Eugene Wu, Sam Madden, Hari Balakrishnan,

 Relational Cloud: A Database-as-a-Service for the Cloud Carlo Curino, Evan Jones, Raluca Ada Popa, Nirmesh Malaviya, Eugene Wu, Sam Madden, Hari Balakrishnan,
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
Database Application Security Models

Database Application Security Models
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Similar presentations

Ads by Google