CryptDB: Processing Queries on
an Encrypted Database
Raluca Ada Popa
Catherine M.S. Redfield
Nickolai Zeldovich
Hari Balakrishman
Presented By: Jeremy Winters
Agenda
•
•
•
•
•
•
•
•
Need
Threat Model
Implementation
Types of Encryption and Onions
Query Processing
Experimental Evaluation
Performance Evaluation
Summary
Need
“…in a recent attack on the Sony
Playstation Network, attackers
apparently gained access to about
77 million personal user profiles,
some of which included credit card
information.”
Threat Model
CryptDB
Passive Attacks
– Compromised hardware
– System Administrators
– Cloud solutions
Implementation
Implementation
• 3 Components
•
•
•
Application
Proxy
DBMS
Encryption Types
Encryption Types
Random (RND)
– Maximum security
Deterministic (DET)
– Plaintext results in consistent ciphertext
Order-Preserving Encryption (OPE)
– 100 < 200
|
4ex5d < 7gfa3
Encryption Types
Homomorphic Encryption (HOM)
– Math functions (ex. Addition)
Join (JOIN and OPE-JOIN)
– Equality Joins
Word Search (SEARCH)
– LIKE
Goal
‘Our goal is to use the most secure
encryption schemes that enable
running the requested queries.’
Onions
Data Sensitivity
Use in Queries
Query Processing
Query Processing Steps
1. Application issues query, intercepted by
proxy and rewritten.
2. If necessary, adjust column encryption
level.
3. Proxy sends encrypted query to DBMS for
execution.
4. Encrypted result returned, proxy decrypts,
returns to application.
Query Processing
Experimental Evaluation
Experimental Evaluation
Performance Evaluation
Performance Evaluation
•
.60ms (~ 26%)
performance
degradation in
queries issued per
second.
•
•
•
24% mysql-proxy
23% encryption /
decryption
53% parsing and
processing queries
Summary
CryptDB
CryptDB utilizes several encryption
technologies to take steps to secure data
within your client/server applications from
passive attacks.
More secure that encryption provided by
DBMS. DBMS decrypts data to perform
queries.
Supports most relational queries – not all.
Further research is being done here.
Questions?